Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/nGG-OUODAxwLxi6jNHbpt8RGNb8.roa
File:                     nGG-OUODAxwLxi6jNHbpt8RGNb8.roa (raw, json)
Hash identifier:          CE5MyGR9lb1V5N4ocRK2ocMWINjBM6Y8ecSTUiTujPU=
Subject key identifier:   9C:61:BE:39:43:83:03:1C:0B:C6:2E:A3:34:76:E9:B7:C4:46:35:BF
Certificate issuer:       /CN=c1bf8f3e609072889e74dd0fb4e27f9bac47b3b0
Certificate serial:       019425217C3E0AA259C2D5BFA3C717EDB119
Authority key identifier: C1:BF:8F:3E:60:90:72:88:9E:74:DD:0F:B4:E2:7F:9B:AC:47:B3:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wb-PPmCQcoiedN0PtOJ_m6xHs7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/nGG-OUODAxwLxi6jNHbpt8RGNb8.roa
Signing time:             Thu 02 Jan 2025 03:48:59 +0000
ROA not before:           Thu 02 Jan 2025 03:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48082
IP address blocks:        46.33.60.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/wb-PPmCQcoiedN0PtOJ_m6xHs7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/wb-PPmCQcoiedN0PtOJ_m6xHs7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wb-PPmCQcoiedN0PtOJ_m6xHs7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:7c:3e:0a:a2:59:c2:d5:bf:a3:c7:17:ed:b1:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1bf8f3e609072889e74dd0fb4e27f9bac47b3b0
        Validity
            Not Before: Jan  2 03:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c61be394383031c0bc62ea33476e9b7c44635bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:10:f2:ef:ba:24:ee:8d:68:e2:cd:00:d8:9a:
                    7f:a7:6d:5d:ff:48:90:2a:40:5a:93:18:3f:63:5f:
                    02:06:8f:64:59:e2:01:e1:16:b1:45:c9:2d:88:a2:
                    d9:d9:ea:ca:3c:6f:0e:f1:84:d6:5e:ce:a1:34:6d:
                    a6:e0:2f:87:e8:e2:f9:30:36:b1:8d:81:4a:7e:83:
                    e7:17:25:9d:18:2d:64:84:3b:29:27:dd:8a:26:b1:
                    a0:18:2f:75:86:08:bd:99:2d:96:40:21:71:f8:19:
                    6d:de:9d:50:87:29:d5:a7:4a:53:c9:e8:cf:3c:fa:
                    58:de:15:f7:ec:fb:84:63:17:ce:7a:8e:00:ae:a4:
                    c1:4f:0a:dc:30:44:8e:9c:b6:0b:bf:31:76:13:62:
                    b3:2f:36:90:f5:96:69:ca:6d:6d:e5:c7:fb:f4:c9:
                    13:2b:1e:5e:fe:c5:f5:5f:a5:0f:28:70:a5:b3:48:
                    2e:17:21:1b:3c:0c:9b:d7:fe:ef:a3:23:2e:f4:8c:
                    50:35:24:57:0b:df:d7:6b:1b:e6:3e:95:ea:ad:18:
                    5f:06:a8:be:30:f4:ee:da:db:41:f7:ad:e8:f5:2e:
                    d7:4f:63:ac:9c:9d:6e:ff:19:bf:c5:a5:57:07:80:
                    3e:b7:ca:c6:29:03:0b:87:13:51:b7:3d:f0:4b:7d:
                    0d:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:61:BE:39:43:83:03:1C:0B:C6:2E:A3:34:76:E9:B7:C4:46:35:BF
            X509v3 Authority Key Identifier:
