Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/tbTmb1wIkJcjOTrxUE98Gt6Tr68.roa
File:                     tbTmb1wIkJcjOTrxUE98Gt6Tr68.roa (raw, json)
Hash identifier:          9h+1BxgCsdJlPqcdrM6DVHk3XBGU8ObSrJfDgfcbyEU=
Subject key identifier:   B5:B4:E6:6F:5C:08:90:97:23:39:3A:F1:50:4F:7C:1A:DE:93:AF:AF
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       0194E0DB5E75C4FADC893F07F64E58C67C8A
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/tbTmb1wIkJcjOTrxUE98Gt6Tr68.roa
Signing time:             Fri 07 Feb 2025 14:41:00 +0000
ROA not before:           Fri 07 Feb 2025 14:41:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213457
IP address blocks:        46.243.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:e0:db:5e:75:c4:fa:dc:89:3f:07:f6:4e:58:c6:7c:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Feb  7 14:41:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b5b4e66f5c08909723393af1504f7c1ade93afaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ad:58:ad:32:73:84:07:b3:50:69:d9:58:24:
                    3f:d9:22:56:3d:9e:a4:45:bf:f1:4d:f1:a7:bf:a2:
                    40:fc:a0:1a:a8:7d:5e:b0:8b:cb:98:a3:a6:64:1d:
                    f5:0e:51:39:a0:a0:08:3e:2d:49:60:2b:0c:36:ea:
                    0a:cb:11:08:f0:0b:f6:2f:e6:58:e0:07:e7:0d:01:
                    3a:20:48:75:f4:80:10:41:33:9c:fa:47:93:48:8c:
                    2d:10:9a:ab:bf:9d:15:71:1e:ac:c2:e3:20:72:8f:
                    4d:0b:90:da:21:30:df:c7:09:df:0a:20:23:04:3b:
                    cd:ac:dd:82:3c:6c:50:19:14:58:39:43:c4:c5:f2:
                    d0:e2:f8:aa:e5:04:dc:8e:7a:86:4c:c0:4b:aa:a4:
                    09:2b:22:f6:75:cd:5b:a3:64:22:82:66:eb:df:63:
                    6e:88:97:ac:08:72:56:fc:46:40:56:c8:d2:3e:6f:
                    b2:05:43:0b:8d:bf:55:dc:53:1c:c9:5f:65:ec:3a:
                    03:7b:44:8e:bd:b0:d0:60:11:f9:cb:fb:c7:85:91:
                    21:98:3a:7e:22:ce:f1:2a:a8:f0:7d:74:85:a9:5c:
                    d5:0a:45:b1:f1:dd:dc:6d:c8:2d:eb:5e:f3:a3:34:
                    90:41:b5:55:e7:35:63:d0:dd:2b:b7:b7:ce:91:62:
                    9d:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:B4:E6:6F:5C:08:90:97:23:39:3A:F1:50:4F:7C:1A:DE:93:AF:AF
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/tbTmb1wIkJcjOTrxUE98Gt6Tr68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:e5:03:23:f0:12:b4:01:f7:2d:3d:7a:fb:d3:fd:31:ef:cd:
         b7:18:5e:ae:6d:67:22:91:19:8e:3f:c1:c2:b6:86:83:3b:24:
         e1:b1:f2:58:b5:95:b9:26:97:69:9c:50:1d:09:c7:bf:fc:09:
         21:62:db:51:e7:af:99:46:76:e8:83:62:19:38:b4:84:70:f3:
         ad:8b:95:83:28:5d:f2:6e:ce:1e:1a:82:cd:41:67:b6:a5:70:
         33:ab:6d:f1:2c:82:5f:b1:fe:bc:54:fa:89:36:df:ca:87:58:
         6b:6e:bc:e2:57:22:55:21:40:72:1c:74:07:24:fb:7f:3f:46:
         0e:71:d2:28:57:50:74:57:6b:fd:83:10:5c:5f:81:f3:6a:5b:
         0b:8e:84:9f:ea:f0:7b:e6:97:72:b8:b8:35:f8:29:b0:b3:71:
         61:d4:f8:7f:95:09:bf:45:d8:10:e5:d2:6b:af:15:39:00:70:
         40:11:79:f1:53:ab:65:ee:56:25:7d:c0:d0:a4:32:cb:e6:e5:
         2b:9a:6f:a1:f1:c8:22:19:eb:d8:fd:6a:72:f7:c9:2d:a7:ae:
         9a:61:85:9d:e2:70:64:0c:15:fd:18:8e:08:2b:24:eb:88:37:
         92:26:1e:9b:20:8a:91:7c:50:6b:87:ed:f5:58:9c:20:70:04:
         76:18:9c:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTg2151xPrciT8H9k5YxnyKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjUwMjA3MTQ0MTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNWI0ZTY2ZjVjMDg5MDk3MjMzOTNhZjE1MDRmN2MxYWRlOTNhZmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs61YrTJzhAezUGnZWCQ/2SJWPZ6k
Rb/xTfGnv6JA/KAaqH1esIvLmKOmZB31DlE5oKAIPi1JYCsMNuoKyxEI8Av2L+ZY
4AfnDQE6IEh19IAQQTOc+keTSIwtEJqrv50VcR6swuMgco9NC5DaITDfxwnfCiAj
BDvNrN2CPGxQGRRYOUPExfLQ4viq5QTcjnqGTMBLqqQJKyL2dc1bo2Qigmbr32Nu
iJesCHJW/EZAVsjSPm+yBUMLjb9V3FMcyV9l7DoDe0SOvbDQYBH5y/vHhZEhmDp+
Is7xKqjwfXSFqVzVCkWx8d3cbcgt617zozSQQbVV5zVj0N0rt7fOkWKd+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLW05m9cCJCXIzk68VBPfBrek6+vMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvdGJUbWIxd0lrSmNqT1RyeFVFOThHdDZUcjY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvMFMA0G
CSqGSIb3DQEBCwUAA4IBAQCa5QMj8BK0AfctPXr70/0x7823GF6ubWcikRmOP8HC
toaDOyThsfJYtZW5JpdpnFAdCce//AkhYttR56+ZRnbog2IZOLSEcPOti5WDKF3y
bs4eGoLNQWe2pXAzq23xLIJfsf68VPqJNt/Kh1hrbrziVyJVIUByHHQHJPt/P0YO
cdIoV1B0V2v9gxBcX4HzalsLjoSf6vB75pdyuLg1+Cmws3Fh1Ph/lQm/RdgQ5dJr
rxU5AHBAEXnxU6tl7lYlfcDQpDLL5uUrmm+h8cgiGevY/Wpy98ktp66aYYWd4nBk
DBX9GI4IKyTriDeSJh6bIIqRfFBrh+31WJwgcAR2GJwa
-----END CERTIFICATE-----