Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/BhzBjkS4R9M99zODjF0xLynhvuc.roa
File:                     BhzBjkS4R9M99zODjF0xLynhvuc.roa (raw, json)
Hash identifier:          Fd1rbTti61Z4tXySrGrQ9TcxcWDSC4OFvFpXlwHP4yQ=
Subject key identifier:   06:1C:C1:8E:44:B8:47:D3:3D:F7:33:83:8C:5D:31:2F:29:E1:BE:E7
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       0194A6E5830BBBAB2CDEF08044CCE55234BA
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/BhzBjkS4R9M99zODjF0xLynhvuc.roa
Signing time:             Mon 27 Jan 2025 08:34:06 +0000
ROA not before:           Mon 27 Jan 2025 08:34:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209554
IP address blocks:        46.232.104.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a6:e5:83:0b:bb:ab:2c:de:f0:80:44:cc:e5:52:34:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan 27 08:34:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=061cc18e44b847d33df733838c5d312f29e1bee7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f9:b3:14:2d:cc:90:e5:de:d0:b7:1c:50:1b:
                    d7:c4:ab:33:d8:c7:47:23:f4:eb:24:bd:93:6b:13:
                    55:7d:52:20:41:96:e7:a5:b1:93:d6:0f:39:c7:e7:
                    f3:5f:bb:ca:aa:d8:51:37:22:76:fa:89:41:1f:83:
                    b9:27:33:8b:2b:d6:32:8b:75:8d:46:53:01:df:05:
                    d6:8d:e2:5e:ef:29:ef:30:d4:9a:b1:af:2b:36:0b:
                    3c:68:32:fc:2d:d5:3a:b3:9c:49:44:35:0d:e4:61:
                    b5:61:f5:15:b5:45:0e:82:8d:46:d6:1d:b0:6d:e2:
                    6f:7a:bc:8e:2d:3e:6e:93:60:0a:b7:12:29:38:97:
                    43:33:5d:98:bb:11:b0:22:18:8c:71:67:5a:27:78:
                    1c:f9:80:93:45:7c:56:b0:07:42:80:d0:47:68:5a:
                    a6:a1:d7:41:b3:5f:43:b9:c4:d9:dc:f3:8b:db:73:
                    1f:1e:53:f5:d3:1f:47:34:59:71:a7:90:51:54:3d:
                    ff:17:0e:e9:e4:d6:97:92:f8:b8:5b:8b:1e:dc:32:
                    36:6e:bd:1a:ba:c2:eb:8b:68:c8:5e:7b:c8:08:24:
                    b5:c5:3c:09:7b:42:bf:9a:91:46:e9:3c:af:fa:5d:
                    7b:d6:41:af:80:3e:a9:db:22:b8:4c:36:24:70:e8:
                    61:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:1C:C1:8E:44:B8:47:D3:3D:F7:33:83:8C:5D:31:2F:29:E1:BE:E7
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/BhzBjkS4R9M99zODjF0xLynhvuc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.232.104.0/21

    Signature Algorithm: sha256WithRSAEncryption
         1f:6c:6b:73:be:e3:5e:0e:bf:42:99:05:e8:0f:f0:bb:e2:9c:
         a9:21:01:70:f6:6e:85:55:80:0e:42:98:9f:26:1d:ca:ff:5b:
         f1:9d:e1:61:91:c9:43:d6:d9:f0:46:07:47:f9:48:81:30:92:
         81:db:27:cb:71:7b:ae:04:a3:e0:39:67:a6:26:28:80:ed:51:
         72:e9:d9:09:62:38:06:5f:d5:76:57:84:de:8d:94:df:42:7e:
         6e:83:eb:29:1b:76:cf:2d:1d:fe:2c:c4:94:0e:02:20:00:01:
         da:99:a1:55:28:e7:51:b3:70:36:76:a0:f2:59:22:b8:cb:de:
         46:3d:e9:33:cb:a9:26:d4:71:4b:db:90:ef:99:35:ec:7d:07:
         70:31:2a:6f:45:7b:dd:e5:70:ca:dd:ec:ce:43:29:d5:75:c0:
         45:ce:16:3d:20:51:c7:24:31:bd:03:da:29:fd:f3:21:6f:8c:
         5c:e0:2d:d1:1b:25:21:fd:7b:3a:8c:cc:3f:de:50:d7:b7:38:
         d7:d0:8d:0e:56:75:de:e8:b3:bf:e8:2b:af:88:ee:6f:c8:67:
         fd:f9:26:2c:fe:be:be:7d:00:44:9f:f7:ca:30:8c:8a:64:7e:
         a6:e3:c0:1a:18:75:7f:14:9a:9f:8d:df:70:67:71:8f:fa:7f:
         3d:f0:d8:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSm5YMLu6ss3vCARMzlUjS6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjUwMTI3MDgzNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjFjYzE4ZTQ0Yjg0N2QzM2RmNzMzODM4YzVkMzEyZjI5ZTFiZWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfmzFC3MkOXe0LccUBvXxKsz2MdH
I/TrJL2TaxNVfVIgQZbnpbGT1g85x+fzX7vKqthRNyJ2+olBH4O5JzOLK9Yyi3WN
RlMB3wXWjeJe7ynvMNSasa8rNgs8aDL8LdU6s5xJRDUN5GG1YfUVtUUOgo1G1h2w
beJveryOLT5uk2AKtxIpOJdDM12YuxGwIhiMcWdaJ3gc+YCTRXxWsAdCgNBHaFqm
oddBs19DucTZ3POL23MfHlP10x9HNFlxp5BRVD3/Fw7p5NaXkvi4W4se3DI2br0a
usLri2jIXnvICCS1xTwJe0K/mpFG6Tyv+l171kGvgD6p2yK4TDYkcOhhNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAYcwY5EuEfTPfczg4xdMS8p4b7nMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvQmh6QmprUzRSOU05OXpPRGpGMHhMeW5odnVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLuhoMA0G
CSqGSIb3DQEBCwUAA4IBAQAfbGtzvuNeDr9CmQXoD/C74pypIQFw9m6FVYAOQpif
Jh3K/1vxneFhkclD1tnwRgdH+UiBMJKB2yfLcXuuBKPgOWemJiiA7VFy6dkJYjgG
X9V2V4TejZTfQn5ug+spG3bPLR3+LMSUDgIgAAHamaFVKOdRs3A2dqDyWSK4y95G
Pekzy6km1HFL25DvmTXsfQdwMSpvRXvd5XDK3ezOQynVdcBFzhY9IFHHJDG9A9op
/fMhb4xc4C3RGyUh/Xs6jMw/3lDXtzjX0I0OVnXe6LO/6CuviO5vyGf9+SYs/r6+
fQBEn/fKMIyKZH6m48AaGHV/FJqfjd9wZ3GP+n898Nhm
-----END CERTIFICATE-----