Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d2ff5b-0008-4572-9380-976c04bdf18f/1/9cEvXYVcBJeRVXoK10hhOCyNhJY.roa
File:                     9cEvXYVcBJeRVXoK10hhOCyNhJY.roa (raw, json)
Hash identifier:          ihTe2JjgXGvlLA7K+HxYQQd7iWcLoXsDNyag9kYHBGk=
Subject key identifier:   F5:C1:2F:5D:85:5C:04:97:91:55:7A:0A:D7:48:61:38:2C:8D:84:96
Certificate issuer:       /CN=29ea0bde7f692bc5fdc0b168ba614a0272f2e64d
Certificate serial:       019427487C1D6051B2EBA94908F640A6F9C7
Authority key identifier: 29:EA:0B:DE:7F:69:2B:C5:FD:C0:B1:68:BA:61:4A:02:72:F2:E6:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KeoL3n9pK8X9wLFoumFKAnLy5k0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d2ff5b-0008-4572-9380-976c04bdf18f/1/9cEvXYVcBJeRVXoK10hhOCyNhJY.roa
Signing time:             Thu 02 Jan 2025 13:50:49 +0000
ROA not before:           Thu 02 Jan 2025 13:50:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207456
IP address blocks:        46.149.104.0/24 maxlen: 24
                          193.23.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d2ff5b-0008-4572-9380-976c04bdf18f/1/KeoL3n9pK8X9wLFoumFKAnLy5k0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d2ff5b-0008-4572-9380-976c04bdf18f/1/KeoL3n9pK8X9wLFoumFKAnLy5k0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KeoL3n9pK8X9wLFoumFKAnLy5k0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:7c:1d:60:51:b2:eb:a9:49:08:f6:40:a6:f9:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29ea0bde7f692bc5fdc0b168ba614a0272f2e64d
        Validity
            Not Before: Jan  2 13:50:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5c12f5d855c049791557a0ad74861382c8d8496
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:cc:6d:49:f1:d2:06:ff:24:5e:01:df:15:85:
                    d4:7a:68:3c:e9:ed:31:56:86:47:10:0e:43:5c:21:
                    45:03:17:b8:38:1b:5d:20:fd:50:92:83:9a:f0:d9:
                    5a:c7:90:ea:0b:8c:bb:fd:60:dd:86:07:03:65:e6:
                    e3:2b:64:56:c0:02:5d:9e:83:dd:68:75:ed:0e:a4:
                    8e:70:10:f7:40:6c:39:42:5f:8d:be:4d:ff:95:be:
                    c9:2d:51:96:a4:7c:0b:c0:cb:7c:07:95:dd:45:d0:
                    ca:ba:58:3e:0c:8e:98:e5:1a:19:a5:07:06:81:87:
                    e6:97:52:05:59:0a:fc:f5:16:3d:dd:c6:dc:41:c6:
                    af:91:47:d2:cc:a5:2c:38:ba:7e:6b:bd:6d:8f:81:
                    2a:74:4c:7b:7d:75:5b:f6:dc:c1:42:5c:3a:01:6b:
                    8b:17:eb:08:ff:77:28:0b:b9:44:36:3c:38:b1:ac:
                    b9:4e:76:be:27:92:17:b8:78:a9:7c:57:49:12:27:
                    d2:be:20:f9:6b:61:85:37:75:91:3f:5a:c2:fa:ae:
                    c0:75:c9:01:8f:b8:f6:55:a7:48:be:29:a2:74:d9:
                    4a:46:e5:2d:65:cc:49:7a:1b:10:cb:8e:c6:16:ca:
                    46:83:c8:36:39:97:b7:0d:2a:49:40:2e:16:a1:3f:
                    b9:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:C1:2F:5D:85:5C:04:97:91:55:7A:0A:D7:48:61:38:2C:8D:84:96
            X509v3 Authority Key Identifier:
                keyid:29:EA:0B:DE:7F:69:2B:C5:FD:C0:B1:68:BA:61:4A:02:72:F2:E6:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KeoL3n9pK8X9wLFoumFKAnLy5k0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d2ff5b-0008-4572-9380-976c04bdf18f/1/9cEvXYVcBJeRVXoK10hhOCyNhJY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d2ff5b-0008-4572-9380-976c04bdf18f/1/KeoL3n9pK8X9wLFoumFKAnLy5k0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.149.104.0/24
                  193.23.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:46:5b:11:d5:75:a9:a3:94:5b:42:83:c7:87:5b:8e:9a:01:
         b8:21:6e:46:18:49:67:d0:3e:84:c0:20:64:ba:e0:dd:f1:26:
         d7:3c:fa:2d:a0:69:2c:9f:e7:8c:e2:e7:0f:0e:3a:0c:da:99:
         a9:0b:9c:5e:4c:51:61:a4:65:8a:b8:10:5b:a0:64:ac:d9:b8:
         f1:89:15:50:51:e6:36:60:c2:03:81:b5:0e:a1:20:ad:79:d2:
         f1:5e:a2:c3:bf:ef:aa:d7:fc:85:7a:41:cc:36:2f:0b:c4:4b:
         0f:5f:bd:49:00:ac:46:8e:85:8c:24:10:7c:f8:07:2f:38:7f:
         fa:52:67:22:22:ad:b3:44:49:6b:6f:cc:63:dc:94:86:48:b4:
         ca:6a:b3:61:9f:00:20:00:4e:c1:0b:46:5c:ba:75:31:4e:bd:
         03:f5:1e:e6:ec:60:ce:f9:0e:32:88:24:70:1a:29:34:62:95:
         5c:64:cb:a2:4f:d0:84:5a:b9:3f:1f:63:1d:6e:fd:07:4e:32:
         f6:c0:ea:bc:e0:64:7d:d5:d6:79:a8:cb:49:af:e0:0e:8d:b3:
         15:8e:5d:d5:5c:20:47:b6:eb:2b:b0:ba:a6:48:2d:4d:42:29:
         e3:c0:41:75:c2:15:44:a5:f8:c6:a4:13:ec:ba:5b:9c:39:fe:
         41:67:df:06
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnSHwdYFGy66lJCPZApvnHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZWEwYmRlN2Y2OTJiYzVmZGMwYjE2OGJhNjE0YTAyNzJm
MmU2NGQwHhcNMjUwMTAyMTM1MDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWMxMmY1ZDg1NWMwNDk3OTE1NTdhMGFkNzQ4NjEzODJjOGQ4NDk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwMxtSfHSBv8kXgHfFYXUemg86e0x
VoZHEA5DXCFFAxe4OBtdIP1QkoOa8Nlax5DqC4y7/WDdhgcDZebjK2RWwAJdnoPd
aHXtDqSOcBD3QGw5Ql+Nvk3/lb7JLVGWpHwLwMt8B5XdRdDKulg+DI6Y5RoZpQcG
gYfml1IFWQr89RY93cbcQcavkUfSzKUsOLp+a71tj4EqdEx7fXVb9tzBQlw6AWuL
F+sI/3coC7lENjw4say5Tna+J5IXuHipfFdJEifSviD5a2GFN3WRP1rC+q7AdckB
j7j2VadIvimidNlKRuUtZcxJehsQy47GFspGg8g2OZe3DSpJQC4WoT+5KQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPXBL12FXASXkVV6CtdIYTgsjYSWMB8GA1UdIwQY
MBaAFCnqC95/aSvF/cCxaLphSgJy8uZNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2VvTDNuOXBLOFg5d0xGb3VtRktBbkx5NWswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kMmZmNWItMDAwOC00NTcyLTkzODAt
OTc2YzA0YmRmMThmLzEvOWNFdlhZVmNCSmVSVlhvSzEwaGhPQ3lOaEpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kMmZmNWItMDAwOC00NTcyLTkzODAtOTc2YzA0YmRmMThm
LzEvS2VvTDNuOXBLOFg5d0xGb3VtRktBbkx5NWswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALpVoAwQA
wReFMA0GCSqGSIb3DQEBCwUAA4IBAQBuRlsR1XWpo5RbQoPHh1uOmgG4IW5GGEln
0D6EwCBkuuDd8SbXPPotoGksn+eM4ucPDjoM2pmpC5xeTFFhpGWKuBBboGSs2bjx
iRVQUeY2YMIDgbUOoSCtedLxXqLDv++q1/yFekHMNi8LxEsPX71JAKxGjoWMJBB8
+AcvOH/6UmciIq2zRElrb8xj3JSGSLTKarNhnwAgAE7BC0ZcunUxTr0D9R7m7GDO
+Q4yiCRwGik0YpVcZMuiT9CEWrk/H2Mdbv0HTjL2wOq84GR91dZ5qMtJr+AOjbMV
jl3VXCBHtusrsLqmSC1NQinjwEF1whVEpfjGpBPsulucOf5BZ98G
-----END CERTIFICATE-----