Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/Geel9OdOaQ9FlrEzFHKlpiWE30U.roa
File:                     Geel9OdOaQ9FlrEzFHKlpiWE30U.roa (raw, json)
Hash identifier:          mEBGWZVn+mmpTlkiNI5Af3AFG/t42zkx+akYj/Nw/0M=
Subject key identifier:   19:E7:A5:F4:E7:4E:69:0F:45:96:B1:33:14:72:A5:A6:25:84:DF:45
Certificate issuer:       /CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
Certificate serial:       019421B2324DE682A2470D51B3DFAA54FC3F
Authority key identifier: 55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/Geel9OdOaQ9FlrEzFHKlpiWE30U.roa
Signing time:             Wed 01 Jan 2025 11:48:33 +0000
ROA not before:           Wed 01 Jan 2025 11:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206346
IP address blocks:        46.253.11.0/24 maxlen: 24
                          46.253.12.0/24 maxlen: 24
                          46.253.13.0/24 maxlen: 24
                          46.253.14.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:32:4d:e6:82:a2:47:0d:51:b3:df:aa:54:fc:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=557b0ac10b8642a27dd3d74ed6cb5ee045e67b97
        Validity
            Not Before: Jan  1 11:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=19e7a5f4e74e690f4596b1331472a5a62584df45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:ee:79:67:20:68:ea:f9:25:7b:44:de:94:69:
                    f2:fb:16:b4:7f:97:a6:ae:18:7e:5d:7b:4f:37:b5:
                    cc:1f:1c:04:41:8c:b4:8d:e9:af:40:1c:1f:ba:1d:
                    7c:18:1f:d4:77:ca:89:f2:3a:75:e5:f5:aa:8a:1e:
                    1e:4d:eb:46:df:ab:35:c7:b0:c2:19:f7:77:08:94:
                    fe:a2:2b:52:00:45:ec:93:89:76:5c:42:68:36:30:
                    b0:7d:13:ce:67:df:d7:1d:72:e1:82:a2:68:10:7e:
                    d0:94:44:ad:77:23:43:34:00:f4:06:01:ca:e1:8b:
                    38:bb:d2:92:90:b4:7e:8a:0a:2a:16:fa:3c:aa:b7:
                    3e:9e:b3:12:0d:60:4c:64:43:cd:1e:c7:a0:39:d4:
                    7d:ce:01:d9:dd:9a:50:36:ff:9b:4f:1f:47:0e:6f:
                    01:c2:f8:c5:4c:83:39:f4:57:f3:e4:cf:77:56:e9:
                    24:bb:7a:8d:a8:1b:46:91:2e:25:c6:e7:2c:62:2c:
                    7d:26:7a:17:0a:a7:cb:1b:57:9b:c3:c6:5c:34:1b:
                    e6:9c:f1:d9:8c:0f:87:7a:b9:3c:b9:76:06:e7:be:
                    e9:0b:b4:e0:cd:1d:41:7e:60:12:7d:8b:16:df:ad:
                    68:5d:54:9b:51:53:13:1b:4e:76:02:a4:81:94:6c:
                    78:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:E7:A5:F4:E7:4E:69:0F:45:96:B1:33:14:72:A5:A6:25:84:DF:45
            X509v3 Authority Key Identifier:
                keyid:55:7B:0A:C1:0B:86:42:A2:7D:D3:D7:4E:D6:CB:5E:E0:45:E6:7B:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VXsKwQuGQqJ909dO1ste4EXme5c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/Geel9OdOaQ9FlrEzFHKlpiWE30U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/5e5c30-8aa4-47e8-bd8f-fbe1a0d0aa98/1/VXsKwQuGQqJ909dO1ste4EXme5c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.11.0-46.253.14.255

    Signature Algorithm: sha256WithRSAEncryption
         36:b0:4d:bb:1b:9a:7f:75:f3:74:a5:98:6b:f0:f8:ed:2e:90:
         70:e0:fa:c9:3b:d5:e1:44:4a:52:21:c7:2c:af:07:c7:d6:27:
         73:91:e8:84:f9:9a:97:0e:b0:ff:f0:1a:11:35:ea:23:85:1b:
         f0:35:3f:fd:6f:96:5c:37:2a:38:06:7f:90:1b:10:b3:3b:c6:
         cb:c7:8c:1e:41:e5:aa:b1:3a:8d:6e:f0:84:5b:a7:d9:e5:8e:
         ef:b2:c1:6a:97:a4:f0:02:65:a8:c7:d9:18:9f:8d:ff:b4:41:
         5d:3f:39:48:f0:88:47:86:db:9a:2c:cb:4d:e5:19:0f:f5:96:
         ce:73:a1:9d:96:65:65:cc:e1:23:84:c1:a4:38:b7:68:62:eb:
         c7:06:f2:30:56:c5:a5:fb:2c:3f:5b:9f:d3:7c:5e:80:a8:b2:
         d0:3e:41:f8:89:3a:44:5c:ab:55:ec:31:93:36:36:68:11:4b:
         cf:5e:31:5f:80:0e:cb:c9:c4:34:7d:59:0c:dc:fe:86:51:19:
         17:09:b8:d5:f6:52:07:6c:90:e7:2c:3c:a0:90:fc:0e:50:9e:
         87:68:af:b6:d8:bc:a9:7d:c1:3c:cc:3d:90:ee:86:c9:8a:ed:
         45:87:c9:93:0d:b3:1d:62:1d:ac:7f:ac:ee:36:d0:c3:9e:29:
         c1:44:49:6d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQhsjJN5oKiRw1Rs9+qVPw/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1N2IwYWMxMGI4NjQyYTI3ZGQzZDc0ZWQ2Y2I1ZWUwNDVl
NjdiOTcwHhcNMjUwMTAxMTE0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWU3YTVmNGU3NGU2OTBmNDU5NmIxMzMxNDcyYTVhNjI1ODRkZjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApu55ZyBo6vkle0TelGny+xa0f5em
rhh+XXtPN7XMHxwEQYy0jemvQBwfuh18GB/Ud8qJ8jp15fWqih4eTetG36s1x7DC
Gfd3CJT+oitSAEXsk4l2XEJoNjCwfRPOZ9/XHXLhgqJoEH7QlEStdyNDNAD0BgHK
4Ys4u9KSkLR+igoqFvo8qrc+nrMSDWBMZEPNHsegOdR9zgHZ3ZpQNv+bTx9HDm8B
wvjFTIM59Ffz5M93Vukku3qNqBtGkS4lxucsYix9JnoXCqfLG1ebw8ZcNBvmnPHZ
jA+Herk8uXYG577pC7TgzR1BfmASfYsW361oXVSbUVMTG052AqSBlGx4pwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBnnpfTnTmkPRZaxMxRypaYlhN9FMB8GA1UdIwQY
MBaAFFV7CsELhkKifdPXTtbLXuBF5nuXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYt
ZmJlMWEwZDBhYTk4LzEvR2VlbDlPZE9hUTlGbHJFekZIS2xwaVdFMzBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi81ZTVjMzAtOGFhNC00N2U4LWJkOGYtZmJlMWEwZDBhYTk4
LzEvVlhzS3dRdUdRcUo5MDlkTzFzdGU0RVhtZTVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAu/QsD
BAAu/Q4wDQYJKoZIhvcNAQELBQADggEBADawTbsbmn9183SlmGvw+O0ukHDg+sk7
1eFESlIhxyyvB8fWJ3OR6IT5mpcOsP/wGhE16iOFG/A1P/1vllw3KjgGf5AbELM7
xsvHjB5B5aqxOo1u8IRbp9nlju+ywWqXpPACZajH2Rifjf+0QV0/OUjwiEeG25os
y03lGQ/1ls5zoZ2WZWXM4SOEwaQ4t2hi68cG8jBWxaX7LD9bn9N8XoCostA+QfiJ
OkRcq1XsMZM2NmgRS89eMV+ADsvJxDR9WQzc/oZRGRcJuNX2UgdskOcsPKCQ/A5Q
nodor7bYvKl9wTzMPZDuhsmK7UWHyZMNsx1iHax/rO420MOeKcFESW0=
-----END CERTIFICATE-----