Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/dP7R-pLAHJv2fxQ8stLMnaNCaIU.roa
File:                     dP7R-pLAHJv2fxQ8stLMnaNCaIU.roa (raw, json)
Hash identifier:          ttCIQ6x9upS1QYi3S99yjmOdJpA4nSRRgEVZ9+6A5jo=
Subject key identifier:   74:FE:D1:FA:92:C0:1C:9B:F6:7F:14:3C:B2:D2:CC:9D:A3:42:68:85
Certificate issuer:       /CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
Certificate serial:       019427B5E9113EA190AF38C1DA95D24A1711
Authority key identifier: A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/dP7R-pLAHJv2fxQ8stLMnaNCaIU.roa
Signing time:             Thu 02 Jan 2025 15:50:20 +0000
ROA not before:           Thu 02 Jan 2025 15:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201041
IP address blocks:        46.229.60.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 02:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:e9:11:3e:a1:90:af:38:c1:da:95:d2:4a:17:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
        Validity
            Not Before: Jan  2 15:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74fed1fa92c01c9bf67f143cb2d2cc9da3426885
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b6:18:a6:77:5f:3f:d1:93:f5:08:32:c5:c0:
                    ad:7c:32:56:1f:3d:d7:1e:3e:2f:10:35:1d:ec:7a:
                    42:a0:c1:f3:13:c3:b0:fb:19:7c:0b:71:a1:6c:58:
                    75:dc:d8:3c:04:8c:3b:88:c2:97:fd:72:45:7e:c3:
                    ea:5c:b7:39:d5:b9:26:39:72:37:57:8e:f1:e8:28:
                    b7:90:80:c3:2b:a1:b9:ce:cd:43:0f:6f:5f:8d:0a:
                    b2:f6:46:42:06:78:4e:21:70:74:1b:c5:bd:3d:9e:
                    a1:86:08:03:aa:aa:47:63:3e:53:c8:93:50:70:53:
                    2b:b9:97:1a:b9:b6:90:31:5f:53:9c:05:58:16:01:
                    47:8b:ec:88:4a:2a:98:76:18:11:79:0e:4c:51:30:
                    f8:57:c7:99:fb:c2:b9:fd:4e:01:5a:f7:5e:35:a6:
                    cd:23:89:36:87:a4:eb:1b:4a:aa:65:26:0c:e0:68:
                    3d:a7:d2:cb:07:0d:06:09:3e:a4:19:3a:7d:da:95:
                    21:3b:3e:f5:66:50:79:65:53:3f:35:89:9b:bf:ff:
                    20:70:14:99:e3:c5:d3:09:ef:a1:f7:8f:6e:c8:34:
                    23:56:9b:fe:62:fa:d0:f9:15:0a:ff:57:33:dd:b6:
                    ad:fd:fa:02:15:ea:7c:3f:cb:a0:e9:19:cf:c6:bf:
                    67:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:FE:D1:FA:92:C0:1C:9B:F6:7F:14:3C:B2:D2:CC:9D:A3:42:68:85
            X509v3 Authority Key Identifier:
                keyid:A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/dP7R-pLAHJv2fxQ8stLMnaNCaIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.229.60.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:16:64:15:1d:3c:61:0d:36:8e:58:65:e3:1e:b1:14:9f:fc:
         a3:8a:33:95:58:72:2a:39:b5:90:7f:9f:1c:ce:f4:55:bf:fe:
         3a:9b:f4:e2:b0:9f:b4:da:62:9c:7c:d2:b0:67:73:27:8e:66:
         33:5a:09:a7:06:04:b2:2b:82:cf:8e:24:7e:3a:7f:23:b6:be:
         8e:5d:27:ef:3c:ca:ed:a6:05:21:cb:12:7b:8f:d8:b9:02:48:
         64:51:c4:c3:77:97:f8:56:46:60:92:00:6a:75:63:a5:a9:c4:
         e8:87:1d:94:2d:97:29:52:04:09:30:f1:d6:5f:26:cb:b8:de:
         56:ed:e1:af:8b:bf:dd:7f:8b:c0:13:77:2e:55:6c:2a:54:85:
         6f:62:e8:ec:c3:28:9c:61:0c:fb:a4:d5:85:88:49:ea:36:67:
         4e:94:5f:20:d1:f9:b7:fc:90:e7:d0:aa:51:92:86:fb:aa:a4:
         98:af:25:4e:ca:bf:bf:6e:07:24:54:d5:ac:47:84:a8:62:fa:
         94:94:77:6d:94:f7:a9:9c:1d:98:65:bb:72:80:a9:a3:80:1c:
         74:5f:17:b2:b6:10:f1:55:34:4e:d4:a1:4e:23:07:94:b3:ad:
         18:02:d3:d8:dd:37:bd:b2:6d:90:8c:0f:81:76:0c:8a:61:78:
         3c:50:b7:5e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntekRPqGQrzjB2pXSShcRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YmNjMTJhZmE0ZjA1NzM5ZjQ1ZjYwNWUyMjFjNjRjM2Mw
ZDJlZDYwHhcNMjUwMTAyMTU1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGZlZDFmYTkyYzAxYzliZjY3ZjE0M2NiMmQyY2M5ZGEzNDI2ODg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsrYYpndfP9GT9QgyxcCtfDJWHz3X
Hj4vEDUd7HpCoMHzE8Ow+xl8C3GhbFh13Ng8BIw7iMKX/XJFfsPqXLc51bkmOXI3
V47x6Ci3kIDDK6G5zs1DD29fjQqy9kZCBnhOIXB0G8W9PZ6hhggDqqpHYz5TyJNQ
cFMruZcaubaQMV9TnAVYFgFHi+yISiqYdhgReQ5MUTD4V8eZ+8K5/U4BWvdeNabN
I4k2h6TrG0qqZSYM4Gg9p9LLBw0GCT6kGTp92pUhOz71ZlB5ZVM/NYmbv/8gcBSZ
48XTCe+h949uyDQjVpv+YvrQ+RUK/1cz3bat/foCFep8P8ug6RnPxr9nSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHT+0fqSwByb9n8UPLLSzJ2jQmiFMB8GA1UdIwQY
MBaAFKS8wSr6TwVzn0X2BeIhxkw8DS7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2Mt
ODhiMDE2YmJkNTgxLzEvZFA3Ui1wTEFISnYyZnhROHN0TE1uYU5DYUlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2MtODhiMDE2YmJkNTgx
LzEvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuU8MA0G
CSqGSIb3DQEBCwUAA4IBAQCpFmQVHTxhDTaOWGXjHrEUn/yjijOVWHIqObWQf58c
zvRVv/46m/TisJ+02mKcfNKwZ3MnjmYzWgmnBgSyK4LPjiR+On8jtr6OXSfvPMrt
pgUhyxJ7j9i5AkhkUcTDd5f4VkZgkgBqdWOlqcTohx2ULZcpUgQJMPHWXybLuN5W
7eGvi7/df4vAE3cuVWwqVIVvYujswyicYQz7pNWFiEnqNmdOlF8g0fm3/JDn0KpR
kob7qqSYryVOyr+/bgckVNWsR4SoYvqUlHdtlPepnB2YZbtygKmjgBx0XxeythDx
VTRO1KFOIweUs60YAtPY3Te9sm2QjA+BdgyKYXg8ULde
-----END CERTIFICATE-----