Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/G1S6I66bgBI9F0rALxnHJq17z2Y.roa
File:                     G1S6I66bgBI9F0rALxnHJq17z2Y.roa (raw, json)
Hash identifier:          t3nVF3Or2RuFuraUSLn+ji+lpTORr4QnAwGOij+SwGQ=
Subject key identifier:   1B:54:BA:23:AE:9B:80:12:3D:17:4A:C0:2F:19:C7:26:AD:7B:CF:66
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       0192D8854ADD3C2EA75B0FCFEEC8A42FCCCC
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/G1S6I66bgBI9F0rALxnHJq17z2Y.roa
Signing time:             Tue 29 Oct 2024 13:44:27 +0000
ROA not before:           Tue 29 Oct 2024 13:44:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7922
IP address blocks:        46.34.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d8:85:4a:dd:3c:2e:a7:5b:0f:cf:ee:c8:a4:2f:cc:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Oct 29 13:44:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b54ba23ae9b80123d174ac02f19c726ad7bcf66
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:1b:73:ce:26:88:44:ce:60:67:88:42:78:71:
                    31:dd:d1:3e:95:9f:e6:d0:76:cd:ad:fd:3d:c2:ad:
                    67:0b:ea:1d:53:5c:9d:43:43:fb:98:89:40:68:40:
                    bf:0c:70:63:f6:be:73:25:cf:3e:44:d3:d1:6d:48:
                    42:81:07:11:25:3b:ab:33:6a:4d:3e:6c:c5:bd:b2:
                    e3:bb:44:65:81:4f:14:35:dd:77:b1:10:3e:3f:1f:
                    04:68:9d:37:7c:40:07:a2:64:8a:e9:ff:b4:de:d5:
                    2e:2d:92:5c:5e:5e:97:f0:3b:08:f4:1b:3b:90:9b:
                    7c:2a:52:f1:41:59:b1:53:e7:42:0a:89:74:93:d6:
                    3d:13:6e:3e:23:5e:c2:2d:2e:e6:92:a5:ab:39:64:
                    93:f6:74:29:7b:55:92:be:54:0a:57:22:1d:e5:0e:
                    96:80:7a:6a:9e:49:2f:f9:4f:00:31:c1:9e:86:f8:
                    9b:27:5a:bc:e3:fe:67:61:2f:dd:aa:ec:8e:f4:49:
                    3f:fd:e4:80:e5:fe:b3:57:ce:4a:1e:9b:05:71:c9:
                    dc:26:4c:c7:5a:5a:82:7d:f8:52:f2:0c:d9:79:12:
                    2d:e7:fa:80:2f:00:15:39:9a:b9:0d:2b:ea:0d:54:
                    ec:ed:06:3a:ce:78:0d:be:5e:7e:7d:68:da:a3:72:
                    91:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:54:BA:23:AE:9B:80:12:3D:17:4A:C0:2F:19:C7:26:AD:7B:CF:66
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/G1S6I66bgBI9F0rALxnHJq17z2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:35:26:ff:df:b6:be:48:df:99:71:d3:63:3d:a9:40:29:3d:
         68:57:87:7f:85:b3:59:c0:d7:43:16:cb:9a:3e:e6:2b:a6:14:
         54:75:11:14:d0:dc:2d:a2:a4:25:3b:aa:4f:d4:c2:61:2b:f9:
         5e:10:6e:d9:2b:92:aa:e4:78:6d:bc:75:32:16:7f:51:0a:94:
         9e:2d:5c:c2:bd:ac:a6:e0:cd:d7:f9:03:ea:32:b5:a5:f2:fc:
         74:16:fd:c0:d2:bb:7d:a3:49:d1:d0:d6:ef:b3:04:60:17:f0:
         3b:78:a6:46:f1:56:21:2e:ef:98:1c:ce:43:59:f0:0c:98:7b:
         1e:ad:4c:4c:31:ce:1a:1c:82:70:be:14:35:bd:64:c6:da:0e:
         0a:28:0b:50:af:33:61:4e:9b:b9:f8:1d:4f:b8:14:38:35:13:
         fd:76:0a:05:58:8e:b7:7f:1f:49:f2:ee:68:ec:e3:5c:b2:b4:
         a3:be:6a:07:69:de:f1:90:0e:31:76:15:52:c4:66:aa:65:98:
         85:c9:b4:6e:f8:14:69:70:08:26:a9:e9:69:29:c2:be:b0:52:
         0f:2b:e0:da:bd:f7:b2:cc:90:88:06:53:b3:cb:6c:0c:6e:65:
         03:e9:46:01:4d:a1:f8:f2:b3:9e:92:d0:dc:8a:87:a5:6f:a1:
         e2:d5:78:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLYhUrdPC6nWw/P7sikL8zMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjQxMDI5MTM0NDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjU0YmEyM2FlOWI4MDEyM2QxNzRhYzAyZjE5YzcyNmFkN2JjZjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3RtzziaIRM5gZ4hCeHEx3dE+lZ/m
0HbNrf09wq1nC+odU1ydQ0P7mIlAaEC/DHBj9r5zJc8+RNPRbUhCgQcRJTurM2pN
PmzFvbLju0RlgU8UNd13sRA+Px8EaJ03fEAHomSK6f+03tUuLZJcXl6X8DsI9Bs7
kJt8KlLxQVmxU+dCCol0k9Y9E24+I17CLS7mkqWrOWST9nQpe1WSvlQKVyId5Q6W
gHpqnkkv+U8AMcGehvibJ1q84/5nYS/dquyO9Ek//eSA5f6zV85KHpsFccncJkzH
WlqCffhS8gzZeRIt5/qALwAVOZq5DSvqDVTs7QY6zngNvl5+fWjao3KRWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBtUuiOum4ASPRdKwC8Zxyate89mMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvRzFTNkk2NmJnQkk5RjByQUx4bkhKcTE3ejJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiInMA0G
CSqGSIb3DQEBCwUAA4IBAQBrNSb/37a+SN+ZcdNjPalAKT1oV4d/hbNZwNdDFsua
PuYrphRUdREU0NwtoqQlO6pP1MJhK/leEG7ZK5Kq5HhtvHUyFn9RCpSeLVzCvaym
4M3X+QPqMrWl8vx0Fv3A0rt9o0nR0NbvswRgF/A7eKZG8VYhLu+YHM5DWfAMmHse
rUxMMc4aHIJwvhQ1vWTG2g4KKAtQrzNhTpu5+B1PuBQ4NRP9dgoFWI63fx9J8u5o
7ONcsrSjvmoHad7xkA4xdhVSxGaqZZiFybRu+BRpcAgmqelpKcK+sFIPK+Davfey
zJCIBlOzy2wMbmUD6UYBTaH48rOektDcioelb6Hi1Xh2
-----END CERTIFICATE-----