Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/ikC3r3gDMRV7rzOGGg-rqokymXI.roa
File:                     ikC3r3gDMRV7rzOGGg-rqokymXI.roa (raw, json)
Hash identifier:          zgCMDOXPzxWDouvwv/WvFaJhABZR8ZFNubvE8NCbA04=
Subject key identifier:   8A:40:B7:AF:78:03:31:15:7B:AF:33:86:1A:0F:AB:AA:89:32:99:72
Certificate issuer:       /CN=c89c2cc489ebe48f490584ac866fe362c4117e75
Certificate serial:       019421B1CFF08821BE6A0DE8F34A80597A44
Authority key identifier: C8:9C:2C:C4:89:EB:E4:8F:49:05:84:AC:86:6F:E3:62:C4:11:7E:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yJwsxInr5I9JBYSshm_jYsQRfnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/ikC3r3gDMRV7rzOGGg-rqokymXI.roa
Signing time:             Wed 01 Jan 2025 11:48:08 +0000
ROA not before:           Wed 01 Jan 2025 11:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39364
IP address blocks:        46.148.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/yJwsxInr5I9JBYSshm_jYsQRfnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/yJwsxInr5I9JBYSshm_jYsQRfnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yJwsxInr5I9JBYSshm_jYsQRfnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 08:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:cf:f0:88:21:be:6a:0d:e8:f3:4a:80:59:7a:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c89c2cc489ebe48f490584ac866fe362c4117e75
        Validity
            Not Before: Jan  1 11:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8a40b7af780331157baf33861a0fabaa89329972
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:8c:42:4d:e7:20:75:af:a9:11:02:a6:b6:cb:
                    2e:81:5e:44:e2:fb:98:da:1e:04:2d:c4:8f:4c:a9:
                    3e:18:2c:05:0d:ff:85:2d:0f:d3:78:34:4c:5b:24:
                    13:82:d2:c4:d4:bc:a8:fb:e9:20:bf:7e:29:e4:df:
                    33:c0:d3:a1:d7:01:e9:bf:4f:4f:c4:2f:31:86:36:
                    34:7b:db:fd:95:e7:0d:2b:3e:7b:fb:e4:6b:05:06:
                    5e:f2:56:04:8a:bd:83:0d:1f:4a:9f:40:21:b6:ae:
                    c6:ba:bf:64:b6:86:33:26:df:bf:80:57:11:e8:96:
                    da:a2:75:2c:70:e5:34:98:26:47:a6:6d:56:99:4a:
                    a1:3a:4e:79:00:6c:e6:6c:69:09:8d:a6:87:32:c1:
                    c7:d1:4a:af:42:95:a6:f2:15:b3:56:a4:40:12:94:
                    a2:0f:4c:ae:88:8f:a7:e6:75:db:88:64:94:ee:38:
                    c9:f0:ca:fa:50:0c:2b:38:bb:d0:56:b8:3d:23:32:
                    0b:65:f6:72:5c:f1:e7:9c:29:47:20:ea:9b:71:de:
                    ed:90:17:41:bd:09:49:b8:9f:63:ff:52:18:7b:8e:
                    57:e6:14:f9:fe:8d:d0:17:56:90:c4:56:24:94:a6:
                    80:d5:8b:af:b4:79:e4:81:0b:e0:c1:f6:67:fe:ee:
                    5e:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:40:B7:AF:78:03:31:15:7B:AF:33:86:1A:0F:AB:AA:89:32:99:72
            X509v3 Authority Key Identifier:
                keyid:C8:9C:2C:C4:89:EB:E4:8F:49:05:84:AC:86:6F:E3:62:C4:11:7E:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yJwsxInr5I9JBYSshm_jYsQRfnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/ikC3r3gDMRV7rzOGGg-rqokymXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/yJwsxInr5I9JBYSshm_jYsQRfnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.148.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         97:1e:dc:cc:7a:94:f6:0e:86:d5:e2:2f:28:41:2c:17:26:4a:
         5e:aa:cd:83:35:ce:d4:f9:57:ec:60:0c:97:7e:0e:de:db:da:
         e8:db:64:58:6a:62:47:82:3c:34:d9:43:b0:dd:db:db:54:3b:
         75:c9:07:ae:29:9a:6e:14:b4:67:e9:2f:b9:c0:5e:88:14:09:
         3b:de:0b:29:85:bd:e7:7d:30:04:39:0a:21:e1:23:24:d4:ca:
         b8:f0:f2:47:d9:7a:e3:d6:65:10:74:f1:d9:a7:33:86:91:78:
         86:0c:19:29:25:45:bc:53:a6:ca:18:19:30:cd:67:c4:14:8e:
         8f:04:94:46:fc:ba:8f:50:02:32:ac:0f:88:05:4f:be:c7:03:
         19:86:1c:45:20:7c:4e:86:b2:7f:7e:54:ae:25:be:a9:dc:87:
         93:af:f0:97:28:e5:f9:b9:62:a4:1b:f2:ef:e0:7f:8d:44:ed:
         ac:36:67:bb:41:e3:c5:b6:8a:28:eb:cd:8b:cc:ca:e2:cf:16:
         87:3a:c1:30:fd:f4:03:af:d3:92:95:7c:09:ab:d1:0a:bc:84:
         b7:cd:36:29:89:c0:4c:4e:a3:f8:12:67:fd:5a:6d:3c:55:29:
         67:ee:0f:2e:74:2a:52:60:eb:64:99:93:09:6f:6f:15:eb:0c:
         37:17:d3:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsc/wiCG+ag3o80qAWXpEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4OWMyY2M0ODllYmU0OGY0OTA1ODRhYzg2NmZlMzYyYzQx
MTdlNzUwHhcNMjUwMTAxMTE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTQwYjdhZjc4MDMzMTE1N2JhZjMzODYxYTBmYWJhYTg5MzI5OTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp4xCTecgda+pEQKmtssugV5E4vuY
2h4ELcSPTKk+GCwFDf+FLQ/TeDRMWyQTgtLE1Lyo++kgv34p5N8zwNOh1wHpv09P
xC8xhjY0e9v9lecNKz57++RrBQZe8lYEir2DDR9Kn0Ahtq7Gur9ktoYzJt+/gFcR
6JbaonUscOU0mCZHpm1WmUqhOk55AGzmbGkJjaaHMsHH0UqvQpWm8hWzVqRAEpSi
D0yuiI+n5nXbiGSU7jjJ8Mr6UAwrOLvQVrg9IzILZfZyXPHnnClHIOqbcd7tkBdB
vQlJuJ9j/1IYe45X5hT5/o3QF1aQxFYklKaA1YuvtHnkgQvgwfZn/u5e7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIpAt694AzEVe68zhhoPq6qJMplyMB8GA1UdIwQY
MBaAFMicLMSJ6+SPSQWErIZv42LEEX51MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUp3c3hJbnI1STlKQllTc2htX2pZc1FSZm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9hMDBiZTItODc3ZC00MGU3LThhOGEt
YWYyY2ZhNjIyZDE4LzEvaWtDM3IzZ0RNUlY3cnpPR0dnLXJxb2t5bVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9hMDBiZTItODc3ZC00MGU3LThhOGEtYWYyY2ZhNjIyZDE4
LzEveUp3c3hJbnI1STlKQllTc2htX2pZc1FSZm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALpQnMA0G
CSqGSIb3DQEBCwUAA4IBAQCXHtzMepT2DobV4i8oQSwXJkpeqs2DNc7U+VfsYAyX
fg7e29ro22RYamJHgjw02UOw3dvbVDt1yQeuKZpuFLRn6S+5wF6IFAk73gsphb3n
fTAEOQoh4SMk1Mq48PJH2Xrj1mUQdPHZpzOGkXiGDBkpJUW8U6bKGBkwzWfEFI6P
BJRG/LqPUAIyrA+IBU++xwMZhhxFIHxOhrJ/flSuJb6p3IeTr/CXKOX5uWKkG/Lv
4H+NRO2sNme7QePFtooo682LzMrizxaHOsEw/fQDr9OSlXwJq9EKvIS3zTYpicBM
TqP4Emf9Wm08VSln7g8udCpSYOtkmZMJb28V6ww3F9NL
-----END CERTIFICATE-----