Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/Ye2lhVqLlVViESIa1X_75ZD_K3Y.roa
File:                     Ye2lhVqLlVViESIa1X_75ZD_K3Y.roa (raw, json)
Hash identifier:          GkZd+LIfPke0Hk41OCtwwY1KwALgbjtXK8ppjf/on0I=
Subject key identifier:   61:ED:A5:85:5A:8B:95:55:62:11:22:1A:D5:7F:FB:E5:90:FF:2B:76
Certificate issuer:       /CN=ff8dd5fe4179e8bda28532561919f6d07877c63d
Certificate serial:       019424B305CE3DEF101AC9D03789E8027420
Authority key identifier: FF:8D:D5:FE:41:79:E8:BD:A2:85:32:56:19:19:F6:D0:78:77:C6:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_43V_kF56L2ihTJWGRn20Hh3xj0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/Ye2lhVqLlVViESIa1X_75ZD_K3Y.roa
Signing time:             Thu 02 Jan 2025 01:48:19 +0000
ROA not before:           Thu 02 Jan 2025 01:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        46.149.128.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/_43V_kF56L2ihTJWGRn20Hh3xj0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/_43V_kF56L2ihTJWGRn20Hh3xj0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_43V_kF56L2ihTJWGRn20Hh3xj0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Apr 2025 13:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:05:ce:3d:ef:10:1a:c9:d0:37:89:e8:02:74:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff8dd5fe4179e8bda28532561919f6d07877c63d
        Validity
            Not Before: Jan  2 01:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61eda5855a8b95556211221ad57ffbe590ff2b76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a6:71:e9:e7:50:49:fe:b6:f6:36:9e:b2:d8:
                    2a:10:f1:a9:76:fc:f9:3a:9c:48:83:85:a9:30:d5:
                    15:ef:14:37:88:6b:92:4e:2e:86:00:6c:b9:37:7a:
                    1c:39:18:6a:07:97:c0:71:71:e6:0c:09:89:e0:24:
                    3b:6d:31:cb:23:15:b1:72:a2:b7:54:2b:85:29:ec:
                    cd:2d:52:b3:0c:a6:59:59:f9:fd:14:7f:ec:e8:51:
                    9e:cb:1f:74:1f:3f:10:c4:37:94:44:73:84:5b:ca:
                    9f:ed:a6:9d:36:e9:e6:64:04:31:d3:35:2a:1d:45:
                    ae:94:60:28:63:17:64:7f:99:0e:09:43:00:de:85:
                    d6:12:c7:98:6b:8c:02:0b:8a:d9:a9:47:22:de:ab:
                    5d:44:2c:0a:e9:a1:28:5a:5b:f4:80:13:bd:5a:89:
                    e2:05:af:37:c9:c1:9c:a2:64:75:f2:c8:46:11:af:
                    b4:fb:78:3a:f9:7c:e4:0a:1e:cb:60:97:cd:00:92:
                    e8:37:76:73:56:d2:ca:22:9c:74:df:26:89:c6:c9:
                    00:73:00:48:d7:82:a7:cd:e5:46:25:83:dc:d9:c9:
                    b9:02:ea:3d:54:0c:3e:ec:73:7f:20:fd:13:19:0b:
                    47:04:36:7e:17:0c:46:f6:79:ba:e0:50:73:0b:dc:
                    77:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:ED:A5:85:5A:8B:95:55:62:11:22:1A:D5:7F:FB:E5:90:FF:2B:76
            X509v3 Authority Key Identifier:
                keyid:FF:8D:D5:FE:41:79:E8:BD:A2:85:32:56:19:19:F6:D0:78:77:C6:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_43V_kF56L2ihTJWGRn20Hh3xj0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/Ye2lhVqLlVViESIa1X_75ZD_K3Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/4b2f88-3e20-4afa-b754-06a404435e50/1/_43V_kF56L2ihTJWGRn20Hh3xj0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.149.128.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3a:23:61:1e:19:a5:64:98:f9:20:9e:eb:e7:f1:00:10:6e:0c:
         97:fc:f0:16:16:b5:2f:3d:c1:cf:2f:2d:3e:00:a1:fb:ca:45:
         30:4f:16:40:ae:95:d2:79:38:73:5f:2f:14:f4:d0:e4:cf:e4:
         01:43:7f:ec:7a:c4:49:7b:85:92:95:dd:c4:3b:c9:d1:4c:fc:
         9b:f1:0c:bd:38:af:f2:d4:0e:52:74:d2:18:c8:c2:75:c8:d9:
         72:1e:32:b1:d1:87:3f:79:25:33:bd:98:25:2d:0b:9d:be:f0:
         11:e6:ce:9c:cc:e5:2d:bd:f3:98:ee:a7:61:be:81:42:96:87:
         b3:1f:5d:ab:3f:82:78:95:9b:b3:c0:1d:52:03:5f:8b:79:57:
         68:72:f1:2b:bb:13:02:25:60:54:d4:85:08:67:70:a3:bf:b4:
         91:63:42:5c:c2:42:0d:0d:ce:97:50:46:73:4c:98:d6:bb:f7:
         42:81:29:ec:e9:ee:71:2d:11:37:5a:12:55:a8:fb:17:29:df:
         ce:1d:8f:29:da:da:21:2c:d0:9d:55:0e:d7:7d:c4:99:bd:42:
         9b:71:35:08:e0:2a:c9:58:5c:05:59:3e:92:f1:57:38:ae:32:
         f9:3a:fb:b8:7a:af:f9:a3:0e:8e:4e:dd:3f:30:ca:8c:57:31:
         68:9a:69:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkswXOPe8QGsnQN4noAnQgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmOGRkNWZlNDE3OWU4YmRhMjg1MzI1NjE5MTlmNmQwNzg3
N2M2M2QwHhcNMjUwMTAyMDE0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWVkYTU4NTVhOGI5NTU1NjIxMTIyMWFkNTdmZmJlNTkwZmYyYjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKZx6edQSf629jaestgqEPGpdvz5
OpxIg4WpMNUV7xQ3iGuSTi6GAGy5N3ocORhqB5fAcXHmDAmJ4CQ7bTHLIxWxcqK3
VCuFKezNLVKzDKZZWfn9FH/s6FGeyx90Hz8QxDeURHOEW8qf7aadNunmZAQx0zUq
HUWulGAoYxdkf5kOCUMA3oXWEseYa4wCC4rZqUci3qtdRCwK6aEoWlv0gBO9Woni
Ba83ycGcomR18shGEa+0+3g6+XzkCh7LYJfNAJLoN3ZzVtLKIpx03yaJxskAcwBI
14KnzeVGJYPc2cm5Auo9VAw+7HN/IP0TGQtHBDZ+FwxG9nm64FBzC9x3iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGHtpYVai5VVYhEiGtV/++WQ/yt2MB8GA1UdIwQY
MBaAFP+N1f5Beei9ooUyVhkZ9tB4d8Y9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzQzVl9rRjU2TDJpaFRKV0dSbjIwSGgzeGowLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS80YjJmODgtM2UyMC00YWZhLWI3NTQt
MDZhNDA0NDM1ZTUwLzEvWWUybGhWcUxsVlZpRVNJYTFYXzc1WkRfSzNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS80YjJmODgtM2UyMC00YWZhLWI3NTQtMDZhNDA0NDM1ZTUw
LzEvXzQzVl9rRjU2TDJpaFRKV0dSbjIwSGgzeGowLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQELpWAMA0G
CSqGSIb3DQEBCwUAA4IBAQA6I2EeGaVkmPkgnuvn8QAQbgyX/PAWFrUvPcHPLy0+
AKH7ykUwTxZArpXSeThzXy8U9NDkz+QBQ3/sesRJe4WSld3EO8nRTPyb8Qy9OK/y
1A5SdNIYyMJ1yNlyHjKx0Yc/eSUzvZglLQudvvAR5s6czOUtvfOY7qdhvoFCloez
H12rP4J4lZuzwB1SA1+LeVdocvEruxMCJWBU1IUIZ3Cjv7SRY0JcwkINDc6XUEZz
TJjWu/dCgSns6e5xLRE3WhJVqPsXKd/OHY8p2tohLNCdVQ7XfcSZvUKbcTUI4CrJ
WFwFWT6S8Vc4rjL5Ovu4eq/5ow6OTt0/MMqMVzFommko
-----END CERTIFICATE-----