Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/gDy7w-yc0tqWIIuiNhuJDNjbPGQ.roa
File:                     gDy7w-yc0tqWIIuiNhuJDNjbPGQ.roa (raw, json)
Hash identifier:          QJr+DZCw/3ZKEXtsHmlFZtm9vMPRj6q+D0CzRvI5kAU=
Subject key identifier:   80:3C:BB:C3:EC:9C:D2:DA:96:20:8B:A2:36:1B:89:0C:D8:DB:3C:64
Certificate issuer:       /CN=b712c9fecbdebf56f845d607913d1b5571592a2a
Certificate serial:       019298F16E283C15F5EDE585AD09B8CEA819
Authority key identifier: B7:12:C9:FE:CB:DE:BF:56:F8:45:D6:07:91:3D:1B:55:71:59:2A:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/txLJ_svev1b4RdYHkT0bVXFZKio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/gDy7w-yc0tqWIIuiNhuJDNjbPGQ.roa
Signing time:             Thu 17 Oct 2024 05:26:52 +0000
ROA not before:           Thu 17 Oct 2024 05:26:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48678
IP address blocks:        46.36.201.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/txLJ_svev1b4RdYHkT0bVXFZKio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/txLJ_svev1b4RdYHkT0bVXFZKio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/txLJ_svev1b4RdYHkT0bVXFZKio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:98:f1:6e:28:3c:15:f5:ed:e5:85:ad:09:b8:ce:a8:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b712c9fecbdebf56f845d607913d1b5571592a2a
        Validity
            Not Before: Oct 17 05:26:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=803cbbc3ec9cd2da96208ba2361b890cd8db3c64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:86:c8:19:1b:64:93:86:7c:ae:62:6b:4a:6f:
                    80:23:25:dd:39:e9:29:f4:61:e1:11:5c:ab:f5:a8:
                    71:db:2d:85:1a:e4:4d:84:4d:6a:78:4b:1d:61:a7:
                    73:6d:2d:6d:0a:c5:e3:d7:57:67:c2:99:54:8a:b0:
                    0f:42:05:29:21:2a:4a:73:2f:61:39:00:23:aa:0d:
                    3f:61:db:3d:93:93:66:5c:36:a8:2a:7c:46:ff:39:
                    12:d3:9a:bc:39:0b:9e:51:03:b2:c7:07:c2:60:98:
                    65:77:33:db:90:9f:bd:50:f3:e7:74:27:32:62:68:
                    f0:c8:80:c7:b1:16:53:c3:22:52:31:49:f4:7e:1c:
                    61:3f:03:83:20:42:3c:e5:e1:06:dc:4b:1c:a8:47:
                    82:8a:b6:58:54:93:7e:04:0b:a5:45:03:8c:8f:e6:
                    66:10:59:f4:d2:91:22:78:08:c9:9d:f0:12:76:d6:
                    3f:29:db:63:8b:9d:1a:71:51:7b:01:a3:0b:df:71:
                    e6:f6:bb:be:f6:2c:0a:1c:a6:9f:3d:e8:0e:f4:cf:
                    e6:80:74:7d:21:a1:51:9a:f6:47:52:8f:6e:e5:e2:
                    b4:e6:0f:3d:1a:b7:a2:1b:ee:14:5a:e1:a0:ad:94:
                    fd:ff:17:c9:b1:ec:7a:eb:fe:21:f2:55:9e:23:51:
                    2a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:3C:BB:C3:EC:9C:D2:DA:96:20:8B:A2:36:1B:89:0C:D8:DB:3C:64
            X509v3 Authority Key Identifier:
