Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/Fb0skEyX6qOFH4mxiCD0y38K50g.roa
File:                     Fb0skEyX6qOFH4mxiCD0y38K50g.roa (raw, json)
Hash identifier:          WuLRLLi+4HFH3PUcwNxaQ3ghnNVvZQgN47f0xDAHYEw=
Subject key identifier:   15:BD:2C:90:4C:97:EA:A3:85:1F:89:B1:88:20:F4:CB:7F:0A:E7:48
Certificate issuer:       /CN=1062bc36512658a0f7d3f96bc1d8e67d9fd4918b
Certificate serial:       01942520A5842ECF1AB7431A7AF1861C3988
Authority key identifier: 10:62:BC:36:51:26:58:A0:F7:D3:F9:6B:C1:D8:E6:7D:9F:D4:91:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/Fb0skEyX6qOFH4mxiCD0y38K50g.roa
Signing time:             Thu 02 Jan 2025 03:48:04 +0000
ROA not before:           Thu 02 Jan 2025 03:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197297
IP address blocks:        46.253.144.0/20 maxlen: 24
                          46.253.145.0/24 maxlen: 24
                          195.245.86.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:20:a5:84:2e:cf:1a:b7:43:1a:7a:f1:86:1c:39:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1062bc36512658a0f7d3f96bc1d8e67d9fd4918b
        Validity
            Not Before: Jan  2 03:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15bd2c904c97eaa3851f89b18820f4cb7f0ae748
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:9a:95:29:ee:e4:05:83:76:b9:32:c0:fb:92:
                    91:8f:b4:42:a1:66:96:34:8b:86:8c:f9:ae:85:72:
                    5a:33:94:6b:77:1d:f7:c4:1d:30:4c:22:6c:32:63:
                    ee:c5:d2:ac:a2:d3:e8:f0:da:5a:8f:64:64:0e:c2:
                    51:89:dc:91:30:9d:56:42:86:15:de:34:a8:d2:10:
                    59:e9:09:32:bf:9d:bc:46:8e:5d:db:b8:29:db:7c:
                    10:78:1e:7b:ef:90:90:0e:a7:52:28:11:02:2b:0d:
                    4f:1b:73:00:bf:7a:94:18:69:7d:d0:94:14:80:56:
                    8b:c7:4d:bb:39:20:6a:04:6e:78:17:6e:b0:c3:16:
                    86:1d:59:ab:7e:90:5a:c8:e7:a8:86:9f:0f:74:2b:
                    cb:fd:aa:cc:d7:ef:df:80:5b:af:cd:63:10:bd:df:
                    42:94:db:8d:99:10:19:4a:f7:2e:86:f8:70:13:92:
                    e0:d1:8a:40:e0:b3:ee:aa:84:f4:03:98:63:a6:b8:
                    30:b0:04:2f:b9:12:a5:5a:b4:4d:8e:71:0c:23:11:
                    45:a3:a0:11:22:1f:86:3b:92:c8:60:24:0a:5a:85:
                    c1:73:7f:ef:44:ca:43:e9:e2:c4:8d:e4:a7:e8:cd:
                    10:aa:56:80:2a:93:2b:f3:0e:0e:e4:e4:84:80:80:
                    0d:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:BD:2C:90:4C:97:EA:A3:85:1F:89:B1:88:20:F4:CB:7F:0A:E7:48
            X509v3 Authority Key Identifier:
                keyid:10:62:BC:36:51:26:58:A0:F7:D3:F9:6B:C1:D8:E6:7D:9F:D4:91:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/Fb0skEyX6qOFH4mxiCD0y38K50g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.144.0/20
                  195.245.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:4b:57:8a:d7:0b:e3:f0:44:88:58:98:58:02:de:a9:d7:fa:
         d8:d0:7d:0b:9c:7b:b7:a5:32:63:0a:03:33:12:ab:56:76:98:
         04:4a:83:a1:fb:09:d6:d1:49:cb:5d:c5:9a:45:88:8a:69:b7:
         01:ce:e2:90:53:df:c8:45:8f:1b:a2:f9:b9:ae:8c:a1:c7:47:
         d7:02:2c:76:52:61:a9:6e:df:b7:6d:83:ad:31:53:04:ba:c6:
         53:d7:58:01:87:68:53:69:4a:7b:fa:99:1c:da:20:72:f3:27:
         37:04:fb:b3:ee:8b:4d:62:df:42:3b:d3:9a:54:18:07:62:7d:
         e0:43:3e:98:d2:8e:0c:11:6f:a2:5c:ac:69:61:6b:81:a5:85:
         70:a6:97:07:3e:6e:69:6a:e7:67:31:ba:c6:6a:9d:1f:34:fd:
         e5:cf:a6:ff:34:85:72:1c:97:34:8e:96:46:7b:86:e0:2a:8b:
         30:3a:15:a8:4b:22:f6:0f:3c:b6:e5:3a:5f:ed:70:78:dd:ab:
         4f:20:25:b7:f8:e5:df:fc:23:0b:09:68:4c:e1:b8:eb:e6:6e:
         f9:51:90:35:9d:25:d0:f2:7b:a7:8b:7e:db:87:ae:6b:4f:02:
         31:65:60:48:9d:f2:37:e2:82:2d:62:4d:e4:6c:3c:2d:2e:30:
         bf:44:41:fb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIKWELs8at0MaevGGHDmIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNjJiYzM2NTEyNjU4YTBmN2QzZjk2YmMxZDhlNjdkOWZk
NDkxOGIwHhcNMjUwMTAyMDM0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWJkMmM5MDRjOTdlYWEzODUxZjg5YjE4ODIwZjRjYjdmMGFlNzQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7ZqVKe7kBYN2uTLA+5KRj7RCoWaW
NIuGjPmuhXJaM5Rrdx33xB0wTCJsMmPuxdKsotPo8Npaj2RkDsJRidyRMJ1WQoYV
3jSo0hBZ6Qkyv528Ro5d27gp23wQeB5775CQDqdSKBECKw1PG3MAv3qUGGl90JQU
gFaLx027OSBqBG54F26wwxaGHVmrfpBayOeohp8PdCvL/arM1+/fgFuvzWMQvd9C
lNuNmRAZSvcuhvhwE5Lg0YpA4LPuqoT0A5hjprgwsAQvuRKlWrRNjnEMIxFFo6AR
Ih+GO5LIYCQKWoXBc3/vRMpD6eLEjeSn6M0QqlaAKpMr8w4O5OSEgIANbwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBW9LJBMl+qjhR+JsYgg9Mt/CudIMB8GA1UdIwQY
MBaAFBBivDZRJlig99P5a8HY5n2f1JGLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUdLOE5sRW1XS0QzMF9scndkam1mWl9Va1lzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC82NjllYmYtZWU3Zi00ZWI3LTg0ODYt
OTVhZDkyYWM4Njk4LzEvRmIwc2tFeVg2cU9GSDRteGlDRDB5MzhLNTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC82NjllYmYtZWU3Zi00ZWI3LTg0ODYtOTVhZDkyYWM4Njk4
LzEvRUdLOE5sRW1XS0QzMF9scndkam1mWl9Va1lzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQELv2QAwQB
w/VWMA0GCSqGSIb3DQEBCwUAA4IBAQASS1eK1wvj8ESIWJhYAt6p1/rY0H0LnHu3
pTJjCgMzEqtWdpgESoOh+wnW0UnLXcWaRYiKabcBzuKQU9/IRY8bovm5royhx0fX
Aix2UmGpbt+3bYOtMVMEusZT11gBh2hTaUp7+pkc2iBy8yc3BPuz7otNYt9CO9Oa
VBgHYn3gQz6Y0o4MEW+iXKxpYWuBpYVwppcHPm5paudnMbrGap0fNP3lz6b/NIVy
HJc0jpZGe4bgKoswOhWoSyL2Dzy25Tpf7XB43atPICW3+OXf/CMLCWhM4bjr5m75
UZA1nSXQ8nuni37bh65rTwIxZWBInfI34oItYk3kbDwtLjC/REH7
-----END CERTIFICATE-----