Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Pd7_BuMRngySvCOEXZzIMz9jyRk.roa
File:                     Pd7_BuMRngySvCOEXZzIMz9jyRk.roa (raw, json)
Hash identifier:          sixeKX7UtbFferQNxLx2jnfuNmnIKZsouzMYORIygXY=
Subject key identifier:   3D:DE:FF:06:E3:11:9E:0C:92:BC:23:84:5D:9C:C8:33:3F:63:C9:19
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       0197207912F90C3619C00CBA545C176C8097
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Pd7_BuMRngySvCOEXZzIMz9jyRk.roa
Signing time:             Fri 30 May 2025 09:14:54 +0000
ROA not before:           Fri 30 May 2025 09:14:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205220
IP address blocks:        46.20.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 09:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:20:79:12:f9:0c:36:19:c0:0c:ba:54:5c:17:6c:80:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: May 30 09:14:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ddeff06e3119e0c92bc23845d9cc8333f63c919
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:a0:09:d0:1e:ca:2b:fd:fc:9c:1d:de:bc:6a:
                    c0:41:33:4a:e7:b0:e2:40:28:15:b4:d6:6d:a9:53:
                    48:0f:37:1d:4b:6c:a4:c3:6c:be:a7:fd:0e:70:73:
                    ed:33:80:75:b7:21:6c:8c:4f:92:43:26:8f:ee:58:
                    fc:93:35:d5:fe:f3:02:1f:15:bb:6b:16:ae:a5:2c:
                    1d:56:d8:6c:1f:32:5c:16:c7:90:8b:04:e2:a5:61:
                    7d:91:92:99:6e:56:e0:b1:95:12:91:f0:82:29:92:
                    a4:cd:2c:9a:26:a9:77:09:d6:9d:fa:ec:6f:e5:2b:
                    13:72:6d:e5:b7:5e:19:a4:af:36:e1:b4:ba:06:21:
                    2d:f8:8d:13:dc:48:65:a7:97:17:e7:ed:a9:23:8b:
                    6c:21:bb:00:e6:4f:f3:ee:96:68:f0:ce:57:e9:82:
                    fc:e7:70:58:34:72:29:2f:f1:51:bd:f4:d9:2c:c9:
                    2f:40:77:41:89:59:93:58:64:a7:c0:2d:5c:a9:c2:
                    49:77:f9:d1:c7:d3:8a:d2:17:5e:ee:eb:3c:93:d9:
                    da:99:88:b3:12:03:ff:59:d6:fb:5d:26:1a:e0:3d:
                    e2:86:a4:67:4d:45:74:53:19:c1:c1:80:26:89:af:
                    f2:b9:40:21:83:f3:39:12:29:77:e3:b9:b0:98:c2:
                    36:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:DE:FF:06:E3:11:9E:0C:92:BC:23:84:5D:9C:C8:33:3F:63:C9:19
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Pd7_BuMRngySvCOEXZzIMz9jyRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:5f:af:48:a0:7e:a1:0c:4f:fb:d5:14:15:36:a3:e2:0a:6a:
         f4:31:9b:f8:f4:fe:89:55:d7:25:de:22:97:34:ec:3a:d0:97:
         0d:81:83:f2:f9:e7:c0:98:64:e2:cc:1b:25:eb:07:ca:54:f3:
         05:17:ff:56:de:b0:c9:15:4c:9f:bf:d2:a9:0d:be:9a:65:02:
         10:3a:f0:25:93:ea:23:29:fc:1a:83:ca:b0:66:16:bf:db:2c:
         ab:0c:18:0f:d0:e3:20:c1:28:5a:fd:5e:1c:53:7c:4e:4a:f2:
         af:e5:13:5d:00:da:4d:fb:c1:02:58:b8:42:ff:e1:96:c0:b8:
         93:90:d5:d5:fd:d1:04:1c:73:50:d7:8c:bb:29:95:cc:7a:2f:
         9d:7e:a4:4e:cc:c1:2a:ec:12:55:0d:8f:08:a5:bc:14:b5:de:
         9c:bd:04:3d:2c:9d:a9:46:4d:49:74:93:bb:eb:99:1c:f7:79:
         ec:35:5b:75:8a:7c:26:d3:17:50:44:ab:18:f0:ca:0c:ee:73:
         d5:b5:49:45:ad:1b:7c:64:c9:31:87:ef:28:7f:6a:9f:64:0e:
         ac:54:9c:99:ac:19:61:4a:85:27:1e:9a:3f:b3:72:f9:5c:09:
         2b:57:1d:cd:f2:1f:ce:0a:88:8b:ce:96:bf:3a:db:80:81:81:
         3b:b5:07:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcgeRL5DDYZwAy6VFwXbICXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjUwNTMwMDkxNDU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGRlZmYwNmUzMTE5ZTBjOTJiYzIzODQ1ZDljYzgzMzNmNjNjOTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz6AJ0B7KK/38nB3evGrAQTNK57Di
QCgVtNZtqVNIDzcdS2ykw2y+p/0OcHPtM4B1tyFsjE+SQyaP7lj8kzXV/vMCHxW7
axaupSwdVthsHzJcFseQiwTipWF9kZKZblbgsZUSkfCCKZKkzSyaJql3Cdad+uxv
5SsTcm3lt14ZpK824bS6BiEt+I0T3Ehlp5cX5+2pI4tsIbsA5k/z7pZo8M5X6YL8
53BYNHIpL/FRvfTZLMkvQHdBiVmTWGSnwC1cqcJJd/nRx9OK0hde7us8k9namYiz
EgP/Wdb7XSYa4D3ihqRnTUV0UxnBwYAmia/yuUAhg/M5Eil347mwmMI2NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3e/wbjEZ4MkrwjhF2cyDM/Y8kZMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvUGQ3X0J1TVJuZ3lTdkNPRVhaeklNejlqeVJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhRsMA0G
CSqGSIb3DQEBCwUAA4IBAQB/X69IoH6hDE/71RQVNqPiCmr0MZv49P6JVdcl3iKX
NOw60JcNgYPy+efAmGTizBsl6wfKVPMFF/9W3rDJFUyfv9KpDb6aZQIQOvAlk+oj
Kfwag8qwZha/2yyrDBgP0OMgwSha/V4cU3xOSvKv5RNdANpN+8ECWLhC/+GWwLiT
kNXV/dEEHHNQ14y7KZXMei+dfqROzMEq7BJVDY8IpbwUtd6cvQQ9LJ2pRk1JdJO7
65kc93nsNVt1inwm0xdQRKsY8MoM7nPVtUlFrRt8ZMkxh+8of2qfZA6sVJyZrBlh
SoUnHpo/s3L5XAkrVx3N8h/OCoiLzpa/OtuAgYE7tQe/
-----END CERTIFICATE-----