Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/vwMbSzPxT5-ntMRApyWcJX1TgPs.roa
File:                     vwMbSzPxT5-ntMRApyWcJX1TgPs.roa (raw, json)
Hash identifier:          1QgGP9Z1wCTe+S03IzPWefFRvT9t0lh0yDjoWTpeyvA=
Subject key identifier:   BF:03:1B:4B:33:F1:4F:9F:A7:B4:C4:40:A7:25:9C:25:7D:53:80:FB
Certificate issuer:       /CN=b712c9fecbdebf56f845d607913d1b5571592a2a
Certificate serial:       019425FC448A1A92C2EE702F75F2E0197B5D
Authority key identifier: B7:12:C9:FE:CB:DE:BF:56:F8:45:D6:07:91:3D:1B:55:71:59:2A:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/txLJ_svev1b4RdYHkT0bVXFZKio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/vwMbSzPxT5-ntMRApyWcJX1TgPs.roa
Signing time:             Thu 02 Jan 2025 07:47:57 +0000
ROA not before:           Thu 02 Jan 2025 07:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48678
IP address blocks:        46.36.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/txLJ_svev1b4RdYHkT0bVXFZKio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/txLJ_svev1b4RdYHkT0bVXFZKio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/txLJ_svev1b4RdYHkT0bVXFZKio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 04:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:44:8a:1a:92:c2:ee:70:2f:75:f2:e0:19:7b:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b712c9fecbdebf56f845d607913d1b5571592a2a
        Validity
            Not Before: Jan  2 07:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf031b4b33f14f9fa7b4c440a7259c257d5380fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:1a:61:d5:89:57:10:95:e8:be:cc:3d:d9:d5:
                    b6:b1:08:90:4b:5f:e1:79:d1:22:01:42:c6:f3:ce:
                    36:29:ce:c4:57:97:91:10:66:45:6b:79:9e:ed:e9:
                    f7:7a:82:fc:58:49:94:e8:05:25:1e:19:f3:03:52:
                    d7:47:9e:fc:d8:3b:4a:c2:b9:09:bb:a9:a8:bb:99:
                    a1:ef:44:31:db:ed:b6:4b:6f:dd:96:ae:52:98:fd:
                    4b:96:88:46:6b:04:18:5d:8b:c5:90:ae:0c:96:0d:
                    c4:26:c5:7f:72:5f:d5:75:63:cb:5f:d1:b6:81:03:
                    c7:f2:a2:6e:9c:ac:d2:12:1e:64:b8:19:64:47:b9:
                    0e:df:fe:27:b5:c2:36:74:eb:0d:ad:42:4c:76:b1:
                    9b:c6:45:76:89:0a:20:1e:d7:97:02:2c:d0:ad:2e:
                    25:50:80:f1:43:c4:35:9c:74:1c:b3:f3:8b:01:84:
                    2f:6e:17:c5:fc:79:fb:94:0c:14:85:07:af:95:c6:
                    88:db:1f:45:47:4d:ac:2e:39:a0:1f:e9:fa:c1:e6:
                    b9:a9:cf:fd:6e:dc:e9:91:de:e2:7b:fb:fa:6c:74:
                    09:81:df:51:bc:00:ad:15:7f:32:c6:07:a1:f3:e5:
                    51:be:e8:32:7e:1e:23:d2:2e:a0:fd:25:ca:16:d8:
                    d5:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:03:1B:4B:33:F1:4F:9F:A7:B4:C4:40:A7:25:9C:25:7D:53:80:FB
            X509v3 Authority Key Identifier:
                keyid:B7:12:C9:FE:CB:DE:BF:56:F8:45:D6:07:91:3D:1B:55:71:59:2A:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/txLJ_svev1b4RdYHkT0bVXFZKio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/vwMbSzPxT5-ntMRApyWcJX1TgPs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/f2edd1-fe25-4432-b7a4-958b6798905c/1/txLJ_svev1b4RdYHkT0bVXFZKio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:b2:9f:aa:7a:89:ec:e9:8e:39:26:8c:40:2c:5f:fb:ab:e4:
         12:63:16:57:21:88:1e:36:18:fd:14:35:b6:31:6c:7d:d1:33:
         74:ef:1a:cb:c6:2c:5a:38:d8:f8:7e:d9:e8:da:a0:a2:c0:d1:
         be:14:3c:bd:be:81:b3:bb:11:b3:14:fa:cf:3c:ad:5c:ef:70:
         18:57:9b:c0:1b:e9:7d:5f:49:9e:6f:e3:4e:96:9e:56:c6:69:
         e1:f2:60:08:49:99:a7:d3:14:e4:50:64:f6:6b:67:5a:1a:c0:
         c8:a5:f1:dd:4b:b7:cb:28:31:a9:94:e6:b3:0a:63:f9:b1:e4:
         99:6b:9c:cb:ca:b6:25:2e:e3:bd:b0:13:5c:8c:c8:c8:14:3d:
         6f:eb:d7:20:fa:e9:c8:74:67:e1:2c:a0:01:58:8d:5d:e7:c5:
         3b:08:a0:9c:42:db:e7:27:40:db:8d:68:6e:af:d5:cd:d5:3c:
         47:9a:ba:3e:7e:c1:4d:8c:bc:b4:23:bb:26:54:e7:d9:14:9c:
         8b:43:80:6c:e0:6c:12:ed:cd:2a:e6:21:55:fb:f5:aa:39:37:
         9b:5d:ef:26:80:f3:b3:fc:37:10:aa:59:78:9a:ec:95:7b:c3:
         b2:a9:40:40:18:0b:f8:e9:f1:bc:85:e3:86:9b:8c:be:4e:19:
         74:5c:47:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/ESKGpLC7nAvdfLgGXtdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MTJjOWZlY2JkZWJmNTZmODQ1ZDYwNzkxM2QxYjU1NzE1
OTJhMmEwHhcNMjUwMTAyMDc0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjAzMWI0YjMzZjE0ZjlmYTdiNGM0NDBhNzI1OWMyNTdkNTM4MGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Rph1YlXEJXovsw92dW2sQiQS1/h
edEiAULG8842Kc7EV5eREGZFa3me7en3eoL8WEmU6AUlHhnzA1LXR5782DtKwrkJ
u6mou5mh70Qx2+22S2/dlq5SmP1LlohGawQYXYvFkK4Mlg3EJsV/cl/VdWPLX9G2
gQPH8qJunKzSEh5kuBlkR7kO3/4ntcI2dOsNrUJMdrGbxkV2iQogHteXAizQrS4l
UIDxQ8Q1nHQcs/OLAYQvbhfF/Hn7lAwUhQevlcaI2x9FR02sLjmgH+n6wea5qc/9
btzpkd7ie/v6bHQJgd9RvACtFX8yxgeh8+VRvugyfh4j0i6g/SXKFtjV1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL8DG0sz8U+fp7TEQKclnCV9U4D7MB8GA1UdIwQY
MBaAFLcSyf7L3r9W+EXWB5E9G1VxWSoqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHhMSl9zdmV2MWI0UmRZSGtUMGJWWEZaS2lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi9mMmVkZDEtZmUyNS00NDMyLWI3YTQt
OTU4YjY3OTg5MDVjLzEvdndNYlN6UHhUNS1udE1SQXB5V2NKWDFUZ1BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi9mMmVkZDEtZmUyNS00NDMyLWI3YTQtOTU4YjY3OTg5MDVj
LzEvdHhMSl9zdmV2MWI0UmRZSGtUMGJWWEZaS2lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiTJMA0G
CSqGSIb3DQEBCwUAA4IBAQAXsp+qeons6Y45JoxALF/7q+QSYxZXIYgeNhj9FDW2
MWx90TN07xrLxixaONj4ftno2qCiwNG+FDy9voGzuxGzFPrPPK1c73AYV5vAG+l9
X0meb+NOlp5Wxmnh8mAISZmn0xTkUGT2a2daGsDIpfHdS7fLKDGplOazCmP5seSZ
a5zLyrYlLuO9sBNcjMjIFD1v69cg+unIdGfhLKABWI1d58U7CKCcQtvnJ0DbjWhu
r9XN1TxHmro+fsFNjLy0I7smVOfZFJyLQ4Bs4GwS7c0q5iFV+/WqOTebXe8mgPOz
/DcQqll4muyVe8OyqUBAGAv46fG8heOGm4y+Thl0XEdb
-----END CERTIFICATE-----