Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/cb9d7f-afdf-4487-9e08-bd5043c0d1fb/1/B6NJuvKoZZdMyXkXFacxWPOpPys.roa
File:                     B6NJuvKoZZdMyXkXFacxWPOpPys.roa (raw, json)
Hash identifier:          n6Wz95tHAtJGqonVtZc3bYPvWHMZ5kfUIgVNc2gAZkg=
Subject key identifier:   07:A3:49:BA:F2:A8:65:97:4C:C9:79:17:15:A7:31:58:F3:A9:3F:2B
Certificate issuer:       /CN=4b01b0851b7f89ea4bb132a7f5395b9d2aca1c02
Certificate serial:       01915640998EE6403911AD515F386C4236DD
Authority key identifier: 4B:01:B0:85:1B:7F:89:EA:4B:B1:32:A7:F5:39:5B:9D:2A:CA:1C:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SwGwhRt_iepLsTKn9TlbnSrKHAI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/cb9d7f-afdf-4487-9e08-bd5043c0d1fb/1/B6NJuvKoZZdMyXkXFacxWPOpPys.roa
Signing time:             Thu 15 Aug 2024 13:35:59 +0000
ROA not before:           Thu 15 Aug 2024 13:35:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12400
IP address blocks:        195.225.46.0/24 maxlen: 24
                          195.225.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/cb9d7f-afdf-4487-9e08-bd5043c0d1fb/1/SwGwhRt_iepLsTKn9TlbnSrKHAI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/cb9d7f-afdf-4487-9e08-bd5043c0d1fb/1/SwGwhRt_iepLsTKn9TlbnSrKHAI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SwGwhRt_iepLsTKn9TlbnSrKHAI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:56:40:99:8e:e6:40:39:11:ad:51:5f:38:6c:42:36:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b01b0851b7f89ea4bb132a7f5395b9d2aca1c02
        Validity
            Not Before: Aug 15 13:35:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07a349baf2a865974cc9791715a73158f3a93f2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ac:d9:0a:c6:65:36:08:3e:30:5d:a9:98:37:
                    95:68:f9:99:92:77:7c:b7:a9:f1:83:d4:6b:28:2c:
                    d2:f5:ef:7e:9b:c7:86:45:29:b1:33:68:74:08:ee:
                    a0:cb:bb:df:ef:0b:a8:69:f9:4e:7a:40:68:90:35:
                    f5:b9:8c:8c:c2:9f:d4:49:43:e7:28:59:43:15:4a:
                    7b:a7:9e:b6:44:8a:26:f6:c0:23:67:8e:85:51:58:
                    ef:6b:cd:d4:76:96:89:a3:41:03:ce:be:d7:5c:c1:
                    da:29:f0:0c:ba:de:55:71:b0:5b:cb:87:2e:6c:c8:
                    2c:9d:af:6e:6f:37:f7:c1:34:a9:c9:be:87:90:7f:
                    1e:2d:5a:44:81:7d:6d:4e:1d:f5:c1:55:05:a5:ac:
                    74:5f:28:b4:66:f8:3e:20:ef:54:f9:43:8d:15:27:
                    f3:07:1f:8a:50:ba:02:76:b9:2b:64:8d:1b:6f:ab:
                    41:07:2c:78:13:22:cd:69:49:07:81:d0:b8:9e:24:
                    47:14:a0:9a:95:c5:38:16:7a:7c:0d:15:e3:18:da:
                    2a:4e:e5:a7:e7:a1:2c:ab:61:5c:33:2c:34:43:fc:
                    7b:36:81:93:be:8a:e7:ee:4e:2e:0b:d8:c2:dc:b9:
                    37:f2:ee:07:c2:72:e5:4b:e4:27:7b:8f:86:d8:79:
                    4b:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:A3:49:BA:F2:A8:65:97:4C:C9:79:17:15:A7:31:58:F3:A9:3F:2B
            X509v3 Authority Key Identifier:
                keyid:4B:01:B0:85:1B:7F:89:EA:4B:B1:32:A7:F5:39:5B:9D:2A:CA:1C:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SwGwhRt_iepLsTKn9TlbnSrKHAI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cb9d7f-afdf-4487-9e08-bd5043c0d1fb/1/B6NJuvKoZZdMyXkXFacxWPOpPys.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/cb9d7f-afdf-4487-9e08-bd5043c0d1fb/1/SwGwhRt_iepLsTKn9TlbnSrKHAI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.225.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:54:c9:95:34:09:42:45:da:31:10:b4:a3:fc:cc:a3:06:99:
         3f:6e:47:78:20:e9:5d:ea:dd:0a:0e:e2:c2:27:1a:c7:a5:cb:
         9c:ee:12:6d:c2:3d:06:f1:c1:dc:c0:fe:e1:42:c8:b6:ea:4f:
         a8:c0:36:c9:d6:61:63:55:77:30:45:28:51:a1:5d:9f:a7:e0:
         56:b3:3e:16:3c:f9:e9:58:2b:54:70:e0:08:7f:de:d6:ba:2f:
         35:22:a7:49:0c:a3:9e:7c:17:92:e4:e3:2f:52:c3:84:42:e8:
         fe:be:fc:78:7c:05:c5:dc:de:1b:3a:44:d6:e3:b1:34:7d:dd:
         8a:38:b4:43:14:d7:b9:d9:3f:49:86:5c:cc:2b:3f:66:a8:c1:
         88:9e:47:9b:0b:42:f2:41:57:73:d8:c3:eb:6f:2f:3b:ea:59:
         2d:76:44:ec:62:38:af:5d:57:2f:56:c3:de:14:a6:2b:ca:73:
         63:f9:23:38:06:ab:28:d5:b6:48:6d:d8:97:2a:3a:ba:61:9c:
         dc:9f:9e:64:28:94:cb:06:27:96:41:b8:27:ef:c8:2c:4c:9e:
         2d:f8:98:ac:5f:e3:2d:87:10:4c:da:d9:0d:75:de:8c:6d:e8:
         80:0f:fc:ea:f6:b1:d2:ae:8c:24:ff:62:69:53:1d:33:d3:fe:
         f3:2f:88:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFWQJmO5kA5Ea1RXzhsQjbdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiMDFiMDg1MWI3Zjg5ZWE0YmIxMzJhN2Y1Mzk1YjlkMmFj
YTFjMDIwHhcNMjQwODE1MTMzNTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2EzNDliYWYyYTg2NTk3NGNjOTc5MTcxNWE3MzE1OGYzYTkzZjJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6zZCsZlNgg+MF2pmDeVaPmZknd8
t6nxg9RrKCzS9e9+m8eGRSmxM2h0CO6gy7vf7wuoaflOekBokDX1uYyMwp/USUPn
KFlDFUp7p562RIom9sAjZ46FUVjva83UdpaJo0EDzr7XXMHaKfAMut5VcbBby4cu
bMgsna9ubzf3wTSpyb6HkH8eLVpEgX1tTh31wVUFpax0Xyi0Zvg+IO9U+UONFSfz
Bx+KULoCdrkrZI0bb6tBByx4EyLNaUkHgdC4niRHFKCalcU4Fnp8DRXjGNoqTuWn
56Esq2FcMyw0Q/x7NoGTvorn7k4uC9jC3Lk38u4HwnLlS+Qne4+G2HlLSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAejSbryqGWXTMl5FxWnMVjzqT8rMB8GA1UdIwQY
MBaAFEsBsIUbf4nqS7Eyp/U5W50qyhwCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU3dHd2hSdF9pZXBMc1RLbjlUbGJuU3JLSEFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jYjlkN2YtYWZkZi00NDg3LTllMDgt
YmQ1MDQzYzBkMWZiLzEvQjZOSnV2S29aWmRNeVhrWEZhY3hXUE9wUHlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jYjlkN2YtYWZkZi00NDg3LTllMDgtYmQ1MDQzYzBkMWZi
LzEvU3dHd2hSdF9pZXBMc1RLbjlUbGJuU3JLSEFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw+EuMA0G
CSqGSIb3DQEBCwUAA4IBAQB6VMmVNAlCRdoxELSj/MyjBpk/bkd4IOld6t0KDuLC
JxrHpcuc7hJtwj0G8cHcwP7hQsi26k+owDbJ1mFjVXcwRShRoV2fp+BWsz4WPPnp
WCtUcOAIf97Wui81IqdJDKOefBeS5OMvUsOEQuj+vvx4fAXF3N4bOkTW47E0fd2K
OLRDFNe52T9JhlzMKz9mqMGInkebC0LyQVdz2MPrby876lktdkTsYjivXVcvVsPe
FKYrynNj+SM4Bqso1bZIbdiXKjq6YZzcn55kKJTLBieWQbgn78gsTJ4t+JisX+Mt
hxBM2tkNdd6MbeiAD/zq9rHSrowk/2JpUx0z0/7zL4gG
-----END CERTIFICATE-----