Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/fzkX8TLDlxA8MPJ2z0Orivtu_K0.roa
File:                     fzkX8TLDlxA8MPJ2z0Orivtu_K0.roa (raw, json)
Hash identifier:          T8yrAWximNDLXU5ZAXV7sd3MeJW8swkANQjbL2S/U7M=
Subject key identifier:   7F:39:17:F1:32:C3:97:10:3C:30:F2:76:CF:43:AB:8A:FB:6E:FC:AD
Certificate issuer:       /CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
Certificate serial:       019424B2E8FC2DE7029F8640C0B6557891BD
Authority key identifier: AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/fzkX8TLDlxA8MPJ2z0Orivtu_K0.roa
Signing time:             Thu 02 Jan 2025 01:48:12 +0000
ROA not before:           Thu 02 Jan 2025 01:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25004
IP address blocks:        46.19.203.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:e8:fc:2d:e7:02:9f:86:40:c0:b6:55:78:91:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab0952c8ba8dadb1d34de6c6a93864a609fc41ec
        Validity
            Not Before: Jan  2 01:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7f3917f132c397103c30f276cf43ab8afb6efcad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4d:a4:78:9d:7e:03:2f:95:04:69:5b:41:f8:
                    b4:dc:ff:9f:84:ab:85:21:40:80:74:fa:8a:c5:b9:
                    cd:8b:de:88:7f:f9:96:55:af:72:cd:b7:cb:25:19:
                    d8:36:8d:79:77:2c:11:f8:7b:81:13:fd:77:ba:f1:
                    c6:01:7e:65:3e:b7:91:38:75:e4:48:da:94:1a:97:
                    a0:37:4c:be:e7:01:24:77:8b:2d:d6:8c:67:47:23:
                    3d:e3:f2:d8:83:52:5c:a6:1a:a7:f9:b8:96:11:e5:
                    c6:4d:6d:b2:95:bb:b8:0e:4c:90:6b:9a:0d:7a:d9:
                    a2:22:55:6a:ac:69:d2:aa:4f:47:b0:cc:29:aa:9f:
                    77:01:32:cd:63:90:c6:5a:2e:06:1e:92:16:06:24:
                    d0:ff:92:93:00:01:83:65:bd:92:df:93:07:c4:ac:
                    04:7e:42:5a:75:15:b4:19:57:7e:9c:c3:0c:70:61:
                    00:c9:4b:a8:9e:17:a0:0b:08:5b:a4:43:5e:f7:a9:
                    e8:4c:6d:25:56:f2:8d:47:0a:fa:f7:59:03:7b:3c:
                    77:10:89:0d:ea:ed:73:f2:82:a6:d8:16:2c:88:3d:
                    3e:06:aa:e5:81:a1:1d:f6:32:a8:ab:f1:a3:8f:03:
                    fc:ea:d8:48:66:7f:c2:47:39:b6:b2:2e:3e:34:35:
                    84:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:39:17:F1:32:C3:97:10:3C:30:F2:76:CF:43:AB:8A:FB:6E:FC:AD
            X509v3 Authority Key Identifier:
