Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/7434e1-7413-4f6a-a29c-cdc81db77531/1/RB7HUixrp2_fRnv8EOUDAJuY_s8.roa
File:                     RB7HUixrp2_fRnv8EOUDAJuY_s8.roa (raw, json)
Hash identifier:          8tnZtAu3C6mP5DEQfehN4BPaOTowIhr+JO1L2V82k9E=
Subject key identifier:   44:1E:C7:52:2C:6B:A7:6F:DF:46:7B:FC:10:E5:03:00:9B:98:FE:CF
Certificate issuer:       /CN=b48bd8ec4e301c9e7b0a43bef0f3ddd3a453155a
Certificate serial:       0194244526C6D1CF781BEEDE994AD0A6E5A3
Authority key identifier: B4:8B:D8:EC:4E:30:1C:9E:7B:0A:43:BE:F0:F3:DD:D3:A4:53:15:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tIvY7E4wHJ57CkO-8PPd06RTFVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/7434e1-7413-4f6a-a29c-cdc81db77531/1/RB7HUixrp2_fRnv8EOUDAJuY_s8.roa
Signing time:             Wed 01 Jan 2025 23:48:19 +0000
ROA not before:           Wed 01 Jan 2025 23:48:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213913
IP address blocks:        46.102.234.0/24 maxlen: 24
                          2a0c:2780::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/7434e1-7413-4f6a-a29c-cdc81db77531/1/tIvY7E4wHJ57CkO-8PPd06RTFVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/7434e1-7413-4f6a-a29c-cdc81db77531/1/tIvY7E4wHJ57CkO-8PPd06RTFVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tIvY7E4wHJ57CkO-8PPd06RTFVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:26:c6:d1:cf:78:1b:ee:de:99:4a:d0:a6:e5:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b48bd8ec4e301c9e7b0a43bef0f3ddd3a453155a
        Validity
            Not Before: Jan  1 23:48:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=441ec7522c6ba76fdf467bfc10e503009b98fecf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f0:6a:df:be:94:35:73:cc:5e:fd:b8:8f:bf:
                    6c:74:5c:72:99:8f:10:b6:20:65:59:fc:94:a5:92:
                    d0:4e:f5:99:cf:8f:7e:36:60:5d:75:30:13:71:87:
                    7c:cb:9a:13:1e:8c:a2:53:e2:25:d4:ee:25:e6:55:
                    bb:b2:8e:07:18:09:c0:63:57:f7:c3:e1:01:64:08:
                    ea:d6:68:a6:9c:09:a5:81:21:34:80:f6:48:f3:7b:
                    5f:b9:4b:0d:dc:53:ae:76:ab:5d:32:d3:fb:73:32:
                    60:8f:b3:b3:7d:fc:c8:18:a6:69:f5:98:df:3b:97:
                    4f:a9:a3:f7:94:26:2f:48:ff:76:02:b7:50:cd:18:
                    01:4d:ff:cd:ce:ae:d6:c4:b2:ba:f3:8c:fa:25:75:
                    04:4d:a4:26:a2:04:8e:40:9f:2b:18:2b:b7:53:4d:
                    54:3b:3d:57:05:59:3d:0e:c4:1b:14:a6:1c:11:ed:
                    ab:6c:57:ee:76:bc:b5:12:ac:3d:2d:3e:fc:84:94:
                    f4:ec:fb:29:bd:19:42:0a:59:f3:4d:f5:59:a5:52:
                    fa:a3:0c:d1:5d:e8:47:c3:6d:2b:c3:b7:fe:07:0f:
                    11:ce:db:1a:6f:c8:7b:48:97:34:e2:1b:46:10:3b:
                    d6:28:07:c1:af:f2:3a:13:65:77:46:13:a9:28:7d:
                    77:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:1E:C7:52:2C:6B:A7:6F:DF:46:7B:FC:10:E5:03:00:9B:98:FE:CF
            X509v3 Authority Key Identifier:
                keyid:B4:8B:D8:EC:4E:30:1C:9E:7B:0A:43:BE:F0:F3:DD:D3:A4:53:15:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tIvY7E4wHJ57CkO-8PPd06RTFVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/7434e1-7413-4f6a-a29c-cdc81db77531/1/RB7HUixrp2_fRnv8EOUDAJuY_s8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/7434e1-7413-4f6a-a29c-cdc81db77531/1/tIvY7E4wHJ57CkO-8PPd06RTFVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.234.0/24
                IPv6:
                  2a0c:2780::/32

    Signature Algorithm: sha256WithRSAEncryption
         47:ea:e8:2c:87:7f:59:12:f7:34:10:28:a6:6f:33:3f:30:1f:
         20:63:b0:a7:4d:0c:cc:1b:b8:6f:2a:b5:12:eb:a2:af:e4:28:
         57:c8:15:1e:18:96:20:8d:62:43:38:8e:a6:c5:90:87:ab:ce:
         4e:63:5b:bd:25:8d:61:b0:1d:46:cc:bc:9b:ac:e5:64:41:4e:
         77:9e:41:d7:ce:d8:9e:ca:0f:4f:73:7d:d9:36:07:cd:ac:17:
         fc:10:9c:cd:67:94:69:dc:5f:ab:b5:3b:36:5f:67:72:c1:8a:
         25:c5:fb:5a:0c:0e:50:bf:92:63:c9:e7:23:ac:e1:9c:00:0e:
         89:91:1a:eb:ef:1e:17:87:56:b3:6f:d1:12:6c:4d:df:ed:2c:
         d4:1a:ae:58:89:14:31:b9:d3:b9:37:51:c7:a9:11:4a:fb:bb:
         35:66:65:ed:ad:0d:c3:36:72:06:fb:13:75:47:16:a1:5d:62:
         0e:f4:ab:b9:2a:b4:08:d8:cd:79:ef:db:82:ed:e3:69:55:b6:
         e7:e0:4c:6f:83:bc:d7:4a:3e:45:98:1c:6b:e2:3b:93:be:56:
         bc:13:d3:33:68:68:65:f5:2f:8f:44:55:2c:9d:4e:52:73:e2:
         2c:dc:36:45:2c:3d:9e:44:b9:16:33:aa:a6:a7:c7:4a:c3:82:
         1d:b6:84:54
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRSbG0c94G+7emUrQpuWjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0OGJkOGVjNGUzMDFjOWU3YjBhNDNiZWYwZjNkZGQzYTQ1
MzE1NWEwHhcNMjUwMTAxMjM0ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDFlYzc1MjJjNmJhNzZmZGY0NjdiZmMxMGU1MDMwMDliOThmZWNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPBq376UNXPMXv24j79sdFxymY8Q
tiBlWfyUpZLQTvWZz49+NmBddTATcYd8y5oTHoyiU+Il1O4l5lW7so4HGAnAY1f3
w+EBZAjq1mimnAmlgSE0gPZI83tfuUsN3FOudqtdMtP7czJgj7OzffzIGKZp9Zjf
O5dPqaP3lCYvSP92ArdQzRgBTf/Nzq7WxLK684z6JXUETaQmogSOQJ8rGCu3U01U
Oz1XBVk9DsQbFKYcEe2rbFfudry1Eqw9LT78hJT07PspvRlCClnzTfVZpVL6owzR
XehHw20rw7f+Bw8Rztsab8h7SJc04htGEDvWKAfBr/I6E2V3RhOpKH13kwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEQex1Isa6dv30Z7/BDlAwCbmP7PMB8GA1UdIwQY
MBaAFLSL2OxOMByeewpDvvDz3dOkUxVaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEl2WTdFNHdISjU3Q2tPLThQUGQwNlJURlZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC83NDM0ZTEtNzQxMy00ZjZhLWEyOWMt
Y2RjODFkYjc3NTMxLzEvUkI3SFVpeHJwMl9mUm52OEVPVURBSnVZX3M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC83NDM0ZTEtNzQxMy00ZjZhLWEyOWMtY2RjODFkYjc3NTMx
LzEvdEl2WTdFNHdISjU3Q2tPLThQUGQwNlJURlZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALmbqMA0E
AgACMAcDBQAqDCeAMA0GCSqGSIb3DQEBCwUAA4IBAQBH6ugsh39ZEvc0ECimbzM/
MB8gY7CnTQzMG7hvKrUS66Kv5ChXyBUeGJYgjWJDOI6mxZCHq85OY1u9JY1hsB1G
zLybrOVkQU53nkHXztieyg9Pc33ZNgfNrBf8EJzNZ5Rp3F+rtTs2X2dywYolxfta
DA5Qv5JjyecjrOGcAA6JkRrr7x4Xh1azb9ESbE3f7SzUGq5YiRQxudO5N1HHqRFK
+7s1ZmXtrQ3DNnIG+xN1RxahXWIO9Ku5KrQI2M1579uC7eNpVbbn4Exvg7zXSj5F
mBxr4juTvla8E9MzaGhl9S+PRFUsnU5Sc+Is3DZFLD2eRLkWM6qmp8dKw4IdtoRU
-----END CERTIFICATE-----