Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/GVeAWRodRK-Mh61DOhsiaxRFZdA.roa
File:                     GVeAWRodRK-Mh61DOhsiaxRFZdA.roa (raw, json)
Hash identifier:          6wFMaWRMR8ReBoYGgjQ/Oo8mpX+xVZB1ZTic2qm8uE4=
Subject key identifier:   19:57:80:59:1A:1D:44:AF:8C:87:AD:43:3A:1B:22:6B:14:45:65:D0
Certificate issuer:       /CN=352ae33b11b36a319ba81347d852480d8e74c87d
Certificate serial:       0194266B8767373DEB12C757A1A47671B86A
Authority key identifier: 35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/GVeAWRodRK-Mh61DOhsiaxRFZdA.roa
Signing time:             Thu 02 Jan 2025 09:49:28 +0000
ROA not before:           Thu 02 Jan 2025 09:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206830
IP address blocks:        46.24.148.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:87:67:37:3d:eb:12:c7:57:a1:a4:76:71:b8:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=352ae33b11b36a319ba81347d852480d8e74c87d
        Validity
            Not Before: Jan  2 09:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=195780591a1d44af8c87ad433a1b226b144565d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:42:6d:b0:2f:ae:c6:e2:24:89:cf:8b:a7:ab:
                    6a:70:c9:f7:30:85:4d:12:35:39:0b:28:cf:9a:a5:
                    6d:d0:d0:ec:b4:09:8a:70:c4:ec:64:b1:ce:5b:68:
                    71:84:de:ad:8d:b1:dc:a7:a7:01:21:9a:f3:c6:e8:
                    dc:4a:bd:fc:95:4e:9e:24:6d:67:2f:e6:b8:da:92:
                    4f:4b:85:29:d3:d7:99:46:9f:7c:b6:56:8f:62:84:
                    a4:5c:67:76:ce:f0:fe:ff:31:85:4e:3c:12:48:21:
                    7a:7b:c7:8d:74:e6:a4:dd:7d:2d:13:4d:09:9f:bd:
                    1a:ee:f5:52:14:a0:c8:eb:16:a8:d1:00:26:c5:16:
                    3e:79:aa:01:36:46:59:6f:9a:81:d1:b8:1e:aa:27:
                    86:b8:87:2f:b5:af:f5:49:46:39:98:9b:2c:e2:4f:
                    2b:b2:b9:b6:ba:63:98:cc:a4:38:ec:ef:39:f8:dc:
                    3e:91:f1:cc:d7:4e:5d:6b:c3:fc:63:88:e5:07:07:
                    4b:9b:45:32:ab:3c:62:a0:31:c2:0b:85:b8:79:48:
                    29:43:c2:89:07:13:1c:e4:79:bb:b5:86:26:9b:18:
                    83:cf:61:4a:0e:09:41:ab:3f:44:90:93:12:b3:46:
                    a5:f4:0d:68:6e:72:82:94:89:9d:ae:95:59:19:f7:
                    a3:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:57:80:59:1A:1D:44:AF:8C:87:AD:43:3A:1B:22:6B:14:45:65:D0
            X509v3 Authority Key Identifier:
                keyid:35:2A:E3:3B:11:B3:6A:31:9B:A8:13:47:D8:52:48:0D:8E:74:C8:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NSrjOxGzajGbqBNH2FJIDY50yH0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/GVeAWRodRK-Mh61DOhsiaxRFZdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/c55ab0-ea22-4a19-8b33-25050c593aa1/1/NSrjOxGzajGbqBNH2FJIDY50yH0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.24.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:56:56:b7:28:c9:bf:ed:8e:00:b0:71:a7:57:7f:8b:3a:f1:
         e2:36:ea:01:fc:e3:50:f7:a7:4b:c4:64:1e:ee:6f:8f:16:12:
         8e:d6:ce:4b:e2:37:45:36:c1:c5:2e:8e:19:57:cc:d6:25:01:
         e0:6b:4b:80:f3:88:33:89:f4:b9:b4:91:7d:0f:62:61:be:62:
         e4:e3:b6:b9:f1:a2:6d:9a:96:b9:50:ca:07:23:11:ec:f7:fa:
         a2:a0:36:c2:08:0c:9a:b1:3d:0e:45:81:98:14:01:c3:38:70:
         83:37:9f:ca:5a:0c:8c:8a:0c:f1:fb:a2:9b:2e:30:46:61:69:
         e0:49:e4:06:e4:70:7a:f6:97:36:bb:54:aa:23:8b:cd:aa:8c:
         e0:8d:ae:f4:6a:20:f7:2c:21:eb:ac:cc:4a:85:9c:18:c1:27:
         72:15:1f:5d:e4:d9:d9:b9:15:18:2e:78:d4:b2:a8:db:11:80:
         ac:c5:0d:97:50:27:66:6d:47:9d:74:b0:2a:95:96:15:61:3b:
         78:2c:e3:fa:70:8e:11:80:4c:01:ab:b1:0a:8b:26:6a:a6:1c:
         18:86:9f:d5:42:5a:8c:0f:06:b4:47:c4:ab:c1:0b:d0:64:fe:
         af:e7:ab:b9:91:04:c7:53:fe:21:7d:7e:31:e8:d5:c5:c5:ad:
         d8:63:8c:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma4dnNz3rEsdXoaR2cbhqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MmFlMzNiMTFiMzZhMzE5YmE4MTM0N2Q4NTI0ODBkOGU3
NGM4N2QwHhcNMjUwMTAyMDk0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTU3ODA1OTFhMWQ0NGFmOGM4N2FkNDMzYTFiMjI2YjE0NDU2NWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEJtsC+uxuIkic+Lp6tqcMn3MIVN
EjU5CyjPmqVt0NDstAmKcMTsZLHOW2hxhN6tjbHcp6cBIZrzxujcSr38lU6eJG1n
L+a42pJPS4Up09eZRp98tlaPYoSkXGd2zvD+/zGFTjwSSCF6e8eNdOak3X0tE00J
n70a7vVSFKDI6xao0QAmxRY+eaoBNkZZb5qB0bgeqieGuIcvta/1SUY5mJss4k8r
srm2umOYzKQ47O85+Nw+kfHM105da8P8Y4jlBwdLm0UyqzxioDHCC4W4eUgpQ8KJ
BxMc5Hm7tYYmmxiDz2FKDglBqz9EkJMSs0al9A1obnKClImdrpVZGfejDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBlXgFkaHUSvjIetQzobImsURWXQMB8GA1UdIwQY
MBaAFDUq4zsRs2oxm6gTR9hSSA2OdMh9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMt
MjUwNTBjNTkzYWExLzEvR1ZlQVdSb2RSSy1NaDYxRE9oc2lheFJGWmRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jNTVhYjAtZWEyMi00YTE5LThiMzMtMjUwNTBjNTkzYWEx
LzEvTlNyak94R3phakdicUJOSDJGSklEWTUweUgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhiUMA0G
CSqGSIb3DQEBCwUAA4IBAQAIVla3KMm/7Y4AsHGnV3+LOvHiNuoB/ONQ96dLxGQe
7m+PFhKO1s5L4jdFNsHFLo4ZV8zWJQHga0uA84gzifS5tJF9D2JhvmLk47a58aJt
mpa5UMoHIxHs9/qioDbCCAyasT0ORYGYFAHDOHCDN5/KWgyMigzx+6KbLjBGYWng
SeQG5HB69pc2u1SqI4vNqozgja70aiD3LCHrrMxKhZwYwSdyFR9d5NnZuRUYLnjU
sqjbEYCsxQ2XUCdmbUeddLAqlZYVYTt4LOP6cI4RgEwBq7EKiyZqphwYhp/VQlqM
Dwa0R8SrwQvQZP6v56u5kQTHU/4hfX4x6NXFxa3YY4zv
-----END CERTIFICATE-----