Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/723b15-faac-41ff-a1aa-88739e335053/1/pkEvxsg0lyUz8ua6CoCuzxPGvFc.roa
File:                     pkEvxsg0lyUz8ua6CoCuzxPGvFc.roa (raw, json)
Hash identifier:          EcykeL8rqJYAw+Ypkvc2gvotxsw/oc8iK0wUO0U4PaQ=
Subject key identifier:   A6:41:2F:C6:C8:34:97:25:33:F2:E6:BA:0A:80:AE:CF:13:C6:BC:57
Certificate issuer:       /CN=fbd32968aaaa919c52791ffb07f93436b74fd508
Certificate serial:       019426D92EF1B5AFFF91765FF2269CE57DFC
Authority key identifier: FB:D3:29:68:AA:AA:91:9C:52:79:1F:FB:07:F9:34:36:B7:4F:D5:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-9MpaKqqkZxSeR_7B_k0NrdP1Qg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/723b15-faac-41ff-a1aa-88739e335053/1/pkEvxsg0lyUz8ua6CoCuzxPGvFc.roa
Signing time:             Thu 02 Jan 2025 11:49:14 +0000
ROA not before:           Thu 02 Jan 2025 11:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51812
IP address blocks:        46.148.48.0/20 maxlen: 20
                          46.148.48.0/23 maxlen: 23
                          46.148.58.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/723b15-faac-41ff-a1aa-88739e335053/1/1-9MpaKqqkZxSeR_7B_k0NrdP1Qg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/723b15-faac-41ff-a1aa-88739e335053/1/1-9MpaKqqkZxSeR_7B_k0NrdP1Qg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-9MpaKqqkZxSeR_7B_k0NrdP1Qg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:2e:f1:b5:af:ff:91:76:5f:f2:26:9c:e5:7d:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fbd32968aaaa919c52791ffb07f93436b74fd508
        Validity
            Not Before: Jan  2 11:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a6412fc6c834972533f2e6ba0a80aecf13c6bc57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d3:e4:66:a9:f3:f9:b1:44:c1:f2:9d:10:38:
                    42:a1:f9:be:48:3c:3c:e4:eb:00:37:80:1b:c1:76:
                    0c:02:99:3b:fb:2c:ef:e2:bf:80:94:28:70:2a:79:
                    ea:cb:c4:30:77:e4:88:42:37:dd:87:f2:45:c6:27:
                    97:16:e6:fb:b5:78:fd:e9:99:07:4b:40:83:51:4a:
                    84:bb:80:ab:d3:99:44:ed:ac:a3:58:1a:27:92:9e:
                    53:d3:e1:d2:60:b4:b6:4c:a3:13:4c:16:f8:b2:05:
                    47:16:ca:94:d2:2d:b2:26:84:e3:da:71:dd:a0:00:
                    17:74:71:e0:2a:80:5f:45:df:9c:61:1f:a2:be:8c:
                    ee:f0:75:e5:3e:f3:f5:17:f3:d7:40:46:e4:2e:5e:
                    d6:ee:0f:50:9d:9a:48:f2:6e:ca:19:25:d5:53:a6:
                    74:79:05:51:b5:c2:4f:6b:f3:4e:dd:5a:1b:09:2e:
                    82:8e:cb:22:af:90:95:3b:2c:ce:fa:45:bc:53:ee:
                    0b:df:45:f2:86:40:6a:14:fc:42:3e:b1:15:65:94:
                    76:a1:30:34:f5:0d:09:f5:e4:02:54:2d:84:6c:b5:
                    ed:15:02:d5:fd:0c:38:8f:a5:2c:47:3c:32:62:bb:
                    84:5a:4d:94:ae:3b:01:5c:5a:b5:f4:6b:4f:69:32:
                    88:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:41:2F:C6:C8:34:97:25:33:F2:E6:BA:0A:80:AE:CF:13:C6:BC:57
            X509v3 Authority Key Identifier:
                keyid:FB:D3:29:68:AA:AA:91:9C:52:79:1F:FB:07:F9:34:36:B7:4F:D5:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-9MpaKqqkZxSeR_7B_k0NrdP1Qg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/723b15-faac-41ff-a1aa-88739e335053/1/pkEvxsg0lyUz8ua6CoCuzxPGvFc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/723b15-faac-41ff-a1aa-88739e335053/1/1-9MpaKqqkZxSeR_7B_k0NrdP1Qg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.148.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         80:42:14:b5:bb:f1:ee:e3:eb:2a:dc:47:ae:2e:42:38:7b:df:
         ed:97:7c:63:b9:92:2f:4b:aa:19:e6:da:e5:2c:45:da:1e:77:
         1c:3c:3a:1b:c8:a5:f3:10:18:aa:68:52:0f:2d:d8:13:45:c8:
         05:ef:5d:b4:51:30:d2:d9:5d:6d:f5:0c:1f:91:fb:c9:61:2d:
         64:64:b7:c4:33:4e:b0:3e:d5:72:9f:6c:50:07:03:13:6d:ac:
         0b:c8:c3:50:a5:e7:c9:0a:21:37:5b:8f:53:df:3b:d5:f7:b3:
         5e:2f:af:90:2a:d3:33:6b:6e:fa:8d:31:93:36:c5:28:20:6f:
         45:a8:ae:86:ca:fa:82:f4:da:20:09:6e:20:d0:f0:33:65:21:
         a7:88:37:5e:1e:78:9b:45:08:54:b2:6a:7b:cf:fd:37:f5:c7:
         a3:ef:01:3a:5a:94:ec:f1:08:57:f8:54:fb:ae:fd:e4:70:c1:
         dd:5f:89:18:61:4f:f2:5c:fa:30:95:47:a5:9f:6e:66:e5:19:
         9f:f6:30:c6:1c:40:8c:37:55:0d:a0:ae:8b:e9:cf:46:38:18:
         2b:3d:55:81:ae:5b:75:a0:22:08:cd:8a:5e:75:da:fb:5b:ed:
         f9:e5:82:5e:50:ca:e4:72:df:57:3d:b5:9a:4e:d1:5c:05:63:
         8e:0f:3d:f3
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQm2S7xta//kXZf8iac5X38MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZiZDMyOTY4YWFhYTkxOWM1Mjc5MWZmYjA3ZjkzNDM2Yjc0
ZmQ1MDgwHhcNMjUwMTAyMTE0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjQxMmZjNmM4MzQ5NzI1MzNmMmU2YmEwYTgwYWVjZjEzYzZiYzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9PkZqnz+bFEwfKdEDhCofm+SDw8
5OsAN4AbwXYMApk7+yzv4r+AlChwKnnqy8Qwd+SIQjfdh/JFxieXFub7tXj96ZkH
S0CDUUqEu4Cr05lE7ayjWBonkp5T0+HSYLS2TKMTTBb4sgVHFsqU0i2yJoTj2nHd
oAAXdHHgKoBfRd+cYR+ivozu8HXlPvP1F/PXQEbkLl7W7g9QnZpI8m7KGSXVU6Z0
eQVRtcJPa/NO3VobCS6Cjssir5CVOyzO+kW8U+4L30XyhkBqFPxCPrEVZZR2oTA0
9Q0J9eQCVC2EbLXtFQLV/Qw4j6UsRzwyYruEWk2UrjsBXFq19GtPaTKIuQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFKZBL8bINJclM/LmugqArs8TxrxXMB8GA1UdIwQY
MBaAFPvTKWiqqpGcUnkf+wf5NDa3T9UIMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS05TXBhS3Fxa1p4U2VSXzdCX2swTnJkUDFRZy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTAvNzIzYjE1LWZhYWMtNDFmZi1hMWFh
LTg4NzM5ZTMzNTA1My8xL3BrRXZ4c2cwbHlVejh1YTZDb0N1enhQR3ZGYy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTAvNzIzYjE1LWZhYWMtNDFmZi1hMWFhLTg4NzM5ZTMzNTA1
My8xLzEtOU1wYUtxcWtaeFNlUl83Ql9rME5yZFAxUWcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAQulDAw
DQYJKoZIhvcNAQELBQADggEBAIBCFLW78e7j6yrcR64uQjh73+2XfGO5ki9Lqhnm
2uUsRdoedxw8OhvIpfMQGKpoUg8t2BNFyAXvXbRRMNLZXW31DB+R+8lhLWRkt8Qz
TrA+1XKfbFAHAxNtrAvIw1Cl58kKITdbj1PfO9X3s14vr5Aq0zNrbvqNMZM2xSgg
b0WorobK+oL02iAJbiDQ8DNlIaeIN14eeJtFCFSyanvP/Tf1x6PvATpalOzxCFf4
VPuu/eRwwd1fiRhhT/Jc+jCVR6WfbmblGZ/2MMYcQIw3VQ2grovpz0Y4GCs9VYGu
W3WgIgjNil512vtb7fnlgl5QyuRy31c9tZpO0VwFY44PPfM=
-----END CERTIFICATE-----