Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/ed20e6-4f56-4599-82c0-33a9a6f42f0c/1/PMjVCm3hBZuQAZ5tM3Telr1xhEE.roa
File:                     PMjVCm3hBZuQAZ5tM3Telr1xhEE.roa (raw, json)
Hash identifier:          KXf/GfeWF2bV1S9n6Vh7XTD01mNiCVr5bp2ghD/yFjY=
Subject key identifier:   3C:C8:D5:0A:6D:E1:05:9B:90:01:9E:6D:33:74:DE:96:BD:71:84:41
Certificate issuer:       /CN=04e50240af40eb2ad60fc3078ac33fc5355d4416
Certificate serial:       01907A04E20C4669BD13DBF7D4302C7AA16F
Authority key identifier: 04:E5:02:40:AF:40:EB:2A:D6:0F:C3:07:8A:C3:3F:C5:35:5D:44:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BOUCQK9A6yrWD8MHisM_xTVdRBY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/ed20e6-4f56-4599-82c0-33a9a6f42f0c/1/PMjVCm3hBZuQAZ5tM3Telr1xhEE.roa
Signing time:             Wed 03 Jul 2024 19:14:18 +0000
ROA not before:           Wed 03 Jul 2024 19:14:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12931
IP address blocks:        46.35.48.0/20 maxlen: 20
                          213.182.0.0/19 maxlen: 19
                          2001:14e0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/ed20e6-4f56-4599-82c0-33a9a6f42f0c/1/BOUCQK9A6yrWD8MHisM_xTVdRBY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/ed20e6-4f56-4599-82c0-33a9a6f42f0c/1/BOUCQK9A6yrWD8MHisM_xTVdRBY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BOUCQK9A6yrWD8MHisM_xTVdRBY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7a:04:e2:0c:46:69:bd:13:db:f7:d4:30:2c:7a:a1:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04e50240af40eb2ad60fc3078ac33fc5355d4416
        Validity
            Not Before: Jul  3 19:14:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cc8d50a6de1059b90019e6d3374de96bd718441
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e5:a4:e7:b4:17:15:9a:0f:b7:1d:08:a2:94:
                    3e:c1:2e:fe:eb:bc:f8:cf:3e:b6:e8:85:24:70:11:
                    aa:49:c7:3b:fa:fb:38:9b:b7:fb:62:28:3b:50:67:
                    3d:a1:e9:cc:e2:1d:cb:57:dd:36:eb:67:5d:4d:f3:
                    13:a2:fc:a5:ab:b2:9d:6d:00:9a:c9:b6:7c:2c:63:
                    88:47:6d:77:9d:ef:3a:02:0a:26:b1:7a:9d:09:d0:
                    77:37:77:e5:ce:79:0f:4b:7a:99:03:2a:8c:64:77:
                    e6:78:30:da:34:30:54:6b:e8:23:4d:09:9c:5f:9c:
                    8d:ba:ec:cd:6b:f8:5e:61:13:2d:d3:23:fb:48:b7:
                    ab:f4:e0:83:c0:ef:28:39:a9:78:4a:ef:c9:96:5e:
                    db:59:5b:e3:d2:93:d5:12:a2:da:5b:aa:82:cd:97:
                    8a:67:99:ba:21:25:58:ca:ec:76:b0:55:ee:84:89:
                    c0:a1:b1:34:42:84:ff:09:29:63:15:c8:41:d1:82:
                    05:49:f4:87:93:ea:26:50:99:54:49:02:c3:d3:d1:
                    3e:64:8d:6a:d2:a1:32:09:e6:2e:54:da:ca:cd:49:
                    6f:44:5f:86:8c:e8:69:ab:b8:d9:fa:4f:12:0b:76:
                    1a:cb:b5:9e:ef:03:44:69:9f:42:35:90:63:88:b8:
                    e0:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:C8:D5:0A:6D:E1:05:9B:90:01:9E:6D:33:74:DE:96:BD:71:84:41
            X509v3 Authority Key Identifier:
