Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/kE7ZJDlktHLkcbGfledw7DZSwGc.roa
File:                     kE7ZJDlktHLkcbGfledw7DZSwGc.roa (raw, json)
Hash identifier:          4U44ok+kWNj1+ssImgjroblGi3GNA+vpSfU8afA9Si8=
Subject key identifier:   90:4E:D9:24:39:64:B4:72:E4:71:B1:9F:95:E7:70:EC:36:52:C0:67
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       01942369F68F4A8F4A3756F4B372392B8A3B
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/kE7ZJDlktHLkcbGfledw7DZSwGc.roa
Signing time:             Wed 01 Jan 2025 19:48:54 +0000
ROA not before:           Wed 01 Jan 2025 19:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209218
IP address blocks:        46.232.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f6:8f:4a:8f:4a:37:56:f4:b3:72:39:2b:8a:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  1 19:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=904ed9243964b472e471b19f95e770ec3652c067
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fb:68:5c:2e:97:60:cd:79:c1:37:b1:42:59:
                    71:3e:94:59:ce:3d:52:10:00:7e:03:e8:4d:a0:11:
                    bf:a9:bc:da:ef:83:92:e4:b7:a3:0b:a4:9d:ce:a6:
                    76:bd:55:a7:1a:e7:ff:ad:8f:47:4f:f9:0f:20:70:
                    15:72:e8:c8:81:a4:8c:10:94:a1:32:e7:45:91:b2:
                    7b:4c:f0:5c:b2:b6:87:ca:ab:d5:e3:5b:08:2e:66:
                    15:aa:8f:72:a7:e0:8b:8f:ab:78:c5:8a:14:d8:0e:
                    60:3d:3f:42:4b:aa:5a:df:fc:7d:75:e3:c3:be:0a:
                    69:69:43:46:f6:51:b9:99:1b:ec:05:76:b5:9e:ef:
                    6c:28:f4:bc:b9:30:4d:82:62:01:16:54:fe:32:49:
                    28:60:00:f8:44:ca:8b:94:36:54:c4:42:7d:25:34:
                    03:78:8d:06:cf:c9:73:fd:58:23:7f:3a:b0:88:4e:
                    14:4f:7b:9e:92:f3:c5:ca:5a:88:de:0b:06:a6:fc:
                    66:a3:42:09:9c:56:4e:8b:7a:35:e4:13:ae:26:b7:
                    c1:8b:2d:7c:80:d5:a3:3d:91:7e:15:a6:5d:b5:c7:
                    fa:36:8a:dc:9e:9d:1b:cd:10:c4:21:8b:22:63:56:
                    4e:74:21:04:66:4c:a9:8b:ac:29:24:87:cb:a9:1a:
                    70:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:4E:D9:24:39:64:B4:72:E4:71:B1:9F:95:E7:70:EC:36:52:C0:67
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/kE7ZJDlktHLkcbGfledw7DZSwGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.232.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:75:af:0a:6c:42:68:09:9c:7e:2d:43:f1:b1:9f:69:71:01:
         74:50:4c:a1:57:a6:3b:f2:4d:98:0c:0f:1b:ae:35:5e:f1:60:
         66:ab:5b:7e:7a:4f:d3:dc:2d:e5:cb:cb:be:84:e7:4d:78:e2:
         25:d8:16:be:3d:bf:0a:8d:c7:1e:f6:55:d5:6c:41:16:7f:e7:
         7f:2e:c8:60:ce:f2:c4:16:d0:25:22:5f:b7:41:7e:6f:6b:04:
         6e:e4:b3:68:e5:21:dc:68:f7:cc:98:3c:4f:44:23:f2:24:0e:
         c2:3f:f1:41:86:67:33:92:d7:71:e5:a7:4e:a8:09:4e:4e:25:
         c0:35:52:62:70:e8:68:2c:01:bb:bf:9b:86:b3:12:9e:66:20:
         b5:52:63:93:ee:48:ef:fd:2e:50:ac:2a:57:ab:2c:57:b3:61:
         4b:d5:76:21:c5:8f:12:9a:a4:1e:f9:88:e8:8a:e4:3d:de:df:
         e7:f5:4d:af:8c:92:e0:e2:92:51:de:4b:20:7b:c8:40:d2:1b:
         c8:0c:c9:5d:25:f5:cb:01:e1:0b:26:5b:34:aa:4f:dc:c4:e2:
         fd:fe:de:84:0f:2c:07:63:a5:3d:17:03:c0:76:ba:2a:aa:de:
         88:b3:9a:d7:22:de:41:a6:f1:f7:ac:a5:72:21:04:46:51:62:
         25:57:b8:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjafaPSo9KN1b0s3I5K4o7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjUwMTAxMTk0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDRlZDkyNDM5NjRiNDcyZTQ3MWIxOWY5NWU3NzBlYzM2NTJjMDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/toXC6XYM15wTexQllxPpRZzj1S
EAB+A+hNoBG/qbza74OS5LejC6SdzqZ2vVWnGuf/rY9HT/kPIHAVcujIgaSMEJSh
MudFkbJ7TPBcsraHyqvV41sILmYVqo9yp+CLj6t4xYoU2A5gPT9CS6pa3/x9dePD
vgppaUNG9lG5mRvsBXa1nu9sKPS8uTBNgmIBFlT+MkkoYAD4RMqLlDZUxEJ9JTQD
eI0Gz8lz/VgjfzqwiE4UT3uekvPFylqI3gsGpvxmo0IJnFZOi3o15BOuJrfBiy18
gNWjPZF+FaZdtcf6Norcnp0bzRDEIYsiY1ZOdCEEZkypi6wpJIfLqRpwXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJBO2SQ5ZLRy5HGxn5XncOw2UsBnMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEva0U3WkpEbGt0SExrY2JHZmxlZHc3RFpTd0djLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALugUMA0G
CSqGSIb3DQEBCwUAA4IBAQBJda8KbEJoCZx+LUPxsZ9pcQF0UEyhV6Y78k2YDA8b
rjVe8WBmq1t+ek/T3C3ly8u+hOdNeOIl2Ba+Pb8Kjcce9lXVbEEWf+d/LshgzvLE
FtAlIl+3QX5vawRu5LNo5SHcaPfMmDxPRCPyJA7CP/FBhmczktdx5adOqAlOTiXA
NVJicOhoLAG7v5uGsxKeZiC1UmOT7kjv/S5QrCpXqyxXs2FL1XYhxY8SmqQe+Yjo
iuQ93t/n9U2vjJLg4pJR3ksge8hA0hvIDMldJfXLAeELJls0qk/cxOL9/t6EDywH
Y6U9FwPAdroqqt6Is5rXIt5BpvH3rKVyIQRGUWIlV7gT
-----END CERTIFICATE-----