Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/gNUGOINF8Al0SndkW22SDCPn4Mo.roa
File:                     gNUGOINF8Al0SndkW22SDCPn4Mo.roa (raw, json)
Hash identifier:          N5/Lkl9eMzqBmSorEW8dvsYKdFhAmMAb/hIs+QkdRB4=
Subject key identifier:   80:D5:06:38:83:45:F0:09:74:4A:77:64:5B:6D:92:0C:23:E7:E0:CA
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       0192321E23A1AE8584EF1F8AFCDE2110282C
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/gNUGOINF8Al0SndkW22SDCPn4Mo.roa
Signing time:             Fri 27 Sep 2024 06:14:48 +0000
ROA not before:           Fri 27 Sep 2024 06:14:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        46.233.38.0/24 maxlen: 24
                          46.233.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:32:1e:23:a1:ae:85:84:ef:1f:8a:fc:de:21:10:28:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Sep 27 06:14:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=80d506388345f009744a77645b6d920c23e7e0ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:f7:1f:3e:a2:79:20:6a:54:ad:c4:f4:05:6e:
                    92:07:27:1d:fc:8d:de:12:eb:02:7a:53:79:bc:ff:
                    98:0c:19:39:c4:08:ff:1e:e8:06:4a:3a:74:f8:a0:
                    f6:ff:9f:19:fd:3f:c4:ea:39:46:75:c6:3a:72:40:
                    35:97:0b:e1:13:ac:cb:4b:13:dc:ac:d8:90:9c:fc:
                    0c:b7:4b:e5:ca:f3:e6:5c:f7:a7:2a:45:ab:78:ab:
                    2c:de:13:22:1c:1d:cb:6b:58:05:34:5e:62:b0:42:
                    19:d0:c3:b2:82:6c:bf:2f:72:7c:55:0b:ba:e9:7c:
                    d9:41:ea:9a:7b:36:00:60:da:8b:fa:0f:ce:29:9f:
                    f3:b0:11:52:1b:31:db:a8:82:fe:eb:b2:53:78:ea:
                    ad:13:1e:07:49:4b:7c:3b:c8:9d:a4:05:97:36:2c:
                    91:f7:f3:48:d2:4b:8d:b6:40:2c:d6:07:00:b0:53:
                    14:f5:06:db:60:d2:df:f5:0a:11:13:9b:23:93:21:
                    27:6b:28:c0:98:02:fb:91:3e:ad:33:e6:b0:2c:27:
                    75:69:7a:48:83:1e:91:7f:98:09:01:87:d1:a1:ad:
                    14:8b:e1:9a:ac:94:0e:d0:59:56:ec:03:a9:3f:39:
                    ac:e0:35:0d:e9:6a:25:c2:3a:2b:6d:a9:fa:d0:22:
                    c1:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:D5:06:38:83:45:F0:09:74:4A:77:64:5B:6D:92:0C:23:E7:E0:CA
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/gNUGOINF8Al0SndkW22SDCPn4Mo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.38.0/24
                  46.233.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:41:c7:f1:e8:96:98:a2:48:19:56:b5:82:14:7a:da:7f:be:
         2a:6b:eb:94:be:45:2c:c0:f8:c1:f3:24:4b:ab:d7:6e:e0:36:
         7f:5a:83:1b:68:ce:5b:93:23:48:b2:ba:01:06:0c:a0:94:a5:
         02:c0:87:0d:2f:e0:3c:0d:25:5d:1d:7c:8e:6a:ab:ba:bb:d6:
         71:b7:a7:55:f5:79:79:b8:7c:eb:90:50:5b:8a:90:65:9f:72:
         df:82:4c:c3:91:c9:ac:de:62:bd:4f:eb:b8:ae:65:3d:db:43:
         b8:72:14:19:68:99:a9:1b:a1:f0:2d:72:42:9c:31:cf:16:2e:
         5f:80:b1:78:29:bd:3d:b9:6c:e4:11:da:eb:05:e3:be:a6:09:
         65:85:1c:81:0c:60:7d:05:43:f8:8d:e4:cb:61:88:f0:6e:56:
         ad:1b:c5:c0:78:b6:43:9f:90:43:a1:d0:40:8a:5c:7c:58:fc:
         97:2e:0a:46:92:85:e4:2f:4c:55:46:4e:8e:59:bb:7b:02:2f:
         f8:64:94:34:85:c5:d6:87:96:d7:58:8c:53:22:2d:b0:7d:d6:
         4b:85:9d:a8:51:5d:81:06:7a:0b:58:a8:84:6c:41:00:a2:5c:
         8a:c1:55:5c:33:d6:43:35:97:43:f6:6f:19:a4:42:c4:bd:c9:
         74:4d:52:fe
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZIyHiOhroWE7x+K/N4hECgsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjQwOTI3MDYxNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MGQ1MDYzODgzNDVmMDA5NzQ0YTc3NjQ1YjZkOTIwYzIzZTdlMGNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0/cfPqJ5IGpUrcT0BW6SBycd/I3e
EusCelN5vP+YDBk5xAj/HugGSjp0+KD2/58Z/T/E6jlGdcY6ckA1lwvhE6zLSxPc
rNiQnPwMt0vlyvPmXPenKkWreKss3hMiHB3La1gFNF5isEIZ0MOygmy/L3J8VQu6
6XzZQeqaezYAYNqL+g/OKZ/zsBFSGzHbqIL+67JTeOqtEx4HSUt8O8idpAWXNiyR
9/NI0kuNtkAs1gcAsFMU9QbbYNLf9QoRE5sjkyEnayjAmAL7kT6tM+awLCd1aXpI
gx6Rf5gJAYfRoa0Ui+GarJQO0FlW7AOpPzms4DUN6Wolwjorban60CLB5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIDVBjiDRfAJdEp3ZFttkgwj5+DKMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvZ05VR09JTkY4QWwwU25ka1cyMlNEQ1BuNE1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALukmAwQA
LukqMA0GCSqGSIb3DQEBCwUAA4IBAQAzQcfx6JaYokgZVrWCFHraf74qa+uUvkUs
wPjB8yRLq9du4DZ/WoMbaM5bkyNIsroBBgyglKUCwIcNL+A8DSVdHXyOaqu6u9Zx
t6dV9Xl5uHzrkFBbipBln3LfgkzDkcms3mK9T+u4rmU920O4chQZaJmpG6HwLXJC
nDHPFi5fgLF4Kb09uWzkEdrrBeO+pgllhRyBDGB9BUP4jeTLYYjwblatG8XAeLZD
n5BDodBAilx8WPyXLgpGkoXkL0xVRk6OWbt7Ai/4ZJQ0hcXWh5bXWIxTIi2wfdZL
hZ2oUV2BBnoLWKiEbEEAolyKwVVcM9ZDNZdD9m8ZpELEvcl0TVL+
-----END CERTIFICATE-----