Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/h8RVLRIjE4nUfJG7xmDMoxSWYdw.roa
File:                     h8RVLRIjE4nUfJG7xmDMoxSWYdw.roa (raw, json)
Hash identifier:          uOV3Dck8wLOYY+g9AGWYofIBGQ03hiRB3+yD9l5hJLQ=
Subject key identifier:   87:C4:55:2D:12:23:13:89:D4:7C:91:BB:C6:60:CC:A3:14:96:61:DC
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       01974F72DFBE721A5F4BE6530F3BF82D87C2
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/h8RVLRIjE4nUfJG7xmDMoxSWYdw.roa
Signing time:             Sun 08 Jun 2025 12:10:17 +0000
ROA not before:           Sun 08 Jun 2025 12:10:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56630
IP address blocks:        46.243.0.0/24 maxlen: 24
                          185.37.192.0/24 maxlen: 24
                          185.37.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Jun 2025 02:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4f:72:df:be:72:1a:5f:4b:e6:53:0f:3b:f8:2d:87:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Jun  8 12:10:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=87c4552d12231389d47c91bbc660cca3149661dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:85:17:db:ba:ab:f2:0e:bc:f1:c8:24:62:f7:
                    f5:2c:77:57:72:51:6a:75:5b:7d:d7:0e:da:de:61:
                    90:70:69:56:7d:d1:76:e0:75:53:4a:4d:ce:0e:7e:
                    27:f4:5c:17:b3:b6:42:36:ba:b9:69:3b:34:ce:3a:
                    03:f0:a6:bf:78:69:6b:82:d4:95:00:32:53:1c:b5:
                    29:29:10:1d:db:d9:96:39:82:77:0f:89:1f:2c:49:
                    74:aa:d6:4a:96:65:d0:aa:45:52:67:99:d8:53:0c:
                    34:ae:5a:36:8c:b4:b4:4a:77:cd:9e:68:40:6b:bd:
                    49:79:ee:37:56:02:62:64:05:6c:64:07:7e:9d:e2:
                    ae:b8:24:5e:49:84:cb:d3:09:65:82:fb:b0:27:4a:
                    54:5d:d9:8a:f8:9d:4a:54:86:93:ee:25:07:60:48:
                    f0:23:8e:aa:f0:c6:09:43:c8:46:f0:5d:86:ac:6c:
                    79:d8:b5:60:c3:05:ab:d3:84:88:39:74:22:50:de:
                    2d:51:ca:34:80:75:3d:89:59:0f:5d:62:ea:1c:71:
                    98:a2:8a:3b:d1:c3:3e:ee:81:22:eb:fa:1d:b1:2b:
                    e8:e4:3f:2c:de:f2:95:23:57:f2:53:76:fb:b4:a4:
                    0d:da:a0:4a:9f:62:74:2b:6e:47:47:a2:4d:e7:a8:
                    7a:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:C4:55:2D:12:23:13:89:D4:7C:91:BB:C6:60:CC:A3:14:96:61:DC
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/h8RVLRIjE4nUfJG7xmDMoxSWYdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.0.0/24
                  185.37.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         62:85:62:d6:fa:5b:80:ba:6b:6d:7e:f5:08:cd:85:99:5b:9f:
         49:69:9d:e9:6a:7c:07:a7:32:2c:6d:0b:53:59:85:51:c1:b1:
         46:23:1e:2f:00:be:6e:c5:bf:ca:1c:c1:fe:a2:64:3a:06:48:
         77:ef:ea:ef:7e:9e:0d:e5:75:ce:cd:45:3e:80:d9:f3:53:2f:
         d2:60:51:0a:29:69:da:32:b1:fe:e5:fe:e5:3c:39:02:d4:28:
         f0:d2:b5:31:3d:8a:e2:f1:48:97:60:d3:f2:95:42:28:96:07:
         36:67:c8:de:c9:7e:88:b9:4d:99:56:4a:b8:d0:b2:13:00:40:
         d4:fc:75:88:98:74:ff:c2:63:fe:64:68:d4:5d:bb:a1:13:45:
         9d:d4:fa:0d:df:2b:cb:85:a0:1b:28:1a:61:ff:44:37:fc:b6:
         36:71:5e:b7:fb:27:b1:dc:ae:7c:22:13:15:3b:53:97:31:ef:
         7d:8d:fe:72:be:cb:ee:ff:79:30:57:7a:76:59:cd:cf:f5:d4:
         1e:a9:cd:0a:98:72:58:27:bb:cc:f9:ad:b5:81:da:b1:23:cf:
         8d:9d:95:7d:64:fe:e0:17:37:22:03:1b:df:c2:4d:3d:bf:d6:
         34:b1:5e:e7:d1:2e:42:89:b6:50:0a:89:60:b2:32:c8:bc:00:
         03:71:b7:65
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdPct++chpfS+ZTDzv4LYfCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjUwNjA4MTIxMDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4N2M0NTUyZDEyMjMxMzg5ZDQ3YzkxYmJjNjYwY2NhMzE0OTY2MWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIUX27qr8g688cgkYvf1LHdXclFq
dVt91w7a3mGQcGlWfdF24HVTSk3ODn4n9FwXs7ZCNrq5aTs0zjoD8Ka/eGlrgtSV
ADJTHLUpKRAd29mWOYJ3D4kfLEl0qtZKlmXQqkVSZ5nYUww0rlo2jLS0SnfNnmhA
a71Jee43VgJiZAVsZAd+neKuuCReSYTL0wllgvuwJ0pUXdmK+J1KVIaT7iUHYEjw
I46q8MYJQ8hG8F2GrGx52LVgwwWr04SIOXQiUN4tUco0gHU9iVkPXWLqHHGYooo7
0cM+7oEi6/odsSvo5D8s3vKVI1fyU3b7tKQN2qBKn2J0K25HR6JN56h6jwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIfEVS0SIxOJ1HyRu8ZgzKMUlmHcMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvaDhSVkxSSWpFNG5VZkpHN3htRE1veFNXWWR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALvMAAwQB
uSXAMA0GCSqGSIb3DQEBCwUAA4IBAQBihWLW+luAumttfvUIzYWZW59JaZ3panwH
pzIsbQtTWYVRwbFGIx4vAL5uxb/KHMH+omQ6Bkh37+rvfp4N5XXOzUU+gNnzUy/S
YFEKKWnaMrH+5f7lPDkC1Cjw0rUxPYri8UiXYNPylUIolgc2Z8jeyX6IuU2ZVkq4
0LITAEDU/HWImHT/wmP+ZGjUXbuhE0Wd1PoN3yvLhaAbKBph/0Q3/LY2cV63+yex
3K58IhMVO1OXMe99jf5yvsvu/3kwV3p2Wc3P9dQeqc0KmHJYJ7vM+a21gdqxI8+N
nZV9ZP7gFzciAxvfwk09v9Y0sV7n0S5CibZQColgsjLIvAADcbdl
-----END CERTIFICATE-----