Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/YUWzsfvcGYX0_uMBwsz_UtSEvoQ.roa
File:                     YUWzsfvcGYX0_uMBwsz_UtSEvoQ.roa (raw, json)
Hash identifier:          I2+ZceVVB5u+gR2ocAD4lll8BHqWUKoQ7I2fsyabCm4=
Subject key identifier:   61:45:B3:B1:FB:DC:19:85:F4:FE:E3:01:C2:CC:FF:52:D4:84:BE:84
Certificate issuer:       /CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
Certificate serial:       019427B5EE5983894E09C5823B06B6A4E8EE
Authority key identifier: A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/YUWzsfvcGYX0_uMBwsz_UtSEvoQ.roa
Signing time:             Thu 02 Jan 2025 15:50:21 +0000
ROA not before:           Thu 02 Jan 2025 15:50:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212956
IP address blocks:        46.229.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:ee:59:83:89:4e:09:c5:82:3b:06:b6:a4:e8:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
        Validity
            Not Before: Jan  2 15:50:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6145b3b1fbdc1985f4fee301c2ccff52d484be84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:0f:3a:48:9c:ce:84:61:1d:38:c3:e2:b9:db:
                    40:e0:6e:7c:e4:e4:20:ce:53:22:9d:00:57:a6:b9:
                    8a:31:b9:b3:d7:ef:3e:78:6e:97:6c:0f:31:79:57:
                    6f:c2:9e:cd:7f:45:ba:79:0f:88:ed:61:a1:ff:6a:
                    bc:8d:26:eb:9e:10:08:b3:7f:6e:56:d7:95:a5:eb:
                    a5:fb:f4:0f:6e:6f:41:b7:29:57:1f:71:09:be:eb:
                    12:fb:35:71:94:c8:04:61:19:7b:17:11:0b:3f:df:
                    60:19:26:2a:99:ba:ae:00:23:1a:50:a3:5d:2c:0d:
                    e9:78:89:8c:de:01:7a:ad:b1:46:87:51:da:03:1f:
                    71:19:d5:17:0f:04:ee:ba:62:bf:b2:0e:8b:5a:e6:
                    4d:81:f1:63:22:24:f6:e6:5f:d3:e5:5d:8b:24:6f:
                    32:15:ec:73:e5:98:b8:23:af:15:c2:4e:0f:6c:19:
                    b4:06:2e:e8:8f:d5:3a:70:8c:75:55:fd:8a:ce:11:
                    5d:49:23:82:94:05:b4:c1:32:ef:9a:d4:52:7f:cd:
                    b4:93:db:ed:fd:4f:69:a4:a5:9f:5a:95:ed:ef:aa:
                    37:ca:f8:36:9f:ed:eb:43:70:7d:74:2b:b7:c9:7a:
                    51:98:a4:e1:9f:51:83:73:55:33:70:ac:b9:7d:ff:
                    c9:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:45:B3:B1:FB:DC:19:85:F4:FE:E3:01:C2:CC:FF:52:D4:84:BE:84
            X509v3 Authority Key Identifier:
                keyid:A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/YUWzsfvcGYX0_uMBwsz_UtSEvoQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.229.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:51:49:69:65:51:05:dc:b7:5d:b8:38:6e:49:33:37:ee:f6:
         b6:de:5f:d6:38:d3:b2:c1:81:0c:5d:6b:db:33:d6:64:d9:5a:
         28:ba:d0:66:76:35:3c:bb:09:dc:76:1e:b1:c6:96:c5:70:9c:
         be:65:1e:d1:aa:56:05:78:18:6c:a1:94:e7:c4:dd:4b:cc:6e:
         90:86:44:25:47:d0:5d:2b:72:84:c8:0b:18:68:4a:dc:fa:b0:
         4f:0a:49:21:a2:4a:d2:18:a3:d7:5a:ae:a8:7d:eb:bc:a1:d7:
         39:c1:ff:4a:76:05:28:1f:be:9e:a4:87:18:0b:38:35:3a:60:
         b2:19:55:98:0d:2a:84:0d:a5:8b:29:aa:5c:23:4a:90:43:53:
         c3:d1:44:20:bf:3a:72:dc:93:94:6a:8b:05:ba:fb:54:dc:f6:
         99:2f:e3:aa:bd:1e:c0:25:e6:65:98:47:6a:d5:95:d5:d5:96:
         99:3f:22:a5:cd:a7:4c:8d:58:b8:98:94:e2:63:00:35:a1:02:
         c6:37:0d:87:69:33:a3:b1:59:d1:ef:52:56:9a:1d:af:7d:42:
         b0:70:1e:79:c2:35:24:9f:10:41:04:8b:ff:43:8b:ff:a2:4e:
         b0:c1:8a:13:b6:b1:58:4e:d6:28:d3:1d:9b:23:77:ad:50:c4:
         ec:65:04:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnte5Zg4lOCcWCOwa2pOjuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YmNjMTJhZmE0ZjA1NzM5ZjQ1ZjYwNWUyMjFjNjRjM2Mw
ZDJlZDYwHhcNMjUwMTAyMTU1MDIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTQ1YjNiMWZiZGMxOTg1ZjRmZWUzMDFjMmNjZmY1MmQ0ODRiZTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjw86SJzOhGEdOMPiudtA4G585OQg
zlMinQBXprmKMbmz1+8+eG6XbA8xeVdvwp7Nf0W6eQ+I7WGh/2q8jSbrnhAIs39u
VteVpeul+/QPbm9BtylXH3EJvusS+zVxlMgEYRl7FxELP99gGSYqmbquACMaUKNd
LA3peImM3gF6rbFGh1HaAx9xGdUXDwTuumK/sg6LWuZNgfFjIiT25l/T5V2LJG8y
Fexz5Zi4I68Vwk4PbBm0Bi7oj9U6cIx1Vf2KzhFdSSOClAW0wTLvmtRSf820k9vt
/U9ppKWfWpXt76o3yvg2n+3rQ3B9dCu3yXpRmKThn1GDc1UzcKy5ff/JRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGFFs7H73BmF9P7jAcLM/1LUhL6EMB8GA1UdIwQY
MBaAFKS8wSr6TwVzn0X2BeIhxkw8DS7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2Mt
ODhiMDE2YmJkNTgxLzEvWVVXenNmdmNHWVgwX3VNQndzel9VdFNFdm9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2MtODhiMDE2YmJkNTgx
LzEvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuU/MA0G
CSqGSIb3DQEBCwUAA4IBAQCJUUlpZVEF3LdduDhuSTM37va23l/WONOywYEMXWvb
M9Zk2VooutBmdjU8uwncdh6xxpbFcJy+ZR7RqlYFeBhsoZTnxN1LzG6QhkQlR9Bd
K3KEyAsYaErc+rBPCkkhokrSGKPXWq6ofeu8odc5wf9KdgUoH76epIcYCzg1OmCy
GVWYDSqEDaWLKapcI0qQQ1PD0UQgvzpy3JOUaosFuvtU3PaZL+OqvR7AJeZlmEdq
1ZXV1ZaZPyKlzadMjVi4mJTiYwA1oQLGNw2HaTOjsVnR71JWmh2vfUKwcB55wjUk
nxBBBIv/Q4v/ok6wwYoTtrFYTtYo0x2bI3etUMTsZQQC
-----END CERTIFICATE-----