Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1b/1191d6-5423-42cf-8f6b-117886eb7d67/1/bdbKzGuhzcfiVqYcyUjbwWvnE0w.roa
File:                     bdbKzGuhzcfiVqYcyUjbwWvnE0w.roa (raw, json)
Hash identifier:          EoIpsT1HmNm7h0aLpOdMeI8Ad8kT8sfcfHIMZV0nTSQ=
Subject key identifier:   6D:D6:CA:CC:6B:A1:CD:C7:E2:56:A6:1C:C9:48:DB:C1:6B:E7:13:4C
Certificate issuer:       /CN=46a4b35c8e0256eaa2fbf751e6c01e5e909c0a1f
Certificate serial:       0194252167455FF61300A5B1C66A54C9C1F6
Authority key identifier: 46:A4:B3:5C:8E:02:56:EA:A2:FB:F7:51:E6:C0:1E:5E:90:9C:0A:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RqSzXI4CVuqi-_dR5sAeXpCcCh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1b/1191d6-5423-42cf-8f6b-117886eb7d67/1/bdbKzGuhzcfiVqYcyUjbwWvnE0w.roa
Signing time:             Thu 02 Jan 2025 03:48:53 +0000
ROA not before:           Thu 02 Jan 2025 03:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207906
IP address blocks:        195.189.184.0/23 maxlen: 24
                          195.189.190.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1b/1191d6-5423-42cf-8f6b-117886eb7d67/1/RqSzXI4CVuqi-_dR5sAeXpCcCh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1b/1191d6-5423-42cf-8f6b-117886eb7d67/1/RqSzXI4CVuqi-_dR5sAeXpCcCh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RqSzXI4CVuqi-_dR5sAeXpCcCh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:67:45:5f:f6:13:00:a5:b1:c6:6a:54:c9:c1:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46a4b35c8e0256eaa2fbf751e6c01e5e909c0a1f
        Validity
            Not Before: Jan  2 03:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6dd6cacc6ba1cdc7e256a61cc948dbc16be7134c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ee:2b:c7:d6:65:88:bf:ba:80:ab:28:4e:51:
                    51:08:33:42:c6:d5:74:47:bd:83:62:32:22:9a:40:
                    62:c4:71:71:3a:55:e6:0d:88:63:5e:ef:e9:91:fe:
                    fa:a5:29:3f:fb:cb:b1:6d:10:a7:57:6f:46:21:9b:
                    c9:0d:22:b2:60:6c:8a:59:ff:d8:ea:91:1f:2d:34:
                    65:64:9d:09:a5:a9:17:d4:e1:6a:77:71:86:a3:2f:
                    ce:9b:59:86:bc:cd:0b:31:e0:94:36:91:ed:70:88:
                    3f:2a:e8:fb:55:4d:70:65:0f:08:04:6d:4d:79:81:
                    60:13:e8:70:27:31:c4:dd:35:32:38:f8:e7:46:5f:
                    f4:41:f0:f4:2d:63:e3:53:d2:c9:21:be:88:2b:08:
                    6e:1a:b9:be:7c:b8:6a:3d:6e:79:16:f9:22:87:9d:
                    9f:8e:f1:3d:12:14:5a:08:79:53:80:86:28:5b:ae:
                    e0:ba:b6:33:23:bf:ee:fe:17:04:40:59:6b:c9:4d:
                    ef:b2:31:1c:c6:77:cd:6e:33:96:16:c3:28:ea:65:
                    ac:74:ac:70:2c:d2:91:eb:38:25:17:43:42:7b:37:
                    23:f7:93:c5:00:39:42:5f:c2:4f:15:15:5c:b9:16:
                    ec:e6:f2:44:f2:7d:eb:44:2c:50:b6:5a:de:65:21:
                    15:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:D6:CA:CC:6B:A1:CD:C7:E2:56:A6:1C:C9:48:DB:C1:6B:E7:13:4C
            X509v3 Authority Key Identifier:
