Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/oARV8vMEBk2eP9MSBdQUryS8TUU.roa
File:                     oARV8vMEBk2eP9MSBdQUryS8TUU.roa (raw, json)
Hash identifier:          oYkCFzf3S1gK2HlUyQxVhk5yRs9gxQ88ci+vJztxP+Y=
Subject key identifier:   A0:04:55:F2:F3:04:06:4D:9E:3F:D3:12:05:D4:14:AF:24:BC:4D:45
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       01942748A08C8F2E721A3154D74693EB10A9
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/oARV8vMEBk2eP9MSBdQUryS8TUU.roa
Signing time:             Thu 02 Jan 2025 13:50:58 +0000
ROA not before:           Thu 02 Jan 2025 13:50:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214677
IP address blocks:        46.243.77.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:a0:8c:8f:2e:72:1a:31:54:d7:46:93:eb:10:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a00455f2f304064d9e3fd31205d414af24bc4d45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:ab:07:3a:8f:c1:cf:f7:2c:2c:a9:b7:ce:3b:
                    dc:4d:c6:da:91:3e:90:67:ed:e1:b1:4f:09:82:35:
                    2f:82:dd:3e:fe:b2:53:85:39:1b:0f:37:67:a7:56:
                    4a:37:ea:58:7d:3e:e7:16:ab:df:34:f8:ee:87:d2:
                    ed:71:62:2b:3f:08:15:b2:cf:aa:38:a7:ca:91:2c:
                    9f:23:5a:e0:9d:7a:b1:df:d3:b4:e5:af:de:ea:81:
                    19:98:92:d5:d2:c5:9c:f3:61:2f:5f:b4:e7:b4:ba:
                    9e:9f:8c:e4:0c:d4:7e:84:b4:39:76:70:ad:88:d0:
                    47:41:d5:33:43:b4:fd:39:b2:55:6e:91:eb:9a:40:
                    48:04:83:da:76:72:0a:32:97:1d:ca:fd:ed:7c:5d:
                    1d:f9:c0:bc:b1:76:8f:59:06:32:9d:1f:55:ef:81:
                    22:03:ee:32:b8:9e:53:73:22:1a:56:ba:b0:b5:aa:
                    f2:e7:44:8d:bc:26:4e:6c:e1:67:eb:e1:6e:1a:18:
                    54:80:21:2f:75:64:15:62:22:48:76:d1:07:9f:d4:
                    bb:4a:ef:a0:35:57:77:ce:05:9a:dd:aa:30:4e:69:
                    87:0b:fd:98:cf:38:4a:a9:84:62:f3:4b:f1:d3:91:
                    1f:6c:b4:6c:0f:4f:21:68:08:2f:60:27:5b:22:bb:
                    55:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:04:55:F2:F3:04:06:4D:9E:3F:D3:12:05:D4:14:AF:24:BC:4D:45
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/oARV8vMEBk2eP9MSBdQUryS8TUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:59:bd:01:81:5e:f5:dd:ad:26:7c:3f:91:1c:ff:fd:70:a2:
         14:20:c8:c1:df:47:a0:08:4a:22:59:ac:a3:ad:7d:96:3d:e4:
         71:90:9f:db:5e:21:37:4d:c8:14:af:f2:dd:c5:00:1d:71:8f:
         42:18:56:55:73:ac:8b:f2:49:56:b8:ff:4d:e1:52:1f:d9:bf:
         d3:49:a5:bb:c2:66:ce:d2:50:02:21:b6:e0:17:49:58:c4:4d:
         d5:b9:53:ce:4c:92:98:6f:0c:8b:5b:8c:40:d2:33:b3:b8:49:
         35:28:1c:8e:1d:53:5c:fb:a9:5f:6b:0d:76:a5:f0:d5:9f:46:
         e3:d4:be:3f:af:b6:72:03:2e:a7:c4:10:9a:07:e9:32:6e:4d:
         a9:a9:fb:9d:00:ed:a9:36:6b:26:89:cd:86:b9:9f:6d:3b:0e:
         46:76:4c:21:0b:b1:41:4e:44:d6:30:63:a5:70:a4:76:a7:ba:
         f9:f5:44:ee:75:c3:b2:1b:6b:5b:fe:f2:27:0b:62:4a:21:2f:
         f0:58:5f:5d:db:9a:db:4e:a9:8e:4f:9d:2a:69:c2:58:12:1f:
         80:79:27:42:df:46:a4:2c:20:ce:62:66:69:3d:40:cf:28:b3:
         45:d8:b6:ee:3b:39:b0:ab:71:a0:58:61:bb:35:98:87:c7:b8:
         bc:fe:d2:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSKCMjy5yGjFU10aT6xCpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDA0NTVmMmYzMDQwNjRkOWUzZmQzMTIwNWQ0MTRhZjI0YmM0ZDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0KsHOo/Bz/csLKm3zjvcTcbakT6Q
Z+3hsU8JgjUvgt0+/rJThTkbDzdnp1ZKN+pYfT7nFqvfNPjuh9LtcWIrPwgVss+q
OKfKkSyfI1rgnXqx39O05a/e6oEZmJLV0sWc82EvX7TntLqen4zkDNR+hLQ5dnCt
iNBHQdUzQ7T9ObJVbpHrmkBIBIPadnIKMpcdyv3tfF0d+cC8sXaPWQYynR9V74Ei
A+4yuJ5TcyIaVrqwtary50SNvCZObOFn6+FuGhhUgCEvdWQVYiJIdtEHn9S7Su+g
NVd3zgWa3aowTmmHC/2YzzhKqYRi80vx05EfbLRsD08haAgvYCdbIrtVcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAEVfLzBAZNnj/TEgXUFK8kvE1FMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvb0FSVjh2TUVCazJlUDlNU0JkUVVyeVM4VFVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvNNMA0G
CSqGSIb3DQEBCwUAA4IBAQBdWb0BgV713a0mfD+RHP/9cKIUIMjB30egCEoiWayj
rX2WPeRxkJ/bXiE3TcgUr/LdxQAdcY9CGFZVc6yL8klWuP9N4VIf2b/TSaW7wmbO
0lACIbbgF0lYxE3VuVPOTJKYbwyLW4xA0jOzuEk1KByOHVNc+6lfaw12pfDVn0bj
1L4/r7ZyAy6nxBCaB+kybk2pqfudAO2pNmsmic2GuZ9tOw5GdkwhC7FBTkTWMGOl
cKR2p7r59UTudcOyG2tb/vInC2JKIS/wWF9d25rbTqmOT50qacJYEh+AeSdC30ak
LCDOYmZpPUDPKLNF2LbuOzmwq3GgWGG7NZiHx7i8/tIJ
-----END CERTIFICATE-----