Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/gMOwF2mtPRPPpZ-NEq9tmTPMYvM.roa
File:                     gMOwF2mtPRPPpZ-NEq9tmTPMYvM.roa (raw, json)
Hash identifier:          9I06ya03N63sQNTiVWhF2hYWAac083jSJyEUOO+Wtd8=
Subject key identifier:   80:C3:B0:17:69:AD:3D:13:CF:A5:9F:8D:12:AF:6D:99:33:CC:62:F3
Certificate issuer:       /CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
Certificate serial:       019427B5EA38DAD4BA96801176E044BF9C1B
Authority key identifier: A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/gMOwF2mtPRPPpZ-NEq9tmTPMYvM.roa
Signing time:             Thu 02 Jan 2025 15:50:20 +0000
ROA not before:           Thu 02 Jan 2025 15:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204549
IP address blocks:        46.229.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 09:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:ea:38:da:d4:ba:96:80:11:76:e0:44:bf:9c:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
        Validity
            Not Before: Jan  2 15:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=80c3b01769ad3d13cfa59f8d12af6d9933cc62f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:27:40:ee:7b:0e:75:db:63:91:80:6c:32:4c:
                    5a:0e:b6:45:39:04:7c:bb:b7:2f:ef:cb:9e:8f:3e:
                    5d:31:4b:fd:50:7f:d5:56:28:7b:c1:20:51:01:09:
                    14:20:d9:4c:8f:9f:08:02:1e:10:28:98:35:85:31:
                    f6:cf:97:67:16:78:0c:2c:f3:52:29:5f:4c:cc:63:
                    14:27:50:26:75:04:61:f1:66:a0:98:e0:c9:7f:b9:
                    83:c7:dd:ac:e0:f2:fd:f0:2e:73:f2:7e:d6:2e:c2:
                    e7:39:09:9d:d2:0b:34:ac:4b:97:a8:19:6b:29:f4:
                    81:76:31:d4:09:9d:12:88:b8:d9:29:76:dd:94:87:
                    ce:58:e4:64:0e:1e:73:cb:ae:89:23:6a:ab:f4:f0:
                    10:7e:37:c2:17:eb:b5:ad:9e:46:3b:aa:8f:90:c6:
                    69:42:36:49:c9:92:c5:d2:72:de:34:a6:9f:50:00:
                    de:a4:93:dd:96:a6:4a:72:36:c5:42:9e:3b:d5:3f:
                    0c:12:79:bd:c7:88:19:79:ac:76:57:32:90:8d:c3:
                    bc:b4:de:cd:cd:92:76:fc:5f:ba:dd:0f:0c:2a:55:
                    7e:fc:22:4f:b0:83:00:3b:83:5a:48:28:e2:53:0a:
                    93:02:8f:51:6a:12:76:bb:06:9c:55:9a:b9:60:fe:
                    31:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:C3:B0:17:69:AD:3D:13:CF:A5:9F:8D:12:AF:6D:99:33:CC:62:F3
            X509v3 Authority Key Identifier:
                keyid:A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/gMOwF2mtPRPPpZ-NEq9tmTPMYvM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.229.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:90:6c:a1:a4:54:87:db:f8:61:0c:e6:77:42:91:e4:fd:72:
         bf:13:36:64:06:d0:fa:7e:b7:0b:c2:36:2a:79:f5:c9:1c:51:
         ff:60:04:90:e8:11:db:44:f3:62:ce:dc:23:77:42:0d:6b:8b:
         f3:54:80:ac:3d:77:18:1e:d4:21:bd:c4:ee:71:b4:1e:84:d4:
         e9:a7:32:aa:07:2a:44:0c:c4:07:36:32:ab:da:62:56:33:7f:
         09:d6:7b:25:db:cd:c0:e7:64:ef:ec:d3:e8:4c:1d:6c:19:97:
         52:40:4d:2e:14:a2:66:ae:76:a5:5c:a5:45:a3:da:c4:ff:bc:
         96:7b:a0:be:9f:9d:35:3b:ef:21:8d:a3:e4:e6:c8:61:8a:72:
         55:85:01:3c:d7:a5:58:0a:33:af:50:60:a2:c2:b0:39:77:3b:
         3e:9d:18:d6:50:2f:5c:a1:c6:7d:83:63:12:c1:f6:1a:51:d5:
         eb:9e:4d:c6:03:6c:d5:eb:9d:af:5c:4c:44:a9:22:5f:3a:7b:
         8a:2d:5b:3f:28:05:15:48:b7:f7:a3:02:f4:5d:fc:f7:f0:7b:
         d0:48:8c:58:e0:0c:14:5b:a2:e9:85:c1:56:a1:17:05:04:90:
         3f:b5:2f:3a:2f:f1:da:bd:99:ee:a5:96:69:be:72:0d:46:aa:
         f2:f4:73:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnteo42tS6loARduBEv5wbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YmNjMTJhZmE0ZjA1NzM5ZjQ1ZjYwNWUyMjFjNjRjM2Mw
ZDJlZDYwHhcNMjUwMTAyMTU1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGMzYjAxNzY5YWQzZDEzY2ZhNTlmOGQxMmFmNmQ5OTMzY2M2MmYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSdA7nsOddtjkYBsMkxaDrZFOQR8
u7cv78uejz5dMUv9UH/VVih7wSBRAQkUINlMj58IAh4QKJg1hTH2z5dnFngMLPNS
KV9MzGMUJ1AmdQRh8WagmODJf7mDx92s4PL98C5z8n7WLsLnOQmd0gs0rEuXqBlr
KfSBdjHUCZ0SiLjZKXbdlIfOWORkDh5zy66JI2qr9PAQfjfCF+u1rZ5GO6qPkMZp
QjZJyZLF0nLeNKafUADepJPdlqZKcjbFQp471T8MEnm9x4gZeax2VzKQjcO8tN7N
zZJ2/F+63Q8MKlV+/CJPsIMAO4NaSCjiUwqTAo9RahJ2uwacVZq5YP4x1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIDDsBdprT0Tz6WfjRKvbZkzzGLzMB8GA1UdIwQY
MBaAFKS8wSr6TwVzn0X2BeIhxkw8DS7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2Mt
ODhiMDE2YmJkNTgxLzEvZ01Pd0YybXRQUlBQcFotTkVxOXRtVFBNWXZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2MtODhiMDE2YmJkNTgx
LzEvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuU4MA0G
CSqGSIb3DQEBCwUAA4IBAQBrkGyhpFSH2/hhDOZ3QpHk/XK/EzZkBtD6frcLwjYq
efXJHFH/YASQ6BHbRPNiztwjd0INa4vzVICsPXcYHtQhvcTucbQehNTppzKqBypE
DMQHNjKr2mJWM38J1nsl283A52Tv7NPoTB1sGZdSQE0uFKJmrnalXKVFo9rE/7yW
e6C+n501O+8hjaPk5shhinJVhQE816VYCjOvUGCiwrA5dzs+nRjWUC9cocZ9g2MS
wfYaUdXrnk3GA2zV652vXExEqSJfOnuKLVs/KAUVSLf3owL0Xfz38HvQSIxY4AwU
W6LphcFWoRcFBJA/tS86L/HavZnupZZpvnINRqry9HOG
-----END CERTIFICATE-----