Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/1-RFBv-CYCqR6vVWJYocoTJI3oN0.roa
File:                     1-RFBv-CYCqR6vVWJYocoTJI3oN0.roa (raw, json)
Hash identifier:          FiqDnQpUYoTUk6/APcR62AzKuDRfHD6WJgRNH5hb8Nk=
Subject key identifier:   F9:11:41:BF:E0:98:0A:A4:7A:BD:55:89:62:87:28:4C:92:37:A0:DD
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       019A25961219C2BC002DA0CA48F23BA43D4E
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/1-RFBv-CYCqR6vVWJYocoTJI3oN0.roa
Signing time:             Mon 27 Oct 2025 12:13:03 +0000
ROA not before:           Mon 27 Oct 2025 12:13:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51765
IP address blocks:        46.20.110.0/24 maxlen: 24
                          185.160.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Nov 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:25:96:12:19:c2:bc:00:2d:a0:ca:48:f2:3b:a4:3d:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Oct 27 12:13:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f91141bfe0980aa47abd55896287284c9237a0dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:67:c8:1c:86:22:51:65:a1:dc:4c:39:6a:fb:
                    80:75:26:df:52:bc:9e:a7:a9:46:c3:a4:48:46:35:
                    fe:98:cd:da:d9:2d:bc:4a:8a:73:9b:a0:18:cf:8b:
                    f9:d8:5b:d6:a2:02:12:99:f8:ce:3d:b6:e3:24:da:
                    c3:ed:9a:a6:3f:66:5a:ef:61:2d:5f:97:77:14:2c:
                    b9:4e:34:8d:45:fb:54:cc:29:4e:fd:e5:58:24:ff:
                    b2:e3:f1:30:d3:55:11:42:7d:af:12:95:fb:f8:b9:
                    91:f8:b5:13:92:54:ba:35:c3:2b:95:ef:18:0d:99:
                    46:b6:be:91:47:77:f7:24:8e:77:76:61:18:21:0d:
                    65:af:67:d2:e2:72:42:47:cf:59:e1:ef:09:da:25:
                    c0:1c:ab:47:b5:8a:31:51:79:75:87:8b:9d:61:03:
                    20:8d:28:a2:30:1e:57:19:23:17:58:e3:6f:d3:51:
                    d1:1a:c0:87:b9:98:4a:d5:cb:f5:ac:35:bc:0c:ce:
                    6d:c4:64:c8:4a:cf:2b:25:66:7c:06:8a:77:7a:91:
                    81:86:19:fa:e5:67:32:cf:b0:ff:e0:4e:47:21:e6:
                    3e:c5:71:b1:e3:ca:82:e6:1c:96:9b:38:88:16:bf:
                    07:38:7a:d8:9f:5e:3f:0c:48:12:a8:b9:9b:80:19:
                    25:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:11:41:BF:E0:98:0A:A4:7A:BD:55:89:62:87:28:4C:92:37:A0:DD
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/1-RFBv-CYCqR6vVWJYocoTJI3oN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.110.0/24
                  185.160.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:e3:e9:c3:9b:e3:a7:24:a4:92:43:79:11:f7:2a:29:76:f5:
         7a:6c:b8:9a:c9:7c:27:9f:6b:63:cc:b7:07:61:80:ed:41:12:
         8c:fb:3f:3c:ce:51:1e:6a:6d:a9:28:2f:df:f0:4d:58:1a:f3:
         fb:9f:e5:0c:f2:57:28:47:78:d2:c7:96:e6:08:bc:d8:20:b4:
         2f:ac:b5:67:1f:ba:ac:d9:5b:ab:06:59:3d:8b:b7:b8:60:b4:
         f0:06:a2:ee:dd:91:97:e0:d7:58:b9:f4:cd:05:38:1a:02:d9:
         22:89:8a:c1:09:3b:28:2f:29:36:02:49:81:2d:ae:53:d8:59:
         cd:22:ee:15:51:4b:cd:0b:f8:3b:f7:80:46:b4:03:2b:ea:dc:
         03:a8:41:56:1b:0e:b4:e7:cf:f6:75:62:97:05:2b:60:6d:b8:
         e4:bb:96:6d:07:fd:d0:c9:28:1c:40:e7:82:56:6d:65:fb:1a:
         9c:ee:4e:b2:cf:36:2e:13:e0:7f:4d:b5:b1:a6:84:af:31:20:
         07:3a:61:ae:d4:58:26:60:62:28:a7:c2:99:05:97:b5:17:79:
         27:a3:68:91:1a:5f:78:b2:5c:29:04:ef:66:93:4c:32:9e:e3:
         e7:34:7a:ca:b6:7d:cf:85:11:53:6a:c8:b5:07:f7:6b:f7:cb:
         ea:e6:bd:3f
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZollhIZwrwALaDKSPI7pD1OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjUxMDI3MTIxMzAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTExNDFiZmUwOTgwYWE0N2FiZDU1ODk2Mjg3Mjg0YzkyMzdhMGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmfIHIYiUWWh3Ew5avuAdSbfUrye
p6lGw6RIRjX+mM3a2S28Sopzm6AYz4v52FvWogISmfjOPbbjJNrD7ZqmP2Za72Et
X5d3FCy5TjSNRftUzClO/eVYJP+y4/Ew01URQn2vEpX7+LmR+LUTklS6NcMrle8Y
DZlGtr6RR3f3JI53dmEYIQ1lr2fS4nJCR89Z4e8J2iXAHKtHtYoxUXl1h4udYQMg
jSiiMB5XGSMXWONv01HRGsCHuZhK1cv1rDW8DM5txGTISs8rJWZ8Bop3epGBhhn6
5Wcyz7D/4E5HIeY+xXGx48qC5hyWmziIFr8HOHrYn14/DEgSqLmbgBklZwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPkRQb/gmAqker1ViWKHKEySN6DdMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvMS1SRkJ2LUNZQ3FSNnZWV0pZb2NvVEpJM29OMC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNWYvYjc0NGI4LWYzOWQtNDk1Yi1iMjE3LTM1NTA4MDQxNjUy
ZC8xL1owbVZsYVphcXd0VGRvM3ZDQWtlTVFZZW5tVS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAC4UbgME
ALmgwTANBgkqhkiG9w0BAQsFAAOCAQEAUePpw5vjpySkkkN5EfcqKXb1emy4msl8
J59rY8y3B2GA7UESjPs/PM5RHmptqSgv3/BNWBrz+5/lDPJXKEd40seW5gi82CC0
L6y1Zx+6rNlbqwZZPYu3uGC08Aai7t2Rl+DXWLn0zQU4GgLZIomKwQk7KC8pNgJJ
gS2uU9hZzSLuFVFLzQv4O/eARrQDK+rcA6hBVhsOtOfP9nVilwUrYG245LuWbQf9
0MkoHEDnglZtZfsanO5Oss82LhPgf021saaErzEgBzphrtRYJmBiKKfCmQWXtRd5
J6NokRpfeLJcKQTvZpNMMp7j5zR6yrZ9z4URU2rItQf3a/fL6ua9Pw==
-----END CERTIFICATE-----