Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/v4_YG88zposklrRNZ6jmi0HNy0E.roa
File:                     v4_YG88zposklrRNZ6jmi0HNy0E.roa (raw, json)
Hash identifier:          GKK/DbNbzy+sBCdZidvrcVXsJtwZe198c3YPcA5R1vU=
Subject key identifier:   BF:8F:D8:1B:CF:33:A6:8B:24:96:B4:4D:67:A8:E6:8B:41:CD:CB:41
Certificate issuer:       /CN=d4375814344df0bf6d017733acdc488f002631b2
Certificate serial:       0194221F384EDF6115DF9277A35C25D05826
Authority key identifier: D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/v4_YG88zposklrRNZ6jmi0HNy0E.roa
Signing time:             Wed 01 Jan 2025 13:47:38 +0000
ROA not before:           Wed 01 Jan 2025 13:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     140403
IP address blocks:        46.8.96.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:38:4e:df:61:15:df:92:77:a3:5c:25:d0:58:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4375814344df0bf6d017733acdc488f002631b2
        Validity
            Not Before: Jan  1 13:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf8fd81bcf33a68b2496b44d67a8e68b41cdcb41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:b7:f3:08:12:ae:36:22:82:8a:d2:d8:b8:62:
                    74:49:88:01:8f:16:46:72:9f:b4:58:3c:7f:55:ed:
                    87:95:1b:fe:ae:c4:05:9a:4d:cd:f0:d4:33:76:f6:
                    20:bf:32:e9:5a:85:f9:33:57:64:9e:75:f3:e1:20:
                    b0:e9:36:de:6d:f0:61:10:ee:57:62:8b:a6:98:d1:
                    f3:9d:71:7e:3e:fc:30:a4:4c:c3:d6:65:43:fd:cc:
                    b1:df:ed:79:ad:a6:ac:5f:c0:17:4e:f0:e2:f6:48:
                    de:22:25:c9:11:3e:64:90:1c:7e:3f:18:e8:41:74:
                    e3:a3:8b:9e:5a:06:cb:67:97:98:3e:57:bb:1c:29:
                    1a:f6:37:91:56:c2:a3:1a:a0:0e:11:f9:fb:74:6d:
                    a4:a3:23:d3:56:cf:56:e0:af:fd:cf:9b:62:fd:78:
                    61:85:e4:fa:11:3d:50:a1:ca:a4:05:1e:2e:87:6d:
                    27:3a:ab:8a:5a:40:ae:15:a4:7e:ff:13:d8:15:c8:
                    c6:19:1b:ee:27:f8:be:32:a0:4d:24:17:4d:5e:bf:
                    64:33:fe:77:3c:7c:34:34:2f:74:a4:bf:3a:aa:0d:
                    56:e9:45:7a:e5:65:73:23:fd:25:e4:4d:5f:ce:71:
                    1a:d6:c0:5c:cc:cd:c3:c8:c1:d2:bc:a7:da:1a:bd:
                    e7:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:8F:D8:1B:CF:33:A6:8B:24:96:B4:4D:67:A8:E6:8B:41:CD:CB:41
            X509v3 Authority Key Identifier:
                keyid:D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/v4_YG88zposklrRNZ6jmi0HNy0E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.96.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:32:22:06:70:5a:2a:19:fb:d4:8e:12:00:d7:23:fb:06:b6:
         e1:54:6e:a1:45:91:ed:63:e1:7d:4a:7b:4b:9a:44:27:1a:04:
         c3:ee:06:2f:e6:58:78:cf:83:ea:d2:b3:2e:a7:51:87:e0:d8:
         13:c4:a5:cc:ff:da:75:7c:3d:24:ab:db:bf:1d:cf:19:31:44:
         f4:cb:f0:41:c3:fb:8b:fa:dc:26:bd:d3:c0:a9:05:87:02:dc:
         3c:3b:60:fe:48:de:70:82:73:d8:14:75:78:02:a8:1a:2c:03:
         41:e6:d0:0d:ba:bf:71:47:64:01:20:69:76:e2:05:f1:82:aa:
         b6:a1:c0:6f:54:d0:d5:50:45:8f:d8:46:35:d9:ae:55:28:02:
         71:31:65:94:b9:e1:7a:79:71:db:ca:16:4d:64:4f:51:2d:6a:
         a0:d7:ff:ae:42:9d:9d:4a:e4:1e:ed:f1:80:ba:fc:80:ff:f1:
         06:fa:04:ae:b3:52:52:56:b9:54:82:85:26:0a:33:13:53:cf:
         bd:05:d5:a3:1a:37:8a:97:58:46:1c:38:3d:fd:95:87:24:a5:
         39:7f:7d:55:b5:16:d8:c3:63:b9:3e:a9:8b:47:ff:b0:cc:ce:
         f2:54:b4:ed:28:3e:9c:39:ae:8a:31:40:31:7a:a4:05:a9:10:
         a6:98:13:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiHzhO32EV35J3o1wl0FgmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Mzc1ODE0MzQ0ZGYwYmY2ZDAxNzczM2FjZGM0ODhmMDAy
NjMxYjIwHhcNMjUwMTAxMTM0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjhmZDgxYmNmMzNhNjhiMjQ5NmI0NGQ2N2E4ZTY4YjQxY2RjYjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7fzCBKuNiKCitLYuGJ0SYgBjxZG
cp+0WDx/Ve2HlRv+rsQFmk3N8NQzdvYgvzLpWoX5M1dknnXz4SCw6TbebfBhEO5X
YoummNHznXF+PvwwpEzD1mVD/cyx3+15raasX8AXTvDi9kjeIiXJET5kkBx+Pxjo
QXTjo4ueWgbLZ5eYPle7HCka9jeRVsKjGqAOEfn7dG2koyPTVs9W4K/9z5ti/Xhh
heT6ET1QocqkBR4uh20nOquKWkCuFaR+/xPYFcjGGRvuJ/i+MqBNJBdNXr9kM/53
PHw0NC90pL86qg1W6UV65WVzI/0l5E1fznEa1sBczM3DyMHSvKfaGr3n5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL+P2BvPM6aLJJa0TWeo5otBzctBMB8GA1UdIwQY
MBaAFNQ3WBQ0TfC/bQF3M6zcSI8AJjGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2Yt
MzY3MWQ2N2ViOWY4LzEvdjRfWUc4OHpwb3NrbHJSTlo2am1pMEhOeTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2YtMzY3MWQ2N2ViOWY4
LzEvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLghgMA0G
CSqGSIb3DQEBCwUAA4IBAQAzMiIGcFoqGfvUjhIA1yP7BrbhVG6hRZHtY+F9SntL
mkQnGgTD7gYv5lh4z4Pq0rMup1GH4NgTxKXM/9p1fD0kq9u/Hc8ZMUT0y/BBw/uL
+twmvdPAqQWHAtw8O2D+SN5wgnPYFHV4AqgaLANB5tANur9xR2QBIGl24gXxgqq2
ocBvVNDVUEWP2EY12a5VKAJxMWWUueF6eXHbyhZNZE9RLWqg1/+uQp2dSuQe7fGA
uvyA//EG+gSus1JSVrlUgoUmCjMTU8+9BdWjGjeKl1hGHDg9/ZWHJKU5f31VtRbY
w2O5PqmLR/+wzM7yVLTtKD6cOa6KMUAxeqQFqRCmmBNA
-----END CERTIFICATE-----