                keyid:C1:BF:8F:3E:60:90:72:88:9E:74:DD:0F:B4:E2:7F:9B:AC:47:B3:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wb-PPmCQcoiedN0PtOJ_m6xHs7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/nGG-OUODAxwLxi6jNHbpt8RGNb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/wb-PPmCQcoiedN0PtOJ_m6xHs7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.33.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         13:51:57:8c:12:40:34:9c:35:62:36:79:56:b3:c3:dd:d1:df:
         47:dc:4b:6e:b2:0d:e9:89:d5:d8:2a:c0:f8:06:65:85:3f:b1:
         f5:fb:f0:e3:fd:ba:da:c1:3e:fc:8b:08:c6:e2:4a:e5:90:55:
         fe:ff:bd:ba:7e:57:f7:18:a3:7f:e3:f2:8e:58:bf:77:b1:8c:
         a9:0e:2c:a2:ff:9e:15:72:9b:f9:4a:51:f0:a1:1d:00:46:54:
         b1:29:f6:ff:f5:d0:18:3a:21:65:00:a6:f3:23:ce:aa:fd:30:
         1b:ef:c7:12:99:54:56:c3:9b:dc:2f:c4:eb:53:5e:1b:f0:06:
         37:cd:cc:74:f3:ec:e0:cf:3e:99:b5:23:8e:b9:12:37:44:1a:
         7a:51:e3:b4:37:1e:b3:3f:8a:db:07:c4:8d:ad:36:0c:0c:a2:
         cf:95:10:2c:75:59:21:58:e3:48:21:63:0b:e2:49:13:0a:4e:
         c2:c8:84:60:4c:11:ec:3f:fe:5a:5d:8e:d9:1f:81:90:58:1e:
         d6:9c:ab:1b:06:b4:98:3a:ee:c3:54:da:ef:74:5d:b9:9a:b3:
         09:47:12:c4:ac:82:c2:5b:96:f5:24:28:fb:bf:4f:dd:79:b3:
         96:cb:8f:97:f3:05:9d:d7:aa:4f:9c:6a:d7:bf:a9:40:44:93:
         4b:56:ea:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIXw+CqJZwtW/o8cX7bEZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYmY4ZjNlNjA5MDcyODg5ZTc0ZGQwZmI0ZTI3ZjliYWM0
N2IzYjAwHhcNMjUwMTAyMDM0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzYxYmUzOTQzODMwMzFjMGJjNjJlYTMzNDc2ZTliN2M0NDYzNWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuxDy77ok7o1o4s0A2Jp/p21d/0iQ
KkBakxg/Y18CBo9kWeIB4RaxRcktiKLZ2erKPG8O8YTWXs6hNG2m4C+H6OL5MDax
jYFKfoPnFyWdGC1khDspJ92KJrGgGC91hgi9mS2WQCFx+Blt3p1QhynVp0pTyejP
PPpY3hX37PuEYxfOeo4ArqTBTwrcMESOnLYLvzF2E2KzLzaQ9ZZpym1t5cf79MkT
Kx5e/sX1X6UPKHCls0guFyEbPAyb1/7voyMu9IxQNSRXC9/XaxvmPpXqrRhfBqi+
MPTu2ttB963o9S7XT2OsnJ1u/xm/xaVXB4A+t8rGKQMLhxNRtz3wS30NuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxhvjlDgwMcC8YuozR26bfERjW/MB8GA1UdIwQY
MBaAFMG/jz5gkHKInnTdD7Tif5usR7OwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2ItUFBtQ1Fjb2llZE4wUHRPSl9tNnhIczdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9hMWM2YzAtZTc1NC00NzllLTg1MWQt
MGQwZGEwZDEwNDMyLzEvbkdHLU9VT0RBeHdMeGk2ak5IYnB0OFJHTmI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9hMWM2YzAtZTc1NC00NzllLTg1MWQtMGQwZGEwZDEwNDMy
LzEvd2ItUFBtQ1Fjb2llZE4wUHRPSl9tNnhIczdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLiE8MA0G
CSqGSIb3DQEBCwUAA4IBAQATUVeMEkA0nDViNnlWs8Pd0d9H3Etusg3pidXYKsD4
BmWFP7H1+/Dj/brawT78iwjG4krlkFX+/726flf3GKN/4/KOWL93sYypDiyi/54V
cpv5SlHwoR0ARlSxKfb/9dAYOiFlAKbzI86q/TAb78cSmVRWw5vcL8TrU14b8AY3
zcx08+zgzz6ZtSOOuRI3RBp6UeO0Nx6zP4rbB8SNrTYMDKLPlRAsdVkhWONIIWML
4kkTCk7CyIRgTBHsP/5aXY7ZH4GQWB7WnKsbBrSYOu7DVNrvdF25mrMJRxLErILC
W5b1JCj7v0/debOWy4+X8wWd16pPnGrXv6lARJNLVup6
-----END CERTIFICATE-----