Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/c5674e-db61-4722-b922-535be275e6f5/1/sC-8YGmj0CBSq2FvzDwG7HGg9gc.roa
File:                     sC-8YGmj0CBSq2FvzDwG7HGg9gc.roa (raw, json)
Hash identifier:          5UyLBATOmTY+U2MSulJDzw/FA2TIy0HRDqJHG4VBs7w=
Subject key identifier:   B0:2F:BC:60:69:A3:D0:20:52:AB:61:6F:CC:3C:06:EC:71:A0:F6:07
Certificate issuer:       /CN=4da92dc9cbc1c81c73a69f315a531b47f44e3c54
Certificate serial:       019759845544B2CD0EA765BB512707D1A636
Authority key identifier: 4D:A9:2D:C9:CB:C1:C8:1C:73:A6:9F:31:5A:53:1B:47:F4:4E:3C:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TaktycvByBxzpp8xWlMbR_ROPFQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/c5674e-db61-4722-b922-535be275e6f5/1/sC-8YGmj0CBSq2FvzDwG7HGg9gc.roa
Signing time:             Tue 10 Jun 2025 11:05:34 +0000
ROA not before:           Tue 10 Jun 2025 11:05:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207707
IP address blocks:        46.31.72.0/24 maxlen: 24
                          46.31.73.0/24 maxlen: 24
                          46.31.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/c5674e-db61-4722-b922-535be275e6f5/1/TaktycvByBxzpp8xWlMbR_ROPFQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/c5674e-db61-4722-b922-535be275e6f5/1/TaktycvByBxzpp8xWlMbR_ROPFQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TaktycvByBxzpp8xWlMbR_ROPFQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 17 Jun 2025 20:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:59:84:55:44:b2:cd:0e:a7:65:bb:51:27:07:d1:a6:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4da92dc9cbc1c81c73a69f315a531b47f44e3c54
        Validity
            Not Before: Jun 10 11:05:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b02fbc6069a3d02052ab616fcc3c06ec71a0f607
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:b2:f4:7c:5e:32:92:0e:a3:bb:67:c7:8b:d9:
                    78:93:f8:a2:61:0f:1f:80:36:08:6b:8f:11:b2:39:
                    f1:0b:63:4e:de:35:a3:8e:b3:d3:b7:13:d8:f3:9a:
                    ba:d7:bb:c8:a5:7d:23:5b:5a:e8:1a:5d:fc:34:b4:
                    70:6a:16:d8:57:b9:1d:09:5c:b1:4e:2c:8f:aa:9c:
                    42:02:e4:92:1b:4d:9b:30:f3:d3:40:41:16:c2:59:
                    82:07:ff:d4:01:f1:3b:11:14:dd:32:a1:a1:e8:09:
                    29:f4:40:de:f8:4e:d4:99:d8:04:be:2a:d6:48:b9:
                    8f:1c:3a:ae:d3:2a:58:a9:60:88:50:d9:bd:79:fa:
                    1a:3b:32:ee:98:c6:6c:fc:b7:82:80:5d:c6:54:7a:
                    e5:23:87:03:65:f9:02:de:66:75:e5:bd:4e:cc:e0:
                    1c:f5:b5:96:6e:6d:34:ea:5c:2e:aa:28:a1:ff:cb:
                    9c:26:dc:c2:b7:eb:99:1f:e7:41:40:26:f7:99:f4:
                    41:f8:8a:f5:73:66:e2:d8:84:f7:4e:97:12:13:94:
                    81:13:8e:66:16:61:87:3b:b6:5a:24:7d:b2:83:57:
                    73:87:38:6d:43:5b:f7:ee:4f:49:18:b6:d5:60:5e:
                    03:ce:b5:a9:bb:4d:5a:01:d4:58:f3:72:f0:0c:5e:
                    4a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:2F:BC:60:69:A3:D0:20:52:AB:61:6F:CC:3C:06:EC:71:A0:F6:07
            X509v3 Authority Key Identifier:
                keyid:4D:A9:2D:C9:CB:C1:C8:1C:73:A6:9F:31:5A:53:1B:47:F4:4E:3C:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TaktycvByBxzpp8xWlMbR_ROPFQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/c5674e-db61-4722-b922-535be275e6f5/1/sC-8YGmj0CBSq2FvzDwG7HGg9gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/c5674e-db61-4722-b922-535be275e6f5/1/TaktycvByBxzpp8xWlMbR_ROPFQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.72.0-46.31.74.255

    Signature Algorithm: sha256WithRSAEncryption
         91:fe:44:8f:12:48:bb:75:76:d0:d6:6c:30:75:6a:43:d7:d5:
         6d:fc:64:79:91:a3:f3:32:e6:27:8c:83:0e:47:e9:71:6c:26:
         a8:d5:f6:05:07:c3:59:29:e2:db:6a:e9:d1:c5:09:95:49:bb:
         d1:c2:42:d1:3a:cd:e3:cb:c6:58:08:e3:af:71:c3:e4:1a:5f:
         12:71:11:e4:1e:7b:1d:10:61:f4:1b:4c:6a:3f:9b:86:11:d5:
         95:9f:80:17:6e:3e:f3:3b:1e:ae:39:7c:bf:f9:86:30:3b:b5:
         1b:5c:01:20:3e:1b:71:b8:11:5e:4b:3e:a0:5a:3a:84:29:2d:
         c0:7e:3b:28:97:57:10:43:49:a0:01:2c:5e:fc:6e:47:66:2d:
         d2:33:8e:68:8f:68:ef:66:3a:0f:d9:dc:13:a9:08:99:aa:62:
         fd:d5:a6:de:86:f2:6a:97:bd:81:30:bc:46:1b:79:58:ef:da:
         ba:91:d4:32:5f:5b:86:aa:5d:a0:fb:48:dc:95:8a:a2:51:1b:
         0b:55:f3:04:79:4f:44:15:5d:57:1f:a6:f8:c1:c8:2a:5e:6b:
         99:67:61:6b:f7:89:11:95:8e:2d:db:32:b3:e5:a1:f1:18:04:
         ce:6a:44:40:4e:e8:4a:d9:19:d4:42:1b:24:84:8e:ea:09:75:
         52:81:e1:49
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZdZhFVEss0Op2W7UScH0aY2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkYTkyZGM5Y2JjMWM4MWM3M2E2OWYzMTVhNTMxYjQ3ZjQ0
ZTNjNTQwHhcNMjUwNjEwMTEwNTM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDJmYmM2MDY5YTNkMDIwNTJhYjYxNmZjYzNjMDZlYzcxYTBmNjA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnbL0fF4ykg6ju2fHi9l4k/iiYQ8f
gDYIa48RsjnxC2NO3jWjjrPTtxPY85q617vIpX0jW1roGl38NLRwahbYV7kdCVyx
TiyPqpxCAuSSG02bMPPTQEEWwlmCB//UAfE7ERTdMqGh6Akp9EDe+E7UmdgEvirW
SLmPHDqu0ypYqWCIUNm9efoaOzLumMZs/LeCgF3GVHrlI4cDZfkC3mZ15b1OzOAc
9bWWbm006lwuqiih/8ucJtzCt+uZH+dBQCb3mfRB+Ir1c2bi2IT3TpcSE5SBE45m
FmGHO7ZaJH2yg1dzhzhtQ1v37k9JGLbVYF4DzrWpu01aAdRY83LwDF5K1wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFLAvvGBpo9AgUqthb8w8BuxxoPYHMB8GA1UdIwQY
MBaAFE2pLcnLwcgcc6afMVpTG0f0TjxUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGFrdHljdkJ5Qnh6cHA4eFdsTWJSX1JPUEZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9jNTY3NGUtZGI2MS00NzIyLWI5MjIt
NTM1YmUyNzVlNmY1LzEvc0MtOFlHbWowQ0JTcTJGdnpEd0c3SEdnOWdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9jNTY3NGUtZGI2MS00NzIyLWI5MjItNTM1YmUyNzVlNmY1
LzEvVGFrdHljdkJ5Qnh6cHA4eFdsTWJSX1JPUEZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAMuH0gD
BAAuH0owDQYJKoZIhvcNAQELBQADggEBAJH+RI8SSLt1dtDWbDB1akPX1W38ZHmR
o/My5ieMgw5H6XFsJqjV9gUHw1kp4ttq6dHFCZVJu9HCQtE6zePLxlgI469xw+Qa
XxJxEeQeex0QYfQbTGo/m4YR1ZWfgBduPvM7Hq45fL/5hjA7tRtcASA+G3G4EV5L
PqBaOoQpLcB+OyiXVxBDSaABLF78bkdmLdIzjmiPaO9mOg/Z3BOpCJmqYv3Vpt6G
8mqXvYEwvEYbeVjv2rqR1DJfW4aqXaD7SNyViqJRGwtV8wR5T0QVXVcfpvjByCpe
a5lnYWv3iRGVji3bMrPlofEYBM5qREBO6ErZGdRCGySEjuoJdVKB4Uk=
-----END CERTIFICATE-----