Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/F4Uk38M7Gpoo4Hm9Bk5myJeUwL4.roa
File:                     F4Uk38M7Gpoo4Hm9Bk5myJeUwL4.roa (raw, json)
Hash identifier:          3157UqEGDsDT6NWIePHoveG/YpvUuPP4rJPfel16Qcg=
Subject key identifier:   17:85:24:DF:C3:3B:1A:9A:28:E0:79:BD:06:4E:66:C8:97:94:C0:BE
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       019425FC51AA681954F9E71C41D40B9BD411
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/F4Uk38M7Gpoo4Hm9Bk5myJeUwL4.roa
Signing time:             Thu 02 Jan 2025 07:48:00 +0000
ROA not before:           Thu 02 Jan 2025 07:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        46.233.32.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 01:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:51:aa:68:19:54:f9:e7:1c:41:d4:0b:9b:d4:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Jan  2 07:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=178524dfc33b1a9a28e079bd064e66c89794c0be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:c5:98:c7:4b:7a:de:53:0d:b2:95:b0:42:e5:
                    ae:b7:80:c8:e2:c4:77:4f:bd:f8:5e:50:86:6e:7b:
                    97:79:8f:e5:1b:aa:49:f2:e7:ae:1f:05:5c:50:1f:
                    08:0e:01:6d:80:36:1f:ab:49:c5:95:7d:94:c7:b1:
                    5b:1e:4c:15:c3:68:44:95:63:2e:07:87:dc:ff:56:
                    e5:60:c7:fc:f2:2c:f7:39:94:de:cb:ad:e5:ea:11:
                    62:0c:6e:8e:71:82:f7:b2:3a:7a:67:06:0b:27:c1:
                    8c:bd:7f:fb:ed:ea:06:01:23:14:44:d7:fc:fb:98:
                    ff:19:b4:c6:c4:2b:e3:7d:eb:38:f8:d0:a5:0f:08:
                    f5:38:c8:ef:45:a1:4a:ad:d6:e9:de:44:58:d6:ba:
                    c3:34:44:8e:81:ed:8e:88:2e:41:6b:27:72:27:6b:
                    9a:be:37:ec:29:09:6f:75:6f:4d:46:4e:3b:7a:ff:
                    0e:5c:59:22:e2:7e:15:fe:1a:bc:e6:39:37:da:5a:
                    1d:06:a0:42:43:b3:84:a0:b5:8e:13:1a:b4:22:d1:
                    9f:46:3e:5b:4f:23:48:24:3a:3f:4e:68:f3:e5:b7:
                    f8:69:3e:1c:64:85:13:41:a7:89:87:91:c6:a0:ce:
                    16:ce:5d:90:17:31:8c:a8:17:80:3a:cd:67:67:d5:
                    ea:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:85:24:DF:C3:3B:1A:9A:28:E0:79:BD:06:4E:66:C8:97:94:C0:BE
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/F4Uk38M7Gpoo4Hm9Bk5myJeUwL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:cb:93:5c:34:2b:a6:1f:b3:ad:80:49:8a:ff:61:43:6b:fe:
         1f:6e:6e:a2:53:e5:33:43:f0:8a:fb:09:b2:cb:0a:4f:23:5b:
         6e:7b:97:de:8d:5c:aa:dc:ad:86:12:4b:c7:56:9a:d0:ee:4f:
         5d:b3:6f:64:32:d4:fc:4b:c5:ca:4e:43:c7:a6:2a:66:35:bc:
         06:58:c3:5b:98:ba:ea:04:c5:4c:f2:06:76:df:5d:f5:4f:62:
         95:d7:ef:92:d1:fd:9c:41:91:a7:3a:b4:60:8e:83:63:32:2a:
         f2:4d:9f:ee:ee:48:fe:ce:c2:cf:c0:40:d6:1e:55:20:e8:c1:
         fc:da:3e:25:22:be:39:2d:26:8a:91:df:b0:e6:fd:14:b8:0b:
         31:dd:cb:88:69:25:a7:5a:40:8a:35:0d:f8:47:87:8a:c8:96:
         d6:db:df:b2:1f:93:70:5c:e7:72:ea:2c:c1:3a:2c:4d:3a:7b:
         58:00:44:ae:4b:5f:d0:8e:49:3c:e2:68:9b:b2:d7:75:30:df:
         29:6c:e6:d8:3e:7b:84:8b:7e:1d:2d:2c:b8:ec:94:f2:90:a9:
         d7:3c:f9:ac:78:6f:bd:81:25:f9:8f:3c:b2:10:29:64:b1:a3:
         62:a3:f5:96:11:03:9f:56:3a:6f:46:2e:c2:3f:91:60:95:73:
         b4:1a:f9:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/FGqaBlU+eccQdQLm9QRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjUwMTAyMDc0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzg1MjRkZmMzM2IxYTlhMjhlMDc5YmQwNjRlNjZjODk3OTRjMGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcWYx0t63lMNspWwQuWut4DI4sR3
T734XlCGbnuXeY/lG6pJ8ueuHwVcUB8IDgFtgDYfq0nFlX2Ux7FbHkwVw2hElWMu
B4fc/1blYMf88iz3OZTey63l6hFiDG6OcYL3sjp6ZwYLJ8GMvX/77eoGASMURNf8
+5j/GbTGxCvjfes4+NClDwj1OMjvRaFKrdbp3kRY1rrDNESOge2OiC5BaydyJ2ua
vjfsKQlvdW9NRk47ev8OXFki4n4V/hq85jk32lodBqBCQ7OEoLWOExq0ItGfRj5b
TyNIJDo/Tmjz5bf4aT4cZIUTQaeJh5HGoM4Wzl2QFzGMqBeAOs1nZ9XqOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBeFJN/DOxqaKOB5vQZOZsiXlMC+MB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvRjRVazM4TTdHcG9vNEhtOUJrNW15SmVVd0w0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLukgMA0G
CSqGSIb3DQEBCwUAA4IBAQBqy5NcNCumH7OtgEmK/2FDa/4fbm6iU+UzQ/CK+wmy
ywpPI1tue5fejVyq3K2GEkvHVprQ7k9ds29kMtT8S8XKTkPHpipmNbwGWMNbmLrq
BMVM8gZ23131T2KV1++S0f2cQZGnOrRgjoNjMiryTZ/u7kj+zsLPwEDWHlUg6MH8
2j4lIr45LSaKkd+w5v0UuAsx3cuIaSWnWkCKNQ34R4eKyJbW29+yH5NwXOdy6izB
OixNOntYAESuS1/Qjkk84mibstd1MN8pbObYPnuEi34dLSy47JTykKnXPPmseG+9
gSX5jzyyEClksaNio/WWEQOfVjpvRi7CP5FglXO0Gvl+
-----END CERTIFICATE-----