Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/GZpqWkBGOVsGgJTKQ2BvrgHzhbc.roa
File:                     GZpqWkBGOVsGgJTKQ2BvrgHzhbc.roa (raw, json)
Hash identifier:          GWrwG4EBdGAmA1bRP13PYssf2Pb4PSnK/pkdfjR6J+Q=
Subject key identifier:   19:9A:6A:5A:40:46:39:5B:06:80:94:CA:43:60:6F:AE:01:F3:85:B7
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       01942369F3B018E429F09581A287A417F709
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/GZpqWkBGOVsGgJTKQ2BvrgHzhbc.roa
Signing time:             Wed 01 Jan 2025 19:48:53 +0000
ROA not before:           Wed 01 Jan 2025 19:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     138687
IP address blocks:        46.3.238.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f3:b0:18:e4:29:f0:95:81:a2:87:a4:17:f7:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  1 19:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=199a6a5a4046395b068094ca43606fae01f385b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:03:72:a8:b6:c0:8d:83:bc:68:e7:fa:ed:cf:
                    d5:c7:b4:56:ca:8f:8d:ce:b7:40:a7:26:a6:cb:04:
                    95:46:a6:60:37:41:0c:48:07:76:d6:50:72:08:fe:
                    b8:62:ea:68:84:04:a6:11:8b:83:06:ab:48:c9:7a:
                    cc:43:cc:35:a7:01:53:99:9e:7b:05:6f:e7:38:05:
                    96:ed:10:98:8d:ef:d2:26:67:a3:fd:8b:6c:45:b2:
                    63:e0:7a:80:d7:33:21:1a:02:4d:26:a2:ed:f0:89:
                    17:54:c5:b9:c4:e8:df:dd:da:a4:64:d9:4f:f5:8a:
                    16:06:bd:fc:32:79:c1:4d:56:a5:cc:73:72:b4:b7:
                    f1:60:69:ba:4a:d7:35:a9:95:af:54:46:65:20:55:
                    60:85:2e:dd:a6:32:33:10:f9:53:17:2b:2c:34:e3:
                    68:49:3f:9b:0b:51:bc:cd:9b:fe:52:8f:a1:98:31:
                    d7:ad:25:54:68:41:2c:23:6f:17:2c:13:b5:61:40:
                    a8:d9:c8:89:e6:4a:7d:fd:4e:3b:45:b7:df:c6:ad:
                    19:65:0d:b0:89:a5:8f:08:6e:3c:dd:e3:51:f1:33:
                    e1:51:17:c2:98:21:1b:07:77:47:65:65:af:fc:fc:
                    5f:f1:a6:ff:f0:b0:3b:df:09:0a:79:a4:bf:14:92:
                    1c:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:9A:6A:5A:40:46:39:5B:06:80:94:CA:43:60:6F:AE:01:F3:85:B7
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/GZpqWkBGOVsGgJTKQ2BvrgHzhbc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:06:00:8e:c3:d0:95:c4:85:ab:06:f9:b0:1c:8a:f2:6b:9a:
         3e:0c:09:c9:a8:6e:48:ac:fe:18:b0:69:c8:73:a4:5a:1a:bf:
         f4:49:c0:d7:a9:3f:28:54:3d:a3:e1:eb:43:ab:a2:35:8f:84:
         dc:6a:3d:04:53:18:4a:7d:9b:39:e0:e2:01:37:35:01:c9:93:
         a7:66:88:e8:61:1f:06:cb:e9:73:75:2b:a7:8d:a6:a2:fa:73:
         08:f8:94:e6:ee:b5:51:ce:75:55:6b:a2:9a:bb:9e:0b:01:53:
         78:e9:1b:76:b9:17:eb:3d:15:15:14:d8:80:f1:ec:f6:3d:3b:
         44:49:0c:97:ac:e1:23:19:6c:3a:df:13:2e:3d:46:33:03:a8:
         bb:41:54:9b:79:59:d9:3b:fb:99:30:5c:60:f0:dc:bd:b1:dc:
         da:a1:f2:dd:c7:d8:a0:0c:f9:84:34:ad:bc:1c:76:52:b6:7b:
         1a:7d:2e:0e:ca:e4:a4:94:02:a9:05:a9:6b:c5:a7:4f:d8:e0:
         91:01:61:c0:6d:d9:ce:16:08:b3:ff:e9:d3:20:ba:3d:53:4a:
         09:68:56:07:39:69:16:9a:59:d8:0d:ec:02:21:22:5c:31:a9:
         05:e2:66:8a:ad:97:ca:01:ee:4f:e3:31:d6:ee:6a:7e:58:58:
         de:1c:1c:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjafOwGOQp8JWBooekF/cJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjUwMTAxMTk0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTlhNmE1YTQwNDYzOTViMDY4MDk0Y2E0MzYwNmZhZTAxZjM4NWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7wNyqLbAjYO8aOf67c/Vx7RWyo+N
zrdApyamywSVRqZgN0EMSAd21lByCP64YupohASmEYuDBqtIyXrMQ8w1pwFTmZ57
BW/nOAWW7RCYje/SJmej/YtsRbJj4HqA1zMhGgJNJqLt8IkXVMW5xOjf3dqkZNlP
9YoWBr38MnnBTValzHNytLfxYGm6Stc1qZWvVEZlIFVghS7dpjIzEPlTFyssNONo
ST+bC1G8zZv+Uo+hmDHXrSVUaEEsI28XLBO1YUCo2ciJ5kp9/U47Rbffxq0ZZQ2w
iaWPCG483eNR8TPhURfCmCEbB3dHZWWv/Pxf8ab/8LA73wkKeaS/FJIc3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBmaalpARjlbBoCUykNgb64B84W3MB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvR1pwcVdrQkdPVnNHZ0pUS1EyQnZyZ0h6aGJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALgPuMA0G
CSqGSIb3DQEBCwUAA4IBAQAjBgCOw9CVxIWrBvmwHIrya5o+DAnJqG5IrP4YsGnI
c6RaGr/0ScDXqT8oVD2j4etDq6I1j4Tcaj0EUxhKfZs54OIBNzUByZOnZojoYR8G
y+lzdSunjaai+nMI+JTm7rVRznVVa6Kau54LAVN46Rt2uRfrPRUVFNiA8ez2PTtE
SQyXrOEjGWw63xMuPUYzA6i7QVSbeVnZO/uZMFxg8Ny9sdzaofLdx9igDPmENK28
HHZStnsafS4OyuSklAKpBalrxadP2OCRAWHAbdnOFgiz/+nTILo9U0oJaFYHOWkW
mlnYDewCISJcMakF4maKrZfKAe5P4zHW7mp+WFjeHBxR
-----END CERTIFICATE-----