Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/EoKkb2zrQn65CoAKqp0vkJlsGaY.roa
File:                     EoKkb2zrQn65CoAKqp0vkJlsGaY.roa (raw, json)
Hash identifier:          pDddEZoUeVKYpsoC5XByYGuX20goub0DenHNr3w8PmM=
Subject key identifier:   12:82:A4:6F:6C:EB:42:7E:B9:0A:80:0A:AA:9D:2F:90:99:6C:19:A6
Certificate issuer:       /CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
Certificate serial:       0199CF8B033472F47A1F2C3C7F817AC5016D
Authority key identifier: D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/EoKkb2zrQn65CoAKqp0vkJlsGaY.roa
Signing time:             Fri 10 Oct 2025 19:13:37 +0000
ROA not before:           Fri 10 Oct 2025 19:13:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397630
IP address blocks:        46.37.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 19:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:cf:8b:03:34:72:f4:7a:1f:2c:3c:7f:81:7a:c5:01:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3cf0884918a50239ef70518ee9fc04f1aae1929
        Validity
            Not Before: Oct 10 19:13:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1282a46f6ceb427eb90a800aaa9d2f90996c19a6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:dd:ef:af:0e:e6:8c:ee:13:6b:03:16:4e:58:
                    81:15:31:fa:9b:fa:f9:47:d6:47:75:c3:ee:a8:fd:
                    23:2b:b5:8f:af:60:b8:e2:5e:ad:b5:8a:db:7c:ae:
                    45:60:bc:d0:d0:4a:6d:f7:39:a8:a3:c4:87:a0:59:
                    da:11:38:f6:81:4d:01:97:ca:4c:69:8d:f5:37:cd:
                    b0:d1:45:ac:4b:44:e7:9d:50:55:36:be:08:06:7b:
                    29:58:bb:0f:90:d1:50:70:f4:65:6d:9d:c7:b6:b7:
                    b6:1d:9e:be:ea:02:cb:c1:ce:b6:42:e6:80:3b:c5:
                    e2:77:96:99:cb:ca:6f:8c:37:c5:38:66:2e:f9:7f:
                    53:1f:df:72:d4:4e:7a:80:f8:08:1b:1e:d4:95:e7:
                    1c:74:3b:da:b6:9a:84:6d:4a:4c:17:c8:f4:b1:92:
                    34:09:d9:5e:55:95:91:cc:40:10:53:00:72:3b:2e:
                    c5:5b:0a:1f:c0:1b:2a:5c:16:c8:80:31:49:a6:16:
                    30:42:3b:19:fc:70:08:cc:41:71:b5:9f:c1:8d:6a:
                    49:3c:79:bf:91:0d:bc:f7:f1:42:23:96:7e:13:30:
                    d6:72:c3:b9:55:40:95:d4:bc:e1:73:c8:85:e2:5e:
                    ce:3d:93:f5:b0:de:a8:24:d8:1b:98:b1:01:0e:33:
                    a2:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:82:A4:6F:6C:EB:42:7E:B9:0A:80:0A:AA:9D:2F:90:99:6C:19:A6
            X509v3 Authority Key Identifier:
