Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/zEb6SCNh9IA2ZcmgZWwsmTznbFk.roa
File:                     zEb6SCNh9IA2ZcmgZWwsmTznbFk.roa (raw, json)
Hash identifier:          tgHdlVCEN4GvD5zc3JRTYHWhACpqWoQ7O4VCFRbyik4=
Subject key identifier:   CC:46:FA:48:23:61:F4:80:36:65:C9:A0:65:6C:2C:99:3C:E7:6C:59
Certificate issuer:       /CN=08af091858bb99651764399c6565df7a0834dbad
Certificate serial:       0194282566FD0B142B6DFD029B8D33A452B3
Authority key identifier: 08:AF:09:18:58:BB:99:65:17:64:39:9C:65:65:DF:7A:08:34:DB:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CK8JGFi7mWUXZDmcZWXfegg0260.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/zEb6SCNh9IA2ZcmgZWwsmTznbFk.roa
Signing time:             Thu 02 Jan 2025 17:52:07 +0000
ROA not before:           Thu 02 Jan 2025 17:52:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49559
IP address blocks:        193.57.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/CK8JGFi7mWUXZDmcZWXfegg0260.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/CK8JGFi7mWUXZDmcZWXfegg0260.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CK8JGFi7mWUXZDmcZWXfegg0260.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:66:fd:0b:14:2b:6d:fd:02:9b:8d:33:a4:52:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=08af091858bb99651764399c6565df7a0834dbad
        Validity
            Not Before: Jan  2 17:52:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc46fa482361f4803665c9a0656c2c993ce76c59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:0b:2d:34:28:3c:42:55:99:bd:5b:22:2c:3a:
                    d0:d4:86:0d:1c:ef:7d:51:4f:fa:45:b6:9d:c1:3a:
                    e1:05:82:3f:6a:3d:05:fb:a8:20:11:d4:16:2b:42:
                    fc:ce:76:d7:b3:8b:c8:84:e7:42:7e:70:0e:17:76:
                    b8:d5:92:a1:29:21:3b:30:85:82:d9:51:67:f5:a3:
                    79:73:01:5b:01:ad:0c:63:d8:37:81:07:4c:9e:40:
                    bb:bc:19:1f:7b:af:6f:7b:01:9d:3a:b9:db:c0:dd:
                    d9:60:b7:36:5a:f6:72:84:79:7e:ac:f6:c8:59:35:
                    d4:e0:48:01:c9:33:1c:28:54:6f:aa:a0:6c:5c:ed:
                    bc:44:74:9a:56:9e:97:b4:7e:d6:dd:82:df:83:07:
                    91:f5:b7:9e:34:28:67:fb:f3:78:4e:db:fb:89:4a:
                    b8:b9:26:43:f1:32:64:a9:41:76:c5:89:cb:43:28:
                    2a:02:a4:b0:24:53:e2:cf:5f:24:67:71:49:af:3a:
                    7c:52:f9:1d:dc:ab:e8:6d:22:4d:91:7d:35:68:72:
                    2f:7d:45:c6:c9:ac:69:3e:aa:bd:93:f4:0d:38:7a:
                    5d:76:11:84:07:2b:8b:53:1e:65:95:74:c8:9c:47:
                    64:b8:2e:eb:ca:70:d3:e9:98:97:37:4b:98:39:78:
                    76:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:46:FA:48:23:61:F4:80:36:65:C9:A0:65:6C:2C:99:3C:E7:6C:59
            X509v3 Authority Key Identifier:
