Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4riCGHi3vw5cyBXdYggmG3yakjU.roa
File:                     4riCGHi3vw5cyBXdYggmG3yakjU.roa (raw, json)
Hash identifier:          A/skujedjujhYf3+uRyasfG7Uyl+RTN8KOVauD7RAjY=
Subject key identifier:   E2:B8:82:18:78:B7:BF:0E:5C:C8:15:DD:62:08:26:1B:7C:9A:92:35
Certificate issuer:       /CN=e1cadc8a421c1f22f1e2904ccfdbbcec5dbe1b11
Certificate serial:       0199763FE96539A8E247CD215B8B1B0FE1DA
Authority key identifier: E1:CA:DC:8A:42:1C:1F:22:F1:E2:90:4C:CF:DB:BC:EC:5D:BE:1B:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4crcikIcHyLx4pBMz9u87F2-GxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4riCGHi3vw5cyBXdYggmG3yakjU.roa
Signing time:             Tue 23 Sep 2025 11:05:24 +0000
ROA not before:           Tue 23 Sep 2025 11:05:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214324
IP address blocks:        212.40.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4crcikIcHyLx4pBMz9u87F2-GxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4crcikIcHyLx4pBMz9u87F2-GxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4crcikIcHyLx4pBMz9u87F2-GxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:76:3f:e9:65:39:a8:e2:47:cd:21:5b:8b:1b:0f:e1:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1cadc8a421c1f22f1e2904ccfdbbcec5dbe1b11
        Validity
            Not Before: Sep 23 11:05:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2b8821878b7bf0e5cc815dd6208261b7c9a9235
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:fa:cd:b5:03:7e:1b:40:b5:aa:2f:82:f8:cf:
                    ef:22:59:9b:ee:59:cb:70:d6:8d:81:cb:75:b4:93:
                    ac:85:a1:75:97:f6:00:02:77:2b:75:2f:78:75:79:
                    43:ae:8f:0f:66:dd:16:35:8f:1f:bd:4e:4b:c5:ba:
                    db:bd:0f:39:d5:93:50:e1:f8:52:3a:f4:7e:76:53:
                    3d:2c:34:7d:07:85:1b:d1:aa:8b:21:6c:19:3f:f8:
                    ae:f5:2a:fc:33:74:c7:39:ab:8c:1f:02:ff:e6:f2:
                    f9:9b:de:05:f5:f2:58:dc:98:ef:1c:12:9f:0e:3a:
                    35:30:05:b1:3f:3f:fc:df:60:18:f8:3a:f0:0d:e1:
                    47:71:29:e7:98:db:0f:20:8f:96:c8:ea:d6:74:25:
                    ef:1f:35:2c:96:5c:0c:02:9b:3c:39:50:08:03:af:
                    30:b1:d2:da:6e:fe:04:69:19:13:61:61:4e:d8:9c:
                    1a:60:cf:e3:26:e1:1f:ba:81:22:a5:89:fa:15:f5:
                    04:56:67:41:b6:36:f4:54:03:09:56:d8:f9:5f:0e:
                    f7:86:49:7c:61:e3:3e:0d:8a:3a:e5:ee:75:38:d6:
                    66:68:34:65:31:52:ce:61:7b:b7:23:3c:99:41:59:
                    32:b2:c6:b7:ef:4e:eb:bb:2e:55:6e:fd:01:d2:cc:
                    a4:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:B8:82:18:78:B7:BF:0E:5C:C8:15:DD:62:08:26:1B:7C:9A:92:35
            X509v3 Authority Key Identifier:
                keyid:E1:CA:DC:8A:42:1C:1F:22:F1:E2:90:4C:CF:DB:BC:EC:5D:BE:1B:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4crcikIcHyLx4pBMz9u87F2-GxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4riCGHi3vw5cyBXdYggmG3yakjU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/11af42-d3ed-43cd-8274-742dc0c970c0/1/4crcikIcHyLx4pBMz9u87F2-GxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.40.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:39:38:0f:c3:85:29:cf:95:aa:99:3a:c7:61:83:d4:6d:4d:
         ac:ba:ae:4b:22:76:af:86:3e:d3:a0:1d:1c:dc:cc:a9:30:3d:
         ba:1b:03:a4:6a:6a:40:1f:a8:1e:cc:f6:dd:b3:82:f7:a3:99:
         17:4c:af:61:f8:25:68:8f:8d:cc:df:a4:c9:92:8e:e0:f1:81:
         bd:65:63:66:f6:2f:57:57:8b:8a:ea:db:fe:6e:1a:d7:75:e6:
         20:98:e7:c8:86:30:7a:ba:e1:a2:8d:a3:7e:91:5f:d9:b5:87:
         66:0d:f2:82:bf:61:3a:1e:e7:c1:bd:15:1d:43:b7:e0:1f:8a:
         ca:99:a0:94:19:d6:d4:ba:27:63:27:6c:23:38:bd:b6:b7:9a:
         6d:c6:6a:24:d3:5a:80:28:8c:66:a6:fd:9c:8a:05:76:79:af:
         d0:b0:37:be:05:bb:d6:d5:37:ef:91:8f:4a:30:14:46:1d:52:
         7e:29:a8:33:d4:84:48:5f:5b:68:b3:94:72:92:aa:59:3e:47:
         2d:ad:37:3b:12:69:71:6f:d6:98:49:df:81:76:9a:2c:57:96:
         7a:13:44:8c:d2:3d:bb:1e:ec:83:af:e5:6d:3a:44:0e:cc:7f:
         1a:47:d0:bc:2d:4e:6f:99:93:25:a9:73:7a:5e:c8:ae:0f:fa:
         94:e2:97:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZl2P+llOajiR80hW4sbD+HaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxY2FkYzhhNDIxYzFmMjJmMWUyOTA0Y2NmZGJiY2VjNWRi
ZTFiMTEwHhcNMjUwOTIzMTEwNTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmI4ODIxODc4YjdiZjBlNWNjODE1ZGQ2MjA4MjYxYjdjOWE5MjM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPrNtQN+G0C1qi+C+M/vIlmb7lnL
cNaNgct1tJOshaF1l/YAAncrdS94dXlDro8PZt0WNY8fvU5LxbrbvQ851ZNQ4fhS
OvR+dlM9LDR9B4Ub0aqLIWwZP/iu9Sr8M3THOauMHwL/5vL5m94F9fJY3JjvHBKf
Djo1MAWxPz/832AY+DrwDeFHcSnnmNsPII+WyOrWdCXvHzUsllwMAps8OVAIA68w
sdLabv4EaRkTYWFO2JwaYM/jJuEfuoEipYn6FfUEVmdBtjb0VAMJVtj5Xw73hkl8
YeM+DYo65e51ONZmaDRlMVLOYXu3IzyZQVkyssa3707ruy5Vbv0B0syk9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOK4ghh4t78OXMgV3WIIJht8mpI1MB8GA1UdIwQY
MBaAFOHK3IpCHB8i8eKQTM/bvOxdvhsRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGNyY2lrSWNIeUx4NHBCTXo5dTg3RjItR3hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8xMWFmNDItZDNlZC00M2NkLTgyNzQt
NzQyZGMwYzk3MGMwLzEvNHJpQ0dIaTN2dzVjeUJYZFlnZ21HM3lha2pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8xMWFmNDItZDNlZC00M2NkLTgyNzQtNzQyZGMwYzk3MGMw
LzEvNGNyY2lrSWNIeUx4NHBCTXo5dTg3RjItR3hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1CgwMA0G
CSqGSIb3DQEBCwUAA4IBAQCpOTgPw4Upz5WqmTrHYYPUbU2suq5LInavhj7ToB0c
3MypMD26GwOkampAH6gezPbds4L3o5kXTK9h+CVoj43M36TJko7g8YG9ZWNm9i9X
V4uK6tv+bhrXdeYgmOfIhjB6uuGijaN+kV/ZtYdmDfKCv2E6HufBvRUdQ7fgH4rK
maCUGdbUuidjJ2wjOL22t5ptxmok01qAKIxmpv2cigV2ea/QsDe+BbvW1TfvkY9K
MBRGHVJ+Kagz1IRIX1tos5RykqpZPkctrTc7Emlxb9aYSd+BdposV5Z6E0SM0j27
HuyDr+VtOkQOzH8aR9C8LU5vmZMlqXN6XsiuD/qU4pcl
-----END CERTIFICATE-----