Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/R2ZSqYnIg6A3ZrnAWdvXrTd4fUE.roa
File:                     R2ZSqYnIg6A3ZrnAWdvXrTd4fUE.roa (raw, json)
Hash identifier:          O7SlLNijkA8S/dhctG8xaw+pF4vgkSrZrlUPSUPxkJo=
Subject key identifier:   47:66:52:A9:89:C8:83:A0:37:66:B9:C0:59:DB:D7:AD:37:78:7D:41
Certificate issuer:       /CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
Certificate serial:       0199DECE7DD15B74ECB39C96588CE385CFC3
Authority key identifier: A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/R2ZSqYnIg6A3ZrnAWdvXrTd4fUE.roa
Signing time:             Mon 13 Oct 2025 18:21:38 +0000
ROA not before:           Mon 13 Oct 2025 18:21:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41009
IP address blocks:        46.229.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:de:ce:7d:d1:5b:74:ec:b3:9c:96:58:8c:e3:85:cf:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
        Validity
            Not Before: Oct 13 18:21:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=476652a989c883a03766b9c059dbd7ad37787d41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:00:e3:36:65:b0:ef:0f:41:53:54:24:42:e1:
                    fe:a4:fd:e3:f2:a4:47:64:8e:3f:ee:57:2c:ea:c1:
                    a6:0a:62:64:21:0b:fe:81:86:8d:e5:7f:36:42:c4:
                    14:89:e8:ef:04:d8:13:b9:a9:0e:ae:4b:ee:3f:36:
                    40:1d:ba:e6:08:da:9b:a3:26:fc:07:4b:a1:03:d7:
                    3d:8c:bf:3d:70:95:a6:46:fc:33:3f:d8:c4:26:3b:
                    d8:a5:95:a8:c7:9b:df:8e:e6:27:ef:6a:b0:7d:f2:
                    15:99:47:ec:48:63:b2:e1:cc:a3:8a:52:86:f5:d0:
                    b7:ec:10:8d:21:8b:33:76:a1:cf:ec:e9:0d:af:c6:
                    f0:43:90:16:ea:9d:30:ab:04:12:71:ae:57:d4:41:
                    bb:cb:6f:4b:e5:74:60:1d:9a:b0:fb:ac:08:da:b6:
                    b3:a4:6a:f2:f4:a5:ce:7f:ff:01:78:5c:51:b6:09:
                    07:5c:a4:c4:91:33:cc:85:5f:6d:67:86:57:dc:dd:
                    7c:9d:e5:d0:e1:48:0b:63:0b:4a:62:76:69:2e:0f:
                    5a:9a:23:12:cf:9c:30:28:01:31:ed:04:ed:82:ea:
                    12:be:74:05:81:e2:f6:d0:d6:ba:45:f3:8f:c9:31:
                    2e:25:37:2f:eb:f9:01:85:b4:8f:cc:1f:15:9b:0b:
                    a4:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:66:52:A9:89:C8:83:A0:37:66:B9:C0:59:DB:D7:AD:37:78:7D:41
            X509v3 Authority Key Identifier:
                keyid:A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/R2ZSqYnIg6A3ZrnAWdvXrTd4fUE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.229.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:73:ab:5b:1d:72:5e:a1:88:3c:0e:91:b6:7c:b6:6c:bc:f4:
         45:6e:c3:e0:3d:65:b0:47:23:ea:da:d1:b2:50:83:3b:43:39:
         00:7a:a5:bc:d6:1f:12:13:6c:79:f6:3a:4b:d4:1e:b3:4c:7f:
         db:1f:80:89:69:d9:e4:3b:b8:52:36:6f:66:74:24:d4:5c:59:
         d2:ac:3a:e5:91:c9:21:1c:4b:35:7a:1c:97:6e:5c:b9:4b:c1:
         54:be:6e:93:e1:ee:a3:7d:f9:14:ca:e0:f8:ce:73:f0:2e:b8:
         4c:46:c6:0d:5b:21:50:46:51:ba:fd:45:db:54:fa:11:19:f6:
         1c:33:e9:55:71:40:03:65:0f:a3:ac:8e:1c:6c:ed:c4:3d:57:
         7b:ef:7d:34:3a:4c:f7:46:ba:f0:5d:9f:9c:de:34:5e:8b:8c:
         c2:5f:c5:04:75:3a:19:85:03:ac:10:cb:f6:53:0b:2a:d2:95:
         07:54:6a:b0:87:55:23:df:f5:de:1d:a7:45:1b:58:3a:41:74:
         3d:2d:34:41:e4:7b:67:0b:fa:1d:3b:6a:e4:3c:c8:8e:bb:a7:
         ac:8a:82:34:4e:35:49:f7:38:93:62:d1:e0:3f:1c:18:89:d9:
         40:1b:ba:d7:4e:0e:d5:ed:a2:53:c6:c8:29:ac:2d:9c:44:cd:
         8f:cb:85:d5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnezn3RW3Tss5yWWIzjhc/DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YmNjMTJhZmE0ZjA1NzM5ZjQ1ZjYwNWUyMjFjNjRjM2Mw
ZDJlZDYwHhcNMjUxMDEzMTgyMTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzY2NTJhOTg5Yzg4M2EwMzc2NmI5YzA1OWRiZDdhZDM3Nzg3ZDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQDjNmWw7w9BU1QkQuH+pP3j8qRH
ZI4/7lcs6sGmCmJkIQv+gYaN5X82QsQUiejvBNgTuakOrkvuPzZAHbrmCNqboyb8
B0uhA9c9jL89cJWmRvwzP9jEJjvYpZWox5vfjuYn72qwffIVmUfsSGOy4cyjilKG
9dC37BCNIYszdqHP7OkNr8bwQ5AW6p0wqwQSca5X1EG7y29L5XRgHZqw+6wI2raz
pGry9KXOf/8BeFxRtgkHXKTEkTPMhV9tZ4ZX3N18neXQ4UgLYwtKYnZpLg9amiMS
z5wwKAEx7QTtguoSvnQFgeL20Na6RfOPyTEuJTcv6/kBhbSPzB8VmwukKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEdmUqmJyIOgN2a5wFnb1603eH1BMB8GA1UdIwQY
MBaAFKS8wSr6TwVzn0X2BeIhxkw8DS7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2Mt
ODhiMDE2YmJkNTgxLzEvUjJaU3FZbklnNkEzWnJuQVdkdlhyVGQ0ZlVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2MtODhiMDE2YmJkNTgx
LzEvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuU/MA0G
CSqGSIb3DQEBCwUAA4IBAQA0c6tbHXJeoYg8DpG2fLZsvPRFbsPgPWWwRyPq2tGy
UIM7QzkAeqW81h8SE2x59jpL1B6zTH/bH4CJadnkO7hSNm9mdCTUXFnSrDrlkckh
HEs1ehyXbly5S8FUvm6T4e6jffkUyuD4znPwLrhMRsYNWyFQRlG6/UXbVPoRGfYc
M+lVcUADZQ+jrI4cbO3EPVd77300Okz3RrrwXZ+c3jRei4zCX8UEdToZhQOsEMv2
Uwsq0pUHVGqwh1Uj3/XeHadFG1g6QXQ9LTRB5HtnC/odO2rkPMiOu6esioI0TjVJ
9ziTYtHgPxwYidlAG7rXTg7V7aJTxsgprC2cRM2Py4XV
-----END CERTIFICATE-----