Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/xY8O1HQcthonbf03hVZUJttA-3k.roa
File:                     xY8O1HQcthonbf03hVZUJttA-3k.roa (raw, json)
Hash identifier:          VnV3WEcdTaUx8HFdXjrg5qMNEOniv+q8hPyCeb+p72M=
Subject key identifier:   C5:8F:0E:D4:74:1C:B6:1A:27:6D:FD:37:85:56:54:26:DB:40:FB:79
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       019657421395BA010FA1D1533269E7DE5A2F
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/xY8O1HQcthonbf03hVZUJttA-3k.roa
Signing time:             Mon 21 Apr 2025 07:31:10 +0000
ROA not before:           Mon 21 Apr 2025 07:31:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        46.236.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:57:42:13:95:ba:01:0f:a1:d1:53:32:69:e7:de:5a:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Apr 21 07:31:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c58f0ed4741cb61a276dfd3785565426db40fb79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:0a:dd:de:a9:1e:de:8e:cb:01:a9:93:04:4b:
                    59:c8:cb:6a:89:b0:d1:d8:2e:7c:1d:a2:96:de:28:
                    95:16:bb:f2:8e:83:85:03:17:96:b7:10:de:a6:9e:
                    b9:4a:c7:63:ec:b0:39:9f:17:38:b3:8f:8b:29:1f:
                    4e:13:f7:85:b4:7b:67:2f:6e:12:3b:ce:8c:4d:2b:
                    5f:d0:40:9f:12:1d:96:88:f3:be:98:60:bb:64:86:
                    59:46:09:04:25:86:6b:c3:c4:bf:3b:3a:8f:f5:ea:
                    e9:a9:85:a6:d6:1d:85:4e:d8:c4:10:9b:0c:e6:14:
                    51:f3:0a:bf:ed:3b:75:81:64:fb:45:e5:89:4d:d1:
                    92:92:ee:0f:81:ce:f7:42:4f:9c:56:ca:e1:45:b4:
                    c6:c6:68:0b:d5:a0:a6:cc:06:a5:ba:e7:db:9d:c8:
                    32:21:be:36:7b:14:a7:95:26:bf:74:71:f1:0d:b1:
                    31:c7:f4:9c:66:fa:c4:45:19:f5:4d:fd:6c:16:e4:
                    42:05:f0:ce:bc:5d:88:26:1f:c1:dd:59:db:e0:98:
                    ca:c2:91:f6:2c:6f:24:fe:97:e6:77:23:9d:0b:a6:
                    8d:47:d3:e1:3f:7b:ec:24:64:ed:6e:d0:17:d7:e1:
                    0b:78:2b:9d:3d:dc:0e:42:34:9f:69:be:8d:3e:f1:
                    73:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:8F:0E:D4:74:1C:B6:1A:27:6D:FD:37:85:56:54:26:DB:40:FB:79
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/xY8O1HQcthonbf03hVZUJttA-3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:91:bf:44:27:cb:c1:50:2b:d1:38:fe:d3:b0:05:b9:3d:ae:
         5c:78:fd:7f:09:e1:44:b1:94:5d:5e:78:de:a6:9b:eb:18:c9:
         57:27:c6:19:8b:49:0a:56:49:0d:66:ce:05:45:38:57:ab:b0:
         c2:ac:74:6d:78:39:a0:2e:ba:64:e9:ad:f6:33:73:80:03:99:
         a9:37:79:b8:21:f8:ad:8f:6e:5b:9b:78:1b:38:9c:15:07:56:
         65:23:8e:1b:5a:00:3e:49:cd:ad:87:de:e7:14:ea:31:05:32:
         22:76:8d:cb:9a:44:e6:73:b8:c8:0a:1a:26:25:17:2d:62:d4:
         aa:19:61:37:05:e2:0b:57:64:49:af:7b:20:88:7d:eb:ea:91:
         b3:cf:c8:1c:f7:b4:5d:35:c9:c4:6e:e6:58:11:8a:3f:00:33:
         35:29:ed:b2:7a:cd:ec:82:65:e9:43:8b:d7:d3:8b:40:f7:22:
         3b:cd:7b:45:20:82:b8:25:8b:89:8e:be:41:12:d6:b1:37:48:
         64:a8:6b:d6:24:ba:f1:12:b2:70:a9:b4:da:ca:56:6b:c0:d8:
         7b:a4:dc:d0:54:cf:af:74:4b:15:7f:b3:69:f3:40:5d:c8:a7:
         fb:35:46:0c:b3:42:ed:c8:15:ab:f9:f2:b8:26:af:ea:c5:87:
         a1:3d:21:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZXQhOVugEPodFTMmnn3lovMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwNDIxMDczMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNThmMGVkNDc0MWNiNjFhMjc2ZGZkMzc4NTU2NTQyNmRiNDBmYjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwrd3qke3o7LAamTBEtZyMtqibDR
2C58HaKW3iiVFrvyjoOFAxeWtxDepp65Ssdj7LA5nxc4s4+LKR9OE/eFtHtnL24S
O86MTStf0ECfEh2WiPO+mGC7ZIZZRgkEJYZrw8S/OzqP9erpqYWm1h2FTtjEEJsM
5hRR8wq/7Tt1gWT7ReWJTdGSku4Pgc73Qk+cVsrhRbTGxmgL1aCmzAaluufbncgy
Ib42exSnlSa/dHHxDbExx/ScZvrERRn1Tf1sFuRCBfDOvF2IJh/B3Vnb4JjKwpH2
LG8k/pfmdyOdC6aNR9PhP3vsJGTtbtAX1+ELeCudPdwOQjSfab6NPvFzOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWPDtR0HLYaJ239N4VWVCbbQPt5MB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEveFk4TzFIUWN0aG9uYmYwM2hWWlVKdHRBLTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuzLMA0G
CSqGSIb3DQEBCwUAA4IBAQA4kb9EJ8vBUCvROP7TsAW5Pa5ceP1/CeFEsZRdXnje
ppvrGMlXJ8YZi0kKVkkNZs4FRThXq7DCrHRteDmgLrpk6a32M3OAA5mpN3m4Ifit
j25bm3gbOJwVB1ZlI44bWgA+Sc2th97nFOoxBTIido3LmkTmc7jIChomJRctYtSq
GWE3BeILV2RJr3sgiH3r6pGzz8gc97RdNcnEbuZYEYo/ADM1Ke2yes3sgmXpQ4vX
04tA9yI7zXtFIIK4JYuJjr5BEtaxN0hkqGvWJLrxErJwqbTaylZrwNh7pNzQVM+v
dEsVf7Np80BdyKf7NUYMs0LtyBWr+fK4Jq/qxYehPSFs
-----END CERTIFICATE-----