Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/TZbwttc2wd1qBqJe7XxjNA4iSC4.roa
File:                     TZbwttc2wd1qBqJe7XxjNA4iSC4.roa (raw, json)
Hash identifier:          E9NwJDKrYJr8Pedd4e6Ov1+ycD+Mn5y6yyxbRDnnG2o=
Subject key identifier:   4D:96:F0:B6:D7:36:C1:DD:6A:06:A2:5E:ED:7C:63:34:0E:22:48:2E
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       01942747D24B1EFDAB1EE2A3727380DF9BC5
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/TZbwttc2wd1qBqJe7XxjNA4iSC4.roa
Signing time:             Thu 02 Jan 2025 13:50:05 +0000
ROA not before:           Thu 02 Jan 2025 13:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206424
IP address blocks:        46.8.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:d2:4b:1e:fd:ab:1e:e2:a3:72:73:80:df:9b:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 13:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4d96f0b6d736c1dd6a06a25eed7c63340e22482e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:c6:3e:db:90:a3:43:f3:e4:2b:c3:52:09:22:
                    27:30:ad:55:9a:26:cf:3f:75:71:6c:19:cb:4f:78:
                    48:39:86:80:e5:d5:31:4a:bd:16:c5:ca:96:5c:82:
                    36:03:0f:18:4d:89:3f:c0:d5:98:d7:9e:09:98:06:
                    84:5a:a3:bb:f5:e5:11:14:2a:3d:8c:ef:ab:3b:40:
                    2b:19:d0:06:4d:e7:33:e3:1e:49:3c:ba:4a:75:a6:
                    ca:c7:39:5c:0c:60:5d:81:f0:0f:59:a9:f3:06:81:
                    de:19:26:e8:f6:7d:15:f3:3d:74:26:c4:85:97:c3:
                    3a:e9:2f:55:3e:64:9c:ad:18:5c:c2:35:72:6c:2d:
                    8e:1e:be:94:42:b2:96:13:2e:25:74:51:b5:04:f9:
                    0e:ed:09:ca:66:bb:55:13:ed:a4:e5:6d:de:2e:70:
                    6f:45:45:93:ce:d9:2f:c2:6e:ce:b3:ec:a5:4f:5c:
                    4d:e9:13:99:f9:7b:fc:0a:5d:97:82:20:ef:df:8a:
                    09:39:57:46:8a:60:90:d6:fe:60:d7:62:1b:b7:45:
                    f5:e2:6f:a5:3e:b8:1d:d7:e1:48:0e:cf:97:1a:d2:
                    7a:eb:1f:bd:cc:9d:63:76:06:a3:9b:ee:bd:73:25:
                    93:2e:0a:90:0d:54:74:0d:9b:ca:09:31:94:80:b6:
                    77:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:96:F0:B6:D7:36:C1:DD:6A:06:A2:5E:ED:7C:63:34:0E:22:48:2E
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/TZbwttc2wd1qBqJe7XxjNA4iSC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:d9:c5:5e:4a:5e:05:a5:99:8d:a2:8d:36:b6:a3:34:51:bf:
         0f:eb:de:54:f2:e5:91:75:b8:5b:bb:08:a1:63:74:1a:3b:67:
         c1:03:d1:aa:ec:be:d7:57:0b:ed:4a:16:ff:28:66:fd:98:d6:
         4d:fb:80:af:09:31:a9:b0:6b:ee:27:60:ea:10:c3:0c:1d:03:
         6a:58:22:f9:f7:37:97:1b:f8:ba:bf:03:f2:6b:2f:de:da:80:
         95:a8:99:d9:e1:50:07:ea:37:e0:c7:eb:6e:1c:f2:b0:ce:c3:
         43:2f:e3:2c:2f:a1:da:ad:9a:fe:61:c4:f9:4f:bb:8a:7a:9b:
         1d:65:13:2b:11:5d:af:09:38:bf:3d:9a:e2:b1:f2:9e:60:51:
         1e:8d:09:4c:12:81:ad:bf:47:15:83:61:16:e8:47:53:3e:9e:
         13:d6:00:19:16:2b:2a:9d:e9:d2:5c:1b:88:50:0a:d8:e3:91:
         69:34:c8:e9:99:27:ad:9c:22:d7:5b:6e:56:12:c9:75:8c:ad:
         5f:e0:62:31:be:c8:ae:5e:b3:f4:84:60:39:51:a0:f5:5d:26:
         6d:b2:6f:ae:d6:4f:5a:d3:5f:39:32:b1:ec:6b:5d:dc:ed:6a:
         70:b3:57:31:c3:4d:3e:0e:4a:04:bc:fa:db:18:26:b4:6d:64:
         16:a3:47:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR9JLHv2rHuKjcnOA35vFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjUwMTAyMTM1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDk2ZjBiNmQ3MzZjMWRkNmEwNmEyNWVlZDdjNjMzNDBlMjI0ODJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMY+25CjQ/PkK8NSCSInMK1VmibP
P3VxbBnLT3hIOYaA5dUxSr0WxcqWXII2Aw8YTYk/wNWY154JmAaEWqO79eURFCo9
jO+rO0ArGdAGTecz4x5JPLpKdabKxzlcDGBdgfAPWanzBoHeGSbo9n0V8z10JsSF
l8M66S9VPmScrRhcwjVybC2OHr6UQrKWEy4ldFG1BPkO7QnKZrtVE+2k5W3eLnBv
RUWTztkvwm7Os+ylT1xN6ROZ+Xv8Cl2XgiDv34oJOVdGimCQ1v5g12Ibt0X14m+l
Prgd1+FIDs+XGtJ66x+9zJ1jdgajm+69cyWTLgqQDVR0DZvKCTGUgLZ3kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE2W8LbXNsHdagaiXu18YzQOIkguMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvVFpid3R0YzJ3ZDFxQnFKZTdYeGpOQTRpU0M0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALggbMA0G
CSqGSIb3DQEBCwUAA4IBAQBL2cVeSl4FpZmNoo02tqM0Ub8P695U8uWRdbhbuwih
Y3QaO2fBA9Gq7L7XVwvtShb/KGb9mNZN+4CvCTGpsGvuJ2DqEMMMHQNqWCL59zeX
G/i6vwPyay/e2oCVqJnZ4VAH6jfgx+tuHPKwzsNDL+MsL6HarZr+YcT5T7uKepsd
ZRMrEV2vCTi/PZrisfKeYFEejQlMEoGtv0cVg2EW6EdTPp4T1gAZFisqnenSXBuI
UArY45FpNMjpmSetnCLXW25WEsl1jK1f4GIxvsiuXrP0hGA5UaD1XSZtsm+u1k9a
0185MrHsa13c7Wpws1cxw00+DkoEvPrbGCa0bWQWo0fk
-----END CERTIFICATE-----