Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/fXIkEQH3meKCBAEQ5mXacq0TJ20.roa
File:                     fXIkEQH3meKCBAEQ5mXacq0TJ20.roa (raw, json)
Hash identifier:          rnj1CDmi4d3j1os+cxi9WBUMoxTK5VvPgUCy380Y0oI=
Subject key identifier:   7D:72:24:11:01:F7:99:E2:82:04:01:10:E6:65:DA:72:AD:13:27:6D
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       0194244541EC7F19C9B10A9508D95E6C6478
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/fXIkEQH3meKCBAEQ5mXacq0TJ20.roa
Signing time:             Wed 01 Jan 2025 23:48:26 +0000
ROA not before:           Wed 01 Jan 2025 23:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42689
IP address blocks:        46.34.48.0/24 maxlen: 24
                          46.34.59.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:41:ec:7f:19:c9:b1:0a:95:08:d9:5e:6c:64:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Jan  1 23:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7d72241101f799e282040110e665da72ad13276d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:8a:1d:b2:08:d8:4e:95:ca:ed:20:23:a6:01:
                    28:b1:95:03:63:e0:49:04:82:6c:e8:13:e9:c4:5a:
                    65:24:af:15:94:3b:a2:26:15:06:27:f9:33:e0:58:
                    55:73:94:38:0a:88:4e:20:88:7d:5b:aa:38:ea:00:
                    e1:dc:a2:a4:9d:fe:50:48:ca:71:56:26:39:32:1c:
                    43:03:cc:8f:30:94:3a:49:84:9b:22:0f:4f:96:4a:
                    12:0d:77:35:a4:f2:97:3e:59:c5:fb:52:96:53:f8:
                    f2:4d:b5:5b:07:7a:72:68:a4:5e:d3:1a:b7:1a:c8:
                    8b:80:c4:e5:cd:1e:a1:e8:32:d9:34:1e:51:66:0c:
                    44:65:ec:a6:7f:d2:c8:1a:be:19:fc:ed:06:f4:bb:
                    b1:dc:6a:38:42:23:2c:c5:90:cd:68:ab:92:75:35:
                    2c:74:95:da:0b:51:6b:82:0f:bd:01:b0:ba:25:3d:
                    01:d9:d5:02:c2:43:b1:64:06:d8:bf:50:58:b3:e7:
                    a4:3a:9a:bb:ba:6b:63:60:3c:b9:ca:c1:6b:35:aa:
                    67:0a:29:c9:5f:9f:b3:fd:c7:ad:7d:fb:a5:c1:16:
                    cd:f5:b6:19:22:3b:49:29:77:63:95:41:65:05:a0:
                    2f:9a:af:98:1e:e4:76:be:fe:d2:6b:d6:fa:93:9f:
                    7a:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:72:24:11:01:F7:99:E2:82:04:01:10:E6:65:DA:72:AD:13:27:6D
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/fXIkEQH3meKCBAEQ5mXacq0TJ20.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.48.0/24
                  46.34.59.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2e:c1:00:b4:ce:03:1c:75:a2:b3:74:a0:46:be:e1:d3:d1:a5:
         52:08:c1:bd:9f:85:f1:4f:a6:84:ac:ee:91:e3:22:67:1a:b3:
         ba:df:97:28:d6:79:ea:94:9f:a9:d4:f5:4b:7d:01:09:fc:ac:
         92:25:70:71:63:fb:67:d4:e4:68:8e:57:59:9c:4a:c3:6f:bf:
         69:e9:74:03:d3:84:ea:db:96:32:00:f9:3c:cc:06:ee:71:81:
         38:46:38:5e:cc:18:a1:1c:84:f0:d0:c0:c6:17:18:62:d5:24:
         55:44:d0:49:65:bb:83:00:c9:40:16:58:16:6d:57:f0:c1:a9:
         00:4c:73:6a:8d:4f:b4:6d:12:64:36:51:d1:31:03:04:9d:fe:
         59:0c:b5:b1:9a:fa:24:f0:8c:b0:3a:1c:f8:47:32:2e:a3:01:
         aa:3e:0a:68:b9:90:1b:8a:00:1d:75:58:c9:27:95:fe:15:e9:
         b0:3d:48:76:f8:12:57:a6:32:86:82:e6:d1:1c:88:d4:8f:95:
         72:4f:1f:4b:79:32:4d:73:26:7a:3c:2e:23:a1:b5:6a:c6:f3:
         5e:f7:4f:be:5c:0d:18:08:5c:a7:cb:d1:06:35:82:df:ca:75:
         f4:e0:74:c8:83:4c:47:69:73:fe:32:eb:02:bf:63:01:68:03:
         7f:67:9f:58
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRUHsfxnJsQqVCNlebGR4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjUwMTAxMjM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDcyMjQxMTAxZjc5OWUyODIwNDAxMTBlNjY1ZGE3MmFkMTMyNzZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIodsgjYTpXK7SAjpgEosZUDY+BJ
BIJs6BPpxFplJK8VlDuiJhUGJ/kz4FhVc5Q4CohOIIh9W6o46gDh3KKknf5QSMpx
ViY5MhxDA8yPMJQ6SYSbIg9PlkoSDXc1pPKXPlnF+1KWU/jyTbVbB3pyaKRe0xq3
GsiLgMTlzR6h6DLZNB5RZgxEZeymf9LIGr4Z/O0G9Lux3Go4QiMsxZDNaKuSdTUs
dJXaC1Frgg+9AbC6JT0B2dUCwkOxZAbYv1BYs+ekOpq7umtjYDy5ysFrNapnCinJ
X5+z/cetffulwRbN9bYZIjtJKXdjlUFlBaAvmq+YHuR2vv7Sa9b6k596bwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH1yJBEB95niggQBEOZl2nKtEydtMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvZlhJa0VRSDNtZUtDQkFFUTVtWGFjcTBUSjIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALiIwAwQA
LiI7MA0GCSqGSIb3DQEBCwUAA4IBAQAuwQC0zgMcdaKzdKBGvuHT0aVSCMG9n4Xx
T6aErO6R4yJnGrO635co1nnqlJ+p1PVLfQEJ/KySJXBxY/tn1ORojldZnErDb79p
6XQD04Tq25YyAPk8zAbucYE4RjhezBihHITw0MDGFxhi1SRVRNBJZbuDAMlAFlgW
bVfwwakATHNqjU+0bRJkNlHRMQMEnf5ZDLWxmvok8IywOhz4RzIuowGqPgpouZAb
igAddVjJJ5X+FemwPUh2+BJXpjKGgubRHIjUj5VyTx9LeTJNcyZ6PC4jobVqxvNe
90++XA0YCFyny9EGNYLfynX04HTIg0xHaXP+MusCv2MBaAN/Z59Y
-----END CERTIFICATE-----