Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/SNFt0lB0U4IpDK2M6jbg0nixPuw.roa
File:                     SNFt0lB0U4IpDK2M6jbg0nixPuw.roa (raw, json)
Hash identifier:          ZkAQcXTk1wy7KfuKPlx7eg9LZ93/MdGfH+lnC1SNvbA=
Subject key identifier:   48:D1:6D:D2:50:74:53:82:29:0C:AD:8C:EA:36:E0:D2:78:B1:3E:EC
Certificate issuer:       /CN=84f824d32df1a5113d82101345d785a38addbde5
Certificate serial:       019483014837A7532F8076E2DBD73FE64BF2
Authority key identifier: 84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/SNFt0lB0U4IpDK2M6jbg0nixPuw.roa
Signing time:             Mon 20 Jan 2025 09:18:06 +0000
ROA not before:           Mon 20 Jan 2025 09:18:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     139648
IP address blocks:        46.102.179.0/24 maxlen: 24
                          46.102.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/hPgk0y3xpRE9ghATRdeFo4rdveU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/hPgk0y3xpRE9ghATRdeFo4rdveU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 01:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:83:01:48:37:a7:53:2f:80:76:e2:db:d7:3f:e6:4b:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84f824d32df1a5113d82101345d785a38addbde5
        Validity
            Not Before: Jan 20 09:18:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=48d16dd250745382290cad8cea36e0d278b13eec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:f6:3e:f7:36:9e:17:46:6b:9c:f2:60:07:4b:
                    17:9e:6f:78:32:ea:f4:54:44:31:44:f0:ad:37:7c:
                    0a:0d:25:68:e2:6f:6b:c1:2d:38:89:a4:ff:83:d7:
                    4b:f5:cb:25:61:c4:47:e5:35:00:04:7f:93:3e:e1:
                    93:1a:5b:75:4b:d5:a3:5d:64:a1:7c:b1:b6:0b:c4:
                    97:db:d3:3a:d5:4d:39:b0:d3:ed:a3:86:ec:d5:28:
                    7d:61:dd:a8:f8:6e:3d:6c:de:10:64:9f:f0:fc:2b:
                    ca:e8:a1:1a:55:37:23:a7:82:8d:e7:71:d6:20:24:
                    44:bf:8b:95:98:98:a4:8c:00:3b:44:ee:49:5f:bf:
                    b9:9d:5d:60:25:27:41:bd:b7:f4:0a:d4:f1:de:c7:
                    a1:53:9d:16:25:1c:2e:c1:3a:58:60:aa:52:27:7f:
                    16:7d:d0:06:82:9d:74:1b:39:99:a2:9e:cc:1c:c1:
                    3e:11:2c:5a:93:7a:89:63:a0:d5:a8:39:00:41:5f:
                    e6:d7:c9:39:da:fc:b8:d6:a2:9f:4a:3e:8a:85:73:
                    7c:9f:96:7e:e0:2a:83:d8:fc:69:22:00:ee:50:2a:
                    b4:2a:69:33:c0:21:b0:c3:1e:a8:28:2f:a7:1f:f7:
                    cd:02:94:79:52:ed:ee:66:ee:14:4d:2b:19:23:f3:
                    52:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:D1:6D:D2:50:74:53:82:29:0C:AD:8C:EA:36:E0:D2:78:B1:3E:EC
            X509v3 Authority Key Identifier:
                keyid:84:F8:24:D3:2D:F1:A5:11:3D:82:10:13:45:D7:85:A3:8A:DD:BD:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hPgk0y3xpRE9ghATRdeFo4rdveU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/SNFt0lB0U4IpDK2M6jbg0nixPuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/9d65bb-ab4f-43aa-bba8-437394938c52/1/hPgk0y3xpRE9ghATRdeFo4rdveU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.179.0-46.102.180.255

    Signature Algorithm: sha256WithRSAEncryption
         89:69:ef:52:46:4f:d1:a4:fe:f2:62:92:16:23:4e:91:91:c1:
         ac:d4:9f:37:35:42:0f:68:65:e9:f9:77:fc:99:78:a7:63:04:
         41:47:57:83:40:ab:0e:16:af:b5:f7:ad:ed:88:55:eb:90:7f:
         5e:c5:d9:29:ce:67:33:fd:c7:6b:06:95:a9:ce:3e:ce:77:c2:
         6c:87:97:d8:15:a7:4e:b5:58:8f:fb:45:b2:04:29:34:36:88:
         d6:16:49:e8:c6:9f:77:ab:7f:9b:12:c0:ea:66:02:00:29:60:
         4c:fd:3b:8e:40:57:07:c3:9b:38:e3:b2:12:5c:3f:90:ff:33:
         bf:3e:06:ee:ea:59:1a:54:b7:36:c7:88:f8:0a:fc:35:02:a6:
         6f:4a:68:a9:a8:85:6e:5e:ff:33:7b:49:3f:96:3e:bd:a1:d4:
         8b:2d:ef:b8:04:d2:02:aa:63:02:55:6c:ec:d6:1c:2a:8e:9f:
         c8:b8:6a:82:2e:c4:c5:4d:96:50:73:4b:3d:48:08:a5:57:47:
         90:e9:9c:2e:ad:1e:fa:61:06:25:48:a6:08:8b:43:68:a8:b7:
         9d:e3:71:ea:5a:54:2e:ce:b1:6b:af:e2:ed:85:30:22:1d:69:
         1b:b4:ac:0e:8f:9a:af:0d:23:1c:3c:ac:6f:1e:ac:ef:d4:98:
         31:fc:53:2c
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZSDAUg3p1MvgHbi29c/5kvyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0ZjgyNGQzMmRmMWE1MTEzZDgyMTAxMzQ1ZDc4NWEzOGFk
ZGJkZTUwHhcNMjUwMTIwMDkxODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGQxNmRkMjUwNzQ1MzgyMjkwY2FkOGNlYTM2ZTBkMjc4YjEzZWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo/Y+9zaeF0ZrnPJgB0sXnm94Mur0
VEQxRPCtN3wKDSVo4m9rwS04iaT/g9dL9cslYcRH5TUABH+TPuGTGlt1S9WjXWSh
fLG2C8SX29M61U05sNPto4bs1Sh9Yd2o+G49bN4QZJ/w/CvK6KEaVTcjp4KN53HW
ICREv4uVmJikjAA7RO5JX7+5nV1gJSdBvbf0CtTx3sehU50WJRwuwTpYYKpSJ38W
fdAGgp10GzmZop7MHME+ESxak3qJY6DVqDkAQV/m18k52vy41qKfSj6KhXN8n5Z+
4CqD2PxpIgDuUCq0KmkzwCGwwx6oKC+nH/fNApR5Uu3uZu4UTSsZI/NS8QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFEjRbdJQdFOCKQytjOo24NJ4sT7sMB8GA1UdIwQY
MBaAFIT4JNMt8aURPYIQE0XXhaOK3b3lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFBnazB5M3hwUkU5Z2hBVFJkZUZvNHJkdmVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85ZDY1YmItYWI0Zi00M2FhLWJiYTgt
NDM3Mzk0OTM4YzUyLzEvU05GdDBsQjBVNElwREsyTTZqYmcwbml4UHV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85ZDY1YmItYWI0Zi00M2FhLWJiYTgtNDM3Mzk0OTM4YzUy
LzEvaFBnazB5M3hwUkU5Z2hBVFJkZUZvNHJkdmVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAuZrMD
BAAuZrQwDQYJKoZIhvcNAQELBQADggEBAIlp71JGT9Gk/vJikhYjTpGRwazUnzc1
Qg9oZen5d/yZeKdjBEFHV4NAqw4Wr7X3re2IVeuQf17F2SnOZzP9x2sGlanOPs53
wmyHl9gVp061WI/7RbIEKTQ2iNYWSejGn3erf5sSwOpmAgApYEz9O45AVwfDmzjj
shJcP5D/M78+Bu7qWRpUtzbHiPgK/DUCpm9KaKmohW5e/zN7ST+WPr2h1Ist77gE
0gKqYwJVbOzWHCqOn8i4aoIuxMVNllBzSz1ICKVXR5DpnC6tHvphBiVIpgiLQ2io
t53jcepaVC7OsWuv4u2FMCIdaRu0rA6Pmq8NIxw8rG8erO/UmDH8Uyw=
-----END CERTIFICATE-----