Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/RsBRFW0brdHssKPUQSOMEanQNL8.roa
File:                     RsBRFW0brdHssKPUQSOMEanQNL8.roa (raw, json)
Hash identifier:          kh/CbUN8p8XDXB2+pjKcCH50DNAToul6qsyjyLvsIbg=
Subject key identifier:   46:C0:51:15:6D:1B:AD:D1:EC:B0:A3:D4:41:23:8C:11:A9:D0:34:BF
Certificate issuer:       /CN=8d298d63970ab03cdfbf514fa0e8ed21310985f1
Certificate serial:       019A5030BF0E5E6053EE1D0C6682B0DF2D15
Authority key identifier: 8D:29:8D:63:97:0A:B0:3C:DF:BF:51:4F:A0:E8:ED:21:31:09:85:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/RsBRFW0brdHssKPUQSOMEanQNL8.roa
Signing time:             Tue 04 Nov 2025 18:46:03 +0000
ROA not before:           Tue 04 Nov 2025 18:46:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5056
IP address blocks:        46.16.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Nov 2025 12:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9a:50:30:bf:0e:5e:60:53:ee:1d:0c:66:82:b0:df:2d:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d298d63970ab03cdfbf514fa0e8ed21310985f1
        Validity
            Not Before: Nov  4 18:46:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=46c051156d1badd1ecb0a3d441238c11a9d034bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:55:1e:4a:24:c8:cb:32:5f:5d:a6:d1:59:da:
                    e5:68:11:86:85:4a:4d:6c:f3:9a:5e:fc:80:5e:a7:
                    3b:73:5c:ac:de:20:80:52:d0:96:ed:d1:da:b8:a3:
                    ab:e2:4e:9b:05:54:f2:6d:f0:2a:e7:44:e3:46:21:
                    96:41:55:f0:81:0e:0b:51:a5:20:3a:a9:0a:16:a3:
                    72:91:3d:bf:c7:5c:c0:f3:fb:27:6f:aa:6b:28:71:
                    86:29:f1:d3:19:49:e2:13:ce:10:a8:78:b1:aa:0f:
                    0d:fb:ae:c9:1a:5a:cc:00:3d:9b:53:ef:63:36:3b:
                    ab:a9:ae:2a:c8:7c:b6:2f:df:07:da:13:a1:71:39:
                    0c:c0:f6:70:2b:23:0e:5b:48:09:44:d0:b3:17:ca:
                    b4:71:c1:9b:cf:cd:55:56:cb:3b:76:e3:dc:66:43:
                    a3:62:84:17:75:88:80:16:34:23:51:c5:52:31:3c:
                    52:d3:c2:d0:cb:95:c4:cf:cb:63:c8:cb:45:9d:f3:
                    72:35:e0:d8:6d:e3:ac:98:54:d9:9f:3d:87:81:12:
                    a0:bd:48:2b:a6:c2:b7:29:e4:50:b5:d1:8d:9a:e6:
                    c3:99:c3:35:a0:ca:30:62:6d:bf:7a:e4:f8:0b:22:
                    d1:bb:cb:36:5f:8a:95:0b:20:b1:7e:83:36:53:e5:
                    44:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:C0:51:15:6D:1B:AD:D1:EC:B0:A3:D4:41:23:8C:11:A9:D0:34:BF
            X509v3 Authority Key Identifier:
