Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/AaG8Def6w4BiK3J3qdnjmerS3cM.roa
File:                     AaG8Def6w4BiK3J3qdnjmerS3cM.roa (raw, json)
Hash identifier:          d8yyhZCQzv3iOvJzFFd2S/p8T4yCXrCyNRr96Ii/wuM=
Subject key identifier:   01:A1:BC:0D:E7:FA:C3:80:62:2B:72:77:A9:D9:E3:99:EA:D2:DD:C3
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       019424455DB027CE709E6F1BCF63A0CAE77B
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/AaG8Def6w4BiK3J3qdnjmerS3cM.roa
Signing time:             Wed 01 Jan 2025 23:48:33 +0000
ROA not before:           Wed 01 Jan 2025 23:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60093
IP address blocks:        46.234.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 06:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:5d:b0:27:ce:70:9e:6f:1b:cf:63:a0:ca:e7:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 23:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01a1bc0de7fac380622b7277a9d9e399ead2ddc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:bf:30:c3:a2:a8:29:ca:d7:5e:af:56:5b:1f:
                    ab:4e:ab:82:71:1e:b8:c3:48:fb:32:49:f3:cc:83:
                    f1:97:bd:d4:4e:a9:3c:47:4d:10:b0:bd:3e:66:c7:
                    46:cb:b6:ed:66:56:7e:31:99:89:36:37:79:0e:66:
                    37:32:0a:6f:99:21:ee:7f:52:9c:f6:4b:54:de:09:
                    26:65:33:9c:b1:fe:02:43:30:98:65:28:43:c1:bd:
                    9b:b0:e7:21:91:96:f3:43:c6:4c:78:18:03:99:21:
                    c4:4a:aa:df:ea:0f:59:f2:05:de:67:41:2e:fc:b0:
                    32:83:9e:98:4e:1e:41:6f:16:34:a1:a0:3b:2c:87:
                    f1:75:0d:29:7a:26:ae:0c:0b:02:9c:fd:47:c1:02:
                    46:f6:3c:d8:76:09:09:8a:7a:84:34:7e:f9:63:3a:
                    ae:fc:44:93:33:6a:b4:ec:ba:5b:6d:f3:69:b5:2a:
                    cf:e9:c2:9b:9e:08:59:e1:2c:d1:00:d4:bc:23:85:
                    9f:91:bb:85:3d:97:7f:4e:13:2d:f5:12:68:28:2d:
                    0f:de:d8:b7:7e:eb:df:2c:bc:f5:66:e9:85:75:c5:
                    1a:04:85:da:cb:1f:6b:68:0e:32:a6:cd:0a:e0:fa:
                    bc:96:30:a4:bd:b0:37:f9:86:65:2c:1b:fb:38:a0:
                    67:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:A1:BC:0D:E7:FA:C3:80:62:2B:72:77:A9:D9:E3:99:EA:D2:DD:C3
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/AaG8Def6w4BiK3J3qdnjmerS3cM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.234.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:1b:dd:07:fc:94:24:9c:1c:6b:64:7a:e7:1c:b6:4a:41:2c:
         31:62:15:32:6d:53:1b:b3:1b:cb:39:48:1b:94:0b:22:f8:98:
         9b:89:51:da:a0:25:94:5f:79:f3:85:3d:cc:a8:3b:8f:31:a4:
         cb:4f:36:ec:fd:d2:0b:0e:6d:07:4f:4a:a7:58:94:81:e2:a8:
         63:49:6f:03:39:40:de:78:b7:be:aa:bc:34:19:c0:74:e6:b0:
         5c:dd:45:45:2b:8e:35:6b:6a:9c:5e:21:af:38:be:b7:a3:cb:
         dd:d4:52:cd:75:62:06:d6:5a:c7:08:ae:be:e7:65:e0:d8:ba:
         6b:b9:f7:88:67:57:f0:e5:93:f5:e7:51:14:15:26:23:4e:5b:
         cf:fb:7b:53:b4:7f:0a:f5:ec:de:4c:01:96:f5:36:b7:54:96:
         34:2f:fa:f3:cb:ff:99:50:dc:1d:38:d3:01:4d:2a:16:bf:c2:
         87:78:7f:89:46:47:00:4c:5f:dd:69:0b:4d:b7:87:b7:12:13:
         c1:ba:9a:1b:3e:c4:4e:d8:1a:60:73:83:6d:0e:41:f9:5c:90:
         e0:9c:01:26:f4:74:00:99:ff:a4:18:ba:09:21:59:8b:d4:8b:
         e5:01:4c:c2:75:04:b5:6a:b5:91:83:c8:ed:7a:83:1f:47:4b:
         af:a7:03:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRV2wJ85wnm8bz2Ogyud7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjUwMTAxMjM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWExYmMwZGU3ZmFjMzgwNjIyYjcyNzdhOWQ5ZTM5OWVhZDJkZGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs78ww6KoKcrXXq9WWx+rTquCcR64
w0j7MknzzIPxl73UTqk8R00QsL0+ZsdGy7btZlZ+MZmJNjd5DmY3MgpvmSHuf1Kc
9ktU3gkmZTOcsf4CQzCYZShDwb2bsOchkZbzQ8ZMeBgDmSHESqrf6g9Z8gXeZ0Eu
/LAyg56YTh5BbxY0oaA7LIfxdQ0peiauDAsCnP1HwQJG9jzYdgkJinqENH75Yzqu
/ESTM2q07LpbbfNptSrP6cKbnghZ4SzRANS8I4WfkbuFPZd/ThMt9RJoKC0P3ti3
fuvfLLz1ZumFdcUaBIXayx9raA4yps0K4Pq8ljCkvbA3+YZlLBv7OKBnhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAGhvA3n+sOAYityd6nZ45nq0t3DMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvQWFHOERlZjZ3NEJpSzNKM3FkbmptZXJTM2NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuoQMA0G
CSqGSIb3DQEBCwUAA4IBAQC8G90H/JQknBxrZHrnHLZKQSwxYhUybVMbsxvLOUgb
lAsi+JibiVHaoCWUX3nzhT3MqDuPMaTLTzbs/dILDm0HT0qnWJSB4qhjSW8DOUDe
eLe+qrw0GcB05rBc3UVFK441a2qcXiGvOL63o8vd1FLNdWIG1lrHCK6+52Xg2Lpr
ufeIZ1fw5ZP151EUFSYjTlvP+3tTtH8K9ezeTAGW9Ta3VJY0L/rzy/+ZUNwdONMB
TSoWv8KHeH+JRkcATF/daQtNt4e3EhPBupobPsRO2Bpgc4NtDkH5XJDgnAEm9HQA
mf+kGLoJIVmL1IvlAUzCdQS1arWRg8jteoMfR0uvpwPX
-----END CERTIFICATE-----