Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/iNYkqcS0PNGby4-GJu8UVMQggRY.roa
File:                     iNYkqcS0PNGby4-GJu8UVMQggRY.roa (raw, json)
Hash identifier:          nyGk+qZgZIHoVA2y4TNTNY21X6xYGa600Okb1SMJu44=
Subject key identifier:   88:D6:24:A9:C4:B4:3C:D1:9B:CB:8F:86:26:EF:14:54:C4:20:81:16
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       01970BFB1A4988AFC5136864BB15A54A84B9
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/iNYkqcS0PNGby4-GJu8UVMQggRY.roa
Signing time:             Mon 26 May 2025 09:44:55 +0000
ROA not before:           Mon 26 May 2025 09:44:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60117
IP address blocks:        46.233.32.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0b:fb:1a:49:88:af:c5:13:68:64:bb:15:a5:4a:84:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: May 26 09:44:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88d624a9c4b43cd19bcb8f8626ef1454c4208116
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:1e:ac:de:57:52:37:0e:38:6b:d1:ff:33:4d:
                    6f:e0:b8:fa:9a:a3:74:a3:29:41:de:c3:37:9d:9e:
                    1a:b3:3b:2f:3c:a4:57:9a:d3:a0:2c:26:6c:23:1f:
                    64:08:7c:e8:5f:78:dd:c9:f9:0e:60:bc:11:fb:3a:
                    37:e1:74:21:02:88:4e:68:76:0d:2a:e9:ad:e8:f6:
                    12:25:bf:45:d3:e7:18:e8:27:65:95:c9:8a:fa:1f:
                    4a:5d:32:51:63:0e:6d:70:7c:ce:17:e9:e8:58:13:
                    45:49:99:5e:71:1a:65:61:6b:ee:cc:cd:be:55:4a:
                    30:c9:f0:5a:c4:d9:16:e0:57:6c:9d:a3:09:eb:c5:
                    fb:dc:7d:af:ed:17:79:7e:41:b3:3a:72:5b:64:ac:
                    34:f6:f8:9f:2f:09:99:de:22:8f:a9:68:5e:e5:f8:
                    3d:ce:d5:91:ad:61:28:27:be:2c:fb:c0:26:7f:b8:
                    b1:05:48:81:b1:95:ba:61:09:a1:e1:95:e2:e1:b4:
                    f6:0a:3b:b0:04:d3:f2:f3:ca:d2:c6:5b:89:3d:4e:
                    96:91:ad:5b:d5:c4:bc:4a:e9:c0:f8:13:2c:1c:e9:
                    8a:ac:62:4c:32:5e:9d:73:78:4e:c1:e0:46:7b:95:
                    85:66:f0:5b:a7:93:26:97:a1:95:e9:0c:55:b9:70:
                    32:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:D6:24:A9:C4:B4:3C:D1:9B:CB:8F:86:26:EF:14:54:C4:20:81:16
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/iNYkqcS0PNGby4-GJu8UVMQggRY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7c:26:e2:2b:99:b6:49:fb:f8:b2:25:04:28:a3:de:87:6c:aa:
         57:84:56:91:7d:a8:57:8b:ef:48:aa:ad:cd:82:aa:2a:3f:73:
         ae:63:e9:d1:e9:ad:2b:85:ac:70:b7:fc:c1:6d:cd:db:3a:9c:
         3f:1f:9d:db:ea:2c:20:0d:12:13:3f:35:32:57:c8:ae:52:72:
         8d:75:0c:f4:4f:4c:3c:4a:73:ab:cc:c7:29:33:63:41:5c:68:
         03:50:60:1a:b3:fc:b4:8f:b7:fd:4f:10:a0:ac:4a:10:2a:be:
         cc:95:95:c8:70:9a:bb:b4:1d:bf:18:f7:13:d0:db:5e:6e:58:
         28:4d:b5:d1:00:94:e1:76:dc:a5:c4:75:5e:96:cf:14:2f:30:
         ad:93:4f:81:23:dd:76:49:6a:6c:c2:2b:bf:4d:8d:96:97:eb:
         04:64:e3:91:7d:ca:38:bd:6e:63:6b:24:6c:97:08:e8:d1:6e:
         db:af:31:ab:6e:8e:59:85:92:68:38:1e:93:5f:08:2f:c4:66:
         40:1a:63:2b:ba:a5:27:c9:e3:b6:03:cb:1f:4a:03:0c:30:2e:
         02:09:38:2d:6a:ae:e5:63:d7:b5:fc:01:3c:23:96:3d:59:a4:
         f6:f0:94:db:a8:a7:d4:2c:97:33:45:40:34:93:b0:95:a6:fc:
         69:46:5f:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcL+xpJiK/FE2hkuxWlSoS5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjUwNTI2MDk0NDU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGQ2MjRhOWM0YjQzY2QxOWJjYjhmODYyNmVmMTQ1NGM0MjA4MTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvR6s3ldSNw44a9H/M01v4Lj6mqN0
oylB3sM3nZ4aszsvPKRXmtOgLCZsIx9kCHzoX3jdyfkOYLwR+zo34XQhAohOaHYN
Kumt6PYSJb9F0+cY6CdllcmK+h9KXTJRYw5tcHzOF+noWBNFSZlecRplYWvuzM2+
VUowyfBaxNkW4FdsnaMJ68X73H2v7Rd5fkGzOnJbZKw09vifLwmZ3iKPqWhe5fg9
ztWRrWEoJ74s+8Amf7ixBUiBsZW6YQmh4ZXi4bT2CjuwBNPy88rSxluJPU6Wka1b
1cS8SunA+BMsHOmKrGJMMl6dc3hOweBGe5WFZvBbp5Mml6GV6QxVuXAy5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjWJKnEtDzRm8uPhibvFFTEIIEWMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvaU5Za3FjUzBQTkdieTQtR0p1OFVWTVFnZ1JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLukgMA0G
CSqGSIb3DQEBCwUAA4IBAQB8JuIrmbZJ+/iyJQQoo96HbKpXhFaRfahXi+9Iqq3N
gqoqP3OuY+nR6a0rhaxwt/zBbc3bOpw/H53b6iwgDRITPzUyV8iuUnKNdQz0T0w8
SnOrzMcpM2NBXGgDUGAas/y0j7f9TxCgrEoQKr7MlZXIcJq7tB2/GPcT0Nteblgo
TbXRAJThdtylxHVels8ULzCtk0+BI912SWpswiu/TY2Wl+sEZOORfco4vW5jayRs
lwjo0W7brzGrbo5ZhZJoOB6TXwgvxGZAGmMruqUnyeO2A8sfSgMMMC4CCTgtaq7l
Y9e1/AE8I5Y9WaT28JTbqKfULJczRUA0k7CVpvxpRl/O
-----END CERTIFICATE-----