Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/7Msd020-lTb3NDPu0wOtsvEU5Dk.roa
File:                     7Msd020-lTb3NDPu0wOtsvEU5Dk.roa (raw, json)
Hash identifier:          dfVqgLyKdA37ClDslcVfTHo3hZAFTQ8SdbwI91UsZXc=
Subject key identifier:   EC:CB:1D:D3:6D:3E:95:36:F7:34:33:EE:D3:03:AD:B2:F1:14:E4:39
Certificate issuer:       /CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
Certificate serial:       019427B56AA056539E93AFE86CD90820BF1D
Authority key identifier: A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/7Msd020-lTb3NDPu0wOtsvEU5Dk.roa
Signing time:             Thu 02 Jan 2025 15:49:48 +0000
ROA not before:           Thu 02 Jan 2025 15:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43140
IP address blocks:        46.236.204.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:6a:a0:56:53:9e:93:af:e8:6c:d9:08:20:bf:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2b12e8df3abd5559f9cf9680af65dd16589de86
        Validity
            Not Before: Jan  2 15:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eccb1dd36d3e9536f73433eed303adb2f114e439
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:0f:2d:9a:af:4c:82:2d:aa:12:8f:b3:87:fb:
                    c5:a1:e0:72:0d:e3:ef:2c:dc:64:83:f2:37:f1:a4:
                    fb:ec:5d:b9:f0:a0:12:d9:c2:8f:1f:7a:b9:96:23:
                    25:24:b0:31:c7:cb:5a:92:bf:f9:7b:e5:2b:e1:99:
                    d4:70:86:e9:b6:a7:03:4c:0b:47:10:9a:a3:ea:42:
                    c5:7e:ef:37:27:53:53:f5:b3:af:c8:fd:89:7c:50:
                    e0:bb:49:53:88:4e:d5:0b:65:bb:84:19:fb:f0:16:
                    db:b0:00:9e:1c:fb:90:61:f2:d0:12:66:be:1a:1c:
                    9c:b5:1a:41:4a:42:77:44:c3:d8:23:18:76:07:64:
                    7a:37:d0:30:f4:38:5f:6f:02:a9:d6:b3:cc:84:45:
                    70:c8:5c:89:83:94:43:7c:81:0b:46:14:ff:f8:a2:
                    77:25:a3:a7:ec:87:78:fd:f2:5e:c2:9b:f6:7b:9f:
                    90:80:23:1c:dc:ee:d9:d2:46:c4:dc:f8:24:ff:c6:
                    b4:c1:12:86:83:ca:6f:0c:29:37:9e:26:b0:cc:c2:
                    55:0a:e4:de:84:5a:9d:7f:f3:05:e3:a7:84:1e:c1:
                    dc:48:7e:2d:a3:ca:13:f0:0e:28:04:c1:62:20:2d:
                    a3:17:d3:55:ec:d8:8b:1d:e9:cf:6b:ef:68:2d:37:
                    b2:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:CB:1D:D3:6D:3E:95:36:F7:34:33:EE:D3:03:AD:B2:F1:14:E4:39
            X509v3 Authority Key Identifier:
                keyid:A2:B1:2E:8D:F3:AB:D5:55:9F:9C:F9:68:0A:F6:5D:D1:65:89:DE:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/orEujfOr1VWfnPloCvZd0WWJ3oY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/7Msd020-lTb3NDPu0wOtsvEU5Dk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ec44ea-ef43-4b3a-a69a-b4cb637da8c3/1/orEujfOr1VWfnPloCvZd0WWJ3oY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.236.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b5:2d:b8:1e:b1:36:58:16:16:e3:c0:e8:25:ce:44:84:08:45:
         1a:15:60:96:c8:39:39:58:25:e8:55:f8:cc:37:e3:d1:3b:04:
         8a:d9:52:fa:60:a6:2c:8c:1a:c4:7c:8f:f1:06:c8:e5:4b:c4:
         0a:8f:6c:4a:26:78:85:df:a7:3d:4f:d0:62:6a:38:37:23:70:
         a1:36:f9:94:9d:a8:3c:47:a0:5c:9d:98:52:11:71:69:f9:1a:
         7e:5e:b2:0f:8d:ac:aa:42:d3:a4:5d:7f:0d:2c:38:0f:57:a0:
         87:fe:d1:15:2e:7e:a3:cc:c8:ce:6e:11:5b:87:47:2e:de:5c:
         79:05:77:6a:86:71:31:81:9f:72:c1:7f:9f:21:bb:7b:66:41:
         9b:a2:3d:7a:40:18:22:35:34:79:29:ac:3a:43:c6:b1:8c:b3:
         54:2d:53:50:24:d6:2a:1f:e5:ea:24:3a:48:f7:ae:77:a5:d0:
         d2:62:ca:97:38:44:b3:7f:e1:a1:04:71:82:21:61:8a:e4:02:
         30:37:50:48:5a:83:ab:bc:52:8d:5f:bc:46:fa:42:3b:35:0c:
         b3:cc:a6:02:f8:83:7a:3b:67:eb:0c:b5:87:dd:53:83:d3:fe:
         42:52:a4:4f:53:67:1a:45:0b:74:ca:85:e3:4c:bf:75:3e:d5:
         b4:66:e8:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntWqgVlOek6/obNkIIL8dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyYjEyZThkZjNhYmQ1NTU5ZjljZjk2ODBhZjY1ZGQxNjU4
OWRlODYwHhcNMjUwMTAyMTU0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2NiMWRkMzZkM2U5NTM2ZjczNDMzZWVkMzAzYWRiMmYxMTRlNDM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAog8tmq9Mgi2qEo+zh/vFoeByDePv
LNxkg/I38aT77F258KAS2cKPH3q5liMlJLAxx8takr/5e+Ur4ZnUcIbptqcDTAtH
EJqj6kLFfu83J1NT9bOvyP2JfFDgu0lTiE7VC2W7hBn78BbbsACeHPuQYfLQEma+
GhyctRpBSkJ3RMPYIxh2B2R6N9Aw9DhfbwKp1rPMhEVwyFyJg5RDfIELRhT/+KJ3
JaOn7Id4/fJewpv2e5+QgCMc3O7Z0kbE3Pgk/8a0wRKGg8pvDCk3niawzMJVCuTe
hFqdf/MF46eEHsHcSH4to8oT8A4oBMFiIC2jF9NV7NiLHenPa+9oLTeyeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOzLHdNtPpU29zQz7tMDrbLxFOQ5MB8GA1UdIwQY
MBaAFKKxLo3zq9VVn5z5aAr2XdFlid6GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEt
YjRjYjYzN2RhOGMzLzEvN01zZDAyMC1sVGIzTkRQdTB3T3RzdkVVNURrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9lYzQ0ZWEtZWY0My00YjNhLWE2OWEtYjRjYjYzN2RhOGMz
LzEvb3JFdWpmT3IxVldmblBsb0N2WmQwV1dKM29ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLuzMMA0G
CSqGSIb3DQEBCwUAA4IBAQC1LbgesTZYFhbjwOglzkSECEUaFWCWyDk5WCXoVfjM
N+PROwSK2VL6YKYsjBrEfI/xBsjlS8QKj2xKJniF36c9T9Biajg3I3ChNvmUnag8
R6BcnZhSEXFp+Rp+XrIPjayqQtOkXX8NLDgPV6CH/tEVLn6jzMjObhFbh0cu3lx5
BXdqhnExgZ9ywX+fIbt7ZkGboj16QBgiNTR5Kaw6Q8axjLNULVNQJNYqH+XqJDpI
9653pdDSYsqXOESzf+GhBHGCIWGK5AIwN1BIWoOrvFKNX7xG+kI7NQyzzKYC+IN6
O2frDLWH3VOD0/5CUqRPU2caRQt0yoXjTL91PtW0Zujt
-----END CERTIFICATE-----