Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/OuTJvGgTKVnEZq7gCAEHXIiEW0A.roa
File:                     OuTJvGgTKVnEZq7gCAEHXIiEW0A.roa (raw, json)
Hash identifier:          YXkZ09I/fBc9Mmxb3/951nvIEdnGhT1gbWVM1wiVQc8=
Subject key identifier:   3A:E4:C9:BC:68:13:29:59:C4:66:AE:E0:08:01:07:5C:88:84:5B:40
Certificate issuer:       /CN=e875464e89816ef00b0369502018a7e59ce2d36c
Certificate serial:       019421B1D70BFEF4FAA0A9A926EF8484E549
Authority key identifier: E8:75:46:4E:89:81:6E:F0:0B:03:69:50:20:18:A7:E5:9C:E2:D3:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6HVGTomBbvALA2lQIBin5Zzi02w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/OuTJvGgTKVnEZq7gCAEHXIiEW0A.roa
Signing time:             Wed 01 Jan 2025 11:48:10 +0000
ROA not before:           Wed 01 Jan 2025 11:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50820
IP address blocks:        46.46.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/6HVGTomBbvALA2lQIBin5Zzi02w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/6HVGTomBbvALA2lQIBin5Zzi02w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6HVGTomBbvALA2lQIBin5Zzi02w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 14:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d7:0b:fe:f4:fa:a0:a9:a9:26:ef:84:84:e5:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e875464e89816ef00b0369502018a7e59ce2d36c
        Validity
            Not Before: Jan  1 11:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ae4c9bc68132959c466aee00801075c88845b40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:94:35:e3:42:73:88:02:6f:0c:e7:66:ca:6b:
                    b8:01:27:db:d5:4c:ac:3a:03:1c:70:e0:05:e6:2b:
                    b1:e7:3a:14:3f:51:3c:04:fe:1b:83:71:e7:82:23:
                    f9:cf:6f:00:bc:8e:23:16:13:8b:b9:bc:f1:dc:b0:
                    b2:57:3f:4f:26:f7:b6:c2:fa:54:68:dd:fd:8a:28:
                    fb:db:e0:d6:42:31:19:f1:2e:d9:c7:14:a7:81:6e:
                    17:6b:01:b5:62:33:d8:62:61:d7:4f:23:47:f0:99:
                    6c:7b:f0:84:f2:7e:8f:a3:84:5b:d3:93:46:1e:55:
                    ac:ae:da:7e:eb:12:a6:f8:d2:b8:00:42:bc:77:db:
                    20:54:55:a4:10:52:dc:fa:6e:55:1f:02:c0:26:22:
                    92:7b:4c:3c:f7:71:d1:ae:a0:69:61:e6:52:a0:6b:
                    5c:c8:64:67:fc:56:9e:42:60:2f:ae:1c:3d:a6:c1:
                    30:3d:7d:8b:39:25:df:b6:27:72:78:25:b1:ef:a5:
                    ae:69:6d:c5:69:52:10:dc:3d:43:40:73:8d:54:c2:
                    d5:20:ea:4b:ee:4a:9e:92:db:1d:11:f1:4e:61:a2:
                    c3:c6:87:dd:64:6d:d9:a7:b0:6f:c9:2c:f7:8a:a5:
                    b9:8c:7d:a6:4b:ce:85:fc:00:5b:e5:7b:bc:6c:ca:
                    94:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:E4:C9:BC:68:13:29:59:C4:66:AE:E0:08:01:07:5C:88:84:5B:40
            X509v3 Authority Key Identifier:
                keyid:E8:75:46:4E:89:81:6E:F0:0B:03:69:50:20:18:A7:E5:9C:E2:D3:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6HVGTomBbvALA2lQIBin5Zzi02w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/OuTJvGgTKVnEZq7gCAEHXIiEW0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/6HVGTomBbvALA2lQIBin5Zzi02w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.46.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         60:4f:e9:52:6d:3b:4f:42:02:13:82:67:a4:17:ad:d1:a6:a0:
         da:96:89:be:4f:57:36:fa:c1:fa:8a:1a:4b:64:dc:55:fc:f1:
         cb:a8:ab:b1:41:0f:f4:15:c2:45:ec:77:cb:d7:41:f3:dc:2c:
         76:aa:c2:e4:29:dc:99:db:60:20:56:83:19:d0:fa:46:0c:84:
         8b:d0:29:2a:12:d3:b1:5d:e3:a6:56:f3:c0:8d:99:4a:a7:85:
         1d:9a:41:9e:a0:30:ae:19:c4:ee:93:53:16:3e:7a:4b:79:ce:
         52:8b:9c:e2:27:70:0e:db:a1:84:f2:e8:5c:65:38:85:c4:a3:
         54:91:de:be:b6:fc:b7:af:f2:5f:94:78:08:6d:cb:71:c1:1f:
         d9:bf:3f:00:d4:43:7d:0e:ed:9d:96:69:02:aa:64:15:aa:ae:
         0a:9a:41:c9:1e:92:61:76:77:92:77:e2:31:96:da:0e:9d:46:
         9a:de:c6:75:04:fd:ea:7b:b8:76:34:f3:f7:ea:c4:45:23:67:
         8f:c4:f0:0a:33:76:46:2f:de:57:7f:59:33:15:19:e9:81:d4:
         f3:6f:0e:d4:b0:c6:43:2d:e1:b0:ce:c8:a3:2a:27:41:a7:1d:
         ea:14:aa:06:9d:a9:94:70:b6:c0:67:af:a3:2b:da:d8:0f:7e:
         86:54:82:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdcL/vT6oKmpJu+EhOVJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NzU0NjRlODk4MTZlZjAwYjAzNjk1MDIwMThhN2U1OWNl
MmQzNmMwHhcNMjUwMTAxMTE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWU0YzliYzY4MTMyOTU5YzQ2NmFlZTAwODAxMDc1Yzg4ODQ1YjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJQ140JziAJvDOdmymu4ASfb1Uys
OgMccOAF5iux5zoUP1E8BP4bg3HngiP5z28AvI4jFhOLubzx3LCyVz9PJve2wvpU
aN39iij72+DWQjEZ8S7ZxxSngW4XawG1YjPYYmHXTyNH8Jlse/CE8n6Po4Rb05NG
HlWsrtp+6xKm+NK4AEK8d9sgVFWkEFLc+m5VHwLAJiKSe0w893HRrqBpYeZSoGtc
yGRn/FaeQmAvrhw9psEwPX2LOSXftidyeCWx76WuaW3FaVIQ3D1DQHONVMLVIOpL
7kqektsdEfFOYaLDxofdZG3Zp7BvySz3iqW5jH2mS86F/ABb5Xu8bMqUnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDrkybxoEylZxGau4AgBB1yIhFtAMB8GA1UdIwQY
MBaAFOh1Rk6JgW7wCwNpUCAYp+Wc4tNsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkhWR1RvbUJidkFMQTJsUUlCaW41WnppMDJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9jMzA2OWUtNWZmYy00YzhjLTkxZGMt
MzFkMTk3ZjEzOWQ4LzEvT3VUSnZHZ1RLVm5FWnE3Z0NBRUhYSWlFVzBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9jMzA2OWUtNWZmYy00YzhjLTkxZGMtMzFkMTk3ZjEzOWQ4
LzEvNkhWR1RvbUJidkFMQTJsUUlCaW41WnppMDJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALi6/MA0G
CSqGSIb3DQEBCwUAA4IBAQBgT+lSbTtPQgITgmekF63RpqDalom+T1c2+sH6ihpL
ZNxV/PHLqKuxQQ/0FcJF7HfL10Hz3Cx2qsLkKdyZ22AgVoMZ0PpGDISL0CkqEtOx
XeOmVvPAjZlKp4UdmkGeoDCuGcTuk1MWPnpLec5Si5ziJ3AO26GE8uhcZTiFxKNU
kd6+tvy3r/JflHgIbctxwR/Zvz8A1EN9Du2dlmkCqmQVqq4KmkHJHpJhdneSd+Ix
ltoOnUaa3sZ1BP3qe7h2NPP36sRFI2ePxPAKM3ZGL95Xf1kzFRnpgdTzbw7UsMZD
LeGwzsijKidBpx3qFKoGnamUcLbAZ6+jK9rYD36GVIKS
-----END CERTIFICATE-----