Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/1-HYjW61poyKPMhvfx7U4CngkbXQ.roa
File:                     1-HYjW61poyKPMhvfx7U4CngkbXQ.roa (raw, json)
Hash identifier:          FgaQ7pllPxrtYs+K7a4T0YujtsmGhQlX0nAW+eszuLQ=
Subject key identifier:   F8:76:23:5B:AD:69:A3:22:8F:32:1B:DF:C7:B5:38:0A:78:24:6D:74
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       019425FC558F1B815429B99A75FA3F702A0A
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/1-HYjW61poyKPMhvfx7U4CngkbXQ.roa
Signing time:             Thu 02 Jan 2025 07:48:01 +0000
ROA not before:           Thu 02 Jan 2025 07:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44077
IP address blocks:        46.233.40.0/23 maxlen: 24
                          46.233.46.0/24 maxlen: 24
                          46.233.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:55:8f:1b:81:54:29:b9:9a:75:fa:3f:70:2a:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Jan  2 07:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f876235bad69a3228f321bdfc7b5380a78246d74
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:48:46:ed:ca:fe:b7:f1:60:b9:c2:61:8c:71:
                    9f:d7:1b:62:57:05:58:e7:3a:70:60:ac:3d:9c:11:
                    62:28:9b:d0:f4:9f:3d:b0:d4:c8:0b:f3:cc:b1:34:
                    22:48:f0:1c:bc:a4:44:3d:6a:3b:44:97:b3:3d:fe:
                    f5:14:5b:c1:c6:d7:64:f4:d6:52:00:7d:5e:ac:87:
                    77:32:c1:65:26:d2:e1:43:3f:31:02:f3:f2:e5:90:
                    ba:62:23:41:11:54:ac:fd:4d:ea:39:84:7a:a7:7f:
                    e0:7f:be:e9:2e:55:a1:cd:63:0a:c3:30:e5:56:76:
                    f8:05:f5:f5:72:7b:7a:78:ee:52:b0:36:af:57:55:
                    6a:59:04:db:7e:40:3d:b0:eb:82:a6:a8:47:5a:cc:
                    18:90:96:45:a3:fb:53:c6:16:27:e8:e0:6a:14:da:
                    94:b7:16:20:90:34:25:55:c3:4f:3c:a7:7c:19:1c:
                    b8:4e:21:b6:96:79:1c:3c:9e:76:29:6b:cb:0d:92:
                    f4:f7:e5:f6:81:bf:ee:1d:0e:fb:47:43:9e:59:fd:
                    9a:fc:80:f9:41:81:18:b4:89:8d:bd:47:b2:04:7d:
                    87:98:4d:59:2c:a0:68:a3:a7:93:57:b0:ff:21:fd:
                    ed:52:5c:d8:8f:b9:4e:6d:22:89:eb:ed:30:3c:f9:
                    24:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:76:23:5B:AD:69:A3:22:8F:32:1B:DF:C7:B5:38:0A:78:24:6D:74
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/1-HYjW61poyKPMhvfx7U4CngkbXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.40.0/23
                  46.233.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         60:05:34:5b:a5:ab:36:85:fc:3f:c5:50:5b:d0:b7:ad:02:3d:
         1b:b5:4d:7f:04:a0:7d:75:cb:e5:b8:ec:47:30:f8:cf:c3:4d:
         29:64:a9:da:67:db:77:ac:f6:4f:f4:21:1c:00:1f:0d:07:45:
         9c:a4:32:c8:37:13:1d:f7:8e:76:fb:12:9b:ae:a8:09:a1:4d:
         cb:81:1d:a9:a3:01:87:99:94:2f:4c:18:29:22:0c:b7:10:57:
         96:41:19:87:ca:ab:66:a8:32:ce:f8:03:3c:e0:7a:88:0b:9f:
         ed:8a:31:87:b4:b4:3c:10:5c:0d:3c:ac:eb:91:27:ab:12:5c:
         58:39:89:fe:04:45:08:d0:cc:bc:1d:df:37:2b:49:23:74:52:
         d9:a3:82:64:25:84:f3:e1:02:78:d4:d5:21:da:1d:5f:e9:79:
         a1:78:78:fc:0b:4a:6e:0c:36:46:3a:13:19:c6:a7:37:74:80:
         ca:cb:94:a1:e7:0e:ac:c7:28:1c:65:a8:5b:c7:d0:b6:2e:57:
         3e:39:3f:02:f2:9c:bc:c5:62:d2:7e:d2:91:7c:fe:42:90:af:
         00:36:59:fb:4f:9a:84:d8:3c:b9:73:22:7a:d6:1f:eb:69:58:
         aa:5d:65:fc:4f:46:6b:26:0f:42:42:aa:1f:3f:d0:07:e2:dd:
         43:a3:8e:dc
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQl/FWPG4FUKbmadfo/cCoKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjUwMTAyMDc0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODc2MjM1YmFkNjlhMzIyOGYzMjFiZGZjN2I1MzgwYTc4MjQ2ZDc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3khG7cr+t/FgucJhjHGf1xtiVwVY
5zpwYKw9nBFiKJvQ9J89sNTIC/PMsTQiSPAcvKREPWo7RJezPf71FFvBxtdk9NZS
AH1erId3MsFlJtLhQz8xAvPy5ZC6YiNBEVSs/U3qOYR6p3/gf77pLlWhzWMKwzDl
Vnb4BfX1cnt6eO5SsDavV1VqWQTbfkA9sOuCpqhHWswYkJZFo/tTxhYn6OBqFNqU
txYgkDQlVcNPPKd8GRy4TiG2lnkcPJ52KWvLDZL09+X2gb/uHQ77R0OeWf2a/ID5
QYEYtImNvUeyBH2HmE1ZLKBoo6eTV7D/If3tUlzYj7lObSKJ6+0wPPkkrwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFPh2I1utaaMijzIb38e1OAp4JG10MB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvMS1IWWpXNjFwb3lLUE1odmZ4N1U0Q25na2JYUS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZGUvZjJiZDZjLTQ4NDMtNGVhZC1hYTA5LTNjMTZmZjg0MWFi
Mi8xL2I4VU5EVUlHZTNhckdpNk9Vel80U2JaZFZ2VS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAlBggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEAS7pKAME
AS7pLjANBgkqhkiG9w0BAQsFAAOCAQEAYAU0W6WrNoX8P8VQW9C3rQI9G7VNfwSg
fXXL5bjsRzD4z8NNKWSp2mfbd6z2T/QhHAAfDQdFnKQyyDcTHfeOdvsSm66oCaFN
y4EdqaMBh5mUL0wYKSIMtxBXlkEZh8qrZqgyzvgDPOB6iAuf7Yoxh7S0PBBcDTys
65EnqxJcWDmJ/gRFCNDMvB3fNytJI3RS2aOCZCWE8+ECeNTVIdodX+l5oXh4/AtK
bgw2RjoTGcanN3SAysuUoecOrMcoHGWoW8fQti5XPjk/AvKcvMVi0n7SkXz+QpCv
ADZZ+0+ahNg8uXMietYf62lYql1l/E9GayYPQkKqHz/QB+LdQ6OO3A==
-----END CERTIFICATE-----