Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/317cc1-64c2-472e-914b-0bfb86884404/1/nmDQ5sn6P7ecn55KSWAGIphgo6U.roa
File:                     nmDQ5sn6P7ecn55KSWAGIphgo6U.roa (raw, json)
Hash identifier:          fC95GsgDpVAuW+5RC4Zgw8UvFD2E/5JtR14wL2gAYEM=
Subject key identifier:   9E:60:D0:E6:C9:FA:3F:B7:9C:9F:9E:4A:49:60:06:22:98:60:A3:A5
Certificate issuer:       /CN=e24c9c50cf4e2dac05e1f04328224e20a4605d77
Certificate serial:       0199709CF645B6628AA11A9BA223B0B99658
Authority key identifier: E2:4C:9C:50:CF:4E:2D:AC:05:E1:F0:43:28:22:4E:20:A4:60:5D:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4kycUM9OLawF4fBDKCJOIKRgXXc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/317cc1-64c2-472e-914b-0bfb86884404/1/nmDQ5sn6P7ecn55KSWAGIphgo6U.roa
Signing time:             Mon 22 Sep 2025 08:49:18 +0000
ROA not before:           Mon 22 Sep 2025 08:49:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52140
IP address blocks:        46.255.216.0/21 maxlen: 21
                          46.255.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/317cc1-64c2-472e-914b-0bfb86884404/1/4kycUM9OLawF4fBDKCJOIKRgXXc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/317cc1-64c2-472e-914b-0bfb86884404/1/4kycUM9OLawF4fBDKCJOIKRgXXc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4kycUM9OLawF4fBDKCJOIKRgXXc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:70:9c:f6:45:b6:62:8a:a1:1a:9b:a2:23:b0:b9:96:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e24c9c50cf4e2dac05e1f04328224e20a4605d77
        Validity
            Not Before: Sep 22 08:49:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9e60d0e6c9fa3fb79c9f9e4a496006229860a3a5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:95:a4:39:47:67:dc:34:3d:1c:32:61:af:f2:
                    1e:a7:cd:78:c4:14:6b:14:98:17:22:a1:4b:04:07:
                    4e:ea:00:b6:3b:42:52:0d:fa:24:5f:f4:3c:4b:8a:
                    15:5e:e6:66:d7:d3:45:6d:fb:b5:2f:9d:75:fd:61:
                    73:88:bb:ba:65:32:3e:50:eb:00:dd:b8:3a:76:86:
                    71:8b:b5:c5:7a:ce:52:df:19:ff:8e:d4:59:66:67:
                    bb:b2:35:e3:3c:39:dc:72:6a:aa:bd:df:b7:fe:a8:
                    96:e1:ad:03:22:27:6e:4b:49:21:4c:00:10:29:2b:
                    58:7f:73:78:56:7d:e5:4b:aa:40:f1:e3:6c:fd:a4:
                    cb:0d:a3:65:b8:7f:05:7d:39:8b:9b:9c:d4:4c:e3:
                    62:00:58:e8:74:b7:da:4e:2b:88:51:ca:bf:3b:a6:
                    d5:f6:ad:09:0e:b3:1a:86:68:ab:37:0f:19:dc:d9:
                    b0:bf:b5:73:8e:1b:f2:9d:65:e2:62:53:df:c8:a6:
                    fb:ec:4b:12:e8:09:77:bd:aa:d7:96:c3:d6:6b:72:
                    05:09:79:82:e9:da:ef:42:cb:40:ec:65:70:5d:ff:
                    76:2f:d4:4d:dd:ba:1b:c1:bb:b3:e2:c5:c8:4c:67:
                    79:ab:d5:e8:27:25:c2:30:a9:29:c9:b6:89:9c:eb:
                    42:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:60:D0:E6:C9:FA:3F:B7:9C:9F:9E:4A:49:60:06:22:98:60:A3:A5
            X509v3 Authority Key Identifier:
                keyid:E2:4C:9C:50:CF:4E:2D:AC:05:E1:F0:43:28:22:4E:20:A4:60:5D:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4kycUM9OLawF4fBDKCJOIKRgXXc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/317cc1-64c2-472e-914b-0bfb86884404/1/nmDQ5sn6P7ecn55KSWAGIphgo6U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/317cc1-64c2-472e-914b-0bfb86884404/1/4kycUM9OLawF4fBDKCJOIKRgXXc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.255.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8b:98:97:ce:da:bc:3c:1b:16:7b:3b:85:02:38:19:62:f0:3b:
         a2:5c:fa:d0:42:8e:0c:bf:69:63:aa:35:9e:d8:5e:10:96:e2:
         c6:db:1f:93:25:4b:29:f8:42:fd:c5:6e:1d:89:86:94:54:0b:
         5b:80:df:57:8f:6c:4c:7e:59:36:f9:4d:df:65:8d:6e:7e:fd:
         66:d9:e7:a4:21:5b:fe:06:4d:57:b8:f7:2e:73:a7:5f:21:9f:
         76:23:47:a9:ec:78:d3:01:66:55:04:9d:c7:33:ef:fd:2e:5e:
         4b:45:89:4d:b0:c2:c9:83:d0:be:ec:83:07:67:f8:2a:98:09:
         44:05:45:b5:81:2a:bf:9d:a1:94:a0:d8:1b:f7:44:e0:44:23:
         a9:8d:e6:ba:ba:91:49:02:31:a2:35:01:ac:1c:21:12:ab:76:
         b5:dd:61:3a:a7:ac:8c:f3:ce:42:c8:94:65:8a:1b:ae:af:17:
         c7:74:a5:fb:7c:a5:09:ff:56:b0:92:a8:c8:10:be:57:26:94:
         7d:0b:55:85:13:60:3f:f1:37:fc:76:51:3c:ce:1e:95:10:44:
         2b:27:ec:47:44:64:30:87:a6:ef:08:93:ca:88:12:30:48:9d:
         99:43:2c:42:1a:d6:05:10:f9:a3:15:97:cf:dc:33:8c:7c:a0:
         05:d3:ef:a6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlwnPZFtmKKoRqboiOwuZZYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyNGM5YzUwY2Y0ZTJkYWMwNWUxZjA0MzI4MjI0ZTIwYTQ2
MDVkNzcwHhcNMjUwOTIyMDg0OTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZTYwZDBlNmM5ZmEzZmI3OWM5ZjllNGE0OTYwMDYyMjk4NjBhM2E1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5WkOUdn3DQ9HDJhr/Iep814xBRr
FJgXIqFLBAdO6gC2O0JSDfokX/Q8S4oVXuZm19NFbfu1L511/WFziLu6ZTI+UOsA
3bg6doZxi7XFes5S3xn/jtRZZme7sjXjPDnccmqqvd+3/qiW4a0DIiduS0khTAAQ
KStYf3N4Vn3lS6pA8eNs/aTLDaNluH8FfTmLm5zUTONiAFjodLfaTiuIUcq/O6bV
9q0JDrMahmirNw8Z3Nmwv7VzjhvynWXiYlPfyKb77EsS6Al3varXlsPWa3IFCXmC
6drvQstA7GVwXf92L9RN3bobwbuz4sXITGd5q9XoJyXCMKkpybaJnOtCnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ5g0ObJ+j+3nJ+eSklgBiKYYKOlMB8GA1UdIwQY
MBaAFOJMnFDPTi2sBeHwQygiTiCkYF13MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGt5Y1VNOU9MYXdGNGZCREtDSk9JS1JnWFhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8zMTdjYzEtNjRjMi00NzJlLTkxNGIt
MGJmYjg2ODg0NDA0LzEvbm1EUTVzbjZQN2VjbjU1S1NXQUdJcGhnbzZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8zMTdjYzEtNjRjMi00NzJlLTkxNGItMGJmYjg2ODg0NDA0
LzEvNGt5Y1VNOU9MYXdGNGZCREtDSk9JS1JnWFhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLv/YMA0G
CSqGSIb3DQEBCwUAA4IBAQCLmJfO2rw8GxZ7O4UCOBli8DuiXPrQQo4Mv2ljqjWe
2F4QluLG2x+TJUsp+EL9xW4diYaUVAtbgN9Xj2xMflk2+U3fZY1ufv1m2eekIVv+
Bk1XuPcuc6dfIZ92I0ep7HjTAWZVBJ3HM+/9Ll5LRYlNsMLJg9C+7IMHZ/gqmAlE
BUW1gSq/naGUoNgb90TgRCOpjea6upFJAjGiNQGsHCESq3a13WE6p6yM885CyJRl
ihuurxfHdKX7fKUJ/1awkqjIEL5XJpR9C1WFE2A/8Tf8dlE8zh6VEEQrJ+xHRGQw
h6bvCJPKiBIwSJ2ZQyxCGtYFEPmjFZfP3DOMfKAF0++m
-----END CERTIFICATE-----