                keyid:08:AF:09:18:58:BB:99:65:17:64:39:9C:65:65:DF:7A:08:34:DB:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CK8JGFi7mWUXZDmcZWXfegg0260.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/zEb6SCNh9IA2ZcmgZWwsmTznbFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/700fd3-c360-48ab-8a06-56129b7dc018/1/CK8JGFi7mWUXZDmcZWXfegg0260.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.57.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:ba:6b:3c:7c:3c:61:ca:d2:bd:35:fc:86:bb:d3:d0:f2:29:
         39:e5:34:e3:d5:4c:06:cb:9d:44:d7:df:65:29:64:cb:25:ad:
         52:7d:85:ad:de:a2:4c:99:0c:6b:b2:ec:ef:40:b0:d4:ca:00:
         07:11:c8:c5:93:98:80:19:36:98:67:8b:57:52:6a:eb:5b:d7:
         47:4c:09:ff:4d:61:2e:a9:b9:be:df:b8:69:b6:f4:29:8e:80:
         bc:b0:e1:51:b4:80:a2:7c:25:b1:a3:10:1c:71:3a:f7:bc:86:
         e3:c8:43:71:7e:b9:8a:58:dc:d1:d6:81:ab:a1:0e:86:f1:d6:
         82:3e:3b:55:3b:af:05:2f:33:cf:3a:5f:4a:3b:7b:e1:bb:a9:
         65:fe:5f:1e:e5:46:c7:c8:1f:af:96:f6:5c:66:8b:6a:a8:33:
         bc:b7:8a:0e:a2:31:18:0b:40:55:82:e9:ea:db:ad:b1:25:31:
         96:9f:69:86:5c:aa:0a:ad:27:b6:cf:f7:90:33:38:cd:4f:b4:
         78:a0:82:1b:da:96:39:73:7f:fa:db:a7:78:0f:5d:3a:6e:2c:
         fe:8b:1d:ca:89:05:f8:30:30:4a:74:ba:58:4c:9d:20:47:d7:
         9b:fe:59:d2:d2:1e:10:55:34:b9:a5:1d:89:6e:7e:2d:1b:92:
         46:1e:18:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJWb9CxQrbf0Cm40zpFKzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4YWYwOTE4NThiYjk5NjUxNzY0Mzk5YzY1NjVkZjdhMDgz
NGRiYWQwHhcNMjUwMTAyMTc1MjA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzQ2ZmE0ODIzNjFmNDgwMzY2NWM5YTA2NTZjMmM5OTNjZTc2YzU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwstNCg8QlWZvVsiLDrQ1IYNHO99
UU/6RbadwTrhBYI/aj0F+6ggEdQWK0L8znbXs4vIhOdCfnAOF3a41ZKhKSE7MIWC
2VFn9aN5cwFbAa0MY9g3gQdMnkC7vBkfe69vewGdOrnbwN3ZYLc2WvZyhHl+rPbI
WTXU4EgByTMcKFRvqqBsXO28RHSaVp6XtH7W3YLfgweR9beeNChn+/N4Ttv7iUq4
uSZD8TJkqUF2xYnLQygqAqSwJFPiz18kZ3FJrzp8Uvkd3KvobSJNkX01aHIvfUXG
yaxpPqq9k/QNOHpddhGEByuLUx5llXTInEdkuC7rynDT6ZiXN0uYOXh21wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMxG+kgjYfSANmXJoGVsLJk852xZMB8GA1UdIwQY
MBaAFAivCRhYu5llF2Q5nGVl33oINNutMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0s4SkdGaTdtV1VYWkRtY1pXWGZlZ2cwMjYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS83MDBmZDMtYzM2MC00OGFiLThhMDYt
NTYxMjliN2RjMDE4LzEvekViNlNDTmg5SUEyWmNtZ1pXd3NtVHpuYkZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS83MDBmZDMtYzM2MC00OGFiLThhMDYtNTYxMjliN2RjMDE4
LzEvQ0s4SkdGaTdtV1VYWkRtY1pXWGZlZ2cwMjYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTkuMA0G
CSqGSIb3DQEBCwUAA4IBAQA9ums8fDxhytK9NfyGu9PQ8ik55TTj1UwGy51E199l
KWTLJa1SfYWt3qJMmQxrsuzvQLDUygAHEcjFk5iAGTaYZ4tXUmrrW9dHTAn/TWEu
qbm+37hptvQpjoC8sOFRtICifCWxoxAccTr3vIbjyENxfrmKWNzR1oGroQ6G8daC
PjtVO68FLzPPOl9KO3vhu6ll/l8e5UbHyB+vlvZcZotqqDO8t4oOojEYC0BVgunq
262xJTGWn2mGXKoKrSe2z/eQMzjNT7R4oIIb2pY5c3/626d4D106biz+ix3KiQX4
MDBKdLpYTJ0gR9eb/lnS0h4QVTS5pR2Jbn4tG5JGHhis
-----END CERTIFICATE-----