                keyid:46:A4:B3:5C:8E:02:56:EA:A2:FB:F7:51:E6:C0:1E:5E:90:9C:0A:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RqSzXI4CVuqi-_dR5sAeXpCcCh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/1191d6-5423-42cf-8f6b-117886eb7d67/1/bdbKzGuhzcfiVqYcyUjbwWvnE0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1b/1191d6-5423-42cf-8f6b-117886eb7d67/1/RqSzXI4CVuqi-_dR5sAeXpCcCh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.189.184.0/23
                  195.189.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:5b:d0:3c:6c:cf:c9:16:84:73:20:2f:bd:c8:4a:fd:26:8a:
         36:e1:37:61:a9:b5:86:35:0b:13:e8:35:eb:c0:26:48:cb:d6:
         fb:b7:19:d9:60:2b:9b:44:bc:35:01:d0:68:12:69:86:5b:4e:
         94:c1:c3:56:b3:36:0f:e4:eb:0b:f2:63:18:a7:d2:8a:75:ef:
         eb:47:fe:dc:a1:19:a0:9a:4b:e8:8a:f5:39:a0:67:d0:7d:59:
         f2:fd:93:37:28:65:a4:0f:7e:b3:f1:38:b4:45:e4:3b:7e:ea:
         0c:4b:42:2b:a0:21:1c:8f:e7:d0:7d:14:eb:17:ce:aa:31:51:
         02:4c:4f:ae:44:1f:44:cf:ae:57:fd:a1:02:55:e7:49:ec:02:
         5b:b0:00:95:35:38:6f:69:7c:1f:1b:3c:1d:f1:7a:a3:da:4f:
         cc:22:08:f2:5b:cb:1d:9d:de:4d:c1:32:23:92:6a:f2:b0:c9:
         db:2f:dc:82:c5:6d:66:0d:97:14:a6:e6:52:cb:ee:75:ec:a7:
         f1:50:74:7d:01:87:6a:b8:a8:0c:44:a1:a7:0f:93:31:67:55:
         b4:8d:62:b7:16:4d:46:9a:66:0b:e1:2c:b7:8a:ea:8b:b3:89:
         b0:a0:fb:a7:a8:0c:36:fc:3f:49:2f:c5:b1:be:04:ed:f7:cb:
         88:37:5b:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIWdFX/YTAKWxxmpUycH2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YTRiMzVjOGUwMjU2ZWFhMmZiZjc1MWU2YzAxZTVlOTA5
YzBhMWYwHhcNMjUwMTAyMDM0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGQ2Y2FjYzZiYTFjZGM3ZTI1NmE2MWNjOTQ4ZGJjMTZiZTcxMzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApe4rx9ZliL+6gKsoTlFRCDNCxtV0
R72DYjIimkBixHFxOlXmDYhjXu/pkf76pSk/+8uxbRCnV29GIZvJDSKyYGyKWf/Y
6pEfLTRlZJ0JpakX1OFqd3GGoy/Om1mGvM0LMeCUNpHtcIg/Kuj7VU1wZQ8IBG1N
eYFgE+hwJzHE3TUyOPjnRl/0QfD0LWPjU9LJIb6IKwhuGrm+fLhqPW55Fvkih52f
jvE9EhRaCHlTgIYoW67gurYzI7/u/hcEQFlryU3vsjEcxnfNbjOWFsMo6mWsdKxw
LNKR6zglF0NCezcj95PFADlCX8JPFRVcuRbs5vJE8n3rRCxQtlreZSEVawIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG3Wysxroc3H4lamHMlI28Fr5xNMMB8GA1UdIwQY
MBaAFEaks1yOAlbqovv3UebAHl6QnAofMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnFTelhJNENWdXFpLV9kUjVzQWVYcENjQ2g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYi8xMTkxZDYtNTQyMy00MmNmLThmNmIt
MTE3ODg2ZWI3ZDY3LzEvYmRiS3pHdWh6Y2ZpVnFZY3lVamJ3V3ZuRTB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYi8xMTkxZDYtNTQyMy00MmNmLThmNmItMTE3ODg2ZWI3ZDY3
LzEvUnFTelhJNENWdXFpLV9kUjVzQWVYcENjQ2g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw724AwQB
w72+MA0GCSqGSIb3DQEBCwUAA4IBAQAFW9A8bM/JFoRzIC+9yEr9Joo24TdhqbWG
NQsT6DXrwCZIy9b7txnZYCubRLw1AdBoEmmGW06UwcNWszYP5OsL8mMYp9KKde/r
R/7coRmgmkvoivU5oGfQfVny/ZM3KGWkD36z8Ti0ReQ7fuoMS0IroCEcj+fQfRTr
F86qMVECTE+uRB9Ez65X/aECVedJ7AJbsACVNThvaXwfGzwd8Xqj2k/MIgjyW8sd
nd5NwTIjkmrysMnbL9yCxW1mDZcUpuZSy+517KfxUHR9AYdquKgMRKGnD5MxZ1W0
jWK3Fk1GmmYL4Sy3iuqLs4mwoPunqAw2/D9JL8WxvgTt98uIN1tq
-----END CERTIFICATE-----