Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/pPEQvd8Aji_mINzbYqPZfOHkyNg.roa
File:                     pPEQvd8Aji_mINzbYqPZfOHkyNg.roa (raw, json)
Hash identifier:          F4Tac2cXOFIexVMrkzPegP91z9mnQ6Tf9gz3YC6XVnQ=
Subject key identifier:   A4:F1:10:BD:DF:00:8E:2F:E6:20:DC:DB:62:A3:D9:7C:E1:E4:C8:D8
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       01929938D785E4AEFB28F1DE7C32C0E63581
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/pPEQvd8Aji_mINzbYqPZfOHkyNg.roa
Signing time:             Thu 17 Oct 2024 06:44:52 +0000
ROA not before:           Thu 17 Oct 2024 06:44:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48925
IP address blocks:        46.233.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:99:38:d7:85:e4:ae:fb:28:f1:de:7c:32:c0:e6:35:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Oct 17 06:44:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a4f110bddf008e2fe620dcdb62a3d97ce1e4c8d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:df:d0:03:87:41:ff:e1:1a:21:49:b8:5c:f7:
                    ea:d5:3c:30:63:93:b8:a2:51:0b:84:04:3b:0e:ac:
                    e4:16:79:d2:aa:40:dc:1b:94:d9:66:ec:72:58:74:
                    fd:56:52:e0:de:7e:5e:34:e0:03:72:2b:c4:e7:ee:
                    14:f4:9c:82:e6:cc:33:7e:c5:72:ce:5c:fd:96:52:
                    5f:6a:cc:72:08:51:f3:75:36:12:fa:3d:87:04:94:
                    2a:a6:9e:6a:0c:dc:79:b5:4e:b3:ce:d2:24:55:96:
                    aa:48:c6:f2:a2:a5:fd:51:c9:ed:40:30:a3:d9:57:
                    0f:d9:31:28:e4:ef:15:96:c6:b4:92:dd:f8:32:bd:
                    05:85:dd:d5:20:05:50:b7:85:66:e2:88:bc:f0:4c:
                    8a:d5:95:38:1a:c5:e9:52:10:63:57:e2:82:30:73:
                    26:f3:a2:db:3c:28:70:3a:36:4a:2b:4d:47:4b:b3:
                    da:68:e7:d0:fd:f0:69:ad:17:84:ac:dd:a6:b3:09:
                    f1:dd:eb:6c:78:2c:f1:98:b2:b2:de:88:d8:85:61:
                    3d:2d:41:5e:93:52:24:42:8f:6a:85:65:c6:df:a0:
                    9e:20:31:29:ff:82:0f:de:22:6d:69:f3:7e:03:51:
                    21:ed:25:92:66:21:6f:29:84:d1:e3:0c:de:ac:7c:
                    fb:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:F1:10:BD:DF:00:8E:2F:E6:20:DC:DB:62:A3:D9:7C:E1:E4:C8:D8
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/pPEQvd8Aji_mINzbYqPZfOHkyNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:8d:eb:f6:49:bb:43:34:fa:9d:ef:97:67:b3:16:b2:6a:32:
         45:6b:ba:cb:7c:b4:f9:28:de:6e:75:e8:74:d0:a3:93:77:c6:
         d1:c7:3a:60:0a:43:34:4f:b9:a5:88:56:47:d9:f2:03:f2:48:
         8a:10:ad:cf:c3:5a:76:9f:d7:79:cb:2e:4f:78:f0:da:5e:74:
         6f:a5:3c:b4:55:18:78:b9:e7:98:b2:20:38:3c:08:66:9f:8f:
         78:27:5b:6c:76:b3:2b:07:f4:0d:a8:60:05:a4:dc:02:f2:d0:
         4e:3d:f8:28:22:e1:5a:04:98:b7:b5:5e:74:ec:7b:f7:37:66:
         e8:56:e7:87:d1:cd:23:29:02:6a:de:7e:08:f8:62:5f:9e:c2:
         02:76:5d:e4:a8:5c:73:d4:ad:4b:e7:4f:af:28:8f:2c:ca:6d:
         66:5d:3b:35:c4:18:fb:f0:c0:c1:74:f2:8f:04:f2:46:c5:60:
         8a:dc:f1:bd:23:b8:e8:ff:64:99:ac:30:db:6f:d6:9a:4e:40:
         a9:cd:b4:77:c1:03:4e:05:5e:80:25:9c:bc:8e:65:8b:31:9f:
         68:bf:b3:4e:2f:a7:08:f5:76:a5:ae:80:31:b4:42:b6:e3:1a:
         11:eb:c4:81:6d:9f:38:b4:18:14:26:52:70:07:28:7d:79:a2:
         41:db:25:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKZONeF5K77KPHefDLA5jWBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjQxMDE3MDY0NDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNGYxMTBiZGRmMDA4ZTJmZTYyMGRjZGI2MmEzZDk3Y2UxZTRjOGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvd/QA4dB/+EaIUm4XPfq1TwwY5O4
olELhAQ7DqzkFnnSqkDcG5TZZuxyWHT9VlLg3n5eNOADcivE5+4U9JyC5swzfsVy
zlz9llJfasxyCFHzdTYS+j2HBJQqpp5qDNx5tU6zztIkVZaqSMbyoqX9UcntQDCj
2VcP2TEo5O8Vlsa0kt34Mr0Fhd3VIAVQt4Vm4oi88EyK1ZU4GsXpUhBjV+KCMHMm
86LbPChwOjZKK01HS7PaaOfQ/fBprReErN2mswnx3etseCzxmLKy3ojYhWE9LUFe
k1IkQo9qhWXG36CeIDEp/4IP3iJtafN+A1Eh7SWSZiFvKYTR4wzerHz7sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKTxEL3fAI4v5iDc22Kj2Xzh5MjYMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvcFBFUXZkOEFqaV9tSU56YllxUFpmT0hreU5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuknMA0G
CSqGSIb3DQEBCwUAA4IBAQAxjev2SbtDNPqd75dnsxayajJFa7rLfLT5KN5udeh0
0KOTd8bRxzpgCkM0T7mliFZH2fID8kiKEK3Pw1p2n9d5yy5PePDaXnRvpTy0VRh4
ueeYsiA4PAhmn494J1tsdrMrB/QNqGAFpNwC8tBOPfgoIuFaBJi3tV507Hv3N2bo
VueH0c0jKQJq3n4I+GJfnsICdl3kqFxz1K1L50+vKI8sym1mXTs1xBj78MDBdPKP
BPJGxWCK3PG9I7jo/2SZrDDbb9aaTkCpzbR3wQNOBV6AJZy8jmWLMZ9ov7NOL6cI
9XalroAxtEK24xoR68SBbZ84tBgUJlJwByh9eaJB2yUG
-----END CERTIFICATE-----