Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/8a7Shw-C7t8tDg8xa-1FGikOXPc.roa
File:                     8a7Shw-C7t8tDg8xa-1FGikOXPc.roa (raw, json)
Hash identifier:          4edDmS0LETRqSpGQGFtoKLhIM6xiHOAiP43PkbiFy4g=
Subject key identifier:   F1:AE:D2:87:0F:82:EE:DF:2D:0E:0F:31:6B:ED:45:1A:29:0E:5C:F7
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       019424453E8B5E83EE4BDFB940E8C6C61310
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/8a7Shw-C7t8tDg8xa-1FGikOXPc.roa
Signing time:             Wed 01 Jan 2025 23:48:25 +0000
ROA not before:           Wed 01 Jan 2025 23:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5511
IP address blocks:        46.34.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:3e:8b:5e:83:ee:4b:df:b9:40:e8:c6:c6:13:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Jan  1 23:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1aed2870f82eedf2d0e0f316bed451a290e5cf7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:2f:4c:47:40:36:41:0d:4c:70:da:7f:be:7e:
                    b8:67:0d:17:f8:46:92:9f:73:1c:ab:f4:d2:82:c4:
                    d4:f9:fa:bb:2b:be:2a:3b:92:93:53:98:36:56:48:
                    50:d6:b7:0c:ed:c9:43:5e:66:5e:9d:75:87:1f:bb:
                    69:40:62:87:09:3a:91:46:f3:60:4f:16:f9:7c:fd:
                    ac:17:fe:58:4a:3b:d3:d1:a1:fe:c2:59:1d:83:09:
                    78:d0:0a:83:7b:8a:de:31:61:fd:83:e8:7f:df:6f:
                    3f:86:04:54:74:e5:31:15:a8:e9:e9:b6:bd:db:e9:
                    60:99:fc:45:56:24:98:32:0d:5e:3e:3c:75:7e:87:
                    37:2f:f6:be:bb:f2:c0:5f:af:4c:1f:f6:24:57:3a:
                    70:f4:d4:ac:d4:74:1c:31:66:6f:bb:a8:cc:bc:35:
                    cd:39:2f:14:8e:c7:b8:ce:75:65:44:31:64:61:be:
                    ae:76:c3:32:86:1f:c7:95:ef:dd:92:19:70:52:c4:
                    13:84:68:cb:a9:d1:2a:96:9c:e0:3d:db:bc:7c:19:
                    47:b1:98:21:39:ca:61:f6:10:40:33:d0:d3:cb:06:
                    af:9f:eb:76:78:85:3b:ff:ad:77:a3:84:ab:e0:18:
                    8a:e6:fd:db:62:88:b8:25:7e:72:c7:95:2c:db:b6:
                    73:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:AE:D2:87:0F:82:EE:DF:2D:0E:0F:31:6B:ED:45:1A:29:0E:5C:F7
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/8a7Shw-C7t8tDg8xa-1FGikOXPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:b2:b1:52:ed:fc:36:02:65:e7:a2:54:60:d6:87:d9:e2:9b:
         db:7f:0f:4a:23:8d:87:a1:22:2e:4f:89:0e:54:77:d7:ae:12:
         af:cd:69:dc:1f:af:cd:65:73:47:0f:48:cd:69:3a:a7:00:17:
         aa:bb:30:d1:94:fb:0c:3b:ef:b4:bc:f7:85:c0:7f:3a:f0:ed:
         7c:b0:35:db:8b:40:b3:ab:4a:47:05:98:e9:5f:60:49:9c:2c:
         8a:a9:26:43:d6:ce:76:a9:cc:6c:dd:be:79:e7:1d:86:e6:04:
         d0:e2:df:db:3f:c0:92:18:ac:b1:02:ec:d5:e7:07:b0:ac:3e:
         8d:d6:d8:6e:c8:5e:24:a7:29:df:ff:fa:ed:f5:09:2f:e4:97:
         02:cf:69:6b:78:75:c7:44:c6:c1:17:a3:c8:3e:dd:fa:92:72:
         7d:5c:b5:7e:f3:30:a7:c9:07:65:fa:7d:7c:e0:fb:8e:ed:c5:
         42:be:93:67:a2:61:ae:c4:ac:ec:e7:1d:f4:e2:e8:3a:ca:08:
         fd:27:41:19:ec:61:68:30:41:6b:93:8f:73:56:80:fd:4c:d9:
         a3:13:47:06:be:d7:34:d1:98:2d:6a:9c:76:0a:cc:6a:f2:66:
         a9:b1:61:f9:f0:3d:37:98:b0:12:4c:28:2f:79:a3:e7:65:b9:
         c2:e7:ca:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRT6LXoPuS9+5QOjGxhMQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjUwMTAxMjM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWFlZDI4NzBmODJlZWRmMmQwZTBmMzE2YmVkNDUxYTI5MGU1Y2Y3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0i9MR0A2QQ1McNp/vn64Zw0X+EaS
n3Mcq/TSgsTU+fq7K74qO5KTU5g2VkhQ1rcM7clDXmZenXWHH7tpQGKHCTqRRvNg
Txb5fP2sF/5YSjvT0aH+wlkdgwl40AqDe4reMWH9g+h/328/hgRUdOUxFajp6ba9
2+lgmfxFViSYMg1ePjx1foc3L/a+u/LAX69MH/YkVzpw9NSs1HQcMWZvu6jMvDXN
OS8Ujse4znVlRDFkYb6udsMyhh/Hle/dkhlwUsQThGjLqdEqlpzgPdu8fBlHsZgh
Ocph9hBAM9DTywavn+t2eIU7/613o4Sr4BiK5v3bYoi4JX5yx5Us27ZzKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPGu0ocPgu7fLQ4PMWvtRRopDlz3MB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvOGE3U2h3LUM3dDh0RGc4eGEtMUZHaWtPWFBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiI6MA0G
CSqGSIb3DQEBCwUAA4IBAQBxsrFS7fw2AmXnolRg1ofZ4pvbfw9KI42HoSIuT4kO
VHfXrhKvzWncH6/NZXNHD0jNaTqnABequzDRlPsMO++0vPeFwH868O18sDXbi0Cz
q0pHBZjpX2BJnCyKqSZD1s52qcxs3b555x2G5gTQ4t/bP8CSGKyxAuzV5wewrD6N
1thuyF4kpynf//rt9Qkv5JcCz2lreHXHRMbBF6PIPt36knJ9XLV+8zCnyQdl+n18
4PuO7cVCvpNnomGuxKzs5x304ug6ygj9J0EZ7GFoMEFrk49zVoD9TNmjE0cGvtc0
0Zgtapx2Csxq8mapsWH58D03mLASTCgveaPnZbnC58pB
-----END CERTIFICATE-----