Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/uIJIuuAnt6td9AqkKzjwQT857_0.roa
File:                     uIJIuuAnt6td9AqkKzjwQT857_0.roa (raw, json)
Hash identifier:          A6x0e2CvG+/bTGJF3SyM7Q0bPdqE0EXH0TDiPVe/x1U=
Subject key identifier:   B8:82:48:BA:E0:27:B7:AB:5D:F4:0A:A4:2B:38:F0:41:3F:39:EF:FD
Certificate issuer:       /CN=8d298d63970ab03cdfbf514fa0e8ed21310985f1
Certificate serial:       0197A1F9ED81F974014A6504D502AC19AD35
Authority key identifier: 8D:29:8D:63:97:0A:B0:3C:DF:BF:51:4F:A0:E8:ED:21:31:09:85:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/uIJIuuAnt6td9AqkKzjwQT857_0.roa
Signing time:             Tue 24 Jun 2025 12:46:40 +0000
ROA not before:           Tue 24 Jun 2025 12:46:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43584
IP address blocks:        46.16.167.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 08:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a1:f9:ed:81:f9:74:01:4a:65:04:d5:02:ac:19:ad:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d298d63970ab03cdfbf514fa0e8ed21310985f1
        Validity
            Not Before: Jun 24 12:46:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b88248bae027b7ab5df40aa42b38f0413f39effd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:f6:2a:d7:e8:5e:f8:35:ae:36:06:85:b1:4c:
                    7f:79:0d:ba:ec:43:2d:fe:4f:d9:d6:2a:90:b7:4a:
                    95:fb:d4:7e:22:d6:06:5b:c2:06:b4:94:0b:ff:42:
                    d1:fb:70:33:90:2f:8c:eb:6b:60:f8:39:0e:12:ed:
                    60:54:6b:1b:3a:4e:d2:9a:08:a7:65:bc:30:f0:86:
                    1d:eb:a4:1e:32:80:8e:5f:a8:5b:c1:8b:00:f0:7d:
                    3f:a2:90:86:c9:bd:f0:ca:8a:ac:74:a3:cf:17:76:
                    31:21:de:95:3d:9f:86:bf:39:d2:c0:1c:9a:02:15:
                    ad:32:4d:d0:76:32:eb:28:85:d8:14:7c:ae:57:0d:
                    20:e5:ab:60:ce:c2:40:46:5c:30:8c:81:1b:ec:71:
                    8f:7a:00:35:12:ba:84:8f:eb:48:49:68:21:c8:5a:
                    6c:ef:9b:73:c2:35:3a:a3:a2:27:79:ec:c0:7a:01:
                    bf:4e:8a:f5:80:44:07:57:0a:97:08:ff:f1:1d:23:
                    00:35:69:f8:50:11:9a:c2:d7:8e:3f:00:05:38:03:
                    bb:5f:28:f2:5b:56:1a:9e:7f:2a:c5:fb:90:40:e6:
                    2d:37:88:f1:11:3a:b4:1c:59:3e:e2:09:5d:d6:85:
                    94:54:bb:0c:9f:62:a5:41:93:28:f4:2f:d0:9e:fd:
                    9c:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:82:48:BA:E0:27:B7:AB:5D:F4:0A:A4:2B:38:F0:41:3F:39:EF:FD
            X509v3 Authority Key Identifier:
