Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/0i0RGXEVZsyAZydOZfuXfHvET_4.roa
File:                     0i0RGXEVZsyAZydOZfuXfHvET_4.roa (raw, json)
Hash identifier:          4yqjGkBFd9HrZrzi5JhC3WSImZgfTdGyndOCW6c0TZ0=
Subject key identifier:   D2:2D:11:19:71:15:66:CC:80:67:27:4E:65:FB:97:7C:7B:C4:4F:FE
Certificate issuer:       /CN=d4375814344df0bf6d017733acdc488f002631b2
Certificate serial:       0192DD1581310FD0FF770AAA99CB5530D30F
Authority key identifier: D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/0i0RGXEVZsyAZydOZfuXfHvET_4.roa
Signing time:             Wed 30 Oct 2024 11:00:26 +0000
ROA not before:           Wed 30 Oct 2024 11:00:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54801
IP address blocks:        46.8.124.0/24 maxlen: 24
                          46.8.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:dd:15:81:31:0f:d0:ff:77:0a:aa:99:cb:55:30:d3:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4375814344df0bf6d017733acdc488f002631b2
        Validity
            Not Before: Oct 30 11:00:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d22d1119711566cc8067274e65fb977c7bc44ffe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:fe:52:79:22:9b:f6:2c:92:05:40:67:5e:93:
                    5e:9f:a7:1d:96:24:40:24:ef:53:de:b6:51:75:33:
                    9d:88:fb:c7:4e:f8:49:41:e8:e5:d8:1e:63:25:c1:
                    15:ef:19:39:50:28:40:c3:b5:4a:5d:40:9a:ba:ee:
                    e4:16:bd:89:78:d3:d0:64:57:08:8d:e1:da:f2:55:
                    f0:5c:75:f4:b6:91:bb:6c:5b:fc:6e:1a:07:e9:49:
                    6b:f3:db:8f:80:00:cb:d0:8d:62:69:1b:ce:ea:55:
                    44:f1:95:c6:5b:13:f1:f3:ad:0e:9d:35:19:03:49:
                    87:e9:bc:b1:e3:97:07:fa:67:fc:07:ec:6e:54:1a:
                    57:d1:6f:ae:c9:ff:26:7f:fb:db:48:eb:6f:7e:d2:
                    bc:8e:f5:40:e8:fb:ec:75:d4:e6:0f:0c:01:2d:a9:
                    67:ca:30:31:89:33:e0:a7:40:ca:7a:28:78:95:5a:
                    e8:c5:19:77:bd:34:d6:dc:ff:26:65:2b:b8:af:f9:
                    e9:1c:81:f3:75:57:13:75:32:4a:21:8a:79:10:7b:
                    2e:d0:e7:09:8a:d7:dd:f9:8a:e7:9e:4e:3e:97:7a:
                    71:3d:a8:4a:e5:af:5b:d2:ba:48:e2:8a:cc:c8:de:
                    9e:e8:6f:26:12:5e:45:a6:3c:51:b5:35:33:1a:62:
                    b0:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:2D:11:19:71:15:66:CC:80:67:27:4E:65:FB:97:7C:7B:C4:4F:FE
            X509v3 Authority Key Identifier:
                keyid:D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/0i0RGXEVZsyAZydOZfuXfHvET_4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.124.0/24
                  46.8.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:02:cc:99:65:cc:a2:1b:e4:09:69:32:40:c5:fb:99:0f:c6:
         28:4e:f4:b7:01:27:da:4d:9f:cb:f5:cc:6a:bb:2b:e5:33:6c:
         34:53:13:67:91:36:46:46:0f:23:be:00:8f:cb:69:14:18:1a:
         73:47:0c:a0:3f:8f:dd:90:e4:69:6e:e2:e8:28:ed:39:0a:cb:
         a3:84:db:7a:26:fb:e9:f4:fa:a4:43:1c:69:7f:78:9f:23:b6:
         78:23:53:e3:c9:4e:88:de:2f:6e:4d:f9:55:a4:88:14:e6:c3:
         e6:37:97:40:24:ab:88:ac:a6:51:7e:19:7c:b2:b7:01:06:f7:
         fa:68:39:3d:be:2b:d7:d9:58:41:5e:86:8c:5e:7e:56:fb:74:
         07:60:f4:3a:1b:a6:84:ff:66:4d:52:6f:02:58:f7:21:da:f4:
         21:2b:39:f9:2f:df:c2:fe:59:bd:6c:d4:e4:55:18:1a:a0:ad:
         f4:ba:f0:a5:74:22:f7:76:6c:e2:12:eb:b5:11:7e:49:60:5f:
         b5:f5:f9:55:c2:c4:b9:dd:2a:94:6f:46:a2:cb:4d:3f:ed:ea:
         c6:85:bc:e1:71:52:19:c3:b0:28:97:6e:4b:d7:43:f2:67:fa:
         54:14:b7:d0:a4:0b:dc:1c:ac:1e:f3:c7:83:73:d2:0d:28:7d:
         74:60:d1:98
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLdFYExD9D/dwqqmctVMNMPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Mzc1ODE0MzQ0ZGYwYmY2ZDAxNzczM2FjZGM0ODhmMDAy
NjMxYjIwHhcNMjQxMDMwMTEwMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjJkMTExOTcxMTU2NmNjODA2NzI3NGU2NWZiOTc3YzdiYzQ0ZmZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/5SeSKb9iySBUBnXpNen6cdliRA
JO9T3rZRdTOdiPvHTvhJQejl2B5jJcEV7xk5UChAw7VKXUCauu7kFr2JeNPQZFcI
jeHa8lXwXHX0tpG7bFv8bhoH6Ulr89uPgADL0I1iaRvO6lVE8ZXGWxPx860OnTUZ
A0mH6byx45cH+mf8B+xuVBpX0W+uyf8mf/vbSOtvftK8jvVA6PvsddTmDwwBLaln
yjAxiTPgp0DKeih4lVroxRl3vTTW3P8mZSu4r/npHIHzdVcTdTJKIYp5EHsu0OcJ
itfd+Yrnnk4+l3pxPahK5a9b0rpI4orMyN6e6G8mEl5FpjxRtTUzGmKwywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNItERlxFWbMgGcnTmX7l3x7xE/+MB8GA1UdIwQY
MBaAFNQ3WBQ0TfC/bQF3M6zcSI8AJjGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2Yt
MzY3MWQ2N2ViOWY4LzEvMGkwUkdYRVZac3lBWnlkT1pmdVhmSHZFVF80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2YtMzY3MWQ2N2ViOWY4
LzEvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALgh8AwQA
Lgh+MA0GCSqGSIb3DQEBCwUAA4IBAQCHAsyZZcyiG+QJaTJAxfuZD8YoTvS3ASfa
TZ/L9cxquyvlM2w0UxNnkTZGRg8jvgCPy2kUGBpzRwygP4/dkORpbuLoKO05Csuj
hNt6Jvvp9PqkQxxpf3ifI7Z4I1PjyU6I3i9uTflVpIgU5sPmN5dAJKuIrKZRfhl8
srcBBvf6aDk9vivX2VhBXoaMXn5W+3QHYPQ6G6aE/2ZNUm8CWPch2vQhKzn5L9/C
/lm9bNTkVRgaoK30uvCldCL3dmziEuu1EX5JYF+19flVwsS53SqUb0aiy00/7erG
hbzhcVIZw7Aol25L10PyZ/pUFLfQpAvcHKwe88eDc9INKH10YNGY
-----END CERTIFICATE-----