Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/zAbi3i6XaAL-2DMv8RM6_6YgdPc.roa
File:                     zAbi3i6XaAL-2DMv8RM6_6YgdPc.roa (raw, json)
Hash identifier:          sDxnQMsl3v8WgP0QIzrXHsBNYHFh+duJmen3s0476Qk=
Subject key identifier:   CC:06:E2:DE:2E:97:68:02:FE:D8:33:2F:F1:13:3A:FF:A6:20:74:F7
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01942369C86AEB55771A3FBBCF65EEEF04F1
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/zAbi3i6XaAL-2DMv8RM6_6YgdPc.roa
Signing time:             Wed 01 Jan 2025 19:48:42 +0000
ROA not before:           Wed 01 Jan 2025 19:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43201
IP address blocks:        46.16.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:c8:6a:eb:55:77:1a:3f:bb:cf:65:ee:ef:04:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 19:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc06e2de2e976802fed8332ff1133affa62074f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:b0:29:80:55:cb:ef:79:f5:7f:77:00:e0:af:
                    1a:27:60:27:fe:72:32:da:0a:85:ef:1d:7d:68:0a:
                    b0:35:46:11:97:e2:5f:0b:03:b1:7c:fa:26:7e:55:
                    42:44:1d:a6:14:0c:c9:1d:9f:69:98:22:6d:05:2e:
                    9f:7a:cd:ad:8f:40:b1:50:11:09:b1:ef:7c:00:e6:
                    a5:65:9a:a7:0d:98:59:5f:6e:18:76:c5:db:f7:ca:
                    8d:ee:52:69:ae:81:5b:53:81:75:ef:32:d0:26:10:
                    44:b7:fd:8e:5b:0b:82:3f:ee:cc:7a:d6:8f:d9:21:
                    fc:22:7e:8f:36:06:d9:71:e6:33:b4:34:e1:70:bc:
                    34:18:55:aa:42:e3:39:43:df:dd:3e:41:6f:13:75:
                    50:d8:e5:b0:71:4a:e5:a1:38:5a:00:f9:36:ea:36:
                    c3:8e:6b:ea:b3:8a:ce:a2:c7:bd:b8:9a:c9:5d:92:
                    c4:3c:75:34:98:02:5a:ae:de:5a:e7:f8:cc:03:81:
                    49:5c:62:42:df:2d:1d:6a:97:c9:0c:53:02:09:61:
                    71:93:40:88:e9:2d:b0:b3:65:bf:91:d0:fe:c2:86:
                    f7:f4:de:f7:17:4e:4d:c9:02:b3:aa:4b:07:f8:8e:
                    72:13:b3:df:eb:c5:e0:cf:6b:e0:cd:bc:ad:d2:d7:
                    a9:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:06:E2:DE:2E:97:68:02:FE:D8:33:2F:F1:13:3A:FF:A6:20:74:F7
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/zAbi3i6XaAL-2DMv8RM6_6YgdPc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:30:fa:ae:9e:a9:c2:d5:a1:98:b8:48:8e:11:7e:0f:3c:1c:
         a7:3a:e8:8b:82:fb:9c:31:00:65:db:b0:de:fe:f4:dd:5a:c3:
         08:c6:f6:0f:74:c1:6c:26:d1:6a:17:75:0a:e5:87:a3:05:ae:
         a3:0b:d6:82:05:c1:f6:f5:fc:21:db:47:24:63:62:8d:4b:d8:
         d7:64:8f:79:18:58:b0:a6:81:dc:de:a2:ee:35:82:4d:ba:30:
         35:8f:45:1e:1c:61:d1:67:8d:69:96:38:90:94:62:c6:53:16:
         d9:6b:f9:2a:6a:7c:8a:bb:91:1e:83:cb:0b:ff:7e:f6:93:9f:
         7c:cd:f9:23:ca:ed:63:96:29:36:7f:f2:20:1b:2c:cc:c9:46:
         60:5e:ed:94:44:3a:63:06:ea:5d:a2:60:d0:0d:ab:41:27:20:
         e1:0d:78:b5:1a:2e:b6:12:6e:69:35:6e:e7:85:69:f1:1e:fe:
         07:74:fa:2e:fd:80:7e:e8:65:9c:5e:21:c1:34:15:52:17:80:
         33:f7:a1:4e:cd:4e:3e:28:d7:90:ac:5f:69:fe:de:74:06:35:
         df:96:70:d8:5e:c1:45:cf:e1:e9:04:cf:d4:02:be:41:0b:04:
         92:55:61:c7:ca:5e:0c:ec:0b:ea:cc:5d:d5:cf:c9:57:63:ab:
         12:09:e7:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjachq61V3Gj+7z2Xu7wTxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTAxMTk0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzA2ZTJkZTJlOTc2ODAyZmVkODMzMmZmMTEzM2FmZmE2MjA3NGY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA17ApgFXL73n1f3cA4K8aJ2An/nIy
2gqF7x19aAqwNUYRl+JfCwOxfPomflVCRB2mFAzJHZ9pmCJtBS6fes2tj0CxUBEJ
se98AOalZZqnDZhZX24YdsXb98qN7lJproFbU4F17zLQJhBEt/2OWwuCP+7MetaP
2SH8In6PNgbZceYztDThcLw0GFWqQuM5Q9/dPkFvE3VQ2OWwcUrloThaAPk26jbD
jmvqs4rOose9uJrJXZLEPHU0mAJart5a5/jMA4FJXGJC3y0dapfJDFMCCWFxk0CI
6S2ws2W/kdD+wob39N73F05NyQKzqksH+I5yE7Pf68Xgz2vgzbyt0tepbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMwG4t4ul2gC/tgzL/ETOv+mIHT3MB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvekFiaTNpNlhhQUwtMkRNdjhSTTZfNllnZFBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhAhMA0G
CSqGSIb3DQEBCwUAA4IBAQB0MPqunqnC1aGYuEiOEX4PPBynOuiLgvucMQBl27De
/vTdWsMIxvYPdMFsJtFqF3UK5YejBa6jC9aCBcH29fwh20ckY2KNS9jXZI95GFiw
poHc3qLuNYJNujA1j0UeHGHRZ41pljiQlGLGUxbZa/kqanyKu5Eeg8sL/372k598
zfkjyu1jlik2f/IgGyzMyUZgXu2URDpjBupdomDQDatBJyDhDXi1Gi62Em5pNW7n
hWnxHv4HdPou/YB+6GWcXiHBNBVSF4Az96FOzU4+KNeQrF9p/t50BjXflnDYXsFF
z+HpBM/UAr5BCwSSVWHHyl4M7AvqzF3Vz8lXY6sSCefr
-----END CERTIFICATE-----