Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/DNKZJXST2kGoKjhKfNecPwD9F3A.roa
File:                     DNKZJXST2kGoKjhKfNecPwD9F3A.roa (raw, json)
Hash identifier:          hRAyyWzBrmRGz8fLB2bN07ZS6ISPKILq/slATox9sto=
Subject key identifier:   0C:D2:99:25:74:93:DA:41:A8:2A:38:4A:7C:D7:9C:3F:00:FD:17:70
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       01988410A398C4619F530284882A11D463B9
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/DNKZJXST2kGoKjhKfNecPwD9F3A.roa
Signing time:             Thu 07 Aug 2025 10:25:39 +0000
ROA not before:           Thu 07 Aug 2025 10:25:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47959
IP address blocks:        46.23.110.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 01:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:84:10:a3:98:c4:61:9f:53:02:84:88:2a:11:d4:63:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Aug  7 10:25:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0cd299257493da41a82a384a7cd79c3f00fd1770
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:11:38:06:fc:f6:62:c3:48:4e:60:69:37:ae:
                    3c:3e:6a:4f:b1:09:b2:7c:fd:f2:d9:bb:48:73:74:
                    8c:fc:53:75:11:07:c6:dc:46:21:3e:7a:3d:4c:64:
                    88:29:36:1e:ae:81:e8:38:77:a0:ae:58:5c:32:30:
                    fa:b5:bc:32:8a:2a:fc:09:b9:95:51:1c:3e:7c:56:
                    68:b0:86:9b:a4:42:92:3e:ef:2f:11:23:81:ff:6a:
                    6e:cb:34:75:a6:7c:62:5f:bf:54:3d:12:43:a2:69:
                    08:a0:c1:2b:0e:2f:8a:78:0b:02:92:7e:6b:ff:7c:
                    2d:bd:42:63:27:71:1f:13:e6:a0:1d:5e:0f:1e:9c:
                    8d:67:3e:ef:83:02:e1:74:3d:8f:70:68:19:6f:d2:
                    a3:47:3e:f2:be:09:1a:be:59:c8:43:11:53:99:45:
                    51:f4:70:2f:d2:63:d5:c9:a5:c3:68:62:0b:c2:15:
                    1b:98:31:c3:41:00:ae:17:21:b5:29:6f:74:b3:9d:
                    f0:75:84:b4:f1:09:5f:d1:6b:b3:b0:c3:da:3b:54:
                    6b:aa:09:68:ed:9b:7d:be:cd:f6:dc:be:0d:13:39:
                    d0:8a:6e:5b:64:91:0a:25:75:29:4e:55:4c:27:15:
                    14:23:06:55:4e:db:a3:5a:c7:92:ac:ae:bd:30:6d:
                    d6:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:D2:99:25:74:93:DA:41:A8:2A:38:4A:7C:D7:9C:3F:00:FD:17:70
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/DNKZJXST2kGoKjhKfNecPwD9F3A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.23.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:ca:ac:d4:e0:00:4c:02:20:62:ed:37:2a:e3:5f:27:7e:e0:
         a1:7f:4c:f2:a8:5f:7e:ab:5c:9a:df:a9:ef:6b:4e:04:44:97:
         5a:df:b3:84:f9:45:e6:9b:6c:5e:16:01:62:cb:e0:8a:d2:af:
         d1:19:1b:d1:5d:16:98:d5:7c:2b:31:8e:fe:14:04:24:cd:6a:
         f2:64:73:ca:de:05:b4:5d:19:32:4e:85:56:8f:52:54:bc:9e:
         d5:3a:ef:65:15:8c:b1:34:bb:ea:03:b0:c7:81:39:8e:2f:4c:
         43:fe:a6:ce:5b:60:fe:e7:b4:57:3a:d7:90:0e:ce:60:3a:75:
         b5:6b:f9:27:f6:3d:9f:8e:87:23:7c:32:a2:b0:d2:4d:6c:c5:
         0d:33:69:d5:20:7b:02:0b:d8:82:ad:47:40:48:47:15:47:3b:
         c0:28:3a:3d:61:f8:e5:a8:50:11:75:77:b0:f7:b7:d7:6f:14:
         5c:8f:90:49:91:5e:47:25:92:0b:2d:b2:cf:51:f7:27:c3:86:
         09:b3:15:0f:43:f0:87:24:ac:4d:27:23:5d:bf:7d:69:e1:cb:
         40:d1:aa:21:42:be:3c:17:8c:90:17:7c:af:19:82:d6:3b:fc:
         d3:ea:0b:81:9e:ba:65:f7:57:35:5c:80:7f:73:2f:38:c5:9e:
         b9:5d:0a:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiEEKOYxGGfUwKEiCoR1GO5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjUwODA3MTAyNTM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwY2QyOTkyNTc0OTNkYTQxYTgyYTM4NGE3Y2Q3OWMzZjAwZmQxNzcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2xE4Bvz2YsNITmBpN648PmpPsQmy
fP3y2btIc3SM/FN1EQfG3EYhPno9TGSIKTYeroHoOHegrlhcMjD6tbwyiir8CbmV
URw+fFZosIabpEKSPu8vESOB/2puyzR1pnxiX79UPRJDomkIoMErDi+KeAsCkn5r
/3wtvUJjJ3EfE+agHV4PHpyNZz7vgwLhdD2PcGgZb9KjRz7yvgkavlnIQxFTmUVR
9HAv0mPVyaXDaGILwhUbmDHDQQCuFyG1KW90s53wdYS08Qlf0WuzsMPaO1Rrqglo
7Zt9vs323L4NEznQim5bZJEKJXUpTlVMJxUUIwZVTtujWseSrK69MG3WSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAzSmSV0k9pBqCo4SnzXnD8A/RdwMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvRE5LWkpYU1Qya0dvS2poS2ZOZWNQd0Q5RjNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhduMA0G
CSqGSIb3DQEBCwUAA4IBAQBpyqzU4ABMAiBi7Tcq418nfuChf0zyqF9+q1ya36nv
a04ERJda37OE+UXmm2xeFgFiy+CK0q/RGRvRXRaY1XwrMY7+FAQkzWryZHPK3gW0
XRkyToVWj1JUvJ7VOu9lFYyxNLvqA7DHgTmOL0xD/qbOW2D+57RXOteQDs5gOnW1
a/kn9j2fjocjfDKisNJNbMUNM2nVIHsCC9iCrUdASEcVRzvAKDo9YfjlqFARdXew
97fXbxRcj5BJkV5HJZILLbLPUfcnw4YJsxUPQ/CHJKxNJyNdv31p4ctA0aohQr48
F4yQF3yvGYLWO/zT6guBnrpl91c1XIB/cy84xZ65XQqh
-----END CERTIFICATE-----