Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/3BwJY1ggCivg8vAnMZhXoKRt2HU.roa
File:                     3BwJY1ggCivg8vAnMZhXoKRt2HU.roa (raw, json)
Hash identifier:          CYE79SKfOxRBHuAVjZmA0SJIDV8gkv6j/leKQUb/l2A=
Subject key identifier:   DC:1C:09:63:58:20:0A:2B:E0:F2:F0:27:31:98:57:A0:A4:6D:D8:75
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01942747D5B13D922C6E317B0A918601CFFC
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/3BwJY1ggCivg8vAnMZhXoKRt2HU.roa
Signing time:             Thu 02 Jan 2025 13:50:06 +0000
ROA not before:           Thu 02 Jan 2025 13:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212999
IP address blocks:        46.8.150.0/24 maxlen: 24
                          95.182.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:d5:b1:3d:92:2c:6e:31:7b:0a:91:86:01:cf:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 13:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dc1c096358200a2be0f2f027319857a0a46dd875
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:17:07:44:3d:4c:89:80:c5:4d:64:74:1e:b9:
                    05:9e:c4:1d:a2:15:cb:12:e6:9c:89:0b:89:83:f0:
                    a8:ed:2b:f5:fe:f0:fe:a1:3c:42:40:bb:93:aa:39:
                    7e:0d:7f:41:40:dd:cd:15:ff:d9:65:aa:ff:b0:10:
                    1d:c8:c0:99:84:14:27:fc:c6:ce:b1:6a:f6:2e:d4:
                    28:3e:7d:fd:38:22:39:cc:45:04:03:c8:1a:6d:5d:
                    ed:df:c5:00:2e:17:af:f1:d1:c7:e2:b6:5c:c4:f8:
                    ea:c9:f7:e8:31:cd:4d:cd:c8:7b:8e:89:e7:7c:3b:
                    80:6b:2c:eb:80:88:65:32:a9:36:5d:9f:a7:1f:fa:
                    bd:68:83:c4:8c:85:62:54:15:1e:d8:c2:b9:12:6e:
                    90:f9:17:b1:ce:b3:09:9c:8e:a4:4e:bd:47:a9:d9:
                    82:12:d9:37:8e:b7:cc:c9:c2:32:35:be:a7:b0:f0:
                    49:41:76:c2:db:6f:5a:58:2f:95:df:9b:2f:2c:c3:
                    1f:4b:3d:45:f6:b1:6c:3e:f7:06:66:bd:64:fb:2d:
                    32:92:d5:f7:e6:ee:95:3d:82:c9:51:d5:dd:6a:88:
                    70:a9:c4:55:34:ba:07:38:f1:ab:af:ce:e3:16:a8:
                    20:24:38:2b:67:1e:88:b0:ac:61:9a:10:c8:f9:2f:
                    a7:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:1C:09:63:58:20:0A:2B:E0:F2:F0:27:31:98:57:A0:A4:6D:D8:75
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/3BwJY1ggCivg8vAnMZhXoKRt2HU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.150.0/24
                  95.182.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b1:03:31:68:60:f5:2a:dc:8a:ae:56:d9:36:63:eb:d9:8b:f8:
         56:31:08:3a:d5:68:d0:e8:00:b8:4a:b1:87:73:18:c2:8b:cd:
         33:53:a8:fa:71:88:46:29:a7:3b:bc:c8:14:e8:40:75:88:f0:
         15:df:fd:8f:4b:df:48:bb:b3:73:1c:2e:83:bb:9d:aa:4c:b9:
         29:89:a3:f1:f2:f1:2a:60:5c:6a:cd:25:c0:47:eb:57:da:24:
         13:d7:04:4d:39:a9:2a:8d:52:e5:a3:83:a4:66:e9:4a:e6:8e:
         de:65:06:66:aa:2e:3d:d7:14:23:bb:8e:07:5d:37:0d:f0:36:
         c6:10:6d:7f:9e:95:a5:5a:14:c9:15:6f:d3:bb:9c:f7:75:07:
         78:44:03:65:5e:92:d6:bc:43:1c:fe:f1:48:95:3c:a3:b9:22:
         0a:9e:8e:01:e8:62:dd:a7:73:a0:ef:bc:25:da:c3:24:ad:80:
         07:86:0b:dc:40:eb:62:9e:6a:61:e5:53:72:66:49:6a:a1:b7:
         7e:8e:c7:7f:dd:d5:86:f0:be:d5:ac:d9:5d:a9:77:40:32:4d:
         79:a6:61:a3:c8:4c:7e:38:43:9a:c0:4e:96:bd:1f:af:8a:2c:
         ff:4a:90:fc:29:8b:a9:ab:9c:6f:17:90:c9:8a:9e:91:9a:e9:
         7c:1f:80:b6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnR9WxPZIsbjF7CpGGAc/8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwMTAyMTM1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzFjMDk2MzU4MjAwYTJiZTBmMmYwMjczMTk4NTdhMGE0NmRkODc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxcHRD1MiYDFTWR0HrkFnsQdohXL
EuaciQuJg/Co7Sv1/vD+oTxCQLuTqjl+DX9BQN3NFf/ZZar/sBAdyMCZhBQn/MbO
sWr2LtQoPn39OCI5zEUEA8gabV3t38UALhev8dHH4rZcxPjqyffoMc1Nzch7jonn
fDuAayzrgIhlMqk2XZ+nH/q9aIPEjIViVBUe2MK5Em6Q+RexzrMJnI6kTr1HqdmC
Etk3jrfMycIyNb6nsPBJQXbC229aWC+V35svLMMfSz1F9rFsPvcGZr1k+y0yktX3
5u6VPYLJUdXdaohwqcRVNLoHOPGrr87jFqggJDgrZx6IsKxhmhDI+S+nHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNwcCWNYIAor4PLwJzGYV6Ckbdh1MB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvM0J3SlkxZ2dDaXZnOHZBbk1aaFhvS1J0MkhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALgiWAwQC
X7ZoMA0GCSqGSIb3DQEBCwUAA4IBAQCxAzFoYPUq3IquVtk2Y+vZi/hWMQg61WjQ
6AC4SrGHcxjCi80zU6j6cYhGKac7vMgU6EB1iPAV3/2PS99Iu7NzHC6Du52qTLkp
iaPx8vEqYFxqzSXAR+tX2iQT1wRNOakqjVLlo4OkZulK5o7eZQZmqi491xQju44H
XTcN8DbGEG1/npWlWhTJFW/Tu5z3dQd4RANlXpLWvEMc/vFIlTyjuSIKno4B6GLd
p3Og77wl2sMkrYAHhgvcQOtinmph5VNyZklqobd+jsd/3dWG8L7VrNldqXdAMk15
pmGjyEx+OEOawE6WvR+viiz/SpD8KYupq5xvF5DJip6Rmul8H4C2
-----END CERTIFICATE-----