Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/T2Brql0Yt4MLEwd6xrs_MtwUops.roa
File:                     T2Brql0Yt4MLEwd6xrs_MtwUops.roa (raw, json)
Hash identifier:          GVu7glPuwGzBSQa/9uShXAaz1o9DgmeZyp8FEo9hDEA=
Subject key identifier:   4F:60:6B:AA:5D:18:B7:83:0B:13:07:7A:C6:BB:3F:32:DC:14:A2:9B
Certificate issuer:       /CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
Certificate serial:       0192D282932769009E41F0E83227AA254B46
Authority key identifier: 29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/T2Brql0Yt4MLEwd6xrs_MtwUops.roa
Signing time:             Mon 28 Oct 2024 09:43:45 +0000
ROA not before:           Mon 28 Oct 2024 09:43:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214770
IP address blocks:        46.17.216.0/24 maxlen: 24
                          2a01:e900::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 13 Nov 2024 15:27:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d2:82:93:27:69:00:9e:41:f0:e8:32:27:aa:25:4b:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2968b4e0ef8106f0e12ab8e501d2aa4e36b783c2
        Validity
            Not Before: Oct 28 09:43:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f606baa5d18b7830b13077ac6bb3f32dc14a29b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:0b:73:fc:ce:80:52:5d:0a:98:53:35:5c:38:
                    01:85:e7:1d:9e:65:7b:7c:32:50:e0:85:41:bf:ae:
                    8a:89:6c:25:09:c2:3c:df:91:f1:5c:d4:03:3c:8b:
                    d6:74:a1:77:12:04:63:75:a4:e9:ab:31:98:f7:0f:
                    98:dd:e7:18:54:ac:10:96:a6:3c:01:48:9d:cc:83:
                    c3:25:6b:ad:f7:27:76:c5:fa:32:82:72:7c:69:03:
                    99:47:aa:a1:b2:12:16:a2:19:c6:be:16:01:20:23:
                    aa:cb:ac:36:a3:79:17:07:35:8e:d5:04:6b:b6:af:
                    df:64:eb:f6:0f:8d:53:2c:c6:f3:bc:8c:64:f2:dd:
                    f3:46:06:da:39:25:62:88:4e:86:2f:7a:3d:2b:0c:
                    34:16:7a:c0:4d:2e:c9:29:ec:34:91:6e:b0:65:fe:
                    1d:5e:6f:3c:19:69:63:d9:68:34:34:0c:cf:c7:41:
                    d2:dc:8a:c0:11:28:27:75:75:4f:68:b0:b7:15:1b:
                    3b:c6:27:8b:b4:e9:76:28:d1:0d:1b:76:a1:a1:51:
                    81:46:fe:f4:75:b0:ae:04:2e:32:f4:23:af:e5:15:
                    2a:8f:32:23:c2:b8:66:77:52:bc:dd:7e:61:2a:ca:
                    dd:0b:46:7b:fe:82:2f:d6:8d:70:6c:56:5e:b5:a7:
                    a4:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:60:6B:AA:5D:18:B7:83:0B:13:07:7A:C6:BB:3F:32:DC:14:A2:9B
            X509v3 Authority Key Identifier:
                keyid:29:68:B4:E0:EF:81:06:F0:E1:2A:B8:E5:01:D2:AA:4E:36:B7:83:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KWi04O-BBvDhKrjlAdKqTja3g8I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/T2Brql0Yt4MLEwd6xrs_MtwUops.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/481637-6c1c-45e8-8fbd-44f8ed5d61d7/1/KWi04O-BBvDhKrjlAdKqTja3g8I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.216.0/24
