Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/kMtd6Q6faSofDN0lp3zD9l3Gdzs.roa
File:                     kMtd6Q6faSofDN0lp3zD9l3Gdzs.roa (raw, json)
Hash identifier:          QTK8SH5Xb+6Bx10XX5dvQEh39Vc9s2UGKcmxtby4cBs=
Subject key identifier:   90:CB:5D:E9:0E:9F:69:2A:1F:0C:DD:25:A7:7C:C3:F6:5D:C6:77:3B
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019953DFBC7F584A39119155B3230A320271
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/kMtd6Q6faSofDN0lp3zD9l3Gdzs.roa
Signing time:             Tue 16 Sep 2025 18:53:15 +0000
ROA not before:           Tue 16 Sep 2025 18:53:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        46.20.210.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:53:df:bc:7f:58:4a:39:11:91:55:b3:23:0a:32:02:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Sep 16 18:53:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90cb5de90e9f692a1f0cdd25a77cc3f65dc6773b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:81:4e:5c:14:a9:ed:88:d9:9b:4f:05:29:df:
                    f1:4e:9e:45:9e:6b:81:fe:c0:57:e1:7b:87:99:21:
                    ec:87:9a:d7:64:0a:78:b3:12:93:77:38:72:23:8c:
                    99:fa:f2:1b:85:85:a1:07:ee:75:d2:f4:44:e3:31:
                    b7:ba:68:2f:34:ea:19:62:7c:18:5d:2c:cc:41:13:
                    83:31:93:d1:58:5e:92:75:f5:c2:50:c4:35:bf:1a:
                    64:97:5e:e9:38:e9:3f:a7:c5:cc:01:ae:37:7c:4c:
                    7d:c8:1e:da:27:5e:2c:64:23:7a:6e:1b:88:86:00:
                    2d:f2:22:60:9a:91:45:1f:12:7e:24:8c:18:e9:6e:
                    68:bd:26:1b:21:ab:b7:a2:25:40:a0:b3:2b:04:ad:
                    7c:2e:f7:1f:e9:2b:35:5a:22:d7:28:6c:fa:77:f9:
                    e6:e0:ec:58:26:d5:ea:32:42:6b:85:e9:9f:a9:e7:
                    6b:7f:66:2b:82:b7:74:2c:b8:a9:63:3b:93:2f:c7:
                    70:c6:e2:dc:16:ff:aa:78:ad:c4:46:ae:0f:df:53:
                    b1:d3:de:a0:59:42:bf:1e:5d:30:f9:d5:62:b1:9f:
                    3e:2d:d8:9d:69:ee:14:c4:1e:ef:e2:66:54:dc:74:
                    2f:66:96:97:2c:61:47:f7:bb:a1:e8:f3:66:e9:16:
                    29:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:CB:5D:E9:0E:9F:69:2A:1F:0C:DD:25:A7:7C:C3:F6:5D:C6:77:3B
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/kMtd6Q6faSofDN0lp3zD9l3Gdzs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:c0:c2:07:6e:af:d7:ce:19:f8:fe:e4:ad:f6:93:8d:11:e4:
         1d:a9:c3:37:ab:fc:b9:2b:a6:f9:71:bb:3b:41:e5:53:37:39:
         9d:47:c3:a3:05:2f:36:94:6c:91:80:fa:c4:f2:66:4d:87:0b:
         69:0b:17:75:1d:65:77:b8:1d:0d:f9:36:7d:84:7a:78:6d:da:
         ac:f5:6f:7f:c5:c3:2b:20:3b:8c:70:da:f5:65:7e:50:34:f6:
         9c:18:be:0c:60:a2:fe:5d:63:a9:48:e2:ef:a2:c1:36:b4:4e:
         92:7b:6c:f8:3c:e0:95:0d:8f:a1:f8:08:0d:fa:17:44:82:8c:
         76:ff:02:42:38:28:c1:90:59:a5:bb:d8:3d:3b:b9:e6:22:f9:
         f6:c1:84:62:b2:a8:1e:18:c5:fe:3a:ef:54:ea:9b:00:e6:96:
         3d:b1:a4:f8:71:1b:ee:5f:e6:08:11:fb:e4:1a:44:4e:69:16:
         93:92:36:36:6a:c8:66:4d:18:8a:ab:f0:31:fe:38:14:ad:91:
         91:c2:8a:50:0a:59:13:1a:52:79:33:f3:a0:92:6a:ea:b8:87:
         51:fa:70:30:c7:52:b3:0b:66:b6:88:d1:28:05:a9:54:54:37:
         ca:fd:09:a2:40:cb:78:f9:86:84:79:ee:6c:ee:5a:6b:8d:57:
         a9:f9:af:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlT37x/WEo5EZFVsyMKMgJxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwOTE2MTg1MzE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGNiNWRlOTBlOWY2OTJhMWYwY2RkMjVhNzdjYzNmNjVkYzY3NzNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4FOXBSp7YjZm08FKd/xTp5FnmuB
/sBX4XuHmSHsh5rXZAp4sxKTdzhyI4yZ+vIbhYWhB+510vRE4zG3umgvNOoZYnwY
XSzMQRODMZPRWF6SdfXCUMQ1vxpkl17pOOk/p8XMAa43fEx9yB7aJ14sZCN6bhuI
hgAt8iJgmpFFHxJ+JIwY6W5ovSYbIau3oiVAoLMrBK18Lvcf6Ss1WiLXKGz6d/nm
4OxYJtXqMkJrhemfqedrf2Yrgrd0LLipYzuTL8dwxuLcFv+qeK3ERq4P31Ox096g
WUK/Hl0w+dVisZ8+Ldidae4UxB7v4mZU3HQvZpaXLGFH97uh6PNm6RYpiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJDLXekOn2kqHwzdJad8w/Zdxnc7MB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEva010ZDZRNmZhU29mRE4wbHAzekQ5bDNHZHpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLhTSMA0G
CSqGSIb3DQEBCwUAA4IBAQA4wMIHbq/Xzhn4/uSt9pONEeQdqcM3q/y5K6b5cbs7
QeVTNzmdR8OjBS82lGyRgPrE8mZNhwtpCxd1HWV3uB0N+TZ9hHp4bdqs9W9/xcMr
IDuMcNr1ZX5QNPacGL4MYKL+XWOpSOLvosE2tE6Se2z4POCVDY+h+AgN+hdEgox2
/wJCOCjBkFmlu9g9O7nmIvn2wYRisqgeGMX+Ou9U6psA5pY9saT4cRvuX+YIEfvk
GkROaRaTkjY2ashmTRiKq/Ax/jgUrZGRwopQClkTGlJ5M/OgkmrquIdR+nAwx1Kz
C2a2iNEoBalUVDfK/QmiQMt4+YaEee5s7lprjVep+a9w
-----END CERTIFICATE-----