Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/Hqr3lFqQdjNoLAvKkFjdiwPEQr8.roa
File:                     Hqr3lFqQdjNoLAvKkFjdiwPEQr8.roa (raw, json)
Hash identifier:          cZCMxo45VpaV48xQft3UBtyd8xJ7RJpZ5PQFW9cG3+g=
Subject key identifier:   1E:AA:F7:94:5A:90:76:33:68:2C:0B:CA:90:58:DD:8B:03:C4:42:BF
Certificate issuer:       /CN=b712c9fecbdebf56f845d607913d1b5571592a2a
Certificate serial:       01966C2780E5B4851A7A1DCAE204913D537E
Authority key identifier: B7:12:C9:FE:CB:DE:BF:56:F8:45:D6:07:91:3D:1B:55:71:59:2A:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/txLJ_svev1b4RdYHkT0bVXFZKio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/Hqr3lFqQdjNoLAvKkFjdiwPEQr8.roa
Signing time:             Fri 25 Apr 2025 08:54:10 +0000
ROA not before:           Fri 25 Apr 2025 08:54:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210574
IP address blocks:        46.36.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/txLJ_svev1b4RdYHkT0bVXFZKio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/txLJ_svev1b4RdYHkT0bVXFZKio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/txLJ_svev1b4RdYHkT0bVXFZKio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 02 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:27:80:e5:b4:85:1a:7a:1d:ca:e2:04:91:3d:53:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b712c9fecbdebf56f845d607913d1b5571592a2a
        Validity
            Not Before: Apr 25 08:54:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1eaaf7945a907633682c0bca9058dd8b03c442bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:05:40:cd:4a:ba:bb:ef:ae:ff:5c:23:c3:78:
                    e3:41:c5:39:e6:fb:2c:c1:d8:7b:7c:16:a4:c1:1f:
                    91:1e:d7:5e:fe:8a:0d:4c:f0:cc:1d:c6:15:db:e6:
                    ac:ee:8b:fa:e2:86:54:12:a8:44:11:ee:6e:7e:93:
                    d6:44:89:b5:7a:bf:70:cf:9b:1e:98:11:48:5f:91:
                    a7:5d:d7:ca:e7:2d:83:de:a2:a1:57:e8:2c:2b:af:
                    2e:71:ef:a1:65:79:f6:ad:9b:dd:ef:2f:3d:b5:86:
                    ad:63:34:36:4c:74:c8:f2:bf:58:be:27:49:d5:23:
                    6e:81:d8:5e:b8:1b:27:99:73:1a:3e:56:f1:fe:fb:
                    5c:11:20:de:88:99:4f:0c:d4:86:e8:97:e2:a6:98:
                    3c:06:f5:cc:25:3a:4f:53:13:4e:75:84:c9:36:a6:
                    45:da:42:b6:73:d2:d7:ca:72:11:62:11:62:97:e6:
                    85:55:09:ea:61:44:a6:26:87:4d:2c:2d:71:05:85:
                    71:29:60:5b:21:53:a8:fa:9c:57:ed:7b:c1:21:c6:
                    fc:32:ad:e6:d7:ef:d9:ce:f2:d1:25:f0:41:41:54:
                    b4:99:f9:cc:a4:68:36:66:34:47:e6:ba:f6:f7:30:
                    fe:5b:69:af:cf:12:be:41:36:36:0c:30:f4:5e:05:
                    10:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:AA:F7:94:5A:90:76:33:68:2C:0B:CA:90:58:DD:8B:03:C4:42:BF
            X509v3 Authority Key Identifier:
                keyid:B7:12:C9:FE:CB:DE:BF:56:F8:45:D6:07:91:3D:1B:55:71:59:2A:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/txLJ_svev1b4RdYHkT0bVXFZKio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/Hqr3lFqQdjNoLAvKkFjdiwPEQr8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/txLJ_svev1b4RdYHkT0bVXFZKio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:54:88:ae:7d:2a:17:56:d0:ee:85:5f:03:39:2a:3c:d2:57:
         a7:41:f1:df:a0:d0:b5:e8:e3:f1:f5:9d:d4:b7:ad:24:7f:69:
         2c:50:fe:58:0a:29:63:e3:99:59:6c:2f:b3:5a:5a:3f:d8:68:
         49:e8:6d:5c:d8:de:f0:68:1b:29:4f:3f:a5:5d:90:e1:71:2a:
         28:2f:71:b2:ff:d4:ae:2b:0b:ae:7f:af:c2:f4:08:d7:bc:9f:
         70:1f:da:4c:89:60:c7:e2:73:2c:f7:2b:dc:05:bc:c2:00:ca:
         ae:2f:33:9c:dd:fc:08:9f:87:ec:0b:3d:64:9d:75:91:e8:45:
         5a:bd:9b:13:5d:16:3a:b0:49:95:c4:a3:6c:78:3b:4c:3b:5e:
         48:ce:04:11:0a:cd:ba:75:13:dc:11:d2:3e:e5:6e:2e:6b:17:
         3f:58:c9:98:fb:90:a9:84:e0:84:48:89:70:fe:e2:6f:05:43:
         95:d5:01:73:46:31:7d:08:b0:7e:2d:7b:0a:bd:89:ba:c7:01:
         d6:ea:39:5e:e7:16:a7:fb:6f:b3:6c:26:a9:a3:68:5d:8a:a4:
         75:e0:51:45:68:4a:33:20:ea:cc:80:cf:63:f8:47:bf:49:ed:
         e1:64:a6:ca:53:69:a2:41:4e:3c:7e:61:1d:b4:fd:66:4a:a1:
         b8:3d:74:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZsJ4DltIUaeh3K4gSRPVN+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MTJjOWZlY2JkZWJmNTZmODQ1ZDYwNzkxM2QxYjU1NzE1
OTJhMmEwHhcNMjUwNDI1MDg1NDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZWFhZjc5NDVhOTA3NjMzNjgyYzBiY2E5MDU4ZGQ4YjAzYzQ0MmJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmAVAzUq6u++u/1wjw3jjQcU55vss
wdh7fBakwR+RHtde/ooNTPDMHcYV2+as7ov64oZUEqhEEe5ufpPWRIm1er9wz5se
mBFIX5GnXdfK5y2D3qKhV+gsK68uce+hZXn2rZvd7y89tYatYzQ2THTI8r9YvidJ
1SNugdheuBsnmXMaPlbx/vtcESDeiJlPDNSG6Jfippg8BvXMJTpPUxNOdYTJNqZF
2kK2c9LXynIRYhFil+aFVQnqYUSmJodNLC1xBYVxKWBbIVOo+pxX7XvBIcb8Mq3m
1+/ZzvLRJfBBQVS0mfnMpGg2ZjRH5rr29zD+W2mvzxK+QTY2DDD0XgUQpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB6q95RakHYzaCwLypBY3YsDxEK/MB8GA1UdIwQY
MBaAFLcSyf7L3r9W+EXWB5E9G1VxWSoqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHhMSl9zdmV2MWI0UmRZSGtUMGJWWEZaS2lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mMmVkZDEtZmUyNS00NDMyLWI3YTQt
OTU4YjY3OTg5MDVjLzEvSHFyM2xGcVFkak5vTEF2S2tGamRpd1BFUXI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mMmVkZDEtZmUyNS00NDMyLWI3YTQtOTU4YjY3OTg5MDVj
LzEvdHhMSl9zdmV2MWI0UmRZSGtUMGJWWEZaS2lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiTJMA0G
CSqGSIb3DQEBCwUAA4IBAQBeVIiufSoXVtDuhV8DOSo80lenQfHfoNC16OPx9Z3U
t60kf2ksUP5YCilj45lZbC+zWlo/2GhJ6G1c2N7waBspTz+lXZDhcSooL3Gy/9Su
Kwuuf6/C9AjXvJ9wH9pMiWDH4nMs9yvcBbzCAMquLzOc3fwIn4fsCz1knXWR6EVa
vZsTXRY6sEmVxKNseDtMO15IzgQRCs26dRPcEdI+5W4uaxc/WMmY+5CphOCESIlw
/uJvBUOV1QFzRjF9CLB+LXsKvYm6xwHW6jle5xan+2+zbCapo2hdiqR14FFFaEoz
IOrMgM9j+Ee/Se3hZKbKU2miQU48fmEdtP1mSqG4PXSZ
-----END CERTIFICATE-----