                keyid:8D:29:8D:63:97:0A:B0:3C:DF:BF:51:4F:A0:E8:ED:21:31:09:85:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jSmNY5cKsDzfv1FPoOjtITEJhfE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/RsBRFW0brdHssKPUQSOMEanQNL8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/7d00e0-cf41-4142-99d2-494713a9963a/1/jSmNY5cKsDzfv1FPoOjtITEJhfE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:3d:40:1d:a2:c3:3a:23:17:67:26:17:b9:9a:fc:bc:80:97:
         01:49:73:14:a7:59:55:88:fd:c9:6a:65:a6:85:3e:91:4f:bd:
         ef:99:1b:af:75:8d:a4:07:5c:b1:3e:0e:29:ab:ee:7f:55:77:
         1e:25:65:97:aa:ab:49:77:b2:8a:a1:37:29:0c:d8:6b:5a:56:
         2a:9d:8e:9b:95:9b:ab:20:a4:e7:f1:79:23:35:1b:4a:01:2e:
         04:a0:1c:63:44:dd:db:48:2e:08:83:d1:91:71:d2:cc:27:cd:
         86:b7:28:4d:f0:47:63:aa:72:e0:72:57:3c:06:e8:eb:aa:1c:
         20:ce:eb:84:af:ac:5a:52:7e:03:68:7d:a3:36:70:a3:de:6c:
         ea:4f:e9:bb:7b:12:41:40:ee:62:a8:70:44:47:84:e8:47:5c:
         f0:4f:45:d6:32:b4:cc:15:bf:b6:37:9f:fc:58:2b:79:de:d7:
         cf:17:2e:02:db:69:03:e1:9b:75:69:05:e7:aa:da:80:5b:9e:
         26:69:8c:b4:c5:24:68:de:32:6e:48:d3:7f:eb:17:9c:5c:c2:
         00:72:07:cf:e8:fa:ea:d1:5f:42:3f:f8:18:7d:42:d9:1b:e0:
         aa:d3:dc:ca:0f:25:d2:26:ab:fa:45:35:42:51:ec:4e:79:3a:
         b1:d7:55:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZpQML8OXmBT7h0MZoKw3y0VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMjk4ZDYzOTcwYWIwM2NkZmJmNTE0ZmEwZThlZDIxMzEw
OTg1ZjEwHhcNMjUxMTA0MTg0NjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmMwNTExNTZkMWJhZGQxZWNiMGEzZDQ0MTIzOGMxMWE5ZDAzNGJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlUeSiTIyzJfXabRWdrlaBGGhUpN
bPOaXvyAXqc7c1ys3iCAUtCW7dHauKOr4k6bBVTybfAq50TjRiGWQVXwgQ4LUaUg
OqkKFqNykT2/x1zA8/snb6prKHGGKfHTGUniE84QqHixqg8N+67JGlrMAD2bU+9j
Njurqa4qyHy2L98H2hOhcTkMwPZwKyMOW0gJRNCzF8q0ccGbz81VVss7duPcZkOj
YoQXdYiAFjQjUcVSMTxS08LQy5XEz8tjyMtFnfNyNeDYbeOsmFTZnz2HgRKgvUgr
psK3KeRQtdGNmubDmcM1oMowYm2/euT4CyLRu8s2X4qVCyCxfoM2U+VEuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEbAURVtG63R7LCj1EEjjBGp0DS/MB8GA1UdIwQY
MBaAFI0pjWOXCrA8379RT6Do7SExCYXxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalNtTlk1Y0tzRHpmdjFGUG9PanRJVEVKaGZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi83ZDAwZTAtY2Y0MS00MTQyLTk5ZDIt
NDk0NzEzYTk5NjNhLzEvUnNCUkZXMGJyZEhzc0tQVVFTT01FYW5RTkw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi83ZDAwZTAtY2Y0MS00MTQyLTk5ZDItNDk0NzEzYTk5NjNh
LzEvalNtTlk1Y0tzRHpmdjFGUG9PanRJVEVKaGZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhCjMA0G
CSqGSIb3DQEBCwUAA4IBAQA0PUAdosM6IxdnJhe5mvy8gJcBSXMUp1lViP3JamWm
hT6RT73vmRuvdY2kB1yxPg4pq+5/VXceJWWXqqtJd7KKoTcpDNhrWlYqnY6blZur
IKTn8XkjNRtKAS4EoBxjRN3bSC4Ig9GRcdLMJ82GtyhN8EdjqnLgclc8Bujrqhwg
zuuEr6xaUn4DaH2jNnCj3mzqT+m7exJBQO5iqHBER4ToR1zwT0XWMrTMFb+2N5/8
WCt53tfPFy4C22kD4Zt1aQXnqtqAW54maYy0xSRo3jJuSNN/6xecXMIAcgfP6Prq
0V9CP/gYfULZG+Cq09zKDyXSJqv6RTVCUexOeTqx11WG
-----END CERTIFICATE-----