Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/2ef900-ef25-42a4-9edd-45e6cd6e320e/1/PW2sWVJ9FFBsjfGLnP2cm8afOE8.roa
File:                     PW2sWVJ9FFBsjfGLnP2cm8afOE8.roa (raw, json)
Hash identifier:          6jybPU5tVXkCjx5dz+V7ya485HszpB6dPF9HmYkhSqM=
Subject key identifier:   3D:6D:AC:59:52:7D:14:50:6C:8D:F1:8B:9C:FD:9C:9B:C6:9F:38:4F
Certificate issuer:       /CN=b07a65a204e3c799fb183b9ebe47362fa7cfe8c4
Certificate serial:       019855121498AF3C3D3473CA0A8C3E22D0EC
Authority key identifier: B0:7A:65:A2:04:E3:C7:99:FB:18:3B:9E:BE:47:36:2F:A7:CF:E8:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sHplogTjx5n7GDuevkc2L6fP6MQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/2ef900-ef25-42a4-9edd-45e6cd6e320e/1/PW2sWVJ9FFBsjfGLnP2cm8afOE8.roa
Signing time:             Tue 29 Jul 2025 07:25:04 +0000
ROA not before:           Tue 29 Jul 2025 07:25:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12859
IP address blocks:        46.247.36.0/23 maxlen: 24
                          2a05:bcc0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/2ef900-ef25-42a4-9edd-45e6cd6e320e/1/sHplogTjx5n7GDuevkc2L6fP6MQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/2ef900-ef25-42a4-9edd-45e6cd6e320e/1/sHplogTjx5n7GDuevkc2L6fP6MQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sHplogTjx5n7GDuevkc2L6fP6MQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 18:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:55:12:14:98:af:3c:3d:34:73:ca:0a:8c:3e:22:d0:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b07a65a204e3c799fb183b9ebe47362fa7cfe8c4
        Validity
            Not Before: Jul 29 07:25:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d6dac59527d14506c8df18b9cfd9c9bc69f384f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:27:87:08:d8:d0:5b:8b:a9:40:87:54:6d:a1:
                    4c:a5:6a:dd:b5:2e:4e:a0:31:6f:09:92:76:16:86:
                    be:51:dd:15:f3:ab:d8:00:bb:c5:9a:f4:3d:10:fb:
                    92:b8:6c:90:43:bc:69:fe:b0:76:7c:20:a9:07:bf:
                    1c:c7:87:d0:05:b7:f6:b0:04:91:35:6f:78:44:70:
                    65:3e:6b:61:59:97:79:85:be:1a:5f:72:fa:b4:b6:
                    7e:99:b1:17:a5:88:2b:2b:b9:95:92:73:b7:3c:68:
                    ae:73:2c:52:e7:10:76:d2:3f:1b:08:b7:27:a4:bc:
                    06:96:49:18:12:86:cc:3f:60:e5:a4:31:6b:55:1b:
                    23:2e:0d:c5:9c:e5:4c:e3:1e:18:7a:c1:5c:d1:8a:
                    55:2e:d0:41:85:49:96:e8:37:7a:b3:62:99:bb:b3:
                    dc:00:ca:73:70:5b:6e:8e:65:8b:7b:93:33:89:4b:
                    48:81:e5:3d:45:91:9c:62:26:bb:63:d9:60:f2:cf:
                    38:a6:97:a7:d7:7a:52:f3:17:34:63:36:b1:e0:c7:
                    da:e1:e4:70:63:fd:f1:b8:5b:57:84:f1:a5:45:53:
                    15:9e:0f:f6:49:8a:3c:60:45:c5:00:67:86:05:68:
                    bc:3b:3a:5c:57:67:16:58:61:39:0d:ad:2c:ac:62:
                    85:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:6D:AC:59:52:7D:14:50:6C:8D:F1:8B:9C:FD:9C:9B:C6:9F:38:4F
            X509v3 Authority Key Identifier:
                keyid:B0:7A:65:A2:04:E3:C7:99:FB:18:3B:9E:BE:47:36:2F:A7:CF:E8:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHplogTjx5n7GDuevkc2L6fP6MQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/2ef900-ef25-42a4-9edd-45e6cd6e320e/1/PW2sWVJ9FFBsjfGLnP2cm8afOE8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/2ef900-ef25-42a4-9edd-45e6cd6e320e/1/sHplogTjx5n7GDuevkc2L6fP6MQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.247.36.0/23
                IPv6:
                  2a05:bcc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:1c:9e:44:2f:44:7f:d6:b8:47:82:5d:27:45:bf:75:44:3f:
         e5:4b:d3:ba:01:27:52:87:71:58:52:7d:94:bf:46:61:1e:2a:
         00:5a:14:14:c9:98:91:c0:54:54:61:5c:7f:0b:cb:ad:5a:42:
         de:39:00:09:4b:22:4a:05:9e:64:5e:14:62:51:8f:a0:3e:c3:
         ca:7c:5a:bd:fd:38:98:87:89:55:90:4a:10:bd:db:d6:93:d7:
         7e:4f:20:fa:5e:3f:f4:3e:0e:e8:15:19:a0:ec:a7:03:10:f4:
         b7:be:08:51:f9:59:e3:a2:b6:2b:23:a1:14:39:aa:33:29:c9:
         a9:2a:05:3a:77:ca:c8:bc:c8:99:2e:98:7c:32:22:c6:79:b1:
         ec:21:81:29:ef:4b:86:11:2e:05:e9:93:a0:0a:e6:ac:9d:00:
         b5:b7:43:f1:b5:db:77:9e:16:63:dc:24:60:ea:da:3d:1a:30:
         24:30:90:80:74:0d:b8:e6:60:38:75:d5:c5:47:db:b4:94:ce:
         1e:a8:32:46:6f:d6:67:cf:75:f3:c0:1d:ab:e2:8f:25:10:9b:
         56:70:3e:d5:fa:9b:04:88:a3:fc:46:a8:a2:f0:77:a0:d0:30:
         f2:f5:2f:18:a4:10:c1:4b:52:25:f5:d9:ff:7c:41:6a:75:b3:
         87:c2:91:41
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZhVEhSYrzw9NHPKCow+ItDsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2E2NWEyMDRlM2M3OTlmYjE4M2I5ZWJlNDczNjJmYTdj
ZmU4YzQwHhcNMjUwNzI5MDcyNTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDZkYWM1OTUyN2QxNDUwNmM4ZGYxOGI5Y2ZkOWM5YmM2OWYzODRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlSeHCNjQW4upQIdUbaFMpWrdtS5O
oDFvCZJ2Foa+Ud0V86vYALvFmvQ9EPuSuGyQQ7xp/rB2fCCpB78cx4fQBbf2sASR
NW94RHBlPmthWZd5hb4aX3L6tLZ+mbEXpYgrK7mVknO3PGiucyxS5xB20j8bCLcn
pLwGlkkYEobMP2DlpDFrVRsjLg3FnOVM4x4YesFc0YpVLtBBhUmW6Dd6s2KZu7Pc
AMpzcFtujmWLe5MziUtIgeU9RZGcYia7Y9lg8s84ppen13pS8xc0Yzax4Mfa4eRw
Y/3xuFtXhPGlRVMVng/2SYo8YEXFAGeGBWi8OzpcV2cWWGE5Da0srGKFTwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD1trFlSfRRQbI3xi5z9nJvGnzhPMB8GA1UdIwQY
MBaAFLB6ZaIE48eZ+xg7nr5HNi+nz+jEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hwbG9nVGp4NW43R0R1ZXZrYzJMNmZQNk1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8yZWY5MDAtZWYyNS00MmE0LTllZGQt
NDVlNmNkNmUzMjBlLzEvUFcyc1dWSjlGRkJzamZHTG5QMmNtOGFmT0U4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8yZWY5MDAtZWYyNS00MmE0LTllZGQtNDVlNmNkNmUzMjBl
LzEvc0hwbG9nVGp4NW43R0R1ZXZrYzJMNmZQNk1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBLvckMA0E
AgACMAcDBQMqBbzAMA0GCSqGSIb3DQEBCwUAA4IBAQB7HJ5EL0R/1rhHgl0nRb91
RD/lS9O6ASdSh3FYUn2Uv0ZhHioAWhQUyZiRwFRUYVx/C8utWkLeOQAJSyJKBZ5k
XhRiUY+gPsPKfFq9/TiYh4lVkEoQvdvWk9d+TyD6Xj/0Pg7oFRmg7KcDEPS3vghR
+VnjorYrI6EUOaozKcmpKgU6d8rIvMiZLph8MiLGebHsIYEp70uGES4F6ZOgCuas
nQC1t0Pxtdt3nhZj3CRg6to9GjAkMJCAdA245mA4ddXFR9u0lM4eqDJGb9Znz3Xz
wB2r4o8lEJtWcD7V+psEiKP8Rqii8Heg0DDy9S8YpBDBS1Il9dn/fEFqdbOHwpFB
-----END CERTIFICATE-----