Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/K8brr-FPsMEnGF0kbZo88qS6lTk.roa
File:                     K8brr-FPsMEnGF0kbZo88qS6lTk.roa (raw, json)
Hash identifier:          qW/T11RMV283PJtyNsGcccWeoOYrXus8SlIyII3hPJA=
Subject key identifier:   2B:C6:EB:AF:E1:4F:B0:C1:27:18:5D:24:6D:9A:3C:F2:A4:BA:95:39
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       019425FC585099F64C2B0891CF4A839D9D78
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/K8brr-FPsMEnGF0kbZo88qS6lTk.roa
Signing time:             Thu 02 Jan 2025 07:48:02 +0000
ROA not before:           Thu 02 Jan 2025 07:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212477
IP address blocks:        46.233.44.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:58:50:99:f6:4c:2b:08:91:cf:4a:83:9d:9d:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Jan  2 07:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2bc6ebafe14fb0c127185d246d9a3cf2a4ba9539
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b1:28:d4:05:3e:d2:b6:f6:38:53:6c:a3:fc:
                    51:3d:5d:b0:2f:6b:98:ae:45:eb:90:58:09:42:9a:
                    cb:98:22:06:b8:cf:23:f1:22:06:bf:f2:03:3f:df:
                    13:87:99:12:13:f8:8b:96:d6:82:9d:4d:c6:70:01:
                    b1:30:0f:5e:52:98:3e:3d:ff:0b:90:ce:fb:cf:fb:
                    fe:90:99:b0:9d:96:cc:98:54:f3:4a:c6:af:64:f6:
                    4e:87:28:fe:46:a9:c3:ca:85:d3:2c:85:10:b8:9f:
                    d4:51:e7:fd:e0:17:66:b8:de:e7:44:58:2e:08:78:
                    96:ba:33:88:23:46:6b:20:ae:36:42:d7:6c:06:e3:
                    ec:71:94:f1:86:08:bf:a2:77:46:bf:7a:da:bd:93:
                    f6:ab:b0:e3:51:c4:14:30:82:1c:bf:e4:a5:21:49:
                    d3:49:e4:b3:61:ff:14:f8:b0:d4:ef:89:46:7c:95:
                    09:41:e3:77:6a:c4:9a:0d:a0:0f:4c:f0:77:5a:1c:
                    27:ad:5b:33:d4:29:92:fd:c7:12:5e:da:44:20:7b:
                    b7:4b:07:c9:bf:6d:cd:9f:f0:c0:82:f4:79:aa:01:
                    aa:2e:c3:41:62:82:92:f3:a9:25:92:df:4d:56:52:
                    0d:fc:5a:56:72:87:12:ff:13:56:54:e9:02:61:bc:
                    db:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:C6:EB:AF:E1:4F:B0:C1:27:18:5D:24:6D:9A:3C:F2:A4:BA:95:39
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/K8brr-FPsMEnGF0kbZo88qS6lTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:21:1d:cb:07:fb:0c:12:45:e1:b3:89:74:af:e9:8f:04:c6:
         00:13:a7:e5:93:39:83:f4:a6:a5:ef:72:47:52:fa:06:59:b5:
         d9:ec:3a:15:a3:09:09:51:96:42:23:ec:1a:8e:b7:98:58:70:
         4e:e0:99:86:a7:86:d3:05:9c:a0:82:f7:9c:d0:03:0b:41:12:
         18:28:4e:ea:0d:e6:2b:89:a8:e6:b2:ab:85:e6:33:4b:44:04:
         96:48:73:3e:44:e1:89:4f:91:78:49:8b:c7:7b:6d:c4:be:62:
         0a:85:cb:fc:44:ef:0b:f5:25:7c:bc:69:1b:d3:7c:15:84:c5:
         82:63:cc:aa:a8:36:7c:a3:f5:29:fd:b1:c3:ae:2a:75:7b:0a:
         88:86:42:c4:7a:e4:5f:da:e1:18:08:75:b2:83:bf:59:d5:80:
         0a:8e:20:5b:8d:7c:0b:2d:db:4c:6e:42:91:63:39:17:6c:05:
         fb:bd:4c:d5:43:af:03:0a:96:d6:fc:c4:c6:96:93:f6:15:de:
         c0:0a:72:37:27:55:9c:a5:d8:9a:c2:1c:b2:ac:7c:f1:ad:ad:
         64:d4:f3:16:36:db:aa:78:38:47:75:7f:d6:54:f9:95:d1:c4:
         73:8e:f7:d2:63:fe:06:e5:f7:81:7f:80:8d:a5:c5:2c:9d:fc:
         1b:6c:e3:c6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/FhQmfZMKwiRz0qDnZ14MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjUwMTAyMDc0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmM2ZWJhZmUxNGZiMGMxMjcxODVkMjQ2ZDlhM2NmMmE0YmE5NTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLEo1AU+0rb2OFNso/xRPV2wL2uY
rkXrkFgJQprLmCIGuM8j8SIGv/IDP98Th5kSE/iLltaCnU3GcAGxMA9eUpg+Pf8L
kM77z/v+kJmwnZbMmFTzSsavZPZOhyj+RqnDyoXTLIUQuJ/UUef94BdmuN7nRFgu
CHiWujOII0ZrIK42QtdsBuPscZTxhgi/ondGv3ravZP2q7DjUcQUMIIcv+SlIUnT
SeSzYf8U+LDU74lGfJUJQeN3asSaDaAPTPB3WhwnrVsz1CmS/ccSXtpEIHu3SwfJ
v23Nn/DAgvR5qgGqLsNBYoKS86klkt9NVlIN/FpWcocS/xNWVOkCYbzbTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCvG66/hT7DBJxhdJG2aPPKkupU5MB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvSzhicnItRlBzTUVuR0Ywa2Jabzg4cVM2bFRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLuksMA0G
CSqGSIb3DQEBCwUAA4IBAQA3IR3LB/sMEkXhs4l0r+mPBMYAE6flkzmD9Kal73JH
UvoGWbXZ7DoVowkJUZZCI+wajreYWHBO4JmGp4bTBZyggvec0AMLQRIYKE7qDeYr
iajmsquF5jNLRASWSHM+ROGJT5F4SYvHe23EvmIKhcv8RO8L9SV8vGkb03wVhMWC
Y8yqqDZ8o/Up/bHDrip1ewqIhkLEeuRf2uEYCHWyg79Z1YAKjiBbjXwLLdtMbkKR
YzkXbAX7vUzVQ68DCpbW/MTGlpP2Fd7ACnI3J1WcpdiawhyyrHzxra1k1PMWNtuq
eDhHdX/WVPmV0cRzjvfSY/4G5feBf4CNpcUsnfwbbOPG
-----END CERTIFICATE-----