Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/DFF-bhqrnmujnLxRL9JYAVW6ikA.roa
File:                     DFF-bhqrnmujnLxRL9JYAVW6ikA.roa (raw, json)
Hash identifier:          21iR99fIbGqw3Or3piqGj+bIYtOK9kefBJ5EiWs9J8M=
Subject key identifier:   0C:51:7E:6E:1A:AB:9E:6B:A3:9C:BC:51:2F:D2:58:01:55:BA:8A:40
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       019845BD38066DF0882211D4B1C92908C3F9
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/DFF-bhqrnmujnLxRL9JYAVW6ikA.roa
Signing time:             Sat 26 Jul 2025 07:58:05 +0000
ROA not before:           Sat 26 Jul 2025 07:58:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        46.38.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 11:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:45:bd:38:06:6d:f0:88:22:11:d4:b1:c9:29:08:c3:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jul 26 07:58:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0c517e6e1aab9e6ba39cbc512fd2580155ba8a40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d6:e3:25:f3:7c:f9:76:3e:6a:0b:00:66:88:
                    cd:89:9c:45:70:9e:6e:67:d9:93:1d:0e:1d:41:ae:
                    1c:34:19:e8:3b:0c:c3:00:ce:ad:9e:53:e4:f5:f9:
                    57:83:87:9d:04:69:94:e0:8c:07:a2:24:3a:e9:ab:
                    58:b3:22:d3:14:28:61:15:60:13:4e:8d:a6:5b:f1:
                    12:52:fa:29:95:67:ff:ed:e3:f6:e0:eb:2d:a1:a7:
                    a8:42:3e:50:36:01:ca:3b:db:cf:42:de:c1:23:6f:
                    d9:47:d5:8b:73:c4:ae:46:4f:3f:39:16:95:a0:50:
                    b3:ff:2c:34:12:47:25:63:1d:89:42:4e:2b:1b:5c:
                    81:a9:b2:4c:c5:0a:37:e8:70:29:72:3b:47:1d:9c:
                    28:81:e4:54:20:81:ba:21:d2:67:44:84:73:1c:fa:
                    42:6f:76:b7:73:42:0e:2e:20:54:96:27:7e:02:c8:
                    af:56:42:9e:a0:2f:bd:66:01:56:04:12:5f:7a:4c:
                    a1:b5:90:d8:7e:dd:a1:d8:62:89:44:9d:c2:fb:e6:
                    28:f2:4d:74:b3:c6:49:59:e0:74:0e:b9:20:05:44:
                    bc:28:6f:fc:25:0c:aa:0d:f6:47:b9:fd:41:21:60:
                    30:68:f4:8d:7b:04:07:55:fb:95:16:ea:e0:7d:d8:
                    68:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:51:7E:6E:1A:AB:9E:6B:A3:9C:BC:51:2F:D2:58:01:55:BA:8A:40
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/DFF-bhqrnmujnLxRL9JYAVW6ikA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:01:37:30:e7:2a:1d:0a:6b:2e:cf:26:8e:7f:d9:f9:10:bb:
         2c:46:4e:3c:33:e1:bb:88:37:80:64:f3:63:1d:45:51:e7:39:
         3f:5d:fe:b6:68:30:53:88:dc:a2:11:15:e3:4b:00:e1:1d:be:
         e5:50:1c:78:b5:5c:e8:4e:26:e2:c4:26:60:68:33:a1:b1:65:
         a2:db:af:4a:a9:95:1e:41:ae:3b:f8:3e:41:f8:9c:dd:0a:ce:
         38:2b:3a:ee:54:33:f0:be:59:5a:68:b2:63:ab:7b:03:11:19:
         04:57:78:84:f0:57:d9:66:2c:db:46:f0:00:fa:37:8d:7c:aa:
         9f:f5:00:13:77:2f:50:57:0f:d4:3e:58:27:85:e9:46:21:d9:
         8a:4e:cc:b0:7c:35:4e:37:d4:5d:65:b7:fb:fc:a5:76:12:ae:
         de:29:60:eb:7e:30:7f:33:4b:ad:d2:3a:c2:90:ad:98:2b:97:
         af:3b:65:2e:ed:ca:75:76:23:7b:a6:6d:9b:5c:cf:87:66:94:
         46:b5:6f:15:04:c6:fe:d3:03:aa:59:1e:d6:2c:a9:6c:f1:4b:
         58:55:41:d0:2c:fe:90:6e:22:4c:30:86:b6:19:2b:4b:33:03:
         59:df:03:55:57:23:4e:ab:ba:2a:cc:34:25:a9:e6:62:89:64:
         67:8a:2c:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhFvTgGbfCIIhHUsckpCMP5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjUwNzI2MDc1ODA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzUxN2U2ZTFhYWI5ZTZiYTM5Y2JjNTEyZmQyNTgwMTU1YmE4YTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0tbjJfN8+XY+agsAZojNiZxFcJ5u
Z9mTHQ4dQa4cNBnoOwzDAM6tnlPk9flXg4edBGmU4IwHoiQ66atYsyLTFChhFWAT
To2mW/ESUvoplWf/7eP24OstoaeoQj5QNgHKO9vPQt7BI2/ZR9WLc8SuRk8/ORaV
oFCz/yw0EkclYx2JQk4rG1yBqbJMxQo36HApcjtHHZwogeRUIIG6IdJnRIRzHPpC
b3a3c0IOLiBUlid+AsivVkKeoC+9ZgFWBBJfekyhtZDYft2h2GKJRJ3C++Yo8k10
s8ZJWeB0DrkgBUS8KG/8JQyqDfZHuf1BIWAwaPSNewQHVfuVFurgfdhobwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAxRfm4aq55ro5y8US/SWAFVuopAMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvREZGLWJocXJubXVqbkx4Ukw5SllBVlc2aWtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiadMA0G
CSqGSIb3DQEBCwUAA4IBAQBDATcw5yodCmsuzyaOf9n5ELssRk48M+G7iDeAZPNj
HUVR5zk/Xf62aDBTiNyiERXjSwDhHb7lUBx4tVzoTibixCZgaDOhsWWi269KqZUe
Qa47+D5B+JzdCs44KzruVDPwvllaaLJjq3sDERkEV3iE8FfZZizbRvAA+jeNfKqf
9QATdy9QVw/UPlgnhelGIdmKTsywfDVON9RdZbf7/KV2Eq7eKWDrfjB/M0ut0jrC
kK2YK5evO2Uu7cp1diN7pm2bXM+HZpRGtW8VBMb+0wOqWR7WLKls8UtYVUHQLP6Q
biJMMIa2GStLMwNZ3wNVVyNOq7oqzDQlqeZiiWRniix0
-----END CERTIFICATE-----