Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/d76585-95fc-4803-ba6e-75c0d78eb07d/1/SA2FPjcpG1kQYsbun59Q7-Ncc5U.roa
File:                     SA2FPjcpG1kQYsbun59Q7-Ncc5U.roa (raw, json)
Hash identifier:          sLqwzq191GZfL/xfEdWZKrffVvqlf65Ic2rl/WtgP8Q=
Subject key identifier:   48:0D:85:3E:37:29:1B:59:10:62:C6:EE:9F:9F:50:EF:E3:5C:73:95
Certificate issuer:       /CN=13a8bfb3f54754bd329180e593750265ef7e3999
Certificate serial:       01942067FDD1BEDCA8E9A34D5CEE7EC0E2BC
Authority key identifier: 13:A8:BF:B3:F5:47:54:BD:32:91:80:E5:93:75:02:65:EF:7E:39:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E6i_s_VHVL0ykYDlk3UCZe9-OZk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/d76585-95fc-4803-ba6e-75c0d78eb07d/1/SA2FPjcpG1kQYsbun59Q7-Ncc5U.roa
Signing time:             Wed 01 Jan 2025 05:47:53 +0000
ROA not before:           Wed 01 Jan 2025 05:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61271
IP address blocks:        46.18.109.0/24 maxlen: 24
                          2a11:8d00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/d76585-95fc-4803-ba6e-75c0d78eb07d/1/E6i_s_VHVL0ykYDlk3UCZe9-OZk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/d76585-95fc-4803-ba6e-75c0d78eb07d/1/E6i_s_VHVL0ykYDlk3UCZe9-OZk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E6i_s_VHVL0ykYDlk3UCZe9-OZk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:fd:d1:be:dc:a8:e9:a3:4d:5c:ee:7e:c0:e2:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=13a8bfb3f54754bd329180e593750265ef7e3999
        Validity
            Not Before: Jan  1 05:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=480d853e37291b591062c6ee9f9f50efe35c7395
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ec:e1:a5:de:34:24:c0:a5:c1:dd:bf:6c:cb:
                    fd:8e:ea:66:62:5e:3c:b4:09:da:12:e1:8e:db:cd:
                    29:71:f7:74:4d:3e:95:e9:bc:c2:26:c2:78:43:a9:
                    cb:c8:00:81:e3:04:f1:31:a2:df:2a:82:d4:d4:fa:
                    94:93:49:de:68:81:ce:f4:ae:28:89:06:92:57:af:
                    aa:f1:f7:08:b1:c6:c2:47:dc:f1:71:7e:ae:54:5a:
                    b3:ff:ce:1a:96:4f:30:40:b7:23:b8:9d:f2:79:92:
                    8f:bd:a7:e8:e3:13:bb:d8:e6:e0:30:90:61:36:91:
                    c2:ff:c6:38:fa:16:79:83:c0:41:d7:8d:ed:5d:6f:
                    b4:bd:03:9f:9c:84:91:8e:52:88:36:0b:bc:89:61:
                    99:2e:5f:30:72:f4:82:d2:97:c5:07:ba:ed:25:d1:
                    ed:2e:b7:51:10:f5:c4:a6:e6:e9:f8:d6:f7:4f:60:
                    29:61:aa:f5:61:f2:03:a8:8a:8e:cd:11:22:82:f8:
                    3e:f5:47:37:04:6f:36:91:85:99:a1:67:48:21:4d:
                    bc:74:06:61:a5:4f:07:ec:b8:ba:69:4e:7f:95:cd:
                    fe:d5:93:e6:d4:18:28:17:9b:3c:4e:52:39:b9:3d:
                    35:09:0d:1d:5b:64:c7:c0:22:59:98:e6:01:b5:20:
                    78:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:0D:85:3E:37:29:1B:59:10:62:C6:EE:9F:9F:50:EF:E3:5C:73:95
            X509v3 Authority Key Identifier:
                keyid:13:A8:BF:B3:F5:47:54:BD:32:91:80:E5:93:75:02:65:EF:7E:39:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E6i_s_VHVL0ykYDlk3UCZe9-OZk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d76585-95fc-4803-ba6e-75c0d78eb07d/1/SA2FPjcpG1kQYsbun59Q7-Ncc5U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/d76585-95fc-4803-ba6e-75c0d78eb07d/1/E6i_s_VHVL0ykYDlk3UCZe9-OZk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.109.0/24
                IPv6:
                  2a11:8d00::/29

    Signature Algorithm: sha256WithRSAEncryption
         6c:4b:48:54:7a:29:e6:10:64:3f:a7:a0:11:0d:b4:73:30:31:
         63:d7:80:62:8e:95:fb:a6:e7:a9:e7:49:05:64:82:b0:e0:0f:
         a5:6a:ec:82:53:5b:a5:d2:a2:ba:97:a2:2f:43:58:57:f8:a5:
         c2:79:51:a8:2b:b6:61:46:4a:8f:d4:21:e4:0a:20:b6:93:01:
         18:c2:96:cd:51:3a:86:96:a3:c7:b1:a0:3d:8b:5e:87:6a:87:
         f3:6b:93:04:22:ea:c7:1f:6c:38:ac:7e:65:50:a1:14:7a:6c:
         bf:96:81:a2:76:69:44:b3:31:8b:d6:21:2e:18:78:54:c5:31:
         e2:ca:40:6e:57:c2:a3:f9:23:a5:3d:3a:4b:03:cf:80:24:60:
         2c:3a:48:37:3c:aa:44:a9:0c:c0:ab:9e:da:9e:1e:28:0d:24:
         93:4f:5b:8d:e8:99:f1:f4:30:d4:81:25:b5:88:20:45:12:2e:
         2f:92:90:10:2d:40:a0:1d:b1:91:26:14:ae:8d:c3:08:67:e2:
         75:3a:23:1d:a8:d5:18:c8:0e:96:d2:ad:6d:8d:0e:19:92:20:
         64:10:b0:6a:d5:f8:a3:04:3e:40:b9:f6:3a:2b:ec:f7:ae:31:
         49:69:d1:2a:28:0c:b0:69:83:3d:42:7d:67:30:2d:b5:30:12:
         d0:a0:70:42
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgZ/3Rvtyo6aNNXO5+wOK8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzYThiZmIzZjU0NzU0YmQzMjkxODBlNTkzNzUwMjY1ZWY3
ZTM5OTkwHhcNMjUwMTAxMDU0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODBkODUzZTM3MjkxYjU5MTA2MmM2ZWU5ZjlmNTBlZmUzNWM3Mzk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjuzhpd40JMClwd2/bMv9jupmYl48
tAnaEuGO280pcfd0TT6V6bzCJsJ4Q6nLyACB4wTxMaLfKoLU1PqUk0neaIHO9K4o
iQaSV6+q8fcIscbCR9zxcX6uVFqz/84alk8wQLcjuJ3yeZKPvafo4xO72ObgMJBh
NpHC/8Y4+hZ5g8BB143tXW+0vQOfnISRjlKINgu8iWGZLl8wcvSC0pfFB7rtJdHt
LrdREPXEpubp+Nb3T2ApYar1YfIDqIqOzREigvg+9Uc3BG82kYWZoWdIIU28dAZh
pU8H7Li6aU5/lc3+1ZPm1BgoF5s8TlI5uT01CQ0dW2THwCJZmOYBtSB4YQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEgNhT43KRtZEGLG7p+fUO/jXHOVMB8GA1UdIwQY
MBaAFBOov7P1R1S9MpGA5ZN1AmXvfjmZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTZpX3NfVkhWTDB5a1lEbGszVUNaZTktT1prLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9kNzY1ODUtOTVmYy00ODAzLWJhNmUt
NzVjMGQ3OGViMDdkLzEvU0EyRlBqY3BHMWtRWXNidW41OVE3LU5jYzVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9kNzY1ODUtOTVmYy00ODAzLWJhNmUtNzVjMGQ3OGViMDdk
LzEvRTZpX3NfVkhWTDB5a1lEbGszVUNaZTktT1prLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALhJtMA0E
AgACMAcDBQMqEY0AMA0GCSqGSIb3DQEBCwUAA4IBAQBsS0hUeinmEGQ/p6ARDbRz
MDFj14BijpX7puep50kFZIKw4A+lauyCU1ul0qK6l6IvQ1hX+KXCeVGoK7ZhRkqP
1CHkCiC2kwEYwpbNUTqGlqPHsaA9i16Haofza5MEIurHH2w4rH5lUKEUemy/loGi
dmlEszGL1iEuGHhUxTHiykBuV8Kj+SOlPTpLA8+AJGAsOkg3PKpEqQzAq57anh4o
DSSTT1uN6Jnx9DDUgSW1iCBFEi4vkpAQLUCgHbGRJhSujcMIZ+J1OiMdqNUYyA6W
0q1tjQ4ZkiBkELBq1fijBD5AufY6K+z3rjFJadEqKAywaYM9Qn1nMC21MBLQoHBC
-----END CERTIFICATE-----