Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/e6SEtk0abHJpIIPSZrkKDZg95R0.roa
File:                     e6SEtk0abHJpIIPSZrkKDZg95R0.roa (raw, json)
Hash identifier:          kM/7bJruXzijo8AO7ozJ/bVJBpuUfOvwamojNF2t4fk=
Subject key identifier:   7B:A4:84:B6:4D:1A:6C:72:69:20:83:D2:66:B9:0A:0D:98:3D:E5:1D
Certificate issuer:       /CN=d4375814344df0bf6d017733acdc488f002631b2
Certificate serial:       019685A89D5C98DE2EA08DDE3E90DCBD74E9
Authority key identifier: D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/e6SEtk0abHJpIIPSZrkKDZg95R0.roa
Signing time:             Wed 30 Apr 2025 07:45:42 +0000
ROA not before:           Wed 30 Apr 2025 07:45:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        46.8.118.0/23 maxlen: 24
                          188.130.224.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:85:a8:9d:5c:98:de:2e:a0:8d:de:3e:90:dc:bd:74:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4375814344df0bf6d017733acdc488f002631b2
        Validity
            Not Before: Apr 30 07:45:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ba484b64d1a6c72692083d266b90a0d983de51d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:08:d1:6e:80:00:cc:ec:67:5f:e2:da:94:fc:
                    ca:49:e8:c3:51:c6:c4:7f:69:8b:a4:9d:9f:8e:16:
                    e4:07:cf:fe:ea:c9:a9:6d:95:f9:04:16:99:27:12:
                    f3:2a:d7:16:14:d3:ee:57:10:33:58:3c:d6:ad:ad:
                    64:45:8a:27:a1:79:a1:1b:1a:6f:9f:d6:75:ed:e6:
                    46:57:e4:92:75:33:b0:f8:18:21:d7:06:6a:f3:be:
                    4e:e8:50:af:df:94:ca:15:ee:34:17:6e:02:7d:c6:
                    35:88:51:82:04:4a:3a:fd:0e:01:87:5a:1d:c9:4e:
                    e4:4e:54:6a:43:e1:6d:20:c8:da:56:17:78:36:01:
                    14:33:b8:db:87:d6:08:26:e2:e5:97:0e:61:4b:c8:
                    41:53:ec:da:2e:20:63:46:26:25:b3:7b:11:6c:8e:
                    98:a5:03:a0:45:86:45:0f:50:66:88:6d:1d:ce:76:
                    d6:12:0b:5e:ea:81:8d:9b:79:5e:ec:4f:aa:c9:e8:
                    73:c9:84:94:4d:17:ed:29:40:7e:37:56:95:86:77:
                    63:9f:d6:f5:62:78:8c:36:5f:63:0e:2c:19:31:99:
                    8f:ed:ab:60:0b:67:b6:38:1e:6e:8f:28:41:15:29:
                    01:b5:77:9c:e4:51:48:bb:db:8f:10:2a:ee:4e:14:
                    5c:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:A4:84:B6:4D:1A:6C:72:69:20:83:D2:66:B9:0A:0D:98:3D:E5:1D
            X509v3 Authority Key Identifier:
                keyid:D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/e6SEtk0abHJpIIPSZrkKDZg95R0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.118.0/23
                  188.130.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7e:05:64:6f:7a:d2:34:09:0a:80:9e:89:8b:5f:90:de:38:eb:
         37:5d:68:07:af:b0:c4:c8:80:25:09:0e:14:c4:a4:1e:3f:c9:
         be:38:9a:aa:3a:f4:61:5e:ed:e8:de:6c:df:c6:5b:d9:c9:52:
         fa:0b:68:53:35:3f:57:76:95:c0:39:ff:6e:a2:03:09:e8:99:
         a8:9b:b2:d5:1f:b1:88:ae:51:46:4e:9e:9e:d6:68:e8:0f:87:
         0e:ce:16:5e:58:23:10:f6:7e:a6:b9:12:c7:6a:c2:d2:c6:a5:
         cc:0d:44:ba:0f:5f:07:78:46:7e:1a:50:5b:a3:7f:13:84:47:
         47:e4:cc:40:c2:f4:ab:e4:7a:65:a4:fc:8a:89:03:c4:c1:3a:
         34:9a:aa:71:23:6a:91:3e:c5:f2:68:d0:18:c8:85:fe:31:3b:
         66:8d:cc:57:4c:b3:2b:90:13:c0:bf:c0:f9:67:93:2a:16:04:
         73:54:6c:fc:0c:10:1c:c0:d3:6f:77:a5:f4:5e:30:6b:c8:01:
         58:a9:ba:22:68:e7:d4:4f:09:5f:30:c4:e2:0d:bb:6c:4f:17:
         0f:f7:12:bb:13:6a:c2:24:8f:7e:9c:e2:da:2a:c5:04:18:4e:
         d7:1e:eb:97:23:28:65:8a:65:7d:0e:0d:06:1c:76:ce:8d:24:
         8a:e7:91:04
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaFqJ1cmN4uoI3ePpDcvXTpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Mzc1ODE0MzQ0ZGYwYmY2ZDAxNzczM2FjZGM0ODhmMDAy
NjMxYjIwHhcNMjUwNDMwMDc0NTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmE0ODRiNjRkMWE2YzcyNjkyMDgzZDI2NmI5MGEwZDk4M2RlNTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAjRboAAzOxnX+LalPzKSejDUcbE
f2mLpJ2fjhbkB8/+6smpbZX5BBaZJxLzKtcWFNPuVxAzWDzWra1kRYonoXmhGxpv
n9Z17eZGV+SSdTOw+Bgh1wZq875O6FCv35TKFe40F24CfcY1iFGCBEo6/Q4Bh1od
yU7kTlRqQ+FtIMjaVhd4NgEUM7jbh9YIJuLllw5hS8hBU+zaLiBjRiYls3sRbI6Y
pQOgRYZFD1BmiG0dznbWEgte6oGNm3le7E+qyehzyYSUTRftKUB+N1aVhndjn9b1
YniMNl9jDiwZMZmP7atgC2e2OB5ujyhBFSkBtXec5FFIu9uPECruThRcKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHukhLZNGmxyaSCD0ma5Cg2YPeUdMB8GA1UdIwQY
MBaAFNQ3WBQ0TfC/bQF3M6zcSI8AJjGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2Yt
MzY3MWQ2N2ViOWY4LzEvZTZTRXRrMGFiSEpwSUlQU1pya0tEWmc5NVIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2YtMzY3MWQ2N2ViOWY4
LzEvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLgh2AwQC
vILgMA0GCSqGSIb3DQEBCwUAA4IBAQB+BWRvetI0CQqAnomLX5DeOOs3XWgHr7DE
yIAlCQ4UxKQeP8m+OJqqOvRhXu3o3mzfxlvZyVL6C2hTNT9XdpXAOf9uogMJ6Jmo
m7LVH7GIrlFGTp6e1mjoD4cOzhZeWCMQ9n6muRLHasLSxqXMDUS6D18HeEZ+GlBb
o38ThEdH5MxAwvSr5HplpPyKiQPEwTo0mqpxI2qRPsXyaNAYyIX+MTtmjcxXTLMr
kBPAv8D5Z5MqFgRzVGz8DBAcwNNvd6X0XjBryAFYqboiaOfUTwlfMMTiDbtsTxcP
9xK7E2rCJI9+nOLaKsUEGE7XHuuXIyhlimV9Dg0GHHbOjSSK55EE
-----END CERTIFICATE-----