Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/suCJ9ht0BT9v5QAQAAHrg4C-FEg.roa
File:                     suCJ9ht0BT9v5QAQAAHrg4C-FEg.roa (raw, json)
Hash identifier:          G20bH4mMJ/POb7cdAdj9vYGARzqqhU3SvN2CgXaGpiw=
Subject key identifier:   B2:E0:89:F6:1B:74:05:3F:6F:E5:00:10:00:01:EB:83:80:BE:14:48
Certificate issuer:       /CN=6ca977f854c63dc9f97a18be7b13002121a5d384
Certificate serial:       019178D641CBCB4705A49BF59EF63326CB73
Authority key identifier: 6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/suCJ9ht0BT9v5QAQAAHrg4C-FEg.roa
Signing time:             Thu 22 Aug 2024 06:46:33 +0000
ROA not before:           Thu 22 Aug 2024 06:46:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     135391
IP address blocks:        46.255.28.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:78:d6:41:cb:cb:47:05:a4:9b:f5:9e:f6:33:26:cb:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ca977f854c63dc9f97a18be7b13002121a5d384
        Validity
            Not Before: Aug 22 06:46:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b2e089f61b74053f6fe500100001eb8380be1448
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:6c:a7:3c:f2:d3:c1:79:52:f1:ef:59:39:8f:
                    1a:ee:58:b8:1b:a2:31:4a:4e:9f:09:8a:cc:a8:97:
                    f8:97:35:aa:fa:88:3e:1b:dd:fe:92:75:77:2b:6f:
                    21:54:05:5f:23:6d:20:c4:ea:08:fc:de:68:f4:18:
                    2d:14:95:1a:fb:9b:b2:5f:20:16:af:95:74:73:7d:
                    85:4d:ac:f6:06:bc:b8:34:13:0b:be:ae:87:07:b6:
                    ea:78:ee:4b:cd:82:a9:f2:62:bd:54:8f:f2:25:59:
                    0b:56:f5:04:99:1f:4c:63:47:d5:45:b5:c0:24:f2:
                    a4:bd:96:13:63:c7:bb:e5:2e:39:e7:72:37:18:eb:
                    f8:2f:22:73:cd:66:54:93:79:02:96:10:62:c8:4e:
                    d2:e9:97:20:35:3a:52:e4:2a:01:c6:40:0d:62:e6:
                    6c:ba:87:aa:1f:a8:bf:9b:ad:be:cc:11:78:a4:cd:
                    92:18:d8:03:ab:e4:1b:e3:89:84:5f:b3:a1:e0:54:
                    32:b3:9e:41:09:1f:43:36:1c:06:20:ac:4a:b4:0b:
                    be:a1:e8:e9:90:fe:b0:a1:9b:5d:cb:7d:c6:ca:72:
                    de:57:fd:17:88:76:4b:bf:10:a1:86:89:6c:9f:4e:
                    13:de:69:1f:e6:65:fd:f5:b0:47:57:04:9e:c6:06:
                    7d:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:E0:89:F6:1B:74:05:3F:6F:E5:00:10:00:01:EB:83:80:BE:14:48
            X509v3 Authority Key Identifier:
                keyid:6C:A9:77:F8:54:C6:3D:C9:F9:7A:18:BE:7B:13:00:21:21:A5:D3:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bKl3-FTGPcn5ehi-exMAISGl04Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/suCJ9ht0BT9v5QAQAAHrg4C-FEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/09ccb4-2483-4ba7-9634-d6a5950cadf2/1/bKl3-FTGPcn5ehi-exMAISGl04Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.255.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:0a:57:2f:3f:ed:2b:ff:d2:a2:4d:c4:0f:1a:02:e1:d6:63:
         84:aa:23:4e:12:6f:46:dc:bb:ee:5d:e7:45:2d:af:c5:2c:de:
         30:bb:20:b5:9a:b8:6f:8e:9c:47:0e:b3:9e:f7:83:9e:ba:46:
         cb:b1:45:6c:b7:40:73:eb:8b:96:1d:de:56:fd:39:16:5e:c7:
         dd:eb:09:5e:27:cf:7c:b8:6e:15:2a:89:88:8d:fb:cc:48:8b:
         b8:c4:70:60:ea:5f:ff:66:39:ab:56:d8:e6:62:02:50:66:4b:
         5e:0c:3a:c6:bd:37:6a:3d:14:8b:66:44:a1:b9:40:8c:a4:77:
         a1:8e:ca:5c:c9:3f:27:31:20:e8:75:cb:8b:81:a1:78:61:2d:
         f9:c7:ff:8b:24:bf:82:6b:cb:6a:26:1e:f3:e6:fb:90:b5:c5:
         2c:93:f9:e4:91:3d:02:69:47:a5:f7:15:9c:2f:92:0c:34:d5:
         0f:50:2b:ba:ea:04:b7:0e:1d:c9:16:d6:5d:a9:d3:9e:61:ea:
         dd:16:a7:b1:cc:78:5a:96:84:7c:3c:36:81:47:ae:67:ff:ee:
         cf:55:45:a8:e3:91:ff:9f:51:af:e6:64:50:62:d4:73:24:db:
         31:3a:c1:17:c6:71:82:3b:bd:b8:2f:9e:7b:b0:ce:e7:5f:6e:
         83:04:b6:a8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF41kHLy0cFpJv1nvYzJstzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjYTk3N2Y4NTRjNjNkYzlmOTdhMThiZTdiMTMwMDIxMjFh
NWQzODQwHhcNMjQwODIyMDY0NjMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmUwODlmNjFiNzQwNTNmNmZlNTAwMTAwMDAxZWI4MzgwYmUxNDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGynPPLTwXlS8e9ZOY8a7li4G6Ix
Sk6fCYrMqJf4lzWq+og+G93+knV3K28hVAVfI20gxOoI/N5o9BgtFJUa+5uyXyAW
r5V0c32FTaz2Bry4NBMLvq6HB7bqeO5LzYKp8mK9VI/yJVkLVvUEmR9MY0fVRbXA
JPKkvZYTY8e75S4553I3GOv4LyJzzWZUk3kClhBiyE7S6ZcgNTpS5CoBxkANYuZs
uoeqH6i/m62+zBF4pM2SGNgDq+Qb44mEX7Oh4FQys55BCR9DNhwGIKxKtAu+oejp
kP6woZtdy33GynLeV/0XiHZLvxChholsn04T3mkf5mX99bBHVwSexgZ9wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLLgifYbdAU/b+UAEAAB64OAvhRIMB8GA1UdIwQY
MBaAFGypd/hUxj3J+XoYvnsTACEhpdOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQt
ZDZhNTk1MGNhZGYyLzEvc3VDSjlodDBCVDl2NVFBUUFBSHJnNEMtRkVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8wOWNjYjQtMjQ4My00YmE3LTk2MzQtZDZhNTk1MGNhZGYy
LzEvYktsMy1GVEdQY241ZWhpLWV4TUFJU0dsMDRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALv8cMA0G
CSqGSIb3DQEBCwUAA4IBAQBqClcvP+0r/9KiTcQPGgLh1mOEqiNOEm9G3LvuXedF
La/FLN4wuyC1mrhvjpxHDrOe94OeukbLsUVst0Bz64uWHd5W/TkWXsfd6wleJ898
uG4VKomIjfvMSIu4xHBg6l//ZjmrVtjmYgJQZkteDDrGvTdqPRSLZkShuUCMpHeh
jspcyT8nMSDodcuLgaF4YS35x/+LJL+Ca8tqJh7z5vuQtcUsk/nkkT0CaUel9xWc
L5IMNNUPUCu66gS3Dh3JFtZdqdOeYerdFqexzHhaloR8PDaBR65n/+7PVUWo45H/
n1Gv5mRQYtRzJNsxOsEXxnGCO724L557sM7nX26DBLao
-----END CERTIFICATE-----