                IPv6:
                  2a01:e900::/40

    Signature Algorithm: sha256WithRSAEncryption
         7c:a4:ac:ca:6b:b2:f1:bd:f0:ec:2e:1d:8c:28:de:e4:39:ee:
         3d:c1:a1:14:b1:86:0a:d7:c8:f8:b7:55:cf:9c:a8:3c:0f:34:
         ed:13:c0:e2:17:69:bb:d6:b5:47:95:60:3a:70:28:54:70:af:
         43:da:05:6d:b7:8d:b9:f2:7c:49:a9:22:9a:a7:1c:4b:26:25:
         bc:82:a9:4e:89:88:48:3e:bf:5d:1c:f6:be:94:c6:43:3b:76:
         4e:70:17:e3:50:e2:e5:39:f3:75:7d:be:1f:6d:3e:87:9d:72:
         af:df:17:72:f7:c7:27:f5:e7:ad:35:9b:6e:6a:7b:7c:c5:37:
         82:03:24:7f:a0:c3:22:9c:1e:22:fd:21:b1:6f:51:94:c2:90:
         93:d9:08:a9:25:3f:9d:c2:ce:de:34:a6:42:de:d9:fa:96:a5:
         59:8d:9d:22:8e:0b:29:09:97:25:bc:34:e2:3a:f8:23:cf:5a:
         cc:cb:2e:5b:cf:17:9c:0f:e1:7c:92:75:d3:3e:0c:13:04:97:
         30:c5:92:ab:58:d9:b5:68:42:1e:e3:3e:7a:37:a0:9e:60:8f:
         60:37:2a:6e:92:af:1e:8e:90:78:53:5d:61:d8:ae:a3:d4:57:
         35:50:49:96:46:97:18:cb:86:bf:32:85:76:05:aa:7b:0a:e8:
         a4:37:70:1a
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZLSgpMnaQCeQfDoMieqJUtGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NjhiNGUwZWY4MTA2ZjBlMTJhYjhlNTAxZDJhYTRlMzZi
NzgzYzIwHhcNMjQxMDI4MDk0MzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjYwNmJhYTVkMThiNzgzMGIxMzA3N2FjNmJiM2YzMmRjMTRhMjliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugtz/M6AUl0KmFM1XDgBhecdnmV7
fDJQ4IVBv66KiWwlCcI835HxXNQDPIvWdKF3EgRjdaTpqzGY9w+Y3ecYVKwQlqY8
AUidzIPDJWut9yd2xfoygnJ8aQOZR6qhshIWohnGvhYBICOqy6w2o3kXBzWO1QRr
tq/fZOv2D41TLMbzvIxk8t3zRgbaOSViiE6GL3o9Kww0FnrATS7JKew0kW6wZf4d
Xm88GWlj2Wg0NAzPx0HS3IrAESgndXVPaLC3FRs7xieLtOl2KNENG3ahoVGBRv70
dbCuBC4y9COv5RUqjzIjwrhmd1K83X5hKsrdC0Z7/oIv1o1wbFZetaekhwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFE9ga6pdGLeDCxMHesa7PzLcFKKbMB8GA1UdIwQY
MBaAFClotODvgQbw4Sq45QHSqk42t4PCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQt
NDRmOGVkNWQ2MWQ3LzEvVDJCcnFsMFl0NE1MRXdkNnhyc19NdHdVb3BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy80ODE2MzctNmMxYy00NWU4LThmYmQtNDRmOGVkNWQ2MWQ3
LzEvS1dpMDRPLUJCdkRoS3JqbEFkS3FUamEzZzhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQALhHYMA4E
AgACMAgDBgAqAekAADANBgkqhkiG9w0BAQsFAAOCAQEAfKSsymuy8b3w7C4djCje
5DnuPcGhFLGGCtfI+LdVz5yoPA807RPA4hdpu9a1R5VgOnAoVHCvQ9oFbbeNufJ8
SakimqccSyYlvIKpTomISD6/XRz2vpTGQzt2TnAX41Di5TnzdX2+H20+h51yr98X
cvfHJ/XnrTWbbmp7fMU3ggMkf6DDIpweIv0hsW9RlMKQk9kIqSU/ncLO3jSmQt7Z
+palWY2dIo4LKQmXJbw04jr4I89azMsuW88XnA/hfJJ10z4MEwSXMMWSq1jZtWhC
HuM+ejegnmCPYDcqbpKvHo6QeFNdYdiuo9RXNVBJlkaXGMuGvzKFdgWqewropDdw
Gg==
-----END CERTIFICATE-----