Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/4homCvxOMdgg9qsel4EggdchOYU.roa
File:                     4homCvxOMdgg9qsel4EggdchOYU.roa (raw, json)
Hash identifier:          nUYdFPzRwen5zG/7bmEx/kEori5F+5i1QxsbXZt0c7g=
Subject key identifier:   E2:1A:26:0A:FC:4E:31:D8:20:F6:AB:1E:97:81:20:81:D7:21:39:85
Certificate issuer:       /CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
Certificate serial:       01934FBDF93210A030E1E7B32D5F929BB0A9
Authority key identifier: 46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/4homCvxOMdgg9qsel4EggdchOYU.roa
Signing time:             Thu 21 Nov 2024 17:21:10 +0000
ROA not before:           Thu 21 Nov 2024 17:21:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41171
IP address blocks:        62.106.83.0/24 maxlen: 24
                          146.19.228.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4f:bd:f9:32:10:a0:30:e1:e7:b3:2d:5f:92:9b:b0:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=468b592f3110bc6c35249a8271a0dac1a9acb0ce
        Validity
            Not Before: Nov 21 17:21:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e21a260afc4e31d820f6ab1e97812081d7213985
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:bd:e3:a6:47:2b:06:0c:47:e4:f5:4e:d2:9a:
                    d1:bd:73:d8:7e:eb:d4:b3:f1:38:2d:b1:3f:7e:c3:
                    0d:16:6c:0b:b1:19:f4:1f:61:a9:ef:f8:d0:85:15:
                    8e:e0:81:d0:3b:dc:cf:ae:a2:b0:39:41:82:4a:cc:
                    f9:71:aa:6e:7e:bd:77:8e:a7:27:ca:62:f1:07:6b:
                    e2:5f:b2:c2:59:16:b7:ab:09:5f:dd:9c:1d:a9:e6:
                    34:2f:00:12:a3:4f:1d:f6:a2:17:35:6f:ae:6b:1b:
                    6d:eb:20:aa:c4:de:a0:3b:04:cd:65:c8:c0:cc:b2:
                    2d:be:52:88:cb:df:4e:d3:20:59:31:e0:de:fb:02:
                    df:37:ac:83:4c:5e:b5:18:02:20:69:86:86:9d:80:
                    42:41:3d:40:8b:58:fe:79:6e:13:2e:39:9b:e2:a2:
                    28:ce:ca:a9:7b:01:08:a0:6c:48:b8:a6:5e:a4:ab:
                    91:5c:f5:4a:ca:50:64:9e:91:30:3a:c7:a0:2a:2e:
                    db:10:b5:5c:22:30:23:50:17:19:13:be:d9:6b:cb:
                    7c:67:28:94:71:74:b5:3f:9f:f4:fd:2b:70:f2:6a:
                    32:76:95:85:0e:bb:2f:27:15:59:b8:8c:ec:e4:66:
                    4b:28:23:dc:20:49:33:c0:3a:0b:3a:9a:47:33:3b:
                    44:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:1A:26:0A:FC:4E:31:D8:20:F6:AB:1E:97:81:20:81:D7:21:39:85
            X509v3 Authority Key Identifier:
                keyid:46:8B:59:2F:31:10:BC:6C:35:24:9A:82:71:A0:DA:C1:A9:AC:B0:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RotZLzEQvGw1JJqCcaDawamssM4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/4homCvxOMdgg9qsel4EggdchOYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/29e166-98d2-49f2-8497-0503749adea0/1/RotZLzEQvGw1JJqCcaDawamssM4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.106.83.0/24
