Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/JIHSg2rIYtolbr0BfVRa6peC6rI.roa
File:                     JIHSg2rIYtolbr0BfVRa6peC6rI.roa (raw, json)
Hash identifier:          1LDaVwBhY3rwcmuhoyNcE9S+E6qd+Ia97x3mihlzNDs=
Subject key identifier:   24:81:D2:83:6A:C8:62:DA:25:6E:BD:01:7D:54:5A:EA:97:82:EA:B2
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       019425FCA83C47E7AA08037219E90F78A07C
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/JIHSg2rIYtolbr0BfVRa6peC6rI.roa
Signing time:             Thu 02 Jan 2025 07:48:22 +0000
ROA not before:           Thu 02 Jan 2025 07:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25506
IP address blocks:        213.189.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:a8:3c:47:e7:aa:08:03:72:19:e9:0f:78:a0:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 07:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2481d2836ac862da256ebd017d545aea9782eab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a1:86:30:59:f5:29:8d:ea:43:6b:e4:64:41:
                    f6:39:f0:c1:4a:42:a0:c7:0a:27:bd:7a:24:97:64:
                    56:02:9b:0d:b2:80:72:4e:67:ac:19:5d:38:9e:ec:
                    c5:9d:61:76:82:6d:b2:72:ab:d0:23:61:fe:07:09:
                    8b:de:b6:d3:68:bb:ce:90:e2:0d:b1:ad:86:63:61:
                    75:ad:48:80:56:62:3b:3c:10:49:71:18:ac:07:16:
                    73:aa:34:d0:5a:39:e0:01:4a:9b:ed:7e:fc:96:64:
                    7d:1c:84:e5:a1:66:9f:b9:17:51:c7:e5:6f:66:84:
                    77:6c:1a:45:26:47:a2:7c:3c:6a:80:b8:71:84:b8:
                    cc:a1:5f:c9:2a:3d:60:7d:54:a7:ee:e2:1f:9d:27:
                    3b:18:16:5a:6f:d7:3a:7a:50:2d:35:08:00:fe:88:
                    9a:73:3b:8f:1b:a9:54:74:56:87:08:b8:66:10:cb:
                    e9:b7:3c:9d:b6:88:63:54:6a:5b:2c:f1:aa:59:54:
                    99:f9:1b:d6:e3:13:da:6d:5f:1a:f6:47:c0:4a:05:
                    a2:b5:c7:0c:fd:3a:0c:e8:cf:1d:37:65:88:47:c2:
                    35:56:ab:3a:49:cf:72:84:7d:1b:d2:68:53:3b:36:
                    67:f4:4f:fa:2d:8a:28:72:ef:8c:91:05:df:b0:07:
                    b6:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:81:D2:83:6A:C8:62:DA:25:6E:BD:01:7D:54:5A:EA:97:82:EA:B2
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/JIHSg2rIYtolbr0BfVRa6peC6rI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.189.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:55:e1:6f:29:c1:c5:73:87:d2:da:92:22:46:48:93:0e:8e:
         1e:a6:71:96:fc:99:34:c7:90:d4:c1:f3:80:f0:1b:be:98:5e:
         3e:f3:1a:06:02:00:2a:d1:e5:91:e9:0e:b9:85:93:64:d1:cd:
         31:07:15:46:be:c3:96:51:19:8d:ee:b2:48:3d:9b:18:a2:b9:
         c4:2d:19:2b:d4:e9:bd:af:6a:36:9e:bb:35:1e:69:80:42:9a:
         8f:a8:6b:f7:86:a4:b2:9d:94:9c:5c:5d:cd:6b:53:d2:b3:f8:
         a4:ec:8e:65:03:8d:80:e5:69:b2:0b:ac:80:f1:e9:5b:cf:27:
         20:b9:86:8f:3a:18:ab:fd:c8:6e:c6:7a:85:aa:8e:39:9d:e5:
         94:66:49:11:41:26:f8:74:bc:6e:41:a6:eb:fe:ce:ea:e4:8f:
         68:7c:57:3d:9c:72:4c:42:4e:75:57:48:5d:3d:87:12:ca:03:
         21:fc:1b:b7:72:2b:d8:a0:d1:e5:94:9c:e7:87:9f:bb:6e:0d:
         c7:b8:3f:2a:63:5d:b5:0a:53:7c:45:cb:2a:da:51:00:bb:09:
         0c:75:0d:de:ce:da:6d:cf:23:e2:45:17:bb:db:a2:7f:07:d6:
         95:77:4a:8b:f2:7c:53:5e:9f:f5:ca:00:a3:8c:f3:d1:8a:36:
         c6:68:49:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/Kg8R+eqCANyGekPeKB8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjUwMTAyMDc0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDgxZDI4MzZhYzg2MmRhMjU2ZWJkMDE3ZDU0NWFlYTk3ODJlYWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKGGMFn1KY3qQ2vkZEH2OfDBSkKg
xwonvXokl2RWApsNsoByTmesGV04nuzFnWF2gm2ycqvQI2H+BwmL3rbTaLvOkOIN
sa2GY2F1rUiAVmI7PBBJcRisBxZzqjTQWjngAUqb7X78lmR9HITloWafuRdRx+Vv
ZoR3bBpFJkeifDxqgLhxhLjMoV/JKj1gfVSn7uIfnSc7GBZab9c6elAtNQgA/oia
czuPG6lUdFaHCLhmEMvptzydtohjVGpbLPGqWVSZ+RvW4xPabV8a9kfASgWitccM
/ToM6M8dN2WIR8I1Vqs6Sc9yhH0b0mhTOzZn9E/6LYoocu+MkQXfsAe2rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCSB0oNqyGLaJW69AX1UWuqXguqyMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvSklIU2cycklZdG9sYnIwQmZWUmE2cGVDNnJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1b0uMA0G
CSqGSIb3DQEBCwUAA4IBAQC6VeFvKcHFc4fS2pIiRkiTDo4epnGW/Jk0x5DUwfOA
8Bu+mF4+8xoGAgAq0eWR6Q65hZNk0c0xBxVGvsOWURmN7rJIPZsYornELRkr1Om9
r2o2nrs1HmmAQpqPqGv3hqSynZScXF3Na1PSs/ik7I5lA42A5WmyC6yA8elbzycg
uYaPOhir/chuxnqFqo45neWUZkkRQSb4dLxuQabr/s7q5I9ofFc9nHJMQk51V0hd
PYcSygMh/Bu3civYoNHllJznh5+7bg3HuD8qY121ClN8Rcsq2lEAuwkMdQ3eztpt
zyPiRRe726J/B9aVd0qL8nxTXp/1ygCjjPPRijbGaEkB
-----END CERTIFICATE-----