Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/S-GpZ0cUT9WZZ8eO1IWsTap7xkQ.roa
File:                     S-GpZ0cUT9WZZ8eO1IWsTap7xkQ.roa (raw, json)
Hash identifier:          Ds4Y8WORYq+aD/0ZXh+KB36xNNN4qXTrJy+9JwXAVTU=
Subject key identifier:   4B:E1:A9:67:47:14:4F:D5:99:67:C7:8E:D4:85:AC:4D:AA:7B:C6:44
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01942747BBBEF74491B4AFCD976781BBDE91
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/S-GpZ0cUT9WZZ8eO1IWsTap7xkQ.roa
Signing time:             Thu 02 Jan 2025 13:50:00 +0000
ROA not before:           Thu 02 Jan 2025 13:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8342
IP address blocks:        46.8.4.0/24 maxlen: 24
                          188.130.200.0/22 maxlen: 22
                          188.130.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:bb:be:f7:44:91:b4:af:cd:97:67:81:bb:de:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 13:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4be1a96747144fd59967c78ed485ac4daa7bc644
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:b4:8d:b7:88:fc:da:34:aa:bb:51:45:8f:a6:
                    76:6b:9c:21:74:7d:cb:7f:21:17:4e:0c:84:80:31:
                    d4:d1:2b:29:01:12:59:e1:2e:d1:6e:72:69:e3:6b:
                    9b:7e:73:f5:10:ed:99:32:e3:fc:e0:36:a2:86:a6:
                    18:bd:2e:d7:8d:c2:c8:f3:9b:15:35:c9:21:85:a4:
                    2b:c1:05:c0:60:c7:4a:ef:0c:48:1b:a9:35:71:01:
                    16:61:3a:69:41:b0:88:c7:a9:a8:7e:a9:b3:7c:3f:
                    85:17:dc:1a:5b:ea:19:12:32:d3:3e:30:de:98:d8:
                    c4:d2:90:63:e1:21:fc:6e:e7:d2:ae:ea:b9:27:11:
                    2b:6c:21:7c:65:bf:20:7a:4b:ad:e2:32:ca:2c:fd:
                    85:15:64:ce:9b:75:1b:1e:64:a6:18:00:92:7a:46:
                    f8:b2:74:7f:6a:41:d6:83:ab:34:17:67:27:c4:c4:
                    9b:5e:b5:bc:05:22:49:70:fe:5e:f3:a5:8e:68:b8:
                    7e:d9:5c:76:8d:61:c5:3a:8f:81:a6:1c:b4:d9:5f:
                    86:31:f2:68:c0:bf:2c:8d:16:01:a8:9b:87:45:0a:
                    ee:26:83:77:1b:81:71:b4:26:f4:3c:c3:92:75:1c:
                    89:b4:f7:40:54:9b:b1:7c:28:f7:b9:62:9a:32:14:
                    80:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:E1:A9:67:47:14:4F:D5:99:67:C7:8E:D4:85:AC:4D:AA:7B:C6:44
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/S-GpZ0cUT9WZZ8eO1IWsTap7xkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.4.0/24
                  188.130.200.0-188.130.204.255

    Signature Algorithm: sha256WithRSAEncryption
         55:be:0f:f8:bb:de:f1:05:83:ad:63:02:7b:68:33:f8:32:39:
         f3:16:90:39:ba:cd:1e:ee:df:05:37:57:06:f8:82:14:74:a7:
         c9:db:2a:0c:60:6c:e3:b4:90:31:93:3a:ee:02:01:01:15:3e:
         03:f3:5f:3f:ea:70:2b:0b:75:5e:3e:fa:b5:b3:7d:21:3e:a3:
         53:70:64:d5:b7:98:b8:74:9c:47:6c:f3:b8:bb:3a:fe:42:ef:
         44:87:90:61:d1:62:be:7f:bf:e2:bd:1c:2a:b9:5b:86:0b:e2:
         d3:bb:68:cb:06:56:b6:af:9b:ca:4a:67:c2:94:10:26:2f:e0:
         07:20:56:ae:62:56:c0:c8:2a:cb:79:9b:fc:b1:10:45:bb:c9:
         8b:c3:11:c8:10:b1:ca:ff:a4:c0:6d:c5:25:77:ba:08:18:4b:
         ad:ea:7b:03:a3:3b:3c:a8:66:15:22:70:94:fd:15:0c:89:88:
         80:87:6d:ea:2f:23:0e:eb:88:ed:ec:e7:0d:e4:80:dd:52:d5:
         46:ea:ea:40:fa:39:60:6c:59:0c:d9:a5:01:8c:5a:fb:9a:49:
         b2:db:a7:27:4a:64:93:48:62:89:db:d6:9d:bf:7c:0a:26:be:
         81:b1:b5:08:7e:cf:f6:85:ed:b9:ec:f7:38:d3:e6:83:49:5b:
         df:85:9c:bb
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZQnR7u+90SRtK/Nl2eBu96RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwMTAyMTM1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmUxYTk2NzQ3MTQ0ZmQ1OTk2N2M3OGVkNDg1YWM0ZGFhN2JjNjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy7SNt4j82jSqu1FFj6Z2a5whdH3L
fyEXTgyEgDHU0SspARJZ4S7RbnJp42ubfnP1EO2ZMuP84DaihqYYvS7XjcLI85sV
NckhhaQrwQXAYMdK7wxIG6k1cQEWYTppQbCIx6mofqmzfD+FF9waW+oZEjLTPjDe
mNjE0pBj4SH8bufSruq5JxErbCF8Zb8gekut4jLKLP2FFWTOm3UbHmSmGACSekb4
snR/akHWg6s0F2cnxMSbXrW8BSJJcP5e86WOaLh+2Vx2jWHFOo+Bphy02V+GMfJo
wL8sjRYBqJuHRQruJoN3G4FxtCb0PMOSdRyJtPdAVJuxfCj3uWKaMhSA5wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFEvhqWdHFE/VmWfHjtSFrE2qe8ZEMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvUy1HcFowY1VUOVdaWjhlTzFJV3NUYXA3eGtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQALggEMAwD
BAO8gsgDBAC8gswwDQYJKoZIhvcNAQELBQADggEBAFW+D/i73vEFg61jAntoM/gy
OfMWkDm6zR7u3wU3Vwb4ghR0p8nbKgxgbOO0kDGTOu4CAQEVPgPzXz/qcCsLdV4+
+rWzfSE+o1NwZNW3mLh0nEds87i7Ov5C70SHkGHRYr5/v+K9HCq5W4YL4tO7aMsG
Vravm8pKZ8KUECYv4AcgVq5iVsDIKst5m/yxEEW7yYvDEcgQscr/pMBtxSV3uggY
S63qewOjOzyoZhUicJT9FQyJiICHbeovIw7riO3s5w3kgN1S1Ubq6kD6OWBsWQzZ
pQGMWvuaSbLbpydKZJNIYonb1p2/fAomvoGxtQh+z/aF7bns9zjT5oNJW9+FnLs=
-----END CERTIFICATE-----