Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/9a3eac-f862-4789-ac21-d9444a3d0ce0/1/jyRg9rzyp13wzC9lPn-bQBVk9SM.roa
File:                     jyRg9rzyp13wzC9lPn-bQBVk9SM.roa (raw, json)
Hash identifier:          DykO+WlsvnZBAvuruj+gmcKA6ANC0St445Gn0td25pg=
Subject key identifier:   8F:24:60:F6:BC:F2:A7:5D:F0:CC:2F:65:3E:7F:9B:40:15:64:F5:23
Certificate issuer:       /CN=fb70de840fd6bf4b0afd1274e44efd1b8665762c
Certificate serial:       019424449FAF10F867552171DEA9482C9518
Authority key identifier: FB:70:DE:84:0F:D6:BF:4B:0A:FD:12:74:E4:4E:FD:1B:86:65:76:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-3DehA_Wv0sK_RJ05E79G4Zldiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4a/9a3eac-f862-4789-ac21-d9444a3d0ce0/1/jyRg9rzyp13wzC9lPn-bQBVk9SM.roa
Signing time:             Wed 01 Jan 2025 23:47:44 +0000
ROA not before:           Wed 01 Jan 2025 23:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199468
IP address blocks:        46.254.111.0/24 maxlen: 24
                          2a11:c900::/29 maxlen: 34
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4a/9a3eac-f862-4789-ac21-d9444a3d0ce0/1/1-3DehA_Wv0sK_RJ05E79G4Zldiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4a/9a3eac-f862-4789-ac21-d9444a3d0ce0/1/1-3DehA_Wv0sK_RJ05E79G4Zldiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-3DehA_Wv0sK_RJ05E79G4Zldiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:9f:af:10:f8:67:55:21:71:de:a9:48:2c:95:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fb70de840fd6bf4b0afd1274e44efd1b8665762c
        Validity
            Not Before: Jan  1 23:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f2460f6bcf2a75df0cc2f653e7f9b401564f523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:f1:e6:a1:46:9d:c9:95:15:ca:7b:9a:7e:97:
                    ef:7c:a0:56:75:80:72:b5:6f:c7:a5:97:f9:56:ec:
                    8c:1d:7e:53:e0:26:05:52:53:02:62:f0:de:c7:8f:
                    bb:75:a6:42:5b:e7:09:c5:54:a7:82:e4:c5:51:3f:
                    3b:5b:ea:dd:48:ea:fd:72:37:35:d1:29:19:65:32:
                    ac:b2:f0:3c:ee:d8:45:d1:9f:40:db:61:8a:96:31:
                    68:78:c2:9a:54:29:dd:49:79:7e:f8:35:eb:40:8f:
                    1e:0c:60:79:6a:e0:08:69:f1:14:a3:1f:7f:cc:76:
                    fb:5f:e1:e5:7b:38:6a:27:78:90:49:5f:2c:a0:e1:
                    64:2f:c3:b4:37:47:a8:55:d3:1c:e0:90:da:b0:e4:
                    f2:ce:e1:f1:6b:69:e1:b2:e9:15:0c:b2:68:8d:5c:
                    73:39:d7:c7:11:c7:34:32:d3:8b:87:ec:e3:f6:f5:
                    8f:35:54:89:72:c2:ef:cf:9a:c7:20:81:fd:0e:a7:
                    9a:1f:74:a3:87:23:9d:32:e2:34:e8:cb:11:81:6d:
                    20:43:1b:fa:c2:73:55:be:4c:73:cd:c2:82:73:16:
                    40:f0:21:7a:0f:62:55:6c:79:7c:67:54:74:bd:7b:
                    e5:74:ed:a4:bb:70:74:9b:b1:77:39:b0:39:46:a6:
                    01:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:24:60:F6:BC:F2:A7:5D:F0:CC:2F:65:3E:7F:9B:40:15:64:F5:23
            X509v3 Authority Key Identifier:
                keyid:FB:70:DE:84:0F:D6:BF:4B:0A:FD:12:74:E4:4E:FD:1B:86:65:76:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-3DehA_Wv0sK_RJ05E79G4Zldiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/9a3eac-f862-4789-ac21-d9444a3d0ce0/1/jyRg9rzyp13wzC9lPn-bQBVk9SM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/9a3eac-f862-4789-ac21-d9444a3d0ce0/1/1-3DehA_Wv0sK_RJ05E79G4Zldiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.111.0/24
                IPv6:
                  2a11:c900::/29

    Signature Algorithm: sha256WithRSAEncryption
         a3:dd:cc:8a:54:94:c0:71:42:57:c7:7f:e9:96:cd:e1:a8:63:
         7e:49:23:80:f4:e4:f7:79:0e:d5:c1:bd:37:4e:81:4a:20:1d:
         64:29:09:37:9d:3d:6e:52:66:1b:17:f8:7e:2f:a3:c9:82:10:
         db:63:8e:d2:39:ed:4e:d3:cc:e7:19:de:a1:24:73:f9:6b:09:
         63:d7:ad:15:70:eb:e3:0a:5a:f6:79:61:95:d8:91:d3:6c:8b:
         8c:7d:0b:49:31:1d:20:20:a3:13:aa:e2:bc:d9:27:79:c0:0b:
         42:be:45:90:72:6f:f6:2e:d5:4e:65:3d:56:96:52:1b:9e:49:
         95:08:72:99:ab:13:57:0d:d3:36:61:21:5c:cf:a7:06:57:ce:
         54:d9:9b:33:83:41:86:43:72:25:43:82:1d:45:3b:1b:35:8d:
         de:1f:15:41:96:32:9b:78:ed:a7:8b:80:dd:35:70:48:91:18:
         bc:5a:da:13:c5:c4:24:12:1b:db:ec:59:25:a6:54:08:1f:03:
         7f:78:1f:35:f9:c8:78:ed:b1:7d:b3:82:53:90:c7:7f:62:05:
         59:b8:b9:77:b7:82:65:b7:78:cb:73:fc:22:d3:38:ad:0a:1e:
         c0:83:a6:a0:b4:00:5f:41:cc:c3:3b:15:2d:5e:ab:1f:85:8c:
         6e:0b:eb:ea
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQkRJ+vEPhnVSFx3qlILJUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiNzBkZTg0MGZkNmJmNGIwYWZkMTI3NGU0NGVmZDFiODY2
NTc2MmMwHhcNMjUwMTAxMjM0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjI0NjBmNmJjZjJhNzVkZjBjYzJmNjUzZTdmOWI0MDE1NjRmNTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6vHmoUadyZUVynuafpfvfKBWdYBy
tW/HpZf5VuyMHX5T4CYFUlMCYvDex4+7daZCW+cJxVSnguTFUT87W+rdSOr9cjc1
0SkZZTKssvA87thF0Z9A22GKljFoeMKaVCndSXl++DXrQI8eDGB5auAIafEUox9/
zHb7X+HlezhqJ3iQSV8soOFkL8O0N0eoVdMc4JDasOTyzuHxa2nhsukVDLJojVxz
OdfHEcc0MtOLh+zj9vWPNVSJcsLvz5rHIIH9DqeaH3SjhyOdMuI06MsRgW0gQxv6
wnNVvkxzzcKCcxZA8CF6D2JVbHl8Z1R0vXvldO2ku3B0m7F3ObA5RqYBDQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFI8kYPa88qdd8MwvZT5/m0AVZPUjMB8GA1UdIwQY
MBaAFPtw3oQP1r9LCv0SdORO/RuGZXYsMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS0zRGVoQV9XdjBzS19SSjA1RTc5RzRabGRpdy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGEvOWEzZWFjLWY4NjItNDc4OS1hYzIx
LWQ5NDQ0YTNkMGNlMC8xL2p5Umc5cnp5cDEzd3pDOWxQbi1iUUJWazlTTS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGEvOWEzZWFjLWY4NjItNDc4OS1hYzIxLWQ5NDQ0YTNkMGNl
MC8xLzEtM0RlaEFfV3Ywc0tfUkowNUU3OUc0WmxkaXcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAAu/m8w
DQQCAAIwBwMFAyoRyQAwDQYJKoZIhvcNAQELBQADggEBAKPdzIpUlMBxQlfHf+mW
zeGoY35JI4D05Pd5DtXBvTdOgUogHWQpCTedPW5SZhsX+H4vo8mCENtjjtI57U7T
zOcZ3qEkc/lrCWPXrRVw6+MKWvZ5YZXYkdNsi4x9C0kxHSAgoxOq4rzZJ3nAC0K+
RZByb/Yu1U5lPVaWUhueSZUIcpmrE1cN0zZhIVzPpwZXzlTZmzODQYZDciVDgh1F
Oxs1jd4fFUGWMpt47aeLgN01cEiRGLxa2hPFxCQSG9vsWSWmVAgfA394HzX5yHjt
sX2zglOQx39iBVm4uXe3gmW3eMtz/CLTOK0KHsCDpqC0AF9BzMM7FS1eqx+FjG4L
6+o=
-----END CERTIFICATE-----