Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/2EnX4m