Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/iDLcfc6aCabj7RN8rRXRQoXvHeA.roa
File:                     iDLcfc6aCabj7RN8rRXRQoXvHeA.roa (raw, json)
Hash identifier:          UvXUgafoqKLsjB+HeAD02OLRE2t5kuX7jZTUuLZ1nRA=
Subject key identifier:   88:32:DC:7D:CE:9A:09:A6:E3:ED:13:7C:AD:15:D1:42:85:EF:1D:E0
Certificate issuer:       /CN=4e984a5a4b7808bb4ea32d310bdd07ecc9575113
Certificate serial:       019424B3DBB6FF72CC32A4A258D7E235B534
Authority key identifier: 4E:98:4A:5A:4B:78:08:BB:4E:A3:2D:31:0B:DD:07:EC:C9:57:51:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TphKWkt4CLtOoy0xC90H7MlXURM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/iDLcfc6aCabj7RN8rRXRQoXvHeA.roa
Signing time:             Thu 02 Jan 2025 01:49:14 +0000
ROA not before:           Thu 02 Jan 2025 01:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1136
IP address blocks:        46.231.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/TphKWkt4CLtOoy0xC90H7MlXURM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/TphKWkt4CLtOoy0xC90H7MlXURM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TphKWkt4CLtOoy0xC90H7MlXURM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 07:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:db:b6:ff:72:cc:32:a4:a2:58:d7:e2:35:b5:34
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e984a5a4b7808bb4ea32d310bdd07ecc9575113
        Validity
            Not Before: Jan  2 01:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8832dc7dce9a09a6e3ed137cad15d14285ef1de0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:41:2d:45:70:bc:4b:59:aa:73:39:8c:19:72:
                    0a:3e:ef:27:07:6b:1c:c5:f2:62:c1:1b:f8:3e:70:
                    b1:2b:a5:a5:66:be:fe:22:9e:a9:13:7c:b8:2c:27:
                    e5:09:e4:51:ee:22:9c:c3:41:f0:d7:d1:2a:f0:22:
                    16:5c:e4:2d:5d:1b:a6:a6:b9:ed:af:8f:0e:1a:50:
                    c8:5c:79:63:4f:f5:ca:df:d5:8b:89:63:64:ea:c0:
                    14:cf:2c:f4:a4:6c:49:ac:a7:a6:66:47:dc:c1:be:
                    88:a8:08:32:c3:93:7a:d0:17:f6:91:e8:a1:f5:4a:
                    16:ef:8a:a6:de:1d:3e:ac:87:f6:e2:8c:ad:2d:87:
                    55:68:61:90:7f:a0:ef:e2:fe:b3:c1:9f:3b:de:42:
                    ad:54:43:0b:1b:7e:94:bb:c1:7c:81:10:de:8f:90:
                    cd:95:c4:50:c8:4c:a1:36:c5:dd:96:1b:e0:d7:87:
                    2c:3f:11:3d:4a:51:4a:6b:0f:64:fc:1b:39:2e:5e:
                    94:6e:b8:4c:f5:ea:20:de:ca:74:c2:8b:61:54:26:
                    ee:3a:8a:65:d4:27:0c:e7:47:c2:3d:07:44:c8:e3:
                    0d:3b:57:d6:15:c9:f1:05:06:45:a2:50:29:a1:ab:
                    66:5f:6e:48:e3:09:83:ac:5b:cb:eb:75:52:3c:65:
                    c3:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:32:DC:7D:CE:9A:09:A6:E3:ED:13:7C:AD:15:D1:42:85:EF:1D:E0
            X509v3 Authority Key Identifier:
