Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/5a698d-998a-48ba-8dc5-333f0c99279e/1/hMmPM9uQjSpja4bSUK9zc_akA0w.roa
File:                     hMmPM9uQjSpja4bSUK9zc_akA0w.roa (raw, json)
Hash identifier:          hrlNP/K4kHD/OY4z6+CaOp00xjs5GduVuaQsaUliKXM=
Subject key identifier:   84:C9:8F:33:DB:90:8D:2A:63:6B:86:D2:50:AF:73:73:F6:A4:03:4C
Certificate issuer:       /CN=66f90e75df98afb43019ce750350e769b99fbc13
Certificate serial:       019425FCA1BC0E21DA7EBC7CF0D0CC5C0BA1
Authority key identifier: 66:F9:0E:75:DF:98:AF:B4:30:19:CE:75:03:50:E7:69:B9:9F:BC:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZvkOdd-Yr7QwGc51A1DnabmfvBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/5a698d-998a-48ba-8dc5-333f0c99279e/1/hMmPM9uQjSpja4bSUK9zc_akA0w.roa
Signing time:             Thu 02 Jan 2025 07:48:20 +0000
ROA not before:           Thu 02 Jan 2025 07:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        46.23.240.0/20 maxlen: 20
                          46.23.242.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/5a698d-998a-48ba-8dc5-333f0c99279e/1/ZvkOdd-Yr7QwGc51A1DnabmfvBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/5a698d-998a-48ba-8dc5-333f0c99279e/1/ZvkOdd-Yr7QwGc51A1DnabmfvBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZvkOdd-Yr7QwGc51A1DnabmfvBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:a1:bc:0e:21:da:7e:bc:7c:f0:d0:cc:5c:0b:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66f90e75df98afb43019ce750350e769b99fbc13
        Validity
            Not Before: Jan  2 07:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=84c98f33db908d2a636b86d250af7373f6a4034c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:e0:1e:9d:dc:85:ec:ae:69:43:d3:06:16:91:
                    df:89:cd:51:56:93:ea:9a:b1:4d:8c:ae:f2:32:6c:
                    1d:b6:b2:88:e9:a7:df:98:be:e5:c7:d8:b0:f2:10:
                    ea:ff:d7:80:22:3d:a9:99:6c:ef:b6:4a:68:33:09:
                    28:6e:2d:a8:40:05:e9:6a:34:99:16:42:a9:99:52:
                    db:74:7d:00:37:4c:2b:46:52:71:d3:5e:fb:76:b4:
                    ed:65:23:fe:39:ed:b6:00:8b:60:1e:5d:41:83:de:
                    f9:f2:47:79:16:a6:94:18:e3:1c:96:5e:e6:eb:d5:
                    ce:01:e2:4f:4e:59:08:aa:71:68:98:ea:bb:87:5f:
                    dd:6d:e2:4f:32:91:f0:a3:0b:41:19:3c:6c:0d:5c:
                    1e:e1:95:0d:fc:96:89:16:f3:30:91:b1:8c:71:cc:
                    31:4f:2c:72:2f:8a:db:b8:e0:cb:39:58:2e:0e:ca:
                    ae:ac:e5:ab:b6:17:90:f9:33:94:8d:1f:bb:62:fe:
                    91:69:30:d2:8d:c5:87:99:21:60:81:21:9c:05:e8:
                    43:06:e3:21:84:d2:51:e3:fb:0d:0b:54:ed:b0:ac:
                    9e:76:05:2a:f2:6e:63:c7:71:c9:8e:20:77:31:9b:
                    57:08:19:ad:f5:89:89:d2:c8:b5:84:71:18:70:a4:
                    7d:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:C9:8F:33:DB:90:8D:2A:63:6B:86:D2:50:AF:73:73:F6:A4:03:4C
            X509v3 Authority Key Identifier:
                keyid:66:F9:0E:75:DF:98:AF:B4:30:19:CE:75:03:50:E7:69:B9:9F:BC:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZvkOdd-Yr7QwGc51A1DnabmfvBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/5a698d-998a-48ba-8dc5-333f0c99279e/1/hMmPM9uQjSpja4bSUK9zc_akA0w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/5a698d-998a-48ba-8dc5-333f0c99279e/1/ZvkOdd-Yr7QwGc51A1DnabmfvBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.23.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         04:66:6d:6b:14:08:80:cf:d6:42:d1:f0:01:ab:2e:47:37:ac:
         2f:43:8d:14:a5:13:fe:f0:75:74:11:53:a2:30:9e:71:4c:62:
         c7:e2:15:8b:b4:e1:f5:64:cc:28:40:1e:4b:31:16:a5:7e:8a:
         9e:01:1f:fe:8d:af:83:97:31:99:22:e8:02:78:cb:26:9e:78:
         5a:06:94:89:68:e8:0c:80:ce:a0:15:a1:05:f5:16:5d:f4:30:
         50:3c:5c:2e:d6:66:02:bb:7c:eb:76:c0:e6:14:1b:fc:aa:ea:
         09:41:0a:9f:23:7a:26:66:14:91:bf:fb:a0:71:b7:44:a5:12:
         31:b9:bc:24:7b:18:78:e2:af:f7:01:f5:e6:bd:26:a8:cd:a5:
         2f:d0:9c:0b:d8:be:45:ef:a9:c6:b3:8e:51:44:e5:1b:74:5e:
         ea:ec:a1:90:83:fd:40:54:69:cd:19:09:63:a6:63:c6:f0:21:
         55:c1:cb:f3:17:1c:9b:60:1f:0e:3f:d1:1f:74:a1:3e:7d:81:
         43:f4:b8:11:dc:3d:0c:db:ac:c9:bb:54:f7:c1:e8:3e:71:a1:
         3f:02:b5:c8:0a:73:30:bf:8e:ae:df:b4:6a:95:b7:86:96:52:
         92:b5:07:29:26:10:f1:c7:ae:52:47:60:b0:ad:c2:db:4d:f5:
         a3:14:50:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/KG8DiHafrx88NDMXAuhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZjkwZTc1ZGY5OGFmYjQzMDE5Y2U3NTAzNTBlNzY5Yjk5
ZmJjMTMwHhcNMjUwMTAyMDc0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NGM5OGYzM2RiOTA4ZDJhNjM2Yjg2ZDI1MGFmNzM3M2Y2YTQwMzRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv+AendyF7K5pQ9MGFpHfic1RVpPq
mrFNjK7yMmwdtrKI6affmL7lx9iw8hDq/9eAIj2pmWzvtkpoMwkobi2oQAXpajSZ
FkKpmVLbdH0AN0wrRlJx0177drTtZSP+Oe22AItgHl1Bg9758kd5FqaUGOMcll7m
69XOAeJPTlkIqnFomOq7h1/dbeJPMpHwowtBGTxsDVwe4ZUN/JaJFvMwkbGMccwx
TyxyL4rbuODLOVguDsqurOWrtheQ+TOUjR+7Yv6RaTDSjcWHmSFggSGcBehDBuMh
hNJR4/sNC1TtsKyedgUq8m5jx3HJjiB3MZtXCBmt9YmJ0si1hHEYcKR9BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFITJjzPbkI0qY2uG0lCvc3P2pANMMB8GA1UdIwQY
MBaAFGb5DnXfmK+0MBnOdQNQ52m5n7wTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnZrT2RkLVlyN1F3R2M1MUExRG5hYm1mdkJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS81YTY5OGQtOTk4YS00OGJhLThkYzUt
MzMzZjBjOTkyNzllLzEvaE1tUE05dVFqU3BqYTRiU1VLOXpjX2FrQTB3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS81YTY5OGQtOTk4YS00OGJhLThkYzUtMzMzZjBjOTkyNzll
LzEvWnZrT2RkLVlyN1F3R2M1MUExRG5hYm1mdkJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQELhfwMA0G
CSqGSIb3DQEBCwUAA4IBAQAEZm1rFAiAz9ZC0fABqy5HN6wvQ40UpRP+8HV0EVOi
MJ5xTGLH4hWLtOH1ZMwoQB5LMRalfoqeAR/+ja+DlzGZIugCeMsmnnhaBpSJaOgM
gM6gFaEF9RZd9DBQPFwu1mYCu3zrdsDmFBv8quoJQQqfI3omZhSRv/ugcbdEpRIx
ubwkexh44q/3AfXmvSaozaUv0JwL2L5F76nGs45RROUbdF7q7KGQg/1AVGnNGQlj
pmPG8CFVwcvzFxybYB8OP9EfdKE+fYFD9LgR3D0M26zJu1T3weg+caE/ArXICnMw
v46u37RqlbeGllKStQcpJhDxx65SR2CwrcLbTfWjFFBG
-----END CERTIFICATE-----