Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/Kaq_OwRC6lABDRXL85mMXGJr-1s.roa
File:                     Kaq_OwRC6lABDRXL85mMXGJr-1s.roa (raw, json)
Hash identifier:          qGHqa3NGLUotIrEUdm3o4RkalYVgHgqGETGE0ORGV2Q=
Subject key identifier:   29:AA:BF:3B:04:42:EA:50:01:0D:15:CB:F3:99:8C:5C:62:6B:FB:5B
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       019840EA2C25D0B953D506C069A0115C52A2
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/Kaq_OwRC6lABDRXL85mMXGJr-1s.roa
Signing time:             Fri 25 Jul 2025 09:29:05 +0000
ROA not before:           Fri 25 Jul 2025 09:29:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        46.236.252.0/23 maxlen: 23
                          46.236.254.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:40:ea:2c:25:d0:b9:53:d5:06:c0:69:a0:11:5c:52:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Jul 25 09:29:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=29aabf3b0442ea50010d15cbf3998c5c626bfb5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:67:35:ba:bb:53:40:17:37:cb:60:04:2f:f6:
                    dc:f9:37:aa:2b:80:a5:16:12:aa:54:de:61:25:9f:
                    0c:a0:e1:2f:59:8a:f8:6a:79:67:f4:46:2c:d8:98:
                    9e:6a:5f:59:73:ef:35:13:f9:19:82:ed:4c:93:31:
                    fd:2c:c5:04:b3:94:7c:c5:13:d4:e9:f5:95:09:b5:
                    0e:43:ca:5d:4b:b9:14:ac:08:c1:f5:a6:39:23:e4:
                    72:cb:a7:aa:cc:1b:e3:d6:08:4b:12:4c:df:77:f0:
                    97:f7:e1:e0:f3:f9:12:15:8c:74:ef:f6:9c:2f:87:
                    34:ad:72:b0:b6:c4:0a:06:49:6f:68:33:80:b6:f7:
                    03:4e:8d:cc:ef:12:cc:81:90:3b:d3:c8:1d:c7:d8:
                    ff:87:10:67:5d:4f:b3:41:f7:5e:74:5f:dd:d3:3a:
                    75:c0:2a:59:36:37:cb:33:2a:c4:43:ef:35:75:7c:
                    ed:81:af:1b:9e:90:ef:88:e0:96:76:d9:c0:24:89:
                    fd:4b:e0:b2:89:72:f4:29:52:17:dc:40:ae:46:c2:
                    d7:5b:a9:13:9c:26:54:b0:e5:4d:63:23:28:89:50:
                    07:b6:80:50:7a:51:85:53:ef:f4:40:65:92:fe:d8:
                    7b:ac:1e:30:b0:df:c0:d9:3a:78:67:11:36:8a:81:
                    11:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:AA:BF:3B:04:42:EA:50:01:0D:15:CB:F3:99:8C:5C:62:6B:FB:5B
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/Kaq_OwRC6lABDRXL85mMXGJr-1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ab:e3:1d:64:5e:a9:73:5c:19:03:50:4f:96:c5:9d:89:a7:62:
         46:3b:3a:d8:2b:be:62:14:fb:db:78:d5:84:c5:01:49:e1:18:
         d4:40:73:88:5f:50:9c:15:28:26:ea:dc:67:1c:01:b8:94:51:
         c2:4c:56:86:58:77:d5:dd:38:c6:c6:f0:47:59:2d:11:86:b3:
         cd:b0:67:c1:83:8b:63:71:7f:31:9d:e5:bf:36:77:25:d9:f9:
         ed:4d:32:a1:d2:da:6b:83:1f:71:6c:84:77:9c:39:d8:ba:ab:
         73:72:3f:89:71:d9:80:fa:a5:ad:e0:30:c7:15:63:5d:f3:86:
         e4:cd:cf:3c:27:98:e4:e4:a1:09:45:8c:eb:5c:86:18:61:98:
         3a:bb:aa:ec:ab:a8:25:28:71:1d:9a:3f:a7:6d:dc:d8:32:80:
         41:40:89:21:4b:c3:c3:64:30:23:b3:d7:d1:24:33:2c:a0:47:
         96:0a:60:3d:49:2f:84:8d:d4:54:ec:72:29:72:2e:69:31:3f:
         70:00:bf:57:69:eb:20:62:86:ca:51:df:59:5d:60:6a:01:9d:
         6a:61:b9:32:af:9b:49:b2:d8:54:40:e4:fd:39:4a:86:f4:51:
         6c:3b:47:98:28:ad:a4:81:27:33:76:fb:08:e6:ce:73:bd:a1:
         48:8a:4d:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhA6iwl0LlT1QbAaaARXFKiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwNzI1MDkyOTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWFhYmYzYjA0NDJlYTUwMDEwZDE1Y2JmMzk5OGM1YzYyNmJmYjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkGc1urtTQBc3y2AEL/bc+TeqK4Cl
FhKqVN5hJZ8MoOEvWYr4anln9EYs2Jieal9Zc+81E/kZgu1MkzH9LMUEs5R8xRPU
6fWVCbUOQ8pdS7kUrAjB9aY5I+Ryy6eqzBvj1ghLEkzfd/CX9+Hg8/kSFYx07/ac
L4c0rXKwtsQKBklvaDOAtvcDTo3M7xLMgZA708gdx9j/hxBnXU+zQfdedF/d0zp1
wCpZNjfLMyrEQ+81dXztga8bnpDviOCWdtnAJIn9S+CyiXL0KVIX3ECuRsLXW6kT
nCZUsOVNYyMoiVAHtoBQelGFU+/0QGWS/th7rB4wsN/A2Tp4ZxE2ioERawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmqvzsEQupQAQ0Vy/OZjFxia/tbMB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvS2FxX093UkM2bEFCRFJYTDg1bU1YR0pyLTFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLuz8MA0G
CSqGSIb3DQEBCwUAA4IBAQCr4x1kXqlzXBkDUE+WxZ2Jp2JGOzrYK75iFPvbeNWE
xQFJ4RjUQHOIX1CcFSgm6txnHAG4lFHCTFaGWHfV3TjGxvBHWS0RhrPNsGfBg4tj
cX8xneW/Nncl2fntTTKh0tprgx9xbIR3nDnYuqtzcj+JcdmA+qWt4DDHFWNd84bk
zc88J5jk5KEJRYzrXIYYYZg6u6rsq6glKHEdmj+nbdzYMoBBQIkhS8PDZDAjs9fR
JDMsoEeWCmA9SS+EjdRU7HIpci5pMT9wAL9XaesgYobKUd9ZXWBqAZ1qYbkyr5tJ
sthUQOT9OUqG9FFsO0eYKK2kgSczdvsI5s5zvaFIik3s
-----END CERTIFICATE-----