                keyid:AB:09:52:C8:BA:8D:AD:B1:D3:4D:E6:C6:A9:38:64:A6:09:FC:41:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qwlSyLqNrbHTTebGqThkpgn8Qew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/fzkX8TLDlxA8MPJ2z0Orivtu_K0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/3555fe-12cd-402a-a810-5554d6e1686f/1/qwlSyLqNrbHTTebGqThkpgn8Qew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.19.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:3c:fb:04:6a:3b:3d:06:8b:0b:f8:d9:10:f3:11:92:37:07:
         5d:f2:f1:d0:3f:12:1c:97:46:bc:52:16:5e:de:18:38:38:85:
         82:5e:fd:e7:d8:28:ba:34:24:9d:f0:a9:60:d5:9c:b8:d3:0f:
         71:24:0d:2d:56:a0:8f:69:94:47:eb:d8:3b:d4:04:ab:b0:56:
         2f:8f:a1:19:77:7b:6c:4e:a4:4f:6f:87:ad:21:53:17:f3:88:
         78:2c:30:2b:55:7f:ff:9c:31:28:59:cd:f6:f4:2a:7f:be:9f:
         2f:e1:b4:2f:da:5b:4a:e3:46:d8:a8:c0:17:db:43:c3:43:35:
         b6:7a:45:14:fb:a7:da:b8:0e:0e:c8:11:99:4b:28:12:14:83:
         3c:7f:01:f8:8c:00:4c:67:3f:78:ee:79:e0:59:44:46:34:d1:
         1f:5b:75:e9:9b:48:fb:04:e9:58:07:c2:be:68:55:e6:99:fc:
         2b:30:b3:3e:f5:63:59:c1:a3:38:ad:93:53:72:cc:fd:72:88:
         1e:74:3b:e7:66:27:f8:ef:9e:ee:bc:14:2e:10:bc:c2:85:cf:
         c8:40:1f:89:5f:af:88:6a:64:bd:64:b3:24:12:37:fe:4a:1a:
         09:8b:67:f5:ff:60:b2:8a:8c:5b:29:c4:ac:6f:13:22:f4:06:
         3a:d3:43:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksuj8LecCn4ZAwLZVeJG9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiMDk1MmM4YmE4ZGFkYjFkMzRkZTZjNmE5Mzg2NGE2MDlm
YzQxZWMwHhcNMjUwMTAyMDE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjM5MTdmMTMyYzM5NzEwM2MzMGYyNzZjZjQzYWI4YWZiNmVmY2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqE2keJ1+Ay+VBGlbQfi03P+fhKuF
IUCAdPqKxbnNi96If/mWVa9yzbfLJRnYNo15dywR+HuBE/13uvHGAX5lPreROHXk
SNqUGpegN0y+5wEkd4st1oxnRyM94/LYg1Jcphqn+biWEeXGTW2ylbu4DkyQa5oN
etmiIlVqrGnSqk9HsMwpqp93ATLNY5DGWi4GHpIWBiTQ/5KTAAGDZb2S35MHxKwE
fkJadRW0GVd+nMMMcGEAyUuonhegCwhbpENe96noTG0lVvKNRwr691kDezx3EIkN
6u1z8oKm2BYsiD0+BqrlgaEd9jKoq/GjjwP86thIZn/CRzm2si4+NDWEBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH85F/Eyw5cQPDDyds9Dq4r7bvytMB8GA1UdIwQY
MBaAFKsJUsi6ja2x003mxqk4ZKYJ/EHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAt
NTU1NGQ2ZTE2ODZmLzEvZnprWDhUTERseEE4TVBKMnowT3JpdnR1X0swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8zNTU1ZmUtMTJjZC00MDJhLWE4MTAtNTU1NGQ2ZTE2ODZm
LzEvcXdsU3lMcU5yYkhUVGViR3FUaGtwZ244UWV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhPLMA0G
CSqGSIb3DQEBCwUAA4IBAQCWPPsEajs9BosL+NkQ8xGSNwdd8vHQPxIcl0a8UhZe
3hg4OIWCXv3n2Ci6NCSd8Klg1Zy40w9xJA0tVqCPaZRH69g71ASrsFYvj6EZd3ts
TqRPb4etIVMX84h4LDArVX//nDEoWc329Cp/vp8v4bQv2ltK40bYqMAX20PDQzW2
ekUU+6fauA4OyBGZSygSFIM8fwH4jABMZz947nngWURGNNEfW3Xpm0j7BOlYB8K+
aFXmmfwrMLM+9WNZwaM4rZNTcsz9cogedDvnZif4757uvBQuELzChc/IQB+JX6+I
amS9ZLMkEjf+ShoJi2f1/2CyioxbKcSsbxMi9AY600Os
-----END CERTIFICATE-----