Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/37e632-5246-46af-a729-b3af8300add3/1/mNqIiIsivK3RH9-qHlJI1-YYSi8.roa
File:                     mNqIiIsivK3RH9-qHlJI1-YYSi8.roa (raw, json)
Hash identifier:          H9Eh88q+8mpDx8ZuUb0d9LRmXaGpIblFFe9crHh272Y=
Subject key identifier:   98:DA:88:88:8B:22:BC:AD:D1:1F:DF:AA:1E:52:48:D7:E6:18:4A:2F
Certificate issuer:       /CN=f499881880c6f995c29c177bed33a1a6e3d4fb30
Certificate serial:       0198656C63083A3DC0AD9518DD0E55FD5C38
Authority key identifier: F4:99:88:18:80:C6:F9:95:C2:9C:17:7B:ED:33:A1:A6:E3:D4:FB:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9JmIGIDG-ZXCnBd77TOhpuPU-zA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/37e632-5246-46af-a729-b3af8300add3/1/mNqIiIsivK3RH9-qHlJI1-YYSi8.roa
Signing time:             Fri 01 Aug 2025 11:37:38 +0000
ROA not before:           Fri 01 Aug 2025 11:37:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205614
IP address blocks:        46.175.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/37e632-5246-46af-a729-b3af8300add3/1/9JmIGIDG-ZXCnBd77TOhpuPU-zA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/37e632-5246-46af-a729-b3af8300add3/1/9JmIGIDG-ZXCnBd77TOhpuPU-zA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9JmIGIDG-ZXCnBd77TOhpuPU-zA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 11:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:65:6c:63:08:3a:3d:c0:ad:95:18:dd:0e:55:fd:5c:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f499881880c6f995c29c177bed33a1a6e3d4fb30
        Validity
            Not Before: Aug  1 11:37:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=98da88888b22bcadd11fdfaa1e5248d7e6184a2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:32:58:3a:25:78:d1:e9:e6:c4:c8:a7:ab:bc:
                    22:11:57:d7:d1:df:e1:7c:14:67:2c:42:8e:13:eb:
                    80:c3:97:10:61:67:8f:d3:4b:cb:f9:83:45:27:1a:
                    7e:17:1c:54:ad:d6:62:b2:9d:3a:6f:25:14:8b:00:
                    72:90:42:1d:d2:dd:9c:18:02:42:06:db:b1:31:58:
                    56:bf:b7:cb:76:b8:7f:ec:b0:14:23:b8:6e:ad:3f:
                    b0:9b:43:c0:b2:09:50:03:45:3c:31:b2:5b:10:67:
                    c8:2e:e7:23:0b:31:9f:c9:13:c7:d5:f7:c7:16:bb:
                    e2:1f:21:6a:fe:eb:36:28:79:1a:35:c7:b4:4c:b9:
                    f0:ab:ef:ce:ef:7f:a0:f0:6e:b7:d2:e7:bb:5e:5f:
                    70:38:6a:27:77:0b:77:38:5b:32:64:4d:99:67:b0:
                    e2:57:65:d9:af:2c:53:b3:10:02:91:48:f9:bc:74:
                    4d:1b:16:42:af:e3:ee:12:5c:1b:27:e3:af:d7:6a:
                    b7:e5:ad:af:5e:25:a4:97:bd:a0:26:11:d1:2e:84:
                    86:cb:4b:b6:3c:18:62:47:c6:13:9d:a6:0a:2c:89:
                    4e:49:08:eb:48:02:69:91:17:78:b2:9e:0a:8f:26:
                    6b:56:92:fb:7d:a4:24:bc:98:77:5e:e6:e0:c9:5c:
                    fb:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:DA:88:88:8B:22:BC:AD:D1:1F:DF:AA:1E:52:48:D7:E6:18:4A:2F
            X509v3 Authority Key Identifier:
                keyid:F4:99:88:18:80:C6:F9:95:C2:9C:17:7B:ED:33:A1:A6:E3:D4:FB:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9JmIGIDG-ZXCnBd77TOhpuPU-zA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/37e632-5246-46af-a729-b3af8300add3/1/mNqIiIsivK3RH9-qHlJI1-YYSi8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/37e632-5246-46af-a729-b3af8300add3/1/9JmIGIDG-ZXCnBd77TOhpuPU-zA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.175.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:b4:80:b6:70:ba:46:d4:86:c5:b1:19:9d:9c:c9:8d:e9:c8:
         ff:2b:f8:73:df:f9:08:52:69:f4:b5:db:41:07:4f:6a:56:ee:
         7d:38:5d:3f:6b:2b:71:1f:c5:f2:be:07:9a:00:be:58:9b:97:
         88:d7:0a:e9:6b:a4:0c:b8:98:a6:c8:6e:b9:e4:d0:2b:84:51:
         9a:21:9d:10:0b:5a:f7:ba:09:af:0a:7b:f4:0c:f2:44:f8:5a:
         ab:52:8e:39:fb:c0:c1:0e:7d:9a:ff:2e:da:3a:2f:29:2c:55:
         82:2e:af:ec:9d:70:d2:cd:f1:7d:cd:4b:2c:ec:dc:95:7c:ac:
         cc:a2:f2:2d:78:79:de:47:64:57:9c:f0:7f:ee:63:41:2b:7c:
         e9:a0:69:7a:35:d6:ee:fe:1f:61:34:c0:ba:02:b7:76:9e:c1:
         33:8e:45:0a:4b:d6:04:6f:f0:1e:8a:47:03:98:dc:58:c1:2d:
         30:d0:52:07:ea:03:09:5a:3d:3d:80:a4:b8:7a:28:03:9f:1f:
         15:00:d5:04:cf:5a:41:e5:55:3d:05:3f:81:0a:68:be:dc:15:
         24:8a:c4:6d:5c:22:ce:b5:7b:4b:65:16:75:c2:5d:a5:29:01:
         36:d6:df:01:da:79:d6:8d:96:f6:49:11:60:b8:8f:7a:d4:c9:
         31:f5:d0:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhlbGMIOj3ArZUY3Q5V/Vw4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0OTk4ODE4ODBjNmY5OTVjMjljMTc3YmVkMzNhMWE2ZTNk
NGZiMzAwHhcNMjUwODAxMTEzNzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGRhODg4ODhiMjJiY2FkZDExZmRmYWExZTUyNDhkN2U2MTg0YTJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0jJYOiV40enmxMinq7wiEVfX0d/h
fBRnLEKOE+uAw5cQYWeP00vL+YNFJxp+FxxUrdZisp06byUUiwBykEId0t2cGAJC
BtuxMVhWv7fLdrh/7LAUI7hurT+wm0PAsglQA0U8MbJbEGfILucjCzGfyRPH1ffH
FrviHyFq/us2KHkaNce0TLnwq+/O73+g8G630ue7Xl9wOGondwt3OFsyZE2ZZ7Di
V2XZryxTsxACkUj5vHRNGxZCr+PuElwbJ+Ov12q35a2vXiWkl72gJhHRLoSGy0u2
PBhiR8YTnaYKLIlOSQjrSAJpkRd4sp4KjyZrVpL7faQkvJh3XubgyVz7XQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJjaiIiLIryt0R/fqh5SSNfmGEovMB8GA1UdIwQY
MBaAFPSZiBiAxvmVwpwXe+0zoabj1PswMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOUptSUdJREctWlhDbkJkNzdUT2hwdVBVLXpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy8zN2U2MzItNTI0Ni00NmFmLWE3Mjkt
YjNhZjgzMDBhZGQzLzEvbU5xSWlJc2l2SzNSSDktcUhsSkkxLVlZU2k4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy8zN2U2MzItNTI0Ni00NmFmLWE3MjktYjNhZjgzMDBhZGQz
LzEvOUptSUdJREctWlhDbkJkNzdUT2hwdVBVLXpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALq+CMA0G
CSqGSIb3DQEBCwUAA4IBAQCTtIC2cLpG1IbFsRmdnMmN6cj/K/hz3/kIUmn0tdtB
B09qVu59OF0/aytxH8XyvgeaAL5Ym5eI1wrpa6QMuJimyG655NArhFGaIZ0QC1r3
ugmvCnv0DPJE+FqrUo45+8DBDn2a/y7aOi8pLFWCLq/snXDSzfF9zUss7NyVfKzM
ovIteHneR2RXnPB/7mNBK3zpoGl6Ndbu/h9hNMC6Ard2nsEzjkUKS9YEb/AeikcD
mNxYwS0w0FIH6gMJWj09gKS4eigDnx8VANUEz1pB5VU9BT+BCmi+3BUkisRtXCLO
tXtLZRZ1wl2lKQE21t8B2nnWjZb2SRFguI961Mkx9dDx
-----END CERTIFICATE-----