                  146.19.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:ba:fb:7b:bc:ae:93:67:fd:94:b3:13:44:fa:5b:50:88:da:
         d7:c9:8b:7a:a0:2c:02:7f:a6:27:13:cc:e6:a8:6f:61:20:16:
         47:60:bc:2a:19:a6:91:19:6f:ca:35:3e:26:db:d0:e6:be:5c:
         c0:0f:2e:5f:f9:bf:00:42:a6:0b:aa:6e:b8:42:3d:6b:df:c5:
         68:2a:74:56:8a:a2:fa:0f:58:a0:a6:ed:14:e4:5e:90:b6:cf:
         1c:46:c7:69:21:70:ee:47:50:f9:59:45:66:84:1d:8b:7d:b2:
         0c:c6:17:81:c3:9b:16:da:99:39:a1:38:ae:6c:ff:b9:be:9e:
         5c:20:dd:6e:6e:59:05:f1:68:1b:82:a2:6b:0e:19:12:73:14:
         f0:54:bf:9f:11:9e:5c:46:a9:6e:17:b3:e3:6e:dd:bc:81:c6:
         43:a7:c1:1b:83:ad:b2:7d:5a:7a:c9:47:fa:d2:fb:2a:50:e2:
         b7:18:b7:bb:90:00:86:f3:cc:a7:35:0c:b5:6a:e1:85:e3:95:
         9b:9b:63:e6:1c:5d:77:f3:d8:d0:bf:8a:68:77:5c:51:55:bc:
         98:be:c1:5c:bb:4f:4c:19:2d:38:ac:a9:0d:d7:26:c8:7e:60:
         f1:fd:07:19:ce:49:4d:0d:ff:18:5b:9e:d2:7a:46:b1:4d:47:
         49:2c:00:6d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNPvfkyEKAw4eezLV+Sm7CpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2OGI1OTJmMzExMGJjNmMzNTI0OWE4MjcxYTBkYWMxYTlh
Y2IwY2UwHhcNMjQxMTIxMTcyMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjFhMjYwYWZjNGUzMWQ4MjBmNmFiMWU5NzgxMjA4MWQ3MjEzOTg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6r3jpkcrBgxH5PVO0prRvXPYfuvU
s/E4LbE/fsMNFmwLsRn0H2Gp7/jQhRWO4IHQO9zPrqKwOUGCSsz5capufr13jqcn
ymLxB2viX7LCWRa3qwlf3ZwdqeY0LwASo08d9qIXNW+uaxtt6yCqxN6gOwTNZcjA
zLItvlKIy99O0yBZMeDe+wLfN6yDTF61GAIgaYaGnYBCQT1Ai1j+eW4TLjmb4qIo
zsqpewEIoGxIuKZepKuRXPVKylBknpEwOsegKi7bELVcIjAjUBcZE77Za8t8ZyiU
cXS1P5/0/Stw8moydpWFDrsvJxVZuIzs5GZLKCPcIEkzwDoLOppHMztETQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOIaJgr8TjHYIParHpeBIIHXITmFMB8GA1UdIwQY
MBaAFEaLWS8xELxsNSSagnGg2sGprLDOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTct
MDUwMzc0OWFkZWEwLzEvNGhvbUN2eE9NZGdnOXFzZWw0RWdnZGNoT1lVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8yOWUxNjYtOThkMi00OWYyLTg0OTctMDUwMzc0OWFkZWEw
LzEvUm90Wkx6RVF2R3cxSkpxQ2NhRGF3YW1zc000LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPmpTAwQA
khPkMA0GCSqGSIb3DQEBCwUAA4IBAQCduvt7vK6TZ/2UsxNE+ltQiNrXyYt6oCwC
f6YnE8zmqG9hIBZHYLwqGaaRGW/KNT4m29DmvlzADy5f+b8AQqYLqm64Qj1r38Vo
KnRWiqL6D1igpu0U5F6Qts8cRsdpIXDuR1D5WUVmhB2LfbIMxheBw5sW2pk5oTiu
bP+5vp5cIN1ublkF8WgbgqJrDhkScxTwVL+fEZ5cRqluF7Pjbt28gcZDp8Ebg62y
fVp6yUf60vsqUOK3GLe7kACG88ynNQy1auGF45Wbm2PmHF1389jQv4pod1xRVbyY
vsFcu09MGS04rKkN1ybIfmDx/QcZzklNDf8YW57SekaxTUdJLABt
-----END CERTIFICATE-----