                keyid:8D:29:8D:63:97:0A:B0:3C:DF:BF:51:4F:A0:E8:ED:21:31:09:85:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/uIJIuuAnt6td9AqkKzjwQT857_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.167.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:1c:a7:cb:9c:1d:e5:08:35:c6:1e:b0:e9:37:f3:8b:99:07:
         35:46:6d:0d:0e:84:01:f7:33:45:fc:71:60:22:4b:1a:fd:af:
         a4:80:73:b4:1f:1e:df:e7:f2:95:c3:c0:e8:8a:1c:7b:4a:b2:
         12:dc:7f:be:53:1b:9c:f1:4e:ab:4e:5b:8d:6a:1c:65:46:aa:
         13:63:7f:76:c7:b9:b0:21:d8:a7:3f:6f:ce:c3:64:44:12:4a:
         1a:97:72:a6:fe:b0:e4:cd:e4:53:95:1a:1d:12:57:b2:ac:e9:
         e6:03:af:13:f1:9d:26:a2:4e:e9:a7:74:2e:24:2b:cf:78:b1:
         81:3c:aa:dd:35:27:28:e7:fd:e3:65:79:cd:da:89:af:a2:8c:
         ea:4a:b4:49:af:39:17:f7:7b:e5:04:c6:8b:a2:1d:a5:61:39:
         e2:bf:4a:da:9e:e3:3e:56:19:79:67:e2:f6:f9:49:6d:91:7e:
         a4:9c:60:44:61:15:90:ff:19:a3:25:80:cf:62:aa:be:55:01:
         75:dd:cf:da:cc:fd:24:e6:e5:27:42:25:ad:ce:2c:af:69:44:
         3c:b0:63:dc:06:43:28:fe:dd:f5:21:0b:81:49:d7:fc:47:b0:
         f7:a7:68:e0:7f:be:80:a1:32:49:3d:26:55:4c:20:dd:39:8a:
         36:f1:5a:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeh+e2B+XQBSmUE1QKsGa01MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMjk4ZDYzOTcwYWIwM2NkZmJmNTE0ZmEwZThlZDIxMzEw
OTg1ZjEwHhcNMjUwNjI0MTI0NjQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODgyNDhiYWUwMjdiN2FiNWRmNDBhYTQyYjM4ZjA0MTNmMzllZmZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PYq1+he+DWuNgaFsUx/eQ267EMt
/k/Z1iqQt0qV+9R+ItYGW8IGtJQL/0LR+3AzkC+M62tg+DkOEu1gVGsbOk7Smgin
Zbww8IYd66QeMoCOX6hbwYsA8H0/opCGyb3wyoqsdKPPF3YxId6VPZ+GvznSwBya
AhWtMk3QdjLrKIXYFHyuVw0g5atgzsJARlwwjIEb7HGPegA1ErqEj+tISWghyFps
75tzwjU6o6IneezAegG/Tor1gEQHVwqXCP/xHSMANWn4UBGawteOPwAFOAO7Xyjy
W1Yann8qxfuQQOYtN4jxETq0HFk+4gld1oWUVLsMn2KlQZMo9C/Qnv2cHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLiCSLrgJ7erXfQKpCs48EE/Oe/9MB8GA1UdIwQY
MBaAFI0pjWOXCrA8379RT6Do7SExCYXxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalNtTlk1Y0tzRHpmdjFGUG9PanRJVEVKaGZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi83ZDAwZTAtY2Y0MS00MTQyLTk5ZDIt
NDk0NzEzYTk5NjNhLzEvdUlKSXV1QW50NnRkOUFxa0t6andRVDg1N18wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi83ZDAwZTAtY2Y0MS00MTQyLTk5ZDItNDk0NzEzYTk5NjNh
LzEvalNtTlk1Y0tzRHpmdjFGUG9PanRJVEVKaGZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhCnMA0G
CSqGSIb3DQEBCwUAA4IBAQDSHKfLnB3lCDXGHrDpN/OLmQc1Rm0NDoQB9zNF/HFg
Iksa/a+kgHO0Hx7f5/KVw8Doihx7SrIS3H++Uxuc8U6rTluNahxlRqoTY392x7mw
IdinP2/Ow2REEkoal3Km/rDkzeRTlRodEleyrOnmA68T8Z0mok7pp3QuJCvPeLGB
PKrdNSco5/3jZXnN2omvoozqSrRJrzkX93vlBMaLoh2lYTniv0ranuM+Vhl5Z+L2
+UltkX6knGBEYRWQ/xmjJYDPYqq+VQF13c/azP0k5uUnQiWtziyvaUQ8sGPcBkMo
/t31IQuBSdf8R7D3p2jgf76AoTJJPSZVTCDdOYo28Voj
-----END CERTIFICATE-----