Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/bY4P4LUPYCoJ3-r9hbLNPZIggq8.roa
File:                     bY4P4LUPYCoJ3-r9hbLNPZIggq8.roa (raw, json)
Hash identifier:          PgBLJzHZ5BgbH+4nJ7IJI/cGJalRaLBJXt+40Zyue94=
Subject key identifier:   6D:8E:0F:E0:B5:0F:60:2A:09:DF:EA:FD:85:B2:CD:3D:92:20:82:AF
Certificate issuer:       /CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
Certificate serial:       01919DD630D394D2A481D206DA27039381F4
Authority key identifier: 6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/bY4P4LUPYCoJ3-r9hbLNPZIggq8.roa
Signing time:             Thu 29 Aug 2024 11:12:25 +0000
ROA not before:           Thu 29 Aug 2024 11:12:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52374
IP address blocks:        2.20.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9d:d6:30:d3:94:d2:a4:81:d2:06:da:27:03:93:81:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5fcbbea48937a442babdb3302132c4bc9bd6aa
        Validity
            Not Before: Aug 29 11:12:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6d8e0fe0b50f602a09dfeafd85b2cd3d922082af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:57:78:bf:23:96:51:4d:c0:32:66:03:dc:f9:
                    2b:60:1d:98:68:a6:55:d6:d8:7b:4b:3e:6e:de:4a:
                    fa:c8:b0:ba:76:99:2c:23:f6:bd:40:aa:cf:74:b5:
                    1f:14:19:30:ad:d7:57:b5:57:d0:08:5e:18:98:c8:
                    59:42:ce:32:de:9e:dd:54:04:c6:9c:63:28:fc:83:
                    1a:47:14:df:18:f2:a7:9d:c8:6f:69:50:b9:c1:83:
                    04:78:87:1b:5b:46:a0:4f:fa:b4:4e:8a:c7:af:3e:
                    76:b7:0b:00:f2:47:ff:2f:c0:29:4e:d6:37:9d:c8:
                    94:5d:ae:57:ad:82:96:25:5f:7d:69:8a:29:1b:e7:
                    40:ae:31:b9:e9:3d:78:82:75:88:b8:7e:4c:6d:54:
                    42:39:fb:64:48:0a:0e:41:48:58:4a:f2:d5:50:62:
                    9f:3a:93:99:55:d7:cf:e9:75:1c:00:83:48:b1:e0:
                    3e:7e:65:c0:fd:10:e0:68:ad:c4:33:61:97:a1:7f:
                    d5:21:25:fc:fa:62:13:d1:c4:a9:42:36:f3:04:2b:
                    da:c6:15:0f:f9:5a:5a:79:62:78:17:c5:5f:a0:d4:
                    41:eb:25:ac:48:dc:34:27:b4:fb:cb:c8:74:c2:ac:
                    ee:7c:7d:e9:63:22:6c:1a:a9:5c:a0:fb:da:e8:8b:
                    f8:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:8E:0F:E0:B5:0F:60:2A:09:DF:EA:FD:85:B2:CD:3D:92:20:82:AF
            X509v3 Authority Key Identifier:
                keyid:6B:5F:CB:BE:A4:89:37:A4:42:BA:BD:B3:30:21:32:C4:BC:9B:D6:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1_LvqSJN6RCur2zMCEyxLyb1qo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/bY4P4LUPYCoJ3-r9hbLNPZIggq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/042188-dfb6-4ad4-91a4-88d1cac9e4f1/1/a1_LvqSJN6RCur2zMCEyxLyb1qo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.20.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:69:3a:1d:f3:d0:96:62:7a:8d:c7:45:04:cd:f3:a4:3c:88:
         d6:f4:bd:e3:2d:8b:2e:90:d8:33:90:ad:35:b6:74:1b:a8:b5:
         4b:fb:8d:b5:6e:8d:c0:70:bb:ff:d9:0d:b8:7c:da:f4:f9:41:
         09:9c:97:dc:b3:5c:c5:75:61:88:a4:19:fc:67:eb:89:64:3c:
         1c:c5:e4:76:47:d3:c9:af:b6:a8:99:da:b7:1d:9f:88:d8:b6:
         cd:76:80:ef:28:7c:1d:c7:cd:be:06:f5:ab:28:b0:7c:4a:dc:
         82:84:ea:0b:69:35:6b:27:47:c8:86:95:38:3e:88:35:31:c1:
         b2:05:28:91:00:e0:ad:75:78:21:9d:00:2d:0a:2b:40:74:04:
         79:93:be:e1:55:8e:77:19:5d:6e:f4:7c:af:42:29:2e:66:c0:
         3f:22:d5:7d:65:4e:35:5f:60:e2:65:4d:85:7c:c8:f4:8c:5e:
         31:fd:66:da:49:61:9d:e0:65:d4:cd:ac:1b:dc:0b:39:bb:22:
         fb:43:ae:11:34:07:13:e1:7e:2a:a7:25:7b:02:1a:e0:d7:4b:
         3d:aa:52:ca:df:54:2a:06:8b:64:5a:8d:5d:38:bb:cc:ce:ba:
         dd:5e:0e:34:42:13:4c:35:13:77:1c:c3:28:b2:89:08:4f:c9:
         e9:d8:1a:6b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGd1jDTlNKkgdIG2icDk4H0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWZjYmJlYTQ4OTM3YTQ0MmJhYmRiMzMwMjEzMmM0YmM5
YmQ2YWEwHhcNMjQwODI5MTExMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDhlMGZlMGI1MGY2MDJhMDlkZmVhZmQ4NWIyY2QzZDkyMjA4MmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwVd4vyOWUU3AMmYD3PkrYB2YaKZV
1th7Sz5u3kr6yLC6dpksI/a9QKrPdLUfFBkwrddXtVfQCF4YmMhZQs4y3p7dVATG
nGMo/IMaRxTfGPKnnchvaVC5wYMEeIcbW0agT/q0TorHrz52twsA8kf/L8ApTtY3
nciUXa5XrYKWJV99aYopG+dArjG56T14gnWIuH5MbVRCOftkSAoOQUhYSvLVUGKf
OpOZVdfP6XUcAINIseA+fmXA/RDgaK3EM2GXoX/VISX8+mIT0cSpQjbzBCvaxhUP
+VpaeWJ4F8VfoNRB6yWsSNw0J7T7y8h0wqzufH3pYyJsGqlcoPva6Iv4wQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2OD+C1D2AqCd/q/YWyzT2SIIKvMB8GA1UdIwQY
MBaAFGtfy76kiTekQrq9szAhMsS8m9aqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQt
ODhkMWNhYzllNGYxLzEvYlk0UDRMVVBZQ29KMy1yOWhiTE5QWklnZ3E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8wNDIxODgtZGZiNi00YWQ0LTkxYTQtODhkMWNhYzllNGYx
LzEvYTFfTHZxU0pONlJDdXIyek1DRXl4THliMXFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAAhQuMA0G
CSqGSIb3DQEBCwUAA4IBAQCnaTod89CWYnqNx0UEzfOkPIjW9L3jLYsukNgzkK01
tnQbqLVL+421bo3AcLv/2Q24fNr0+UEJnJfcs1zFdWGIpBn8Z+uJZDwcxeR2R9PJ
r7aomdq3HZ+I2LbNdoDvKHwdx82+BvWrKLB8StyChOoLaTVrJ0fIhpU4Pog1McGy
BSiRAOCtdXghnQAtCitAdAR5k77hVY53GV1u9HyvQikuZsA/ItV9ZU41X2DiZU2F
fMj0jF4x/WbaSWGd4GXUzawb3As5uyL7Q64RNAcT4X4qpyV7Ahrg10s9qlLK31Qq
BotkWo1dOLvMzrrdXg40QhNMNRN3HMMosokIT8np2Bpr
-----END CERTIFICATE-----