Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/14638YzuQgnZMZDtTRvbilvoFOM.roa
File:                     14638YzuQgnZMZDtTRvbilvoFOM.roa (raw, json)
Hash identifier:          hecdFCohi9V607FL6bK5xTpWiU+aNv/ApJVyawdJN4Y=
Subject key identifier:   D7:8E:B7:F1:8C:EE:42:09:D9:31:90:ED:4D:1B:DB:8A:5B:E8:14:E3
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       0198611D0A9FEEA1966117016D2206882921
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/14638YzuQgnZMZDtTRvbilvoFOM.roa
Signing time:             Thu 31 Jul 2025 15:32:29 +0000
ROA not before:           Thu 31 Jul 2025 15:32:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     393427
IP address blocks:        46.3.190.0/24 maxlen: 24
                          46.232.69.0/24 maxlen: 24
                          46.232.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 11:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:61:1d:0a:9f:ee:a1:96:61:17:01:6d:22:06:88:29:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jul 31 15:32:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d78eb7f18cee4209d93190ed4d1bdb8a5be814e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:e5:d6:e4:9c:17:9a:ff:05:3a:db:33:c3:b6:
                    b0:c1:ff:42:1c:b0:9e:0b:2a:4b:bb:e7:c6:52:b5:
                    47:ba:cb:5b:6e:34:02:07:34:ae:0f:fd:84:0e:8c:
                    85:0c:f0:55:05:ec:af:6a:25:61:bf:c9:a4:07:bd:
                    8f:b5:ed:0c:a4:52:55:0a:de:4a:0d:05:39:a5:bc:
                    e1:0b:15:a5:b0:f1:c0:27:6b:19:c6:76:e0:c2:db:
                    fb:af:72:23:7a:08:f7:08:17:7c:c0:a7:42:7f:c7:
                    de:5c:a0:a0:88:d8:45:e2:db:00:69:7b:42:42:0a:
                    6d:9f:ac:55:a5:81:81:77:b7:1c:61:ef:64:86:49:
                    91:28:4a:fc:a2:4e:36:e1:ea:dd:9b:0e:17:df:e1:
                    12:44:00:fa:6f:56:a6:40:a7:4d:e6:78:80:a9:b1:
                    fa:c3:e3:41:79:4e:15:83:3b:f5:16:c8:9a:c6:e3:
                    7d:6c:a3:e7:cf:cf:16:05:01:ea:68:5d:31:04:79:
                    d9:47:da:5d:7b:82:55:95:ec:00:7f:a1:ca:29:52:
                    71:7b:0f:2a:27:dd:0e:ed:cf:70:c6:d8:05:16:2d:
                    d2:59:80:6b:6b:58:3f:0f:8d:51:31:7a:f0:ba:1b:
                    58:2b:6a:78:14:d9:c1:bb:d1:da:3a:98:9d:a3:d5:
                    ed:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:8E:B7:F1:8C:EE:42:09:D9:31:90:ED:4D:1B:DB:8A:5B:E8:14:E3
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/14638YzuQgnZMZDtTRvbilvoFOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.190.0/24
                  46.232.69.0/24
                  46.232.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:52:02:0e:7f:e3:c9:af:14:16:02:69:cb:ad:c4:4b:81:07:
         8c:02:c1:56:42:89:a3:c9:c4:89:9a:33:c5:e0:ea:af:54:de:
         e8:22:87:c4:08:20:90:fe:9c:e6:fa:9b:19:6f:35:3b:4e:44:
         19:7a:20:c1:5b:a8:e4:11:08:8d:62:e3:04:00:cb:76:b1:32:
         7a:16:de:ad:3d:c9:02:3f:1b:04:ae:09:ea:35:8d:83:f1:e9:
         7c:78:de:96:c3:b4:30:f0:9f:00:75:2f:a2:0a:ba:e0:09:31:
         75:03:1f:7b:b5:c2:c2:95:99:1c:59:a0:5b:dc:4e:15:aa:9c:
         cd:f7:74:a2:74:e1:77:c6:16:82:b6:50:19:5a:fb:4c:c4:3b:
         4d:10:18:00:18:aa:f3:d8:3e:2d:06:32:df:80:71:53:08:67:
         17:4c:2f:ff:96:eb:cd:b5:33:30:ad:51:3e:b9:87:c0:81:58:
         e1:ab:62:73:a6:5f:1d:7a:f7:6a:3e:94:75:57:ed:e9:41:e3:
         be:50:60:46:93:6e:f3:99:32:16:dc:f0:ee:bd:2e:27:42:b4:
         49:19:8d:d8:79:85:a6:5d:d9:14:d0:f5:7f:df:bf:c4:56:2f:
         4b:92:e1:76:76:ff:63:ec:8b:f1:4d:91:70:7d:b4:6d:21:e3:
         ab:2e:b2:6e
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZhhHQqf7qGWYRcBbSIGiCkhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjUwNzMxMTUzMjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzhlYjdmMThjZWU0MjA5ZDkzMTkwZWQ0ZDFiZGI4YTViZTgxNGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs+XW5JwXmv8FOtszw7awwf9CHLCe
CypLu+fGUrVHustbbjQCBzSuD/2EDoyFDPBVBeyvaiVhv8mkB72Pte0MpFJVCt5K
DQU5pbzhCxWlsPHAJ2sZxnbgwtv7r3Ijegj3CBd8wKdCf8feXKCgiNhF4tsAaXtC
Qgptn6xVpYGBd7ccYe9khkmRKEr8ok424erdmw4X3+ESRAD6b1amQKdN5niAqbH6
w+NBeU4Vgzv1FsiaxuN9bKPnz88WBQHqaF0xBHnZR9pde4JVlewAf6HKKVJxew8q
J90O7c9wxtgFFi3SWYBra1g/D41RMXrwuhtYK2p4FNnBu9HaOpido9XtDQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNeOt/GM7kIJ2TGQ7U0b24pb6BTjMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvMTQ2MzhZenVRZ25aTVpEdFRSdmJpbHZvRk9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALgO+AwQA
LuhFAwQALuhHMA0GCSqGSIb3DQEBCwUAA4IBAQBMUgIOf+PJrxQWAmnLrcRLgQeM
AsFWQomjycSJmjPF4OqvVN7oIofECCCQ/pzm+psZbzU7TkQZeiDBW6jkEQiNYuME
AMt2sTJ6Ft6tPckCPxsErgnqNY2D8el8eN6Ww7Qw8J8AdS+iCrrgCTF1Ax97tcLC
lZkcWaBb3E4VqpzN93SidOF3xhaCtlAZWvtMxDtNEBgAGKrz2D4tBjLfgHFTCGcX
TC//luvNtTMwrVE+uYfAgVjhq2Jzpl8devdqPpR1V+3pQeO+UGBGk27zmTIW3PDu
vS4nQrRJGY3YeYWmXdkU0PV/37/EVi9LkuF2dv9j7IvxTZFwfbRtIeOrLrJu
-----END CERTIFICATE-----