                keyid:4E:98:4A:5A:4B:78:08:BB:4E:A3:2D:31:0B:DD:07:EC:C9:57:51:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TphKWkt4CLtOoy0xC90H7MlXURM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/iDLcfc6aCabj7RN8rRXRQoXvHeA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/TphKWkt4CLtOoy0xC90H7MlXURM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.231.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:75:d5:b9:5a:ab:ad:54:7e:44:0c:d6:d2:ef:d4:13:b0:1e:
         a6:3b:23:31:0c:be:7f:58:37:f4:88:1e:f9:66:b5:3d:40:e7:
         13:e4:8a:35:56:9e:18:6d:98:10:8a:61:8e:a0:7f:56:4a:c0:
         5e:9d:aa:86:2e:31:74:70:e7:3f:73:4e:cf:a2:df:02:ff:6f:
         f9:7f:59:f4:3b:23:10:0b:b1:28:59:9a:22:4e:8d:38:1b:e2:
         70:09:a5:af:22:62:e3:a5:0b:68:88:9a:7d:a9:30:d9:28:c7:
         5b:50:04:a1:57:c2:e6:7b:66:1e:1d:e6:3f:33:a6:c8:a8:f7:
         24:26:45:e3:6f:c7:eb:8c:f1:12:46:90:80:f9:92:8a:42:18:
         af:f2:19:d4:54:80:f4:55:a7:dc:4d:84:41:ba:0d:3e:7e:eb:
         13:cb:b6:53:fe:77:0f:db:bf:44:91:e3:a8:64:74:6c:a7:3e:
         67:fa:26:8a:38:3f:36:27:7f:fe:9d:d7:64:2a:7c:4f:67:6c:
         bd:e3:21:ab:81:f0:34:d0:21:98:ff:89:c1:7e:3f:30:88:c8:
         c8:af:43:d0:1c:ad:53:9c:18:e3:f7:24:4d:8a:45:db:55:aa:
         4e:dc:4a:33:71:29:0a:69:72:5d:9a:6c:e8:b1:bc:c8:e0:b2:
         5c:ab:f2:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks9u2/3LMMqSiWNfiNbU0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlOTg0YTVhNGI3ODA4YmI0ZWEzMmQzMTBiZGQwN2VjYzk1
NzUxMTMwHhcNMjUwMTAyMDE0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODMyZGM3ZGNlOWEwOWE2ZTNlZDEzN2NhZDE1ZDE0Mjg1ZWYxZGUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0UEtRXC8S1mqczmMGXIKPu8nB2sc
xfJiwRv4PnCxK6WlZr7+Ip6pE3y4LCflCeRR7iKcw0Hw19Eq8CIWXOQtXRumprnt
r48OGlDIXHljT/XK39WLiWNk6sAUzyz0pGxJrKemZkfcwb6IqAgyw5N60Bf2keih
9UoW74qm3h0+rIf24oytLYdVaGGQf6Dv4v6zwZ873kKtVEMLG36Uu8F8gRDej5DN
lcRQyEyhNsXdlhvg14csPxE9SlFKaw9k/Bs5Ll6UbrhM9eog3sp0wothVCbuOopl
1CcM50fCPQdEyOMNO1fWFcnxBQZFolApoatmX25I4wmDrFvL63VSPGXDxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIgy3H3Omgmm4+0TfK0V0UKF7x3gMB8GA1UdIwQY
MBaAFE6YSlpLeAi7TqMtMQvdB+zJV1ETMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHBoS1drdDRDTHRPb3kweEM5MEg3TWxYVVJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC80MWRlYzEtMWViMS00OWM3LTlkNTAt
Y2E1OTVlMzRkNWFjLzEvaURMY2ZjNmFDYWJqN1JOOHJSWFJRb1h2SGVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC80MWRlYzEtMWViMS00OWM3LTlkNTAtY2E1OTVlMzRkNWFj
LzEvVHBoS1drdDRDTHRPb3kweEM5MEg3TWxYVVJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuf/MA0G
CSqGSIb3DQEBCwUAA4IBAQB0ddW5WqutVH5EDNbS79QTsB6mOyMxDL5/WDf0iB75
ZrU9QOcT5Io1Vp4YbZgQimGOoH9WSsBenaqGLjF0cOc/c07Pot8C/2/5f1n0OyMQ
C7EoWZoiTo04G+JwCaWvImLjpQtoiJp9qTDZKMdbUAShV8Lme2YeHeY/M6bIqPck
JkXjb8frjPESRpCA+ZKKQhiv8hnUVID0VafcTYRBug0+fusTy7ZT/ncP279EkeOo
ZHRspz5n+iaKOD82J3/+nddkKnxPZ2y94yGrgfA00CGY/4nBfj8wiMjIr0PQHK1T
nBjj9yRNikXbVapO3EozcSkKaXJdmmzosbzI4LJcq/Lm
-----END CERTIFICATE-----