                keyid:04:E5:02:40:AF:40:EB:2A:D6:0F:C3:07:8A:C3:3F:C5:35:5D:44:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BOUCQK9A6yrWD8MHisM_xTVdRBY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/ed20e6-4f56-4599-82c0-33a9a6f42f0c/1/PMjVCm3hBZuQAZ5tM3Telr1xhEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/ed20e6-4f56-4599-82c0-33a9a6f42f0c/1/BOUCQK9A6yrWD8MHisM_xTVdRBY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.35.48.0/20
                  213.182.0.0/19
                IPv6:
                  2001:14e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5b:9d:2e:b4:b8:16:64:d7:9a:c0:39:cb:10:63:a3:bc:fa:4a:
         16:94:75:42:4b:27:2f:b9:46:ec:c2:5c:40:59:bc:ae:4d:94:
         cf:a1:fe:d4:92:d9:9f:5f:37:28:1c:fb:f3:53:17:90:a1:90:
         ad:c8:6d:04:5d:df:0e:5f:95:fc:3d:ba:4d:71:8a:9c:84:4f:
         83:9b:2d:cd:20:7f:4d:6a:34:2a:4e:cc:bd:07:ae:ff:81:b1:
         df:d0:0b:00:70:6c:bc:cc:99:01:85:72:84:87:c1:64:74:b6:
         19:16:ed:6d:7a:30:b3:57:68:ed:f1:c2:ae:15:85:a5:8b:aa:
         29:b4:96:48:5c:cd:c0:a4:e1:8f:23:92:17:4b:b7:71:6b:86:
         9a:f9:17:ef:8e:92:f5:b6:36:70:79:07:2a:cb:53:b4:8e:5a:
         33:90:98:8b:9f:39:2f:69:c1:c2:2f:ac:22:c2:19:ba:4a:e6:
         9f:01:33:3a:9a:a2:a0:42:22:8a:d4:4b:1a:66:95:cf:f4:46:
         97:bc:76:3e:3b:8d:65:34:50:5d:e7:8e:86:02:9a:43:76:4e:
         fe:e0:61:16:fa:cf:f5:19:79:82:1f:0a:ca:69:53:04:f2:bd:
         16:8b:9d:34:c8:05:84:77:42:8a:bb:4d:eb:fe:45:47:0f:d5:
         f4:02:ce:f6
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZB6BOIMRmm9E9v31DAseqFvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0ZTUwMjQwYWY0MGViMmFkNjBmYzMwNzhhYzMzZmM1MzU1
ZDQ0MTYwHhcNMjQwNzAzMTkxNDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2M4ZDUwYTZkZTEwNTliOTAwMTllNmQzMzc0ZGU5NmJkNzE4NDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyuWk57QXFZoPtx0IopQ+wS7+67z4
zz626IUkcBGqScc7+vs4m7f7Yig7UGc9oenM4h3LV90262ddTfMTovylq7KdbQCa
ybZ8LGOIR213ne86AgomsXqdCdB3N3flznkPS3qZAyqMZHfmeDDaNDBUa+gjTQmc
X5yNuuzNa/heYRMt0yP7SLer9OCDwO8oOal4Su/Jll7bWVvj0pPVEqLaW6qCzZeK
Z5m6ISVYyux2sFXuhInAobE0QoT/CSljFchB0YIFSfSHk+omUJlUSQLD09E+ZI1q
0qEyCeYuVNrKzUlvRF+GjOhpq7jZ+k8SC3Yay7We7wNEaZ9CNZBjiLjgdQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFDzI1Qpt4QWbkAGebTN03pa9cYRBMB8GA1UdIwQY
MBaAFATlAkCvQOsq1g/DB4rDP8U1XUQWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQk9VQ1FLOUE2eXJXRDhNSGlzTV94VFZkUkJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9lZDIwZTYtNGY1Ni00NTk5LTgyYzAt
MzNhOWE2ZjQyZjBjLzEvUE1qVkNtM2hCWnVRQVo1dE0zVGVscjF4aEVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9lZDIwZTYtNGY1Ni00NTk5LTgyYzAtMzNhOWE2ZjQyZjBj
LzEvQk9VQ1FLOUE2eXJXRDhNSGlzTV94VFZkUkJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQELiMwAwQF
1bYAMA0EAgACMAcDBQAgARTgMA0GCSqGSIb3DQEBCwUAA4IBAQBbnS60uBZk15rA
OcsQY6O8+koWlHVCSycvuUbswlxAWbyuTZTPof7UktmfXzcoHPvzUxeQoZCtyG0E
Xd8OX5X8PbpNcYqchE+Dmy3NIH9NajQqTsy9B67/gbHf0AsAcGy8zJkBhXKEh8Fk
dLYZFu1tejCzV2jt8cKuFYWli6optJZIXM3ApOGPI5IXS7dxa4aa+RfvjpL1tjZw
eQcqy1O0jlozkJiLnzkvacHCL6wiwhm6SuafATM6mqKgQiKK1EsaZpXP9EaXvHY+
O41lNFBd546GAppDdk7+4GEW+s/1GXmCHwrKaVME8r0Wi500yAWEd0KKu03r/kVH
D9X0As72
-----END CERTIFICATE-----