Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/7m2aFO8pW7sBeWI83RHNCyNBIdU.roa
File:                     7m2aFO8pW7sBeWI83RHNCyNBIdU.roa (raw, json)
Hash identifier:          lGieElbJHSGh8Oz/Vk9H/zKdS/a3TENEBsREcLzSjK0=
Subject key identifier:   EE:6D:9A:14:EF:29:5B:BB:01:79:62:3C:DD:11:CD:0B:23:41:21:D5
Certificate issuer:       /CN=c41c7221ede3af5ee92e3206af2f18bd010d5dd9
Certificate serial:       0194252185C474F3B2EEF0A3D7F9487EEBC9
Authority key identifier: C4:1C:72:21:ED:E3:AF:5E:E9:2E:32:06:AF:2F:18:BD:01:0D:5D:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/7m2aFO8pW7sBeWI83RHNCyNBIdU.roa
Signing time:             Thu 02 Jan 2025 03:49:01 +0000
ROA not before:           Thu 02 Jan 2025 03:49:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28785
IP address blocks:        46.20.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:85:c4:74:f3:b2:ee:f0:a3:d7:f9:48:7e:eb:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c41c7221ede3af5ee92e3206af2f18bd010d5dd9
        Validity
            Not Before: Jan  2 03:49:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee6d9a14ef295bbb0179623cdd11cd0b234121d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:25:a0:23:e4:04:bf:27:60:e1:0b:3e:85:2b:
                    6b:b5:47:ed:b9:79:0b:f4:85:b8:b9:36:c4:da:cf:
                    c0:fc:90:da:16:15:33:32:e3:50:48:4a:5d:28:5c:
                    9c:49:0c:1a:3b:77:d7:b7:08:78:7f:75:d3:16:9d:
                    a6:e9:6a:71:38:f6:25:96:21:22:02:e4:20:fb:ac:
                    dc:c3:18:7a:0f:c3:1e:48:32:aa:be:ff:f7:0a:a0:
                    3d:fd:a0:08:24:b1:57:ea:ee:74:73:74:9d:b0:32:
                    00:d3:9b:fd:00:c9:e5:a6:af:80:6c:e5:f5:ff:45:
                    41:a5:f6:28:09:0e:3a:d5:47:18:2f:42:02:23:7a:
                    37:96:a7:f7:c9:80:dd:19:a6:67:92:a7:20:1c:b6:
                    84:5f:4b:26:ef:2b:e0:b7:5d:8a:47:63:dd:91:24:
                    17:40:ed:0f:96:7a:f2:eb:95:7d:02:38:8f:55:67:
                    86:21:eb:0b:ed:98:9c:25:b8:65:a4:8c:a1:3a:6e:
                    25:b2:64:c8:fd:a0:47:65:b2:37:b2:fa:7f:3d:4d:
                    5a:b9:d9:91:eb:60:b8:0d:10:f0:40:a0:b5:04:c4:
                    99:16:41:35:a5:49:5c:81:7d:60:df:3a:37:e3:46:
                    9d:b8:1d:02:c9:c4:63:ee:16:bd:19:a5:58:b5:9e:
                    a8:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:6D:9A:14:EF:29:5B:BB:01:79:62:3C:DD:11:CD:0B:23:41:21:D5
            X509v3 Authority Key Identifier:
                keyid:C4:1C:72:21:ED:E3:AF:5E:E9:2E:32:06:AF:2F:18:BD:01:0D:5D:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/7m2aFO8pW7sBeWI83RHNCyNBIdU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:6d:a1:20:dc:69:f9:93:f4:59:cd:8b:2f:89:7b:c6:d6:a3:
         bf:da:ef:6e:28:d0:16:0d:49:76:53:bc:44:b4:0a:af:1d:6d:
         73:fc:2d:da:ed:83:1f:4f:a0:c3:38:2f:97:13:40:27:80:e5:
         b4:94:ca:e2:19:d1:2f:dd:84:7b:87:26:70:3a:7a:10:28:68:
         02:6c:2c:ca:85:fc:21:17:b2:c2:7e:c4:eb:8e:10:ee:fd:ef:
         05:d5:6c:88:5d:4f:98:a6:6d:77:32:0f:83:69:a7:49:7c:e5:
         e1:89:52:00:fb:c3:f3:e2:0e:b2:2a:32:f0:a7:2c:80:35:2c:
         aa:33:3d:6c:7f:54:24:8f:62:a1:a9:9f:c8:41:e0:89:12:1c:
         d6:1e:9a:24:9b:2c:26:a1:5a:d5:ef:75:a0:86:82:d4:e5:13:
         c6:00:bf:19:a3:5b:22:ab:d1:ad:df:8f:ed:f5:04:50:95:65:
         26:bc:b0:78:e9:ac:73:10:32:11:16:35:a7:76:af:97:d7:33:
         7a:0b:8d:18:70:47:94:b5:02:de:cd:1d:97:5c:66:e5:db:3a:
         86:d2:07:86:95:b2:da:17:8f:a6:68:09:bd:b9:cd:20:95:10:
         0a:cf:d6:0d:90:4f:a2:07:24:c2:8d:b6:65:b3:58:c0:c5:c9:
         b5:ed:6e:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIYXEdPOy7vCj1/lIfuvJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MWM3MjIxZWRlM2FmNWVlOTJlMzIwNmFmMmYxOGJkMDEw
ZDVkZDkwHhcNMjUwMTAyMDM0OTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTZkOWExNGVmMjk1YmJiMDE3OTYyM2NkZDExY2QwYjIzNDEyMWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCWgI+QEvydg4Qs+hStrtUftuXkL
9IW4uTbE2s/A/JDaFhUzMuNQSEpdKFycSQwaO3fXtwh4f3XTFp2m6WpxOPYlliEi
AuQg+6zcwxh6D8MeSDKqvv/3CqA9/aAIJLFX6u50c3SdsDIA05v9AMnlpq+AbOX1
/0VBpfYoCQ461UcYL0ICI3o3lqf3yYDdGaZnkqcgHLaEX0sm7yvgt12KR2PdkSQX
QO0Plnry65V9AjiPVWeGIesL7ZicJbhlpIyhOm4lsmTI/aBHZbI3svp/PU1audmR
62C4DRDwQKC1BMSZFkE1pUlcgX1g3zo340aduB0CycRj7ha9GaVYtZ6ofwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5tmhTvKVu7AXliPN0RzQsjQSHVMB8GA1UdIwQY
MBaAFMQcciHt469e6S4yBq8vGL0BDV3ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEJ4eUllM2pyMTdwTGpJR3J5OFl2UUVOWGRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9lOTliMzUtOGNmNi00OTM0LWE1OTEt
OTkzMGYyMTk0YTBlLzEvN20yYUZPOHBXN3NCZVdJODNSSE5DeU5CSWRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9lOTliMzUtOGNmNi00OTM0LWE1OTEtOTkzMGYyMTk0YTBl
LzEveEJ4eUllM2pyMTdwTGpJR3J5OFl2UUVOWGRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhQxMA0G
CSqGSIb3DQEBCwUAA4IBAQAXbaEg3Gn5k/RZzYsviXvG1qO/2u9uKNAWDUl2U7xE
tAqvHW1z/C3a7YMfT6DDOC+XE0AngOW0lMriGdEv3YR7hyZwOnoQKGgCbCzKhfwh
F7LCfsTrjhDu/e8F1WyIXU+Ypm13Mg+DaadJfOXhiVIA+8Pz4g6yKjLwpyyANSyq
Mz1sf1Qkj2KhqZ/IQeCJEhzWHpokmywmoVrV73WghoLU5RPGAL8Zo1siq9Gt34/t
9QRQlWUmvLB46axzEDIRFjWndq+X1zN6C40YcEeUtQLezR2XXGbl2zqG0geGlbLa
F4+maAm9uc0glRAKz9YNkE+iByTCjbZls1jAxcm17W4K
-----END CERTIFICATE-----