Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/g2J0SvQir4U3h2n2vB5NgybfJug.roa
File:                     g2J0SvQir4U3h2n2vB5NgybfJug.roa (raw, json)
Hash identifier:          rBJ8+s8d8GMrDsH9DnXTSM5QCAsJIqZrjtchwgQeKgY=
Subject key identifier:   83:62:74:4A:F4:22:AF:85:37:87:69:F6:BC:1E:4D:83:26:DF:26:E8
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       0190DB5C03FC0843BD2FD22E5C4A01A17CA3
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/g2J0SvQir4U3h2n2vB5NgybfJug.roa
Signing time:             Mon 22 Jul 2024 16:52:38 +0000
ROA not before:           Mon 22 Jul 2024 16:52:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        46.34.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:db:5c:03:fc:08:43:bd:2f:d2:2e:5c:4a:01:a1:7c:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Jul 22 16:52:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8362744af422af85378769f6bc1e4d8326df26e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:e2:43:11:de:3b:92:37:30:75:3e:91:21:f8:
                    52:06:e4:79:85:46:00:f9:78:af:34:19:45:2d:8d:
                    87:2e:91:1c:69:53:93:11:01:3c:75:07:4b:df:82:
                    93:49:00:9f:88:d7:19:35:88:5c:b9:c3:15:df:04:
                    5f:3c:f4:9c:d3:26:6f:88:4c:e5:ca:b8:3d:da:2f:
                    3c:10:72:75:28:dd:a6:f7:c6:ff:55:59:9b:a7:1d:
                    1d:d4:0a:ea:86:02:b5:eb:cb:3e:dd:b7:c9:a3:c9:
                    d4:fc:45:60:0b:44:cd:d8:dd:58:ab:34:37:38:03:
                    69:2d:f8:21:47:42:a1:84:eb:04:d1:f1:cd:81:f9:
                    48:89:87:c7:c0:4c:b9:75:22:5c:f7:b8:10:67:fa:
                    ef:0d:0d:3d:23:bb:82:80:50:f7:23:2a:a1:e7:98:
                    92:f1:8b:43:08:2a:bc:a1:77:d8:f2:be:4b:eb:b6:
                    7d:50:80:d2:3c:6d:de:86:1c:3b:aa:00:4b:de:08:
                    10:32:27:4f:ed:01:c2:e9:a3:b2:24:e3:8d:b0:f6:
                    e8:99:60:86:0a:a0:7e:32:0a:21:b7:8c:5a:ef:0b:
                    b2:21:f3:69:49:b1:18:2e:dd:f5:9e:5e:fe:29:6e:
                    c0:5d:8b:f8:36:68:10:f8:51:ab:d3:53:5e:83:d6:
                    45:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:62:74:4A:F4:22:AF:85:37:87:69:F6:BC:1E:4D:83:26:DF:26:E8
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/g2J0SvQir4U3h2n2vB5NgybfJug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:61:fa:ef:cd:70:5b:3e:3c:db:eb:22:eb:02:b8:18:63:e1:
         a0:eb:a3:62:0f:ff:47:13:d9:22:77:c3:27:21:38:8a:7c:95:
         66:0e:8f:4a:d3:ea:a5:e3:24:24:65:04:b7:24:7f:2d:96:69:
         2b:cc:3d:e4:11:67:0e:6f:f7:a3:c2:73:be:93:99:74:54:35:
         d2:c2:1b:68:7c:6c:f3:59:ea:01:24:11:9c:2d:f0:94:5e:e4:
         01:a1:0e:5e:4f:7c:90:69:a6:df:12:81:fb:e4:fa:42:9b:34:
         1d:71:62:0f:ee:af:a2:9d:37:1b:0b:62:54:fd:98:4d:de:ea:
         7c:fb:b4:35:1c:af:21:09:9b:51:d0:6c:3c:21:e4:b8:c4:01:
         aa:1f:bf:ee:9e:c0:69:79:4c:26:bb:b0:8f:18:a3:7a:d9:ec:
         c1:42:79:d6:c6:31:ff:67:b7:35:67:46:4c:b2:4c:1d:be:28:
         f6:6c:a0:bd:58:22:8d:df:e7:2d:72:cd:75:b9:c6:a9:ae:bd:
         3c:5a:ba:f2:f1:d6:ef:7c:95:19:32:38:ba:da:f6:4a:ac:d1:
         8c:db:26:2f:7b:6f:de:05:95:94:3c:1b:42:15:f4:d4:64:5a:
         e7:1e:51:a2:a0:a0:0d:09:d2:37:8e:95:e7:4f:98:dd:74:13:
         3e:6d:48:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDbXAP8CEO9L9IuXEoBoXyjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjQwNzIyMTY1MjM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzYyNzQ0YWY0MjJhZjg1Mzc4NzY5ZjZiYzFlNGQ4MzI2ZGYyNmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1OJDEd47kjcwdT6RIfhSBuR5hUYA
+XivNBlFLY2HLpEcaVOTEQE8dQdL34KTSQCfiNcZNYhcucMV3wRfPPSc0yZviEzl
yrg92i88EHJ1KN2m98b/VVmbpx0d1ArqhgK168s+3bfJo8nU/EVgC0TN2N1YqzQ3
OANpLfghR0KhhOsE0fHNgflIiYfHwEy5dSJc97gQZ/rvDQ09I7uCgFD3Iyqh55iS
8YtDCCq8oXfY8r5L67Z9UIDSPG3ehhw7qgBL3ggQMidP7QHC6aOyJOONsPbomWCG
CqB+Mgoht4xa7wuyIfNpSbEYLt31nl7+KW7AXYv4NmgQ+FGr01Neg9ZFdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFINidEr0Iq+FN4dp9rweTYMm3yboMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvZzJKMFN2UWlyNFUzaDJuMnZCNU5neWJmSnVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiIpMA0G
CSqGSIb3DQEBCwUAA4IBAQAUYfrvzXBbPjzb6yLrArgYY+Gg66NiD/9HE9kid8Mn
ITiKfJVmDo9K0+ql4yQkZQS3JH8tlmkrzD3kEWcOb/ejwnO+k5l0VDXSwhtofGzz
WeoBJBGcLfCUXuQBoQ5eT3yQaabfEoH75PpCmzQdcWIP7q+inTcbC2JU/ZhN3up8
+7Q1HK8hCZtR0Gw8IeS4xAGqH7/unsBpeUwmu7CPGKN62ezBQnnWxjH/Z7c1Z0ZM
skwdvij2bKC9WCKN3+ctcs11ucaprr08Wrry8dbvfJUZMji62vZKrNGM2yYve2/e
BZWUPBtCFfTUZFrnHlGioKANCdI3jpXnT5jddBM+bUhf
-----END CERTIFICATE-----