Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/db5989-19f6-468d-9fc3-f8a3780c348e/1/To-uv46-3XmiPKg6c_GrFJdFcf0.roa
File:                     To-uv46-3XmiPKg6c_GrFJdFcf0.roa (raw, json)
Hash identifier:          SmXcvoxvyvRm/BeOwyu47J7sKwYa3+1oFy5V9rexUqQ=
Subject key identifier:   4E:8F:AE:BF:8E:BE:DD:79:A2:3C:A8:3A:73:F1:AB:14:97:45:71:FD
Certificate issuer:       /CN=b4506bce3f7e1ae3a7e2cb9ad205c4cdfb02ddb5
Certificate serial:       01942067CB1F5E8D8A671EDEFEF18231A2EF
Authority key identifier: B4:50:6B:CE:3F:7E:1A:E3:A7:E2:CB:9A:D2:05:C4:CD:FB:02:DD:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tFBrzj9-GuOn4sua0gXEzfsC3bU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/db5989-19f6-468d-9fc3-f8a3780c348e/1/To-uv46-3XmiPKg6c_GrFJdFcf0.roa
Signing time:             Wed 01 Jan 2025 05:47:40 +0000
ROA not before:           Wed 01 Jan 2025 05:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54990
IP address blocks:        185.193.124.0/24 maxlen: 24
                          2001:67c:235c::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/db5989-19f6-468d-9fc3-f8a3780c348e/1/tFBrzj9-GuOn4sua0gXEzfsC3bU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/db5989-19f6-468d-9fc3-f8a3780c348e/1/tFBrzj9-GuOn4sua0gXEzfsC3bU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tFBrzj9-GuOn4sua0gXEzfsC3bU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:cb:1f:5e:8d:8a:67:1e:de:fe:f1:82:31:a2:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4506bce3f7e1ae3a7e2cb9ad205c4cdfb02ddb5
        Validity
            Not Before: Jan  1 05:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4e8faebf8ebedd79a23ca83a73f1ab14974571fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:12:27:d5:94:7e:5d:ce:d9:04:14:e9:d8:7b:
                    cc:49:75:80:c3:f1:61:8e:6b:2c:6b:d9:c0:d5:98:
                    e8:59:c5:19:a8:4a:08:f3:7a:81:50:c4:a1:3a:40:
                    c8:25:6c:a8:60:de:43:5b:07:e8:8a:69:27:af:81:
                    c3:c8:16:3b:a2:28:83:5a:2f:27:9c:54:df:d1:d4:
                    74:68:d1:a5:96:0b:80:eb:1f:65:de:84:88:56:5f:
                    3f:2b:b2:e1:34:7c:05:fd:80:c9:3c:69:45:bc:1f:
                    02:3b:38:a2:f7:43:46:59:9e:e8:e2:85:ba:bf:46:
                    87:48:fa:3b:74:cc:61:67:d2:f1:d7:63:d6:98:ce:
                    a2:e0:e7:13:99:a6:27:7e:ae:02:bf:76:7a:28:cd:
                    2c:4d:12:a4:37:95:92:fc:a7:1c:61:24:03:70:b0:
                    0a:8d:a2:02:e3:60:5c:4f:47:a7:cb:d8:b1:81:25:
                    26:17:4a:9a:dd:1f:55:26:67:b2:b8:f1:b5:74:2b:
                    64:b2:40:be:37:ce:db:52:5e:15:a7:62:bf:f8:7d:
                    ec:88:da:9f:f3:e6:13:a5:f5:73:83:af:08:7d:b8:
                    e3:00:a7:54:b0:c0:21:ee:5b:1d:18:2e:82:84:35:
                    82:fd:73:33:25:df:c8:8e:67:6d:66:2e:38:34:b3:
                    77:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:8F:AE:BF:8E:BE:DD:79:A2:3C:A8:3A:73:F1:AB:14:97:45:71:FD
            X509v3 Authority Key Identifier:
                keyid:B4:50:6B:CE:3F:7E:1A:E3:A7:E2:CB:9A:D2:05:C4:CD:FB:02:DD:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tFBrzj9-GuOn4sua0gXEzfsC3bU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/db5989-19f6-468d-9fc3-f8a3780c348e/1/To-uv46-3XmiPKg6c_GrFJdFcf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/db5989-19f6-468d-9fc3-f8a3780c348e/1/tFBrzj9-GuOn4sua0gXEzfsC3bU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.124.0/24
                IPv6:
                  2001:67c:235c::/48

    Signature Algorithm: sha256WithRSAEncryption
         7b:da:1d:01:07:8c:1e:9c:5f:f0:e0:bb:2d:de:ef:5c:bb:46:
         77:2a:77:c2:65:70:5f:29:17:4e:d3:44:fa:76:47:fd:4c:4b:
         46:16:7a:9a:45:02:7c:7f:71:3d:5b:3a:61:c2:e5:7d:36:e4:
         95:a9:f1:7d:c2:75:bc:ed:d1:e1:54:fd:b4:ac:c8:84:73:65:
         e3:58:fe:f4:b8:24:f8:c0:72:d7:40:89:b4:df:10:60:89:d0:
         c2:39:94:d2:66:2e:89:fc:1f:47:e3:7f:53:af:69:b1:8e:36:
         4f:a7:51:b1:95:b7:7d:2d:f4:a6:2d:99:0a:9d:3d:8a:77:59:
         5d:79:1c:c6:b8:94:a7:2d:eb:8e:5a:cc:b4:99:a7:f7:db:eb:
         94:ce:5c:78:3b:c0:5b:ba:a1:1c:96:c3:f9:b0:24:77:7a:16:
         59:39:5b:ed:49:f1:8e:06:0a:ce:fc:3c:5e:e1:98:f1:bb:75:
         c2:fe:d8:34:42:ab:32:27:78:67:97:17:e0:b2:f7:c6:dd:80:
         65:c2:89:87:11:48:05:88:8f:07:ed:81:bc:16:b7:2d:61:16:
         56:1e:7c:0a:60:33:f3:11:95:e1:a5:6f:ac:26:af:a8:44:0f:
         ed:f8:f6:07:e5:3b:0e:2b:68:b0:f9:0e:56:c4:12:3f:ef:41:
         fa:ec:8b:f6
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQgZ8sfXo2KZx7e/vGCMaLvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0NTA2YmNlM2Y3ZTFhZTNhN2UyY2I5YWQyMDVjNGNkZmIw
MmRkYjUwHhcNMjUwMTAxMDU0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZThmYWViZjhlYmVkZDc5YTIzY2E4M2E3M2YxYWIxNDk3NDU3MWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsxIn1ZR+Xc7ZBBTp2HvMSXWAw/Fh
jmssa9nA1ZjoWcUZqEoI83qBUMShOkDIJWyoYN5DWwfoimknr4HDyBY7oiiDWi8n
nFTf0dR0aNGllguA6x9l3oSIVl8/K7LhNHwF/YDJPGlFvB8COzii90NGWZ7o4oW6
v0aHSPo7dMxhZ9Lx12PWmM6i4OcTmaYnfq4Cv3Z6KM0sTRKkN5WS/KccYSQDcLAK
jaIC42BcT0eny9ixgSUmF0qa3R9VJmeyuPG1dCtkskC+N87bUl4Vp2K/+H3siNqf
8+YTpfVzg68IfbjjAKdUsMAh7lsdGC6ChDWC/XMzJd/IjmdtZi44NLN3KwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFE6Prr+Ovt15ojyoOnPxqxSXRXH9MB8GA1UdIwQY
MBaAFLRQa84/fhrjp+LLmtIFxM37At21MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEZCcnpqOS1HdU9uNHN1YTBnWEV6ZnNDM2JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny9kYjU5ODktMTlmNi00NjhkLTlmYzMt
ZjhhMzc4MGMzNDhlLzEvVG8tdXY0Ni0zWG1pUEtnNmNfR3JGSmRGY2YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny9kYjU5ODktMTlmNi00NjhkLTlmYzMtZjhhMzc4MGMzNDhl
LzEvdEZCcnpqOS1HdU9uNHN1YTBnWEV6ZnNDM2JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAucF8MA8E
AgACMAkDBwAgAQZ8I1wwDQYJKoZIhvcNAQELBQADggEBAHvaHQEHjB6cX/Dguy3e
71y7Rncqd8JlcF8pF07TRPp2R/1MS0YWeppFAnx/cT1bOmHC5X025JWp8X3Cdbzt
0eFU/bSsyIRzZeNY/vS4JPjActdAibTfEGCJ0MI5lNJmLon8H0fjf1OvabGONk+n
UbGVt30t9KYtmQqdPYp3WV15HMa4lKct645azLSZp/fb65TOXHg7wFu6oRyWw/mw
JHd6Flk5W+1J8Y4GCs78PF7hmPG7dcL+2DRCqzIneGeXF+Cy98bdgGXCiYcRSAWI
jwftgbwWty1hFlYefApgM/MRleGlb6wmr6hED+349gflOw4raLD5DlbEEj/vQfrs
i/Y=
-----END CERTIFICATE-----