                keyid:D3:CF:08:84:91:8A:50:23:9E:F7:05:18:EE:9F:C0:4F:1A:AE:19:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/088IhJGKUCOe9wUY7p_ATxquGSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/EoKkb2zrQn65CoAKqp0vkJlsGaY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/cdff16-458a-47c3-8dfa-231549409720/1/088IhJGKUCOe9wUY7p_ATxquGSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:75:6b:92:76:77:35:fe:41:49:62:a9:96:42:dd:93:55:b1:
         5d:dd:56:1a:d7:a6:3c:37:a5:e2:d6:94:56:0a:64:69:a5:3e:
         0b:3a:cd:fc:04:87:eb:4b:fd:1c:a9:ee:d3:41:96:ec:61:e8:
         88:02:d7:44:83:a8:75:cf:92:b9:72:fa:bd:ac:79:47:35:f6:
         d5:93:a9:db:5c:f2:34:3c:ba:35:d9:5b:f9:c7:94:a8:43:5e:
         c7:14:5f:b0:90:1c:25:f9:74:13:41:72:65:7a:8f:b3:0c:d7:
         19:ed:7a:f6:1f:eb:57:22:a0:90:97:3e:5b:74:1f:da:3f:a8:
         92:36:22:81:78:43:aa:01:b8:b9:37:27:97:64:3d:0b:22:a4:
         aa:27:1a:75:a0:d1:77:94:cb:44:5d:7f:86:2c:a7:02:01:54:
         28:1a:5a:ee:ca:62:0e:96:09:10:92:5f:01:9c:4f:e2:72:a0:
         5f:d4:09:05:86:36:c3:07:5f:02:ee:19:c7:df:c3:40:e0:74:
         d4:c7:88:8d:52:e0:50:15:e0:93:73:0b:ab:ef:13:bf:e6:ba:
         bd:b0:79:23:96:c2:af:8f:2d:a9:54:1e:4b:f5:1f:29:fe:b1:
         67:29:b4:24:fe:54:b2:e3:7d:dc:c6:52:b0:fe:a7:44:12:2b:
         55:97:8f:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnPiwM0cvR6Hyw8f4F6xQFtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzY2YwODg0OTE4YTUwMjM5ZWY3MDUxOGVlOWZjMDRmMWFh
ZTE5MjkwHhcNMjUxMDEwMTkxMzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjgyYTQ2ZjZjZWI0MjdlYjkwYTgwMGFhYTlkMmY5MDk5NmMxOWE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm93vrw7mjO4TawMWTliBFTH6m/r5
R9ZHdcPuqP0jK7WPr2C44l6ttYrbfK5FYLzQ0Ept9zmoo8SHoFnaETj2gU0Bl8pM
aY31N82w0UWsS0TnnVBVNr4IBnspWLsPkNFQcPRlbZ3Htre2HZ6+6gLLwc62QuaA
O8Xid5aZy8pvjDfFOGYu+X9TH99y1E56gPgIGx7UleccdDvatpqEbUpMF8j0sZI0
CdleVZWRzEAQUwByOy7FWwofwBsqXBbIgDFJphYwQjsZ/HAIzEFxtZ/BjWpJPHm/
kQ289/FCI5Z+EzDWcsO5VUCV1Lzhc8iF4l7OPZP1sN6oJNgbmLEBDjOiYwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKCpG9s60J+uQqACqqdL5CZbBmmMB8GA1UdIwQY
MBaAFNPPCISRilAjnvcFGO6fwE8arhkpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEt
MjMxNTQ5NDA5NzIwLzEvRW9La2IyenJRbjY1Q29BS3FwMHZrSmxzR2FZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy9jZGZmMTYtNDU4YS00N2MzLThkZmEtMjMxNTQ5NDA5NzIw
LzEvMDg4SWhKR0tVQ09lOXdVWTdwX0FUeHF1R1NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiV+MA0G
CSqGSIb3DQEBCwUAA4IBAQCjdWuSdnc1/kFJYqmWQt2TVbFd3VYa16Y8N6Xi1pRW
CmRppT4LOs38BIfrS/0cqe7TQZbsYeiIAtdEg6h1z5K5cvq9rHlHNfbVk6nbXPI0
PLo12Vv5x5SoQ17HFF+wkBwl+XQTQXJleo+zDNcZ7Xr2H+tXIqCQlz5bdB/aP6iS
NiKBeEOqAbi5NyeXZD0LIqSqJxp1oNF3lMtEXX+GLKcCAVQoGlruymIOlgkQkl8B
nE/icqBf1AkFhjbDB18C7hnH38NA4HTUx4iNUuBQFeCTcwur7xO/5rq9sHkjlsKv
jy2pVB5L9R8p/rFnKbQk/lSy433cxlKw/qdEEitVl4//
-----END CERTIFICATE-----