Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/g-eSNmxl9KJXyyFof1Ifq2xZrDc.roa
File:                     g-eSNmxl9KJXyyFof1Ifq2xZrDc.roa (raw, json)
Hash identifier:          7DCfQNnD6m5doJfTkuXxMDXDOCaKuX2x1GEToJT36wo=
Subject key identifier:   83:E7:92:36:6C:65:F4:A2:57:CB:21:68:7F:52:1F:AB:6C:59:AC:37
Certificate issuer:       /CN=56b98f83ccbda7c19f004151c98b57c59d268f54
Certificate serial:       01942445A88DD4875C07860EDCBAAC29E98A
Authority key identifier: 56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/g-eSNmxl9KJXyyFof1Ifq2xZrDc.roa
Signing time:             Wed 01 Jan 2025 23:48:52 +0000
ROA not before:           Wed 01 Jan 2025 23:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        212.46.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 08:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:a8:8d:d4:87:5c:07:86:0e:dc:ba:ac:29:e9:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56b98f83ccbda7c19f004151c98b57c59d268f54
        Validity
            Not Before: Jan  1 23:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=83e792366c65f4a257cb21687f521fab6c59ac37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:dc:1e:a5:32:46:35:ea:a2:7f:02:33:6d:5d:
                    fd:36:54:99:e9:96:f9:ea:e6:cc:3a:79:6f:bc:7a:
                    85:15:83:75:62:f3:f6:1e:fa:d3:90:f5:c8:be:75:
                    52:47:80:a9:f9:4f:44:49:bb:25:54:04:56:ae:5f:
                    59:02:72:95:af:1b:fa:e5:ac:58:76:73:60:e7:62:
                    4e:83:cc:49:b5:92:41:09:31:b1:ed:6d:3b:7b:3b:
                    ef:3c:12:72:f4:98:95:27:bd:7d:de:d7:80:d2:26:
                    29:f7:f8:34:e0:4d:e2:f5:0f:f9:25:48:ee:df:2d:
                    0d:b4:a2:0a:c6:c7:5a:09:88:d5:50:d6:c4:4a:70:
                    5e:97:fb:b5:6c:2a:5f:c2:f7:72:51:fd:46:1b:53:
                    9f:e6:93:61:06:cb:1c:be:d5:bd:f6:69:b4:c4:78:
                    76:4b:37:fe:2d:3a:cc:d1:c5:e5:ec:90:01:d1:1a:
                    ee:e3:72:39:21:95:fc:dd:4b:e3:c4:3f:42:62:56:
                    b9:40:dc:0e:63:c7:9c:42:7b:fc:dd:57:84:1b:67:
                    e5:27:0b:56:15:3c:82:e5:f6:f4:5c:c1:49:6c:7b:
                    8d:31:be:3d:e1:9d:cf:49:45:08:e5:16:d5:40:ec:
                    45:bd:34:f2:c3:aa:fe:58:a3:4a:c7:4a:cf:f3:b7:
                    38:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:E7:92:36:6C:65:F4:A2:57:CB:21:68:7F:52:1F:AB:6C:59:AC:37
            X509v3 Authority Key Identifier:
                keyid:56:B9:8F:83:CC:BD:A7:C1:9F:00:41:51:C9:8B:57:C5:9D:26:8F:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/g-eSNmxl9KJXyyFof1Ifq2xZrDc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/8cb935-71a3-4db3-9f3f-7aa7fc359655/1/VrmPg8y9p8GfAEFRyYtXxZ0mj1Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.46.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         88:9a:7c:7a:ef:b9:d9:9e:22:a7:95:7b:2b:83:f1:34:3b:0a:
         8c:51:18:08:15:1f:5d:f7:f3:a7:e5:5b:2d:5e:ca:05:4d:6b:
         df:86:a5:6e:86:3a:2b:63:27:a4:1c:c0:db:6f:03:fc:25:2f:
         1a:74:ed:8d:06:6c:a6:4b:1d:75:1f:39:4a:f1:9e:17:7f:76:
         9b:37:f5:c8:b1:7a:7f:ae:4f:5f:2b:9e:e6:d2:8e:7a:ad:73:
         38:59:bc:01:e3:16:8a:fc:47:49:b9:49:0b:ed:3e:14:69:85:
         55:85:d9:27:fb:0b:0a:84:f2:08:df:20:06:b0:c2:b3:c5:ff:
         05:dd:23:ba:4a:36:bb:1e:ab:28:aa:ed:46:d6:11:9c:2e:cc:
         2a:12:52:13:5d:b4:07:bf:f6:da:33:f1:c3:d8:7d:6f:ea:dd:
         dd:8a:d0:65:f5:91:75:dc:37:b2:93:e5:6a:e9:31:ad:db:53:
         27:65:a0:0b:28:6b:4e:a2:f1:bb:9e:82:b1:5c:00:46:01:41:
         32:41:46:ba:79:45:0e:44:89:18:31:02:3a:86:7d:c5:64:d1:
         d7:57:7c:29:22:3a:91:dd:63:a8:e5:76:04:31:42:fa:49:a6:
         df:92:2b:e3:67:02:0a:38:47:5d:c2:86:1f:82:36:8a:14:3f:
         a3:86:7f:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRaiN1IdcB4YO3LqsKemKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2Yjk4ZjgzY2NiZGE3YzE5ZjAwNDE1MWM5OGI1N2M1OWQy
NjhmNTQwHhcNMjUwMTAxMjM0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4M2U3OTIzNjZjNjVmNGEyNTdjYjIxNjg3ZjUyMWZhYjZjNTlhYzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptwepTJGNeqifwIzbV39NlSZ6Zb5
6ubMOnlvvHqFFYN1YvP2HvrTkPXIvnVSR4Cp+U9ESbslVARWrl9ZAnKVrxv65axY
dnNg52JOg8xJtZJBCTGx7W07ezvvPBJy9JiVJ7193teA0iYp9/g04E3i9Q/5JUju
3y0NtKIKxsdaCYjVUNbESnBel/u1bCpfwvdyUf1GG1Of5pNhBsscvtW99mm0xHh2
Szf+LTrM0cXl7JAB0Rru43I5IZX83UvjxD9CYla5QNwOY8ecQnv83VeEG2flJwtW
FTyC5fb0XMFJbHuNMb494Z3PSUUI5RbVQOxFvTTyw6r+WKNKx0rP87c4nQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIPnkjZsZfSiV8shaH9SH6tsWaw3MB8GA1UdIwQY
MBaAFFa5j4PMvafBnwBBUcmLV8WdJo9UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2Yt
N2FhN2ZjMzU5NjU1LzEvZy1lU05teGw5S0pYeXlGb2YxSWZxMnhackRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My84Y2I5MzUtNzFhMy00ZGIzLTlmM2YtN2FhN2ZjMzU5NjU1
LzEvVnJtUGc4eTlwOEdmQUVGUnlZdFh4WjBtajFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1C4hMA0G
CSqGSIb3DQEBCwUAA4IBAQCImnx677nZniKnlXsrg/E0OwqMURgIFR9d9/On5Vst
XsoFTWvfhqVuhjorYyekHMDbbwP8JS8adO2NBmymSx11HzlK8Z4Xf3abN/XIsXp/
rk9fK57m0o56rXM4WbwB4xaK/EdJuUkL7T4UaYVVhdkn+wsKhPII3yAGsMKzxf8F
3SO6Sja7Hqsoqu1G1hGcLswqElITXbQHv/baM/HD2H1v6t3ditBl9ZF13Deyk+Vq
6TGt21MnZaALKGtOovG7noKxXABGAUEyQUa6eUUORIkYMQI6hn3FZNHXV3wpIjqR
3WOo5XYEMUL6SabfkivjZwIKOEddwoYfgjaKFD+jhn+6
-----END CERTIFICATE-----