Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/PyKJA1oPISDvl2WwqMBK6X2ZG4E.roa
File:                     PyKJA1oPISDvl2WwqMBK6X2ZG4E.roa (raw, json)
Hash identifier:          JbT6mySfQfz6WkzubHjNkSC+JLauISKYsnpC8BZ2ZRk=
Subject key identifier:   3F:22:89:03:5A:0F:21:20:EF:97:65:B0:A8:C0:4A:E9:7D:99:1B:81
Certificate issuer:       /CN=b62d4cec783305923e3497ed884f1c445b4e78fb
Certificate serial:       0193507F250D470131091AF15FDDF25C4E17
Authority key identifier: B6:2D:4C:EC:78:33:05:92:3E:34:97:ED:88:4F:1C:44:5B:4E:78:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/PyKJA1oPISDvl2WwqMBK6X2ZG4E.roa
Signing time:             Thu 21 Nov 2024 20:52:10 +0000
ROA not before:           Thu 21 Nov 2024 20:52:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216145
IP address blocks:        46.253.2.0/24 maxlen: 24
                          46.253.6.0/24 maxlen: 24
                          46.253.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/ti1M7HgzBZI-NJftiE8cRFtOePs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/ti1M7HgzBZI-NJftiE8cRFtOePs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:50:7f:25:0d:47:01:31:09:1a:f1:5f:dd:f2:5c:4e:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b62d4cec783305923e3497ed884f1c445b4e78fb
        Validity
            Not Before: Nov 21 20:52:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3f2289035a0f2120ef9765b0a8c04ae97d991b81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0a:30:8c:e6:4a:da:cb:61:33:b0:4f:32:d6:
                    18:8f:5e:3e:b6:fa:ce:34:80:40:13:62:67:e1:cb:
                    a3:8d:07:a7:68:09:a2:6a:82:b3:75:47:49:92:b9:
                    b4:26:e3:5b:49:c6:33:43:2e:b7:e1:0f:99:ff:fb:
                    58:f0:d0:89:ee:b6:9d:ea:50:c1:d1:9e:37:30:b7:
                    7d:2c:78:9c:00:88:78:42:14:3e:cc:fb:a5:5e:1e:
                    55:26:95:c1:12:87:f2:a3:f4:e8:2e:06:48:78:2d:
                    4a:09:49:eb:62:94:2a:21:be:f0:85:c8:9e:78:65:
                    e4:43:cd:59:30:97:11:9c:e5:d5:32:f4:fd:cb:0e:
                    c5:55:50:3a:c7:6c:a2:c8:e4:d2:bc:8c:23:97:f9:
                    fa:2c:28:62:dc:fc:75:8a:13:e3:56:b1:3a:26:1e:
                    f1:61:f0:30:00:36:ca:9e:62:f9:df:68:01:98:3b:
                    2c:e3:3e:23:7b:c6:20:29:12:03:e6:dd:9d:b9:39:
                    c4:47:69:54:05:2f:b7:17:b7:58:4f:f7:78:25:29:
                    47:d3:dd:a5:a8:40:12:bf:11:91:88:52:6f:86:93:
                    4c:91:7f:31:09:55:d2:42:f3:01:df:48:0f:d5:eb:
                    be:d3:ad:b4:eb:eb:8d:93:cb:37:1c:a5:82:5d:a1:
                    16:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:22:89:03:5A:0F:21:20:EF:97:65:B0:A8:C0:4A:E9:7D:99:1B:81
            X509v3 Authority Key Identifier:
                keyid:B6:2D:4C:EC:78:33:05:92:3E:34:97:ED:88:4F:1C:44:5B:4E:78:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ti1M7HgzBZI-NJftiE8cRFtOePs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/PyKJA1oPISDvl2WwqMBK6X2ZG4E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/f1b3da-bebf-44b0-ab12-d32e27fb7e59/1/ti1M7HgzBZI-NJftiE8cRFtOePs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.2.0/24
                  46.253.6.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:6e:c2:4a:89:60:d3:ad:a7:0a:6d:e0:a9:9f:56:52:e7:d7:
         10:6a:ba:1f:ba:a1:49:cb:63:67:3d:33:83:6a:9a:d4:b8:d4:
         0c:43:81:a8:b3:df:21:a3:10:38:4c:54:9b:23:e8:55:5f:69:
         81:e8:c1:ea:d0:7a:a3:01:b3:3a:fa:db:e7:ad:6f:c9:4f:72:
         7a:4b:ba:60:19:e3:f3:e7:41:17:b8:54:f4:ff:e9:bd:56:53:
         54:34:ff:94:69:9c:cb:ae:75:94:10:31:19:79:15:ee:f3:47:
         bb:40:2f:0e:91:ef:e4:e3:c7:46:68:ac:5c:4e:d5:44:97:f6:
         bd:38:4f:21:94:00:66:8e:82:a5:c1:58:70:b5:9d:0e:c1:cb:
         da:5a:6c:b2:f5:ab:bd:25:bf:32:c5:36:5e:b0:31:0f:11:ef:
         45:a2:5f:05:e2:60:73:52:2d:84:2e:60:04:e2:5f:0d:24:17:
         52:0c:8f:cf:a3:40:c7:89:59:70:80:08:2b:c6:fa:60:b1:cc:
         ef:76:10:e3:b0:52:d5:7c:d0:1d:04:da:87:85:9a:b3:dd:2f:
         af:e5:40:61:12:7e:18:3d:5f:a8:84:9d:ce:9e:09:1a:11:3b:
         03:66:f8:72:90:bc:67:92:0b:7b:02:36:b6:f3:c8:34:7d:3f:
         70:84:48:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNQfyUNRwExCRrxX93yXE4XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI2MmQ0Y2VjNzgzMzA1OTIzZTM0OTdlZDg4NGYxYzQ0NWI0
ZTc4ZmIwHhcNMjQxMTIxMjA1MjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjIyODkwMzVhMGYyMTIwZWY5NzY1YjBhOGMwNGFlOTdkOTkxYjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgowjOZK2sthM7BPMtYYj14+tvrO
NIBAE2Jn4cujjQenaAmiaoKzdUdJkrm0JuNbScYzQy634Q+Z//tY8NCJ7rad6lDB
0Z43MLd9LHicAIh4QhQ+zPulXh5VJpXBEofyo/ToLgZIeC1KCUnrYpQqIb7whcie
eGXkQ81ZMJcRnOXVMvT9yw7FVVA6x2yiyOTSvIwjl/n6LChi3Px1ihPjVrE6Jh7x
YfAwADbKnmL532gBmDss4z4je8YgKRID5t2duTnER2lUBS+3F7dYT/d4JSlH092l
qEASvxGRiFJvhpNMkX8xCVXSQvMB30gP1eu+06206+uNk8s3HKWCXaEW7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFD8iiQNaDyEg75dlsKjASul9mRuBMB8GA1UdIwQY
MBaAFLYtTOx4MwWSPjSX7YhPHERbTnj7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdGkxTTdIZ3pCWkktTkpmdGlFOGNSRnRPZVBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9mMWIzZGEtYmViZi00NGIwLWFiMTIt
ZDMyZTI3ZmI3ZTU5LzEvUHlLSkExb1BJU0R2bDJXd3FNQks2WDJaRzRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9mMWIzZGEtYmViZi00NGIwLWFiMTItZDMyZTI3ZmI3ZTU5
LzEvdGkxTTdIZ3pCWkktTkpmdGlFOGNSRnRPZVBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALv0CAwQB
Lv0GMA0GCSqGSIb3DQEBCwUAA4IBAQBqbsJKiWDTracKbeCpn1ZS59cQarofuqFJ
y2NnPTODaprUuNQMQ4Gos98hoxA4TFSbI+hVX2mB6MHq0HqjAbM6+tvnrW/JT3J6
S7pgGePz50EXuFT0/+m9VlNUNP+UaZzLrnWUEDEZeRXu80e7QC8Oke/k48dGaKxc
TtVEl/a9OE8hlABmjoKlwVhwtZ0OwcvaWmyy9au9Jb8yxTZesDEPEe9Fol8F4mBz
Ui2ELmAE4l8NJBdSDI/Po0DHiVlwgAgrxvpgsczvdhDjsFLVfNAdBNqHhZqz3S+v
5UBhEn4YPV+ohJ3OngkaETsDZvhykLxnkgt7Aja288g0fT9whEi8
-----END CERTIFICATE-----