Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/XKHgN2jT3_6QMfOgHKrS1JlPtdM.roa
File:                     XKHgN2jT3_6QMfOgHKrS1JlPtdM.roa (raw, json)
Hash identifier:          0/lku7LnO6lIZwW3HNYBW2LCc3aSui+jPA3GCkogDfQ=
Subject key identifier:   5C:A1:E0:37:68:D3:DF:FE:90:31:F3:A0:1C:AA:D2:D4:99:4F:B5:D3
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       019425FC55E4F5DF870A2216C478726EC80E
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/XKHgN2jT3_6QMfOgHKrS1JlPtdM.roa
Signing time:             Thu 02 Jan 2025 07:48:01 +0000
ROA not before:           Thu 02 Jan 2025 07:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48925
IP address blocks:        46.233.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 00:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:55:e4:f5:df:87:0a:22:16:c4:78:72:6e:c8:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Jan  2 07:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ca1e03768d3dffe9031f3a01caad2d4994fb5d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:6b:ae:e8:55:e8:2f:d2:02:b2:1b:e4:e8:d1:
                    9a:b9:e5:29:b1:fc:10:5c:bd:c7:4e:93:c8:40:95:
                    de:5c:34:d8:90:bf:0e:ae:1c:8a:1b:95:1d:6c:eb:
                    a9:e1:32:44:0b:9e:d7:23:3e:33:f5:8c:65:f9:3e:
                    ab:6a:32:39:d2:32:2c:f6:8b:fc:f5:76:0f:97:0f:
                    a2:c5:7c:26:a3:4a:2d:d5:a9:ed:05:8d:30:0b:80:
                    40:83:33:b6:ca:90:35:6d:15:67:6e:8d:c5:03:bf:
                    90:9d:e7:39:0c:d9:5f:1f:ee:e5:64:15:8e:d9:1f:
                    eb:3e:e6:68:62:ea:b9:c7:33:90:50:c7:59:dc:43:
                    ca:e2:74:0a:ed:67:11:d6:02:4c:90:b4:59:d7:e0:
                    99:b2:60:e7:2b:ae:47:81:e4:a6:5b:5f:20:20:a4:
                    17:5a:02:ad:dc:60:d9:63:30:71:32:c3:9a:a0:40:
                    d9:7c:d5:50:1f:3a:45:f7:fe:f1:35:b1:33:1b:c6:
                    c7:cd:49:3e:fc:68:8b:52:b5:14:ec:d2:da:2e:1d:
                    b6:bd:56:2c:b1:55:e1:65:b4:99:82:e1:84:b2:c8:
                    dc:75:9d:c6:55:26:fa:b3:33:60:dc:aa:b8:b6:09:
                    cd:53:f0:01:7e:e1:ef:8e:cc:7a:4f:0d:0c:06:49:
                    35:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:A1:E0:37:68:D3:DF:FE:90:31:F3:A0:1C:AA:D2:D4:99:4F:B5:D3
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/XKHgN2jT3_6QMfOgHKrS1JlPtdM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:a7:32:d9:56:17:10:e0:5c:fb:2b:0b:37:87:64:9b:bc:f1:
         8b:98:e0:c5:14:2f:6c:2c:78:22:e8:d9:bb:1c:b8:ce:b5:30:
         93:e6:e1:6c:66:3b:49:41:91:dd:0a:2b:8f:aa:9b:fd:80:c7:
         12:23:71:7a:75:c8:70:41:17:b5:38:13:dc:f9:4c:51:96:6a:
         cc:23:d0:89:7c:d8:10:bc:39:68:18:53:66:28:0f:87:48:ee:
         b1:b7:73:0c:3c:07:5a:18:6f:df:d2:17:a8:e0:16:df:ad:d7:
         7f:99:3a:93:9e:ca:1d:19:4f:ab:68:21:66:c0:00:d2:eb:32:
         aa:46:cb:7b:e4:2a:00:00:49:40:4d:ab:4f:d8:c4:79:e3:4c:
         49:c2:e7:0b:8b:3c:5c:33:a3:9c:47:76:d0:5f:fd:21:56:60:
         92:fd:84:58:bd:ff:8b:40:30:d9:db:ab:2f:a6:c0:e3:11:b3:
         50:ec:3d:90:5b:c0:56:a0:64:fc:11:7c:e3:32:58:a9:ba:31:
         9e:b7:52:28:5c:0f:5f:51:59:7f:a8:71:d9:da:ee:17:89:3a:
         d5:c1:d1:66:62:61:eb:78:92:20:b8:fd:67:6c:5b:9e:81:2c:
         8b:b1:d6:84:2d:0b:b8:36:d4:55:94:d4:08:44:56:7e:4c:08:
         39:de:52:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/FXk9d+HCiIWxHhybsgOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjUwMTAyMDc0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2ExZTAzNzY4ZDNkZmZlOTAzMWYzYTAxY2FhZDJkNDk5NGZiNWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22uu6FXoL9ICshvk6NGaueUpsfwQ
XL3HTpPIQJXeXDTYkL8OrhyKG5UdbOup4TJEC57XIz4z9Yxl+T6rajI50jIs9ov8
9XYPlw+ixXwmo0ot1antBY0wC4BAgzO2ypA1bRVnbo3FA7+Qnec5DNlfH+7lZBWO
2R/rPuZoYuq5xzOQUMdZ3EPK4nQK7WcR1gJMkLRZ1+CZsmDnK65HgeSmW18gIKQX
WgKt3GDZYzBxMsOaoEDZfNVQHzpF9/7xNbEzG8bHzUk+/GiLUrUU7NLaLh22vVYs
sVXhZbSZguGEssjcdZ3GVSb6szNg3Kq4tgnNU/ABfuHvjsx6Tw0MBkk1ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFyh4Ddo09/+kDHzoByq0tSZT7XTMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvWEtIZ04yalQzXzZRTWZPZ0hLclMxSmxQdGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuknMA0G
CSqGSIb3DQEBCwUAA4IBAQCjpzLZVhcQ4Fz7Kws3h2SbvPGLmODFFC9sLHgi6Nm7
HLjOtTCT5uFsZjtJQZHdCiuPqpv9gMcSI3F6dchwQRe1OBPc+UxRlmrMI9CJfNgQ
vDloGFNmKA+HSO6xt3MMPAdaGG/f0heo4Bbfrdd/mTqTnsodGU+raCFmwADS6zKq
Rst75CoAAElATatP2MR540xJwucLizxcM6OcR3bQX/0hVmCS/YRYvf+LQDDZ26sv
psDjEbNQ7D2QW8BWoGT8EXzjMlipujGet1IoXA9fUVl/qHHZ2u4XiTrVwdFmYmHr
eJIguP1nbFuegSyLsdaELQu4NtRVlNQIRFZ+TAg53lLE
-----END CERTIFICATE-----