Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/599740-b96e-49c4-b604-63f197fb1c96/1/s4XNe0m5JYFtPI85hv2GLzYIY68.roa
File:                     s4XNe0m5JYFtPI85hv2GLzYIY68.roa (raw, json)
Hash identifier:          pE7eHdiD/UhztagcGqo6QdniDLwOOKzreXSfWjlvBJY=
Subject key identifier:   B3:85:CD:7B:49:B9:25:81:6D:3C:8F:39:86:FD:86:2F:36:08:63:AF
Certificate issuer:       /CN=4a04bcc2fee1c3a2e04388260e10644b65e701f3
Certificate serial:       0196ED04B3F1CFD6F42322136240E5647399
Authority key identifier: 4A:04:BC:C2:FE:E1:C3:A2:E0:43:88:26:0E:10:64:4B:65:E7:01:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SgS8wv7hw6LgQ4gmDhBkS2XnAfM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/599740-b96e-49c4-b604-63f197fb1c96/1/s4XNe0m5JYFtPI85hv2GLzYIY68.roa
Signing time:             Tue 20 May 2025 09:27:10 +0000
ROA not before:           Tue 20 May 2025 09:27:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214659
IP address blocks:        46.148.112.0/24 maxlen: 24
                          193.143.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/599740-b96e-49c4-b604-63f197fb1c96/1/SgS8wv7hw6LgQ4gmDhBkS2XnAfM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/599740-b96e-49c4-b604-63f197fb1c96/1/SgS8wv7hw6LgQ4gmDhBkS2XnAfM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SgS8wv7hw6LgQ4gmDhBkS2XnAfM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 09 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ed:04:b3:f1:cf:d6:f4:23:22:13:62:40:e5:64:73:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a04bcc2fee1c3a2e04388260e10644b65e701f3
        Validity
            Not Before: May 20 09:27:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b385cd7b49b925816d3c8f3986fd862f360863af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:3e:44:ca:a0:38:a8:7e:ff:40:fc:db:8f:32:
                    9a:e7:95:95:80:f2:0d:82:58:c0:8f:72:3b:bc:a2:
                    11:91:93:09:03:da:5f:d8:38:19:d7:c3:b6:e2:de:
                    4c:c0:d1:82:8b:c3:75:32:82:9f:94:61:03:3b:d2:
                    93:9a:59:35:f6:e2:66:50:80:77:59:5c:d0:84:c8:
                    6c:6b:ff:1f:a7:dd:34:52:6d:3a:28:87:f6:71:d2:
                    14:a9:21:39:90:38:fb:ac:8d:bc:b0:18:ed:5b:0b:
                    28:fa:a9:dd:c0:fa:05:ac:e4:c6:a8:3f:6b:63:7c:
                    c5:4b:53:a3:f4:50:d6:dc:c0:0b:66:b6:60:78:60:
                    b5:47:c2:8a:0f:76:23:75:81:41:31:0f:1a:a3:5a:
                    2b:20:3a:eb:46:a6:0f:f8:8e:85:14:4f:0f:e6:fb:
                    6c:72:cc:66:a1:e7:1f:0c:2c:cf:63:d0:40:41:4b:
                    a8:88:01:da:42:89:28:49:de:87:9a:cc:8c:d9:84:
                    a4:29:95:d3:ea:1f:70:69:94:71:fb:23:ee:dd:dd:
                    f9:6d:db:03:ea:1a:d2:e9:04:fd:5b:07:b5:45:c7:
                    03:e3:eb:a7:20:e9:07:a2:44:39:bd:60:8b:bb:35:
                    6b:55:0f:c1:08:9e:af:4f:5b:ee:9a:1b:42:5e:03:
                    38:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:85:CD:7B:49:B9:25:81:6D:3C:8F:39:86:FD:86:2F:36:08:63:AF
            X509v3 Authority Key Identifier:
                keyid:4A:04:BC:C2:FE:E1:C3:A2:E0:43:88:26:0E:10:64:4B:65:E7:01:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SgS8wv7hw6LgQ4gmDhBkS2XnAfM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/599740-b96e-49c4-b604-63f197fb1c96/1/s4XNe0m5JYFtPI85hv2GLzYIY68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/599740-b96e-49c4-b604-63f197fb1c96/1/SgS8wv7hw6LgQ4gmDhBkS2XnAfM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.148.112.0/24
                  193.143.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:d3:2a:15:e0:29:74:3a:f9:1b:82:1f:d0:4c:d6:d2:ee:07:
         05:65:66:b0:96:0e:8f:14:b4:31:e3:95:05:b5:70:96:7a:1b:
         a4:27:4a:11:a5:41:b7:2b:3b:56:09:e0:7d:c2:57:c7:8e:57:
         34:99:00:2b:bd:d1:e1:0b:80:66:fe:7e:8c:48:42:02:37:67:
         fd:c4:85:0e:cf:a4:5f:8e:4e:8b:b9:ae:09:ac:7b:5c:e1:ee:
         a1:8e:5e:0a:6d:a3:53:7d:1e:83:72:5c:c6:1d:eb:17:d0:61:
         5b:3e:80:21:aa:74:63:f4:d4:c5:3c:a0:87:08:53:7b:97:b4:
         73:85:34:8a:04:34:83:1c:34:e3:c5:ad:ab:db:65:5d:4b:ee:
         ab:32:34:19:ca:d5:34:ff:29:a2:b6:67:61:85:57:ed:1d:fb:
         cc:41:f2:fd:b8:f0:8c:83:e8:2a:2e:46:40:e9:d6:22:c5:a5:
         fb:7c:d6:1c:82:f6:d1:4d:f5:fc:5c:fd:0a:c0:c5:c2:54:02:
         51:19:e0:15:ba:57:19:40:5b:46:e3:47:ed:66:06:49:bd:32:
         65:7b:8d:44:65:ad:13:11:c6:22:82:9a:2a:7f:6d:f9:26:ba:
         3e:d5:1b:fc:fd:d2:5a:4d:37:07:ec:4f:f9:45:16:20:75:40:
         4f:74:29:da
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZbtBLPxz9b0IyITYkDlZHOZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhMDRiY2MyZmVlMWMzYTJlMDQzODgyNjBlMTA2NDRiNjVl
NzAxZjMwHhcNMjUwNTIwMDkyNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzg1Y2Q3YjQ5YjkyNTgxNmQzYzhmMzk4NmZkODYyZjM2MDg2M2FmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlj5EyqA4qH7/QPzbjzKa55WVgPIN
gljAj3I7vKIRkZMJA9pf2DgZ18O24t5MwNGCi8N1MoKflGEDO9KTmlk19uJmUIB3
WVzQhMhsa/8fp900Um06KIf2cdIUqSE5kDj7rI28sBjtWwso+qndwPoFrOTGqD9r
Y3zFS1Oj9FDW3MALZrZgeGC1R8KKD3YjdYFBMQ8ao1orIDrrRqYP+I6FFE8P5vts
csxmoecfDCzPY9BAQUuoiAHaQokoSd6HmsyM2YSkKZXT6h9waZRx+yPu3d35bdsD
6hrS6QT9Wwe1RccD4+unIOkHokQ5vWCLuzVrVQ/BCJ6vT1vumhtCXgM4vwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLOFzXtJuSWBbTyPOYb9hi82CGOvMB8GA1UdIwQY
MBaAFEoEvML+4cOi4EOIJg4QZEtl5wHzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2dTOHd2N2h3NkxnUTRnbURoQmtTMlhuQWZNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81OTk3NDAtYjk2ZS00OWM0LWI2MDQt
NjNmMTk3ZmIxYzk2LzEvczRYTmUwbTVKWUZ0UEk4NWh2MkdMellJWTY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81OTk3NDAtYjk2ZS00OWM0LWI2MDQtNjNmMTk3ZmIxYzk2
LzEvU2dTOHd2N2h3NkxnUTRnbURoQmtTMlhuQWZNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALpRwAwQA
wY97MA0GCSqGSIb3DQEBCwUAA4IBAQDP0yoV4Cl0Ovkbgh/QTNbS7gcFZWawlg6P
FLQx45UFtXCWehukJ0oRpUG3KztWCeB9wlfHjlc0mQArvdHhC4Bm/n6MSEICN2f9
xIUOz6Rfjk6Lua4JrHtc4e6hjl4KbaNTfR6DclzGHesX0GFbPoAhqnRj9NTFPKCH
CFN7l7RzhTSKBDSDHDTjxa2r22VdS+6rMjQZytU0/ymitmdhhVftHfvMQfL9uPCM
g+gqLkZA6dYixaX7fNYcgvbRTfX8XP0KwMXCVAJRGeAVulcZQFtG40ftZgZJvTJl
e41EZa0TEcYigpoqf235Jro+1Rv8/dJaTTcH7E/5RRYgdUBPdCna
-----END CERTIFICATE-----