Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/faf4ea-a50a-40e0-8abd-b0c60464df06/1/olc2Y8iylqMSKyCyshdN5SCe0vI.roa
File:                     olc2Y8iylqMSKyCyshdN5SCe0vI.roa (raw, json)
Hash identifier:          UAcPq7niB1CGXkTFu0WQUaf9we2Qrdpi5zBQPRcbjno=
Subject key identifier:   A2:57:36:63:C8:B2:96:A3:12:2B:20:B2:B2:17:4D:E5:20:9E:D2:F2
Certificate issuer:       /CN=be0f8f14f220e93ee34747c4d6dbf1ad35b383fa
Certificate serial:       0198899C6497A37BC833E0CD309E0ECDEECD
Authority key identifier: BE:0F:8F:14:F2:20:E9:3E:E3:47:47:C4:D6:DB:F1:AD:35:B3:83:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vg-PFPIg6T7jR0fE1tvxrTWzg_o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/faf4ea-a50a-40e0-8abd-b0c60464df06/1/olc2Y8iylqMSKyCyshdN5SCe0vI.roa
Signing time:             Fri 08 Aug 2025 12:16:24 +0000
ROA not before:           Fri 08 Aug 2025 12:16:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51708
IP address blocks:        46.18.24.0/21 maxlen: 21
                          46.18.24.0/22 maxlen: 22
                          2a02:27e8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/faf4ea-a50a-40e0-8abd-b0c60464df06/1/vg-PFPIg6T7jR0fE1tvxrTWzg_o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/faf4ea-a50a-40e0-8abd-b0c60464df06/1/vg-PFPIg6T7jR0fE1tvxrTWzg_o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vg-PFPIg6T7jR0fE1tvxrTWzg_o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:89:9c:64:97:a3:7b:c8:33:e0:cd:30:9e:0e:cd:ee:cd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=be0f8f14f220e93ee34747c4d6dbf1ad35b383fa
        Validity
            Not Before: Aug  8 12:16:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2573663c8b296a3122b20b2b2174de5209ed2f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:e4:70:3d:8e:95:b5:5a:2c:0a:27:f8:77:5c:
                    cb:c1:2e:4c:b0:43:49:87:f4:56:b5:64:b4:4e:92:
                    d7:13:d8:96:96:be:ca:cc:e4:2e:5e:77:29:0a:99:
                    1e:9c:10:f2:0b:9a:d7:eb:c6:c5:8c:a9:8d:47:5d:
                    01:ae:a7:1b:06:88:e6:52:f0:ca:a2:cc:78:e5:f0:
                    fc:0c:bf:92:a5:49:a5:2a:3a:f8:10:b0:15:c8:00:
                    72:52:5a:a1:72:b9:a0:8d:aa:a6:b6:c9:83:8e:13:
                    ac:ca:04:09:db:cb:1b:3e:8d:c3:68:4a:4e:92:90:
                    06:33:a2:c8:40:45:77:54:47:62:52:85:74:47:b2:
                    1d:95:74:48:fc:fc:72:af:95:63:73:11:24:cc:ac:
                    12:45:a2:5f:8e:99:84:5b:05:d4:f1:36:5c:70:f8:
                    19:5f:8a:05:ff:1d:7d:41:6f:75:6a:af:d4:5c:e7:
                    ce:5a:9a:6f:89:1a:9a:6d:67:c9:4c:41:b8:b7:40:
                    4e:50:9d:ce:d8:6d:38:69:41:a0:e3:aa:2e:df:fa:
                    2d:56:cf:b0:b2:fb:e1:6e:34:57:95:3b:5d:f5:ea:
                    0f:4f:dc:3f:f4:8a:d0:e6:d3:e6:35:5d:ad:78:8e:
                    42:86:89:ea:ab:a0:e6:38:d3:89:48:d1:d9:16:43:
                    eb:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:57:36:63:C8:B2:96:A3:12:2B:20:B2:B2:17:4D:E5:20:9E:D2:F2
            X509v3 Authority Key Identifier:
                keyid:BE:0F:8F:14:F2:20:E9:3E:E3:47:47:C4:D6:DB:F1:AD:35:B3:83:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vg-PFPIg6T7jR0fE1tvxrTWzg_o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/faf4ea-a50a-40e0-8abd-b0c60464df06/1/olc2Y8iylqMSKyCyshdN5SCe0vI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/faf4ea-a50a-40e0-8abd-b0c60464df06/1/vg-PFPIg6T7jR0fE1tvxrTWzg_o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.24.0/21
                IPv6:
                  2a02:27e8::/32

    Signature Algorithm: sha256WithRSAEncryption
         95:56:9e:da:48:49:a3:3f:b5:88:67:2f:41:5c:9f:5d:8d:6c:
         b1:13:c6:a1:8d:ca:50:36:fb:df:a1:d9:08:5a:82:9d:a6:5a:
         d9:e6:c7:ad:a5:07:60:65:b3:ef:a4:6b:e7:19:92:23:48:fc:
         57:e3:2f:da:75:73:c8:34:f9:fd:94:a1:e8:17:68:ab:63:78:
         64:16:22:2c:26:2c:9b:f9:d8:91:91:aa:6f:df:ce:20:af:36:
         26:19:a8:6f:ec:15:91:d0:0f:23:6b:30:b0:18:0b:a6:fd:ea:
         03:16:76:44:79:c6:2c:94:9e:3c:89:6a:81:03:c0:ff:42:cf:
         60:39:d8:0c:3a:65:69:df:f4:26:61:e9:6f:56:e4:10:bf:56:
         4d:21:39:09:a5:fc:01:e2:24:9f:7c:d5:0c:0c:b0:72:73:18:
         70:38:1b:75:8d:1d:8d:c4:dd:3d:af:c7:eb:fb:d3:a4:ac:28:
         a9:23:30:27:ce:e0:60:62:f2:e5:1b:e9:53:88:4f:19:38:23:
         62:42:f4:2a:3e:e9:ba:03:01:31:c6:c8:f5:75:ef:4d:a2:7f:
         c4:b0:0f:ee:b8:f9:fe:a4:2f:43:db:26:36:cf:46:c2:e0:2d:
         6a:81:e2:1b:c5:c6:d3:9a:70:43:61:e6:b6:1b:3e:93:89:a2:
         09:b6:ec:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZiJnGSXo3vIM+DNMJ4Oze7NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlMGY4ZjE0ZjIyMGU5M2VlMzQ3NDdjNGQ2ZGJmMWFkMzVi
MzgzZmEwHhcNMjUwODA4MTIxNjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjU3MzY2M2M4YjI5NmEzMTIyYjIwYjJiMjE3NGRlNTIwOWVkMmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6ORwPY6VtVosCif4d1zLwS5MsENJ
h/RWtWS0TpLXE9iWlr7KzOQuXncpCpkenBDyC5rX68bFjKmNR10BrqcbBojmUvDK
osx45fD8DL+SpUmlKjr4ELAVyAByUlqhcrmgjaqmtsmDjhOsygQJ28sbPo3DaEpO
kpAGM6LIQEV3VEdiUoV0R7IdlXRI/Pxyr5VjcxEkzKwSRaJfjpmEWwXU8TZccPgZ
X4oF/x19QW91aq/UXOfOWppviRqabWfJTEG4t0BOUJ3O2G04aUGg46ou3/otVs+w
svvhbjRXlTtd9eoPT9w/9IrQ5tPmNV2teI5Chonqq6DmONOJSNHZFkPrNQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKJXNmPIspajEisgsrIXTeUgntLyMB8GA1UdIwQY
MBaAFL4PjxTyIOk+40dHxNbb8a01s4P6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmctUEZQSWc2VDdqUjBmRTF0dnhyVFd6Z19vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9mYWY0ZWEtYTUwYS00MGUwLThhYmQt
YjBjNjA0NjRkZjA2LzEvb2xjMlk4aXlscU1TS3lDeXNoZE41U0NlMHZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9mYWY0ZWEtYTUwYS00MGUwLThhYmQtYjBjNjA0NjRkZjA2
LzEvdmctUEZQSWc2VDdqUjBmRTF0dnhyVFd6Z19vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDLhIYMA0E
AgACMAcDBQAqAifoMA0GCSqGSIb3DQEBCwUAA4IBAQCVVp7aSEmjP7WIZy9BXJ9d
jWyxE8ahjcpQNvvfodkIWoKdplrZ5setpQdgZbPvpGvnGZIjSPxX4y/adXPINPn9
lKHoF2irY3hkFiIsJiyb+diRkapv384grzYmGahv7BWR0A8jazCwGAum/eoDFnZE
ecYslJ48iWqBA8D/Qs9gOdgMOmVp3/QmYelvVuQQv1ZNITkJpfwB4iSffNUMDLBy
cxhwOBt1jR2NxN09r8fr+9OkrCipIzAnzuBgYvLlG+lTiE8ZOCNiQvQqPum6AwEx
xsj1de9Non/EsA/uuPn+pC9D2yY2z0bC4C1qgeIbxcbTmnBDYea2Gz6TiaIJtuzA
-----END CERTIFICATE-----