Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/hYZifB394Q_fg_dn2DSKA_YIZwA.roa
File:                     hYZifB394Q_fg_dn2DSKA_YIZwA.roa (raw, json)
Hash identifier:          qAci8Pygint2lrSaNgNslvSojUdYL0XMttlZXK/07DQ=
Subject key identifier:   85:86:62:7C:1D:FD:E1:0F:DF:83:F7:67:D8:34:8A:03:F6:08:67:00
Certificate issuer:       /CN=8d298d63970ab03cdfbf514fa0e8ed21310985f1
Certificate serial:       0197B17AC50438279C7CFF5B49F2331647A8
Authority key identifier: 8D:29:8D:63:97:0A:B0:3C:DF:BF:51:4F:A0:E8:ED:21:31:09:85:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/hYZifB394Q_fg_dn2DSKA_YIZwA.roa
Signing time:             Fri 27 Jun 2025 13:01:42 +0000
ROA not before:           Fri 27 Jun 2025 13:01:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     395374
IP address blocks:        46.16.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 21:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:b1:7a:c5:04:38:27:9c:7c:ff:5b:49:f2:33:16:47:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d298d63970ab03cdfbf514fa0e8ed21310985f1
        Validity
            Not Before: Jun 27 13:01:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8586627c1dfde10fdf83f767d8348a03f6086700
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:5c:8f:06:a9:30:ef:e6:86:b9:d8:73:2e:e3:
                    a1:92:c4:32:50:4e:f5:fd:57:4d:0b:65:9d:65:7d:
                    f8:bd:d3:4d:2e:ad:66:2b:a5:5c:34:50:a1:2d:3e:
                    08:2c:24:91:67:84:f7:7f:34:2e:13:82:c7:33:cc:
                    4e:a5:29:b1:d8:25:bc:2d:e8:2b:7e:66:05:37:1e:
                    a8:ae:77:dd:25:f2:e0:12:39:ee:c7:a7:e7:3d:6e:
                    45:f4:61:eb:e6:fc:ca:a6:13:f2:23:c4:ef:34:d9:
                    ce:e6:51:b8:f7:a0:7a:5e:40:2a:96:f0:cf:fa:4a:
                    e7:b8:67:f3:91:b2:a3:1a:53:f9:85:32:93:b7:b4:
                    ec:18:3f:85:21:79:8e:86:a4:3a:dc:a6:c3:6c:59:
                    be:26:89:94:b4:6a:c9:7f:3f:aa:53:a1:29:f8:8d:
                    34:3d:b7:15:b5:4d:d9:fc:92:29:ae:a8:51:6e:44:
                    4d:43:d3:c3:69:a9:22:ec:90:c6:3c:44:30:3a:a3:
                    e2:ed:25:8c:ea:49:2c:e6:56:39:b6:75:77:6c:29:
                    39:a4:41:78:8b:af:c2:25:f2:fe:97:79:e0:68:de:
                    19:d9:75:ee:20:69:ea:77:b4:8c:e1:50:f4:86:11:
                    67:62:9c:f8:df:d4:6f:f1:4e:98:28:1e:56:4f:df:
                    66:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:86:62:7C:1D:FD:E1:0F:DF:83:F7:67:D8:34:8A:03:F6:08:67:00
            X509v3 Authority Key Identifier:
                keyid:8D:29:8D:63:97:0A:B0:3C:DF:BF:51:4F:A0:E8:ED:21:31:09:85:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/hYZifB394Q_fg_dn2DSKA_YIZwA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:d1:4a:97:39:b3:a5:5f:4f:5f:bb:15:75:f2:19:df:4c:5c:
         a3:7f:98:ca:38:26:de:58:fe:bd:c6:cd:43:b4:21:a1:3f:e0:
         3c:6d:4d:2a:d9:f3:eb:76:90:10:f2:f5:06:8f:8f:45:64:d2:
         b0:08:fe:ef:bb:92:fb:a5:98:e3:da:90:ee:35:dc:89:15:5e:
         57:00:2d:38:7d:a8:20:e8:e3:12:8a:2a:6e:32:0e:8b:56:2d:
         a8:64:af:0c:a4:a9:81:ef:93:24:06:89:a7:65:7c:a0:1c:7f:
         a7:54:04:a0:cf:0a:86:b9:45:5f:cb:d6:d9:50:26:04:12:d5:
         25:7c:66:34:d7:aa:58:4a:77:7e:12:a6:70:dd:15:55:86:be:
         ee:23:e3:39:d9:ee:e6:6e:6c:76:7d:83:d0:4b:29:98:4a:b6:
         c8:f5:d7:07:0e:f3:6c:5f:0b:1e:bc:9e:ee:62:13:4f:21:51:
         47:98:46:71:b4:90:ca:d1:9d:49:05:ad:f2:bc:57:a5:0e:43:
         f4:9d:9b:a5:d9:ad:55:f8:87:b7:99:50:34:c5:fd:3b:cc:5c:
         7b:cf:e9:b5:47:1b:aa:bf:ec:d4:0c:b1:c8:8a:c2:eb:0c:2c:
         fc:e9:a7:f8:ae:09:b9:dd:85:ba:50:d4:46:41:72:e8:83:6e:
         02:d9:fc:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZexesUEOCecfP9bSfIzFkeoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMjk4ZDYzOTcwYWIwM2NkZmJmNTE0ZmEwZThlZDIxMzEw
OTg1ZjEwHhcNMjUwNjI3MTMwMTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTg2NjI3YzFkZmRlMTBmZGY4M2Y3NjdkODM0OGEwM2Y2MDg2NzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVyPBqkw7+aGudhzLuOhksQyUE71
/VdNC2WdZX34vdNNLq1mK6VcNFChLT4ILCSRZ4T3fzQuE4LHM8xOpSmx2CW8Legr
fmYFNx6ornfdJfLgEjnux6fnPW5F9GHr5vzKphPyI8TvNNnO5lG496B6XkAqlvDP
+krnuGfzkbKjGlP5hTKTt7TsGD+FIXmOhqQ63KbDbFm+JomUtGrJfz+qU6Ep+I00
PbcVtU3Z/JIprqhRbkRNQ9PDaaki7JDGPEQwOqPi7SWM6kks5lY5tnV3bCk5pEF4
i6/CJfL+l3ngaN4Z2XXuIGnqd7SM4VD0hhFnYpz439Rv8U6YKB5WT99mOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIWGYnwd/eEP34P3Z9g0igP2CGcAMB8GA1UdIwQY
MBaAFI0pjWOXCrA8379RT6Do7SExCYXxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalNtTlk1Y0tzRHpmdjFGUG9PanRJVEVKaGZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi83ZDAwZTAtY2Y0MS00MTQyLTk5ZDIt
NDk0NzEzYTk5NjNhLzEvaFlaaWZCMzk0UV9mZ19kbjJEU0tBX1lJWndBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi83ZDAwZTAtY2Y0MS00MTQyLTk5ZDItNDk0NzEzYTk5NjNh
LzEvalNtTlk1Y0tzRHpmdjFGUG9PanRJVEVKaGZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhCjMA0G
CSqGSIb3DQEBCwUAA4IBAQAm0UqXObOlX09fuxV18hnfTFyjf5jKOCbeWP69xs1D
tCGhP+A8bU0q2fPrdpAQ8vUGj49FZNKwCP7vu5L7pZjj2pDuNdyJFV5XAC04fagg
6OMSiipuMg6LVi2oZK8MpKmB75MkBomnZXygHH+nVASgzwqGuUVfy9bZUCYEEtUl
fGY016pYSnd+EqZw3RVVhr7uI+M52e7mbmx2fYPQSymYSrbI9dcHDvNsXwsevJ7u
YhNPIVFHmEZxtJDK0Z1JBa3yvFelDkP0nZul2a1V+Ie3mVA0xf07zFx7z+m1Rxuq
v+zUDLHIisLrDCz86af4rgm53YW6UNRGQXLog24C2fwb
-----END CERTIFICATE-----