Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/DpKy84xGq4bZRMW3bg3Qqscpy-g.roa
File:                     DpKy84xGq4bZRMW3bg3Qqscpy-g.roa (raw, json)
Hash identifier:          Pghneqh0rqfe/wIbx3lltKoFinQFr3Xds6By1KC5GTY=
Subject key identifier:   0E:92:B2:F3:8C:46:AB:86:D9:44:C5:B7:6E:0D:D0:AA:C7:29:CB:E8
Certificate issuer:       /CN=b2e448b4a08f0e4c58a283d80735a8a803e10d4e
Certificate serial:       01958F39936A534612771F5BA97E42CFEB8E
Authority key identifier: B2:E4:48:B4:A0:8F:0E:4C:58:A2:83:D8:07:35:A8:A8:03:E1:0D:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/suRItKCPDkxYooPYBzWoqAPhDU4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/DpKy84xGq4bZRMW3bg3Qqscpy-g.roa
Signing time:             Thu 13 Mar 2025 11:17:49 +0000
ROA not before:           Thu 13 Mar 2025 11:17:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44628
IP address blocks:        46.17.240.0/22 maxlen: 22
                          185.80.152.0/22 maxlen: 22
                          2a00:1908:faca::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/suRItKCPDkxYooPYBzWoqAPhDU4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/suRItKCPDkxYooPYBzWoqAPhDU4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/suRItKCPDkxYooPYBzWoqAPhDU4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8f:39:93:6a:53:46:12:77:1f:5b:a9:7e:42:cf:eb:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2e448b4a08f0e4c58a283d80735a8a803e10d4e
        Validity
            Not Before: Mar 13 11:17:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e92b2f38c46ab86d944c5b76e0dd0aac729cbe8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:38:aa:c3:92:ee:48:01:3a:11:56:2f:de:5b:
                    68:52:17:d3:d4:8d:63:ed:ec:5b:da:ba:bf:c8:06:
                    a8:21:8c:a4:0e:f6:74:75:2d:52:c2:c1:6d:53:1f:
                    4f:66:7a:99:57:81:90:59:4d:07:61:3f:af:87:8c:
                    c4:dd:b4:9d:fc:8c:e3:3e:36:f2:1a:7d:ff:82:5d:
                    fd:a6:57:71:53:8b:e9:63:d9:6a:0e:0c:89:86:a6:
                    67:7a:b4:2b:32:a6:4d:03:84:d8:2a:a5:77:bc:a3:
                    7a:24:a2:fa:a7:55:e9:5a:f0:ef:dc:2c:f5:2f:9c:
                    41:9d:21:72:a3:9f:66:e0:7a:a2:53:2e:94:00:ba:
                    71:d7:82:09:e9:48:57:9e:7c:62:ab:2b:c5:2e:5f:
                    ed:e3:99:21:5f:8c:1c:fb:d5:1c:03:02:8a:78:55:
                    65:e8:ad:17:95:fd:ad:b5:e0:76:9b:50:1e:51:5e:
                    16:77:f6:c4:15:f1:e9:0f:24:f0:ce:20:88:2d:74:
                    69:80:1b:e5:10:d7:dc:e5:fe:60:74:a5:51:68:ff:
                    a3:83:dc:2f:dc:33:1f:25:56:46:9e:ce:f3:13:ea:
                    a7:74:81:32:03:e6:e0:9c:12:46:29:3f:bb:59:ea:
                    81:a9:3e:1c:8d:00:5c:7a:01:6e:5a:2c:52:6d:80:
                    a5:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:92:B2:F3:8C:46:AB:86:D9:44:C5:B7:6E:0D:D0:AA:C7:29:CB:E8
            X509v3 Authority Key Identifier:
                keyid:B2:E4:48:B4:A0:8F:0E:4C:58:A2:83:D8:07:35:A8:A8:03:E1:0D:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/suRItKCPDkxYooPYBzWoqAPhDU4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/DpKy84xGq4bZRMW3bg3Qqscpy-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/a7068a-92ba-42ea-9966-2054d4e903bc/1/suRItKCPDkxYooPYBzWoqAPhDU4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.240.0/22
                  185.80.152.0/22
                IPv6:
                  2a00:1908:faca::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:6f:c6:75:54:a7:f4:3e:2d:7b:53:82:5e:e8:b1:eb:cb:9a:
         f5:86:cf:f3:02:0e:7b:6c:75:6c:27:7d:71:bd:fc:c3:4c:3f:
         5e:4f:2d:99:f0:44:a5:04:e9:42:e8:ce:17:5e:92:fe:f4:cb:
         d3:bc:d3:ad:eb:8e:2c:e0:89:c7:0c:17:2c:fb:f3:dc:dc:b8:
         1c:24:a0:46:10:a9:62:05:9d:83:c2:a3:6d:e3:44:a4:f1:3d:
         1b:16:d7:44:0c:06:1c:a9:c4:a8:3a:78:ef:1e:6e:84:05:b4:
         a6:8c:3c:90:65:bd:e9:8f:81:c3:68:3c:c9:f6:16:6b:2e:8c:
         9c:80:cc:38:95:d5:7c:36:9a:7e:d4:bb:41:23:52:d5:76:20:
         7c:0a:09:70:ad:9c:1b:b7:fa:27:2f:7c:fa:5f:73:9f:c2:d9:
         95:b1:d6:35:50:89:4c:77:5a:dc:12:49:9d:e7:18:00:d4:18:
         bc:64:f4:41:05:34:2c:ed:7d:7d:de:a0:1f:a9:2a:f7:96:00:
         67:5c:cf:2d:a2:e5:a8:28:c7:16:86:0d:99:10:75:ad:09:c7:
         e8:00:0d:4e:a3:86:35:53:f3:12:d6:21:a0:62:cd:a8:7e:8a:
         a9:f2:6d:c6:5e:9a:1f:60:de:45:7f:6d:35:84:84:9a:df:01:
         c0:16:e9:12
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZWPOZNqU0YSdx9bqX5Cz+uOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZTQ0OGI0YTA4ZjBlNGM1OGEyODNkODA3MzVhOGE4MDNl
MTBkNGUwHhcNMjUwMzEzMTExNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTkyYjJmMzhjNDZhYjg2ZDk0NGM1Yjc2ZTBkZDBhYWM3MjljYmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ziqw5LuSAE6EVYv3ltoUhfT1I1j
7exb2rq/yAaoIYykDvZ0dS1SwsFtUx9PZnqZV4GQWU0HYT+vh4zE3bSd/IzjPjby
Gn3/gl39pldxU4vpY9lqDgyJhqZnerQrMqZNA4TYKqV3vKN6JKL6p1XpWvDv3Cz1
L5xBnSFyo59m4HqiUy6UALpx14IJ6UhXnnxiqyvFLl/t45khX4wc+9UcAwKKeFVl
6K0Xlf2tteB2m1AeUV4Wd/bEFfHpDyTwziCILXRpgBvlENfc5f5gdKVRaP+jg9wv
3DMfJVZGns7zE+qndIEyA+bgnBJGKT+7WeqBqT4cjQBcegFuWixSbYClWwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFA6SsvOMRquG2UTFt24N0KrHKcvoMB8GA1UdIwQY
MBaAFLLkSLSgjw5MWKKD2Ac1qKgD4Q1OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3VSSXRLQ1BEa3hZb29QWUJ6V29xQVBoRFU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9hNzA2OGEtOTJiYS00MmVhLTk5NjYt
MjA1NGQ0ZTkwM2JjLzEvRHBLeTg0eEdxNGJaUk1XM2JnM1Fxc2NweS1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9hNzA2OGEtOTJiYS00MmVhLTk5NjYtMjA1NGQ0ZTkwM2Jj
LzEvc3VSSXRLQ1BEa3hZb29QWUJ6V29xQVBoRFU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQCLhHwAwQC
uVCYMA8EAgACMAkDBwAqABkI+sowDQYJKoZIhvcNAQELBQADggEBACdvxnVUp/Q+
LXtTgl7osevLmvWGz/MCDntsdWwnfXG9/MNMP15PLZnwRKUE6ULozhdekv70y9O8
063rjizgiccMFyz789zcuBwkoEYQqWIFnYPCo23jRKTxPRsW10QMBhypxKg6eO8e
boQFtKaMPJBlvemPgcNoPMn2FmsujJyAzDiV1Xw2mn7Uu0EjUtV2IHwKCXCtnBu3
+icvfPpfc5/C2ZWx1jVQiUx3WtwSSZ3nGADUGLxk9EEFNCztfX3eoB+pKveWAGdc
zy2i5agoxxaGDZkQda0Jx+gADU6jhjVT8xLWIaBizah+iqnybcZemh9g3kV/bTWE
hJrfAcAW6RI=
-----END CERTIFICATE-----