                keyid:B7:12:C9:FE:CB:DE:BF:56:F8:45:D6:07:91:3D:1B:55:71:59:2A:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/txLJ_svev1b4RdYHkT0bVXFZKio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/gDy7w-yc0tqWIIuiNhuJDNjbPGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/txLJ_svev1b4RdYHkT0bVXFZKio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:17:7e:7b:70:4a:ad:d3:62:62:26:44:bb:a9:1a:a3:95:c5:
         7b:d6:d7:6c:44:39:29:29:19:47:17:cd:25:69:f2:a8:0e:3f:
         e8:6c:28:ee:09:8d:dd:b0:76:f5:a2:5e:ae:dd:bc:dc:c8:f1:
         b9:24:54:c9:18:3e:ab:e2:a2:2f:67:0d:17:ad:10:08:b7:61:
         69:24:74:7a:88:ca:dd:06:84:2b:91:24:98:ab:4b:46:45:6d:
         fc:26:b8:e3:e5:f5:0f:6e:5d:4b:1c:a3:0d:09:4d:5e:d4:dc:
         d3:31:48:22:14:48:8f:73:2c:8c:53:30:8a:ef:78:63:30:00:
         44:d9:a4:00:9b:cc:1a:f1:3e:e0:4a:62:5f:c3:b1:a5:85:74:
         2f:af:74:ee:4d:8c:79:76:b8:af:51:0f:9d:ec:1f:3d:8a:d1:
         0e:43:9e:cd:e1:b3:bd:5d:80:a8:5e:02:a3:83:be:ef:ee:44:
         6e:17:88:d8:bc:28:8a:a9:e4:f3:b8:76:23:18:32:32:19:77:
         db:3b:28:6d:a1:59:12:d7:1c:f3:9d:33:c0:d7:e0:81:88:15:
         20:39:ca:f7:3d:b3:19:40:cd:dd:31:d6:7b:fc:98:ed:34:bd:
         ad:31:b6:5c:a0:ee:b3:a2:17:ea:94:9e:02:52:0b:3b:83:0f:
         f9:28:e1:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKY8W4oPBX17eWFrQm4zqgZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MTJjOWZlY2JkZWJmNTZmODQ1ZDYwNzkxM2QxYjU1NzE1
OTJhMmEwHhcNMjQxMDE3MDUyNjUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDNjYmJjM2VjOWNkMmRhOTYyMDhiYTIzNjFiODkwY2Q4ZGIzYzY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4YbIGRtkk4Z8rmJrSm+AIyXdOekp
9GHhEVyr9ahx2y2FGuRNhE1qeEsdYadzbS1tCsXj11dnwplUirAPQgUpISpKcy9h
OQAjqg0/Yds9k5NmXDaoKnxG/zkS05q8OQueUQOyxwfCYJhldzPbkJ+9UPPndCcy
YmjwyIDHsRZTwyJSMUn0fhxhPwODIEI85eEG3EscqEeCirZYVJN+BAulRQOMj+Zm
EFn00pEieAjJnfASdtY/Kdtji50acVF7AaML33Hm9ru+9iwKHKafPegO9M/mgHR9
IaFRmvZHUo9u5eK05g89GreiG+4UWuGgrZT9/xfJsex66/4h8lWeI1EqVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIA8u8PsnNLaliCLojYbiQzY2zxkMB8GA1UdIwQY
MBaAFLcSyf7L3r9W+EXWB5E9G1VxWSoqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHhMSl9zdmV2MWI0UmRZSGtUMGJWWEZaS2lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mMmVkZDEtZmUyNS00NDMyLWI3YTQt
OTU4YjY3OTg5MDVjLzEvZ0R5N3cteWMwdHFXSUl1aU5odUpETmpiUEdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mMmVkZDEtZmUyNS00NDMyLWI3YTQtOTU4YjY3OTg5MDVj
LzEvdHhMSl9zdmV2MWI0UmRZSGtUMGJWWEZaS2lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiTJMA0G
CSqGSIb3DQEBCwUAA4IBAQBAF357cEqt02JiJkS7qRqjlcV71tdsRDkpKRlHF80l
afKoDj/obCjuCY3dsHb1ol6u3bzcyPG5JFTJGD6r4qIvZw0XrRAIt2FpJHR6iMrd
BoQrkSSYq0tGRW38Jrjj5fUPbl1LHKMNCU1e1NzTMUgiFEiPcyyMUzCK73hjMABE
2aQAm8wa8T7gSmJfw7GlhXQvr3TuTYx5drivUQ+d7B89itEOQ57N4bO9XYCoXgKj
g77v7kRuF4jYvCiKqeTzuHYjGDIyGXfbOyhtoVkS1xzznTPA1+CBiBUgOcr3PbMZ
QM3dMdZ7/JjtNL2tMbZcoO6zohfqlJ4CUgs7gw/5KOEL
-----END CERTIFICATE-----