Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/C7vyGEiGXzb2W481qoV6uUzS8x8.roa
File:                     C7vyGEiGXzb2W481qoV6uUzS8x8.roa (raw, json)
Hash identifier:          5zcOW0t7Mkrq71JtjVCzhQnUw45bPe1fscdyXZHTa94=
Subject key identifier:   0B:BB:F2:18:48:86:5F:36:F6:5B:8F:35:AA:85:7A:B9:4C:D2:F3:1F
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       01942369A3B0A4B0366FEC5DC30CB3E0EA4C
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/C7vyGEiGXzb2W481qoV6uUzS8x8.roa
Signing time:             Wed 01 Jan 2025 19:48:33 +0000
ROA not before:           Wed 01 Jan 2025 19:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56885
IP address blocks:        46.102.109.0/24 maxlen: 24
                          188.241.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:a3:b0:a4:b0:36:6f:ec:5d:c3:0c:b3:e0:ea:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  1 19:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0bbbf21848865f36f65b8f35aa857ab94cd2f31f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:3b:2b:4a:f0:71:7e:75:fc:73:cd:10:01:88:
                    99:96:60:e4:05:0a:46:33:e3:60:36:be:11:b3:8f:
                    16:1c:2c:f5:1b:b1:33:aa:04:b1:8c:78:c5:b5:a5:
                    36:97:9c:d6:ff:61:9d:25:3f:22:23:22:b6:8e:4b:
                    a5:30:85:83:52:77:3c:90:e8:25:8b:6b:2c:4e:8b:
                    eb:cb:3f:1a:6e:e3:ac:04:71:e2:a3:0c:0c:f3:3f:
                    23:8c:d7:91:6a:c0:f2:0f:40:7c:12:42:99:c8:5a:
                    52:10:11:d5:b4:93:a6:4d:6c:f8:e7:74:81:a4:f0:
                    a0:e8:c4:28:7d:4e:77:4d:d9:14:83:b0:c8:0e:13:
                    be:46:1c:7d:15:fa:e7:af:fb:de:28:06:a5:a8:ac:
                    81:36:54:0e:f9:54:ae:6f:16:61:bc:cc:49:7d:80:
                    02:6f:8c:4f:80:b4:2b:11:bc:40:5a:b6:12:37:31:
                    47:da:90:88:07:e3:26:c3:cc:e5:53:d3:a4:80:b7:
                    00:e5:9a:e9:c8:96:2f:0b:3a:0e:95:b6:b7:0e:c5:
                    46:d4:39:7a:88:2b:45:c2:a6:18:2d:c2:30:08:b7:
                    79:48:38:49:5d:2e:36:44:63:72:9f:0f:70:34:40:
                    9a:af:1c:62:61:9a:a9:3a:16:1b:17:f7:24:cd:3b:
                    7d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:BB:F2:18:48:86:5F:36:F6:5B:8F:35:AA:85:7A:B9:4C:D2:F3:1F
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/C7vyGEiGXzb2W481qoV6uUzS8x8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.109.0/24
                  188.241.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:1e:56:c7:15:5d:16:50:8a:25:3e:e7:cf:e4:e9:80:19:92:
         b9:0d:b2:60:86:4e:e8:78:33:76:25:c0:e8:55:f7:c7:6e:fe:
         20:a0:4f:45:37:39:c0:6e:7a:b5:35:f4:05:c9:bd:57:45:fa:
         28:a1:ed:b4:f0:6c:80:29:3c:5d:66:10:0a:c2:46:9c:e0:d9:
         f3:a2:0d:b2:c6:2b:79:9a:01:8e:53:67:53:8e:04:a8:63:66:
         00:8a:ce:aa:cc:24:39:df:84:0d:29:21:d2:19:a2:6c:9c:a1:
         7f:08:80:bb:6f:ee:8b:3c:cb:5c:5f:fb:a6:49:d3:6e:f3:39:
         5c:82:9c:d6:5f:c8:65:a1:04:d1:13:26:1b:7b:60:f9:3b:a2:
         2f:81:21:ea:ad:57:3f:48:38:ca:7c:fc:da:82:5b:60:f5:49:
         fc:8c:a3:1b:bf:35:f5:ce:84:ac:91:4d:b6:8d:b5:42:09:c1:
         af:ae:42:e6:65:c6:5f:27:70:89:36:ac:00:ed:09:99:f4:cb:
         5e:c3:76:9b:85:29:a3:ac:ba:a6:95:9f:9e:2b:92:72:78:3c:
         75:57:ea:c0:bd:f5:ef:bd:70:69:1a:63:ea:ab:b0:27:48:9e:
         08:e5:08:9e:71:ac:56:9c:0b:7f:bf:3b:06:bc:af:4f:ac:5a:
         5c:12:3d:65
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQjaaOwpLA2b+xdwwyz4OpMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjUwMTAxMTk0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmJiZjIxODQ4ODY1ZjM2ZjY1YjhmMzVhYTg1N2FiOTRjZDJmMzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzsrSvBxfnX8c80QAYiZlmDkBQpG
M+NgNr4Rs48WHCz1G7EzqgSxjHjFtaU2l5zW/2GdJT8iIyK2jkulMIWDUnc8kOgl
i2ssTovryz8abuOsBHHiowwM8z8jjNeRasDyD0B8EkKZyFpSEBHVtJOmTWz453SB
pPCg6MQofU53TdkUg7DIDhO+Rhx9Ffrnr/veKAalqKyBNlQO+VSubxZhvMxJfYAC
b4xPgLQrEbxAWrYSNzFH2pCIB+Mmw8zlU9OkgLcA5ZrpyJYvCzoOlba3DsVG1Dl6
iCtFwqYYLcIwCLd5SDhJXS42RGNynw9wNECarxxiYZqpOhYbF/ckzTt9UQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFAu78hhIhl829luPNaqFerlM0vMfMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL0M3dnlHRWlHWHpiMlc0ODFxb1Y2dVV6Uzh4OC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAAuZm0D
BAC88Z4wDQYJKoZIhvcNAQELBQADggEBADoeVscVXRZQiiU+58/k6YAZkrkNsmCG
Tuh4M3YlwOhV98du/iCgT0U3OcBuerU19AXJvVdF+iih7bTwbIApPF1mEArCRpzg
2fOiDbLGK3maAY5TZ1OOBKhjZgCKzqrMJDnfhA0pIdIZomycoX8IgLtv7os8y1xf
+6ZJ027zOVyCnNZfyGWhBNETJht7YPk7oi+BIeqtVz9IOMp8/NqCW2D1SfyMoxu/
NfXOhKyRTbaNtUIJwa+uQuZlxl8ncIk2rADtCZn0y17DdpuFKaOsuqaVn54rknJ4
PHVX6sC99e+9cGkaY+qrsCdIngjlCJ5xrFacC3+/Owa8r0+sWlwSPWU=
-----END CERTIFICATE-----