Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/zeFyMrrZ4gqCb9SaAAfHXUYB4cw.roa
File:                     zeFyMrrZ4gqCb9SaAAfHXUYB4cw.roa (raw, json)
Hash identifier:          uLFEA9d2fIoP4zFZoYD8wr2D+YAwHiqtYct+37pmpAc=
Subject key identifier:   CD:E1:72:32:BA:D9:E2:0A:82:6F:D4:9A:00:07:C7:5D:46:01:E1:CC
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       0198744DC1BAEC32EE54B77F0B7AB3BDB387
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/zeFyMrrZ4gqCb9SaAAfHXUYB4cw.roa
Signing time:             Mon 04 Aug 2025 08:58:29 +0000
ROA not before:           Mon 04 Aug 2025 08:58:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142019
IP address blocks:        46.249.105.0/24 maxlen: 24
                          46.249.106.0/24 maxlen: 24
                          46.249.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 12 Aug 2025 02:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:74:4d:c1:ba:ec:32:ee:54:b7:7f:0b:7a:b3:bd:b3:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Aug  4 08:58:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cde17232bad9e20a826fd49a0007c75d4601e1cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:dc:8f:69:e4:c6:b1:b2:39:35:09:28:9d:60:
                    08:a9:41:b2:2c:1f:da:b7:d4:8a:de:de:8f:4b:6f:
                    36:aa:ff:80:5b:9c:ce:9e:37:16:dd:44:c9:dc:19:
                    1c:06:a2:ac:bb:4e:22:c5:d6:a0:96:81:13:e2:3c:
                    c0:50:43:4b:a5:4b:1b:8f:a6:b0:4a:a4:0d:9f:50:
                    b7:dc:75:a2:56:11:60:ae:ac:26:17:94:21:e1:39:
                    12:3f:17:4f:cf:5f:d7:c3:da:03:ea:54:09:50:02:
                    1a:05:aa:2e:68:41:09:8d:0b:f9:7a:58:b8:8b:9d:
                    0a:82:8b:31:60:19:cb:bb:47:ea:52:2a:47:5c:ca:
                    34:1e:69:a1:26:2d:42:f9:ae:a2:07:0e:c1:d6:b6:
                    38:3c:c0:27:5c:8e:e8:b0:4f:3d:05:29:7e:07:56:
                    49:1c:4d:8c:36:68:44:10:50:49:e0:19:8a:40:c9:
                    27:d3:47:87:cb:ff:2d:fa:67:52:97:a9:e2:d1:a7:
                    e2:47:93:78:87:d6:6f:4e:e5:52:07:bc:c0:8c:ce:
                    ea:3e:8a:b2:de:2c:66:52:84:e0:c6:f5:aa:44:76:
                    62:55:f9:d5:87:67:e4:54:61:a7:d3:2a:23:54:0a:
                    ac:96:06:a6:00:2c:16:f6:57:71:a9:8e:8e:e4:4f:
                    9a:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:E1:72:32:BA:D9:E2:0A:82:6F:D4:9A:00:07:C7:5D:46:01:E1:CC
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/zeFyMrrZ4gqCb9SaAAfHXUYB4cw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.249.105.0-46.249.107.255

    Signature Algorithm: sha256WithRSAEncryption
         79:f3:65:ae:57:8a:28:2c:1a:95:e9:46:a4:37:6b:63:58:bb:
         7a:ae:b9:36:9f:34:92:93:86:7c:6a:1a:96:d6:3c:ba:df:ad:
         48:e8:09:e4:dd:7d:52:92:33:15:46:0b:38:6f:01:7e:e7:b4:
         db:14:32:5b:fb:9b:2b:61:e9:26:f8:b5:6f:97:7d:95:79:8c:
         47:52:a3:13:b2:a5:b2:d3:08:ec:b3:76:20:cc:cf:dd:5a:d9:
         74:90:bc:c1:b3:88:36:0a:3a:0f:6f:1a:0b:e6:2f:15:da:d6:
         2f:0b:26:0b:5b:a7:cf:9a:48:54:66:58:d0:90:66:d7:68:d5:
         91:fb:f1:cf:46:c8:ad:2d:48:0c:80:8d:46:8c:fd:58:af:73:
         bc:22:d6:c7:18:67:2d:57:2f:65:b3:11:59:28:3a:62:e0:fe:
         4f:c7:c9:30:cc:30:c7:48:1c:6d:59:72:da:c9:e5:21:bc:53:
         4e:80:a5:7f:bf:f5:aa:64:4d:38:68:d9:c1:36:00:eb:89:cb:
         fd:fa:c0:f6:f4:30:8d:11:b5:10:fe:02:23:f6:3d:bb:61:38:
         14:07:22:b2:1e:59:a2:7a:4e:f3:e6:b7:b1:98:6a:87:9d:f2:
         36:bd:99:f4:58:81:61:78:b8:db:ee:4e:bd:55:3f:15:b9:1f:
         a9:af:c4:d2
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZh0TcG67DLuVLd/C3qzvbOHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwODA0MDg1ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGUxNzIzMmJhZDllMjBhODI2ZmQ0OWEwMDA3Yzc1ZDQ2MDFlMWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArNyPaeTGsbI5NQkonWAIqUGyLB/a
t9SK3t6PS282qv+AW5zOnjcW3UTJ3BkcBqKsu04ixdagloET4jzAUENLpUsbj6aw
SqQNn1C33HWiVhFgrqwmF5Qh4TkSPxdPz1/Xw9oD6lQJUAIaBaouaEEJjQv5eli4
i50KgosxYBnLu0fqUipHXMo0HmmhJi1C+a6iBw7B1rY4PMAnXI7osE89BSl+B1ZJ
HE2MNmhEEFBJ4BmKQMkn00eHy/8t+mdSl6ni0afiR5N4h9ZvTuVSB7zAjM7qPoqy
3ixmUoTgxvWqRHZiVfnVh2fkVGGn0yojVAqslgamACwW9ldxqY6O5E+afwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFM3hcjK62eIKgm/UmgAHx11GAeHMMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvemVGeU1yclo0Z3FDYjlTYUFBZkhYVVlCNGN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAu+WkD
BAIu+WgwDQYJKoZIhvcNAQELBQADggEBAHnzZa5XiigsGpXpRqQ3a2NYu3quuTaf
NJKThnxqGpbWPLrfrUjoCeTdfVKSMxVGCzhvAX7ntNsUMlv7myth6Sb4tW+XfZV5
jEdSoxOypbLTCOyzdiDMz91a2XSQvMGziDYKOg9vGgvmLxXa1i8LJgtbp8+aSFRm
WNCQZtdo1ZH78c9GyK0tSAyAjUaM/Vivc7wi1scYZy1XL2WzEVkoOmLg/k/HyTDM
MMdIHG1ZctrJ5SG8U06ApX+/9apkTTho2cE2AOuJy/36wPb0MI0RtRD+AiP2Pbth
OBQHIrIeWaJ6TvPmt7GYaoed8ja9mfRYgWF4uNvuTr1VPxW5H6mvxNI=
-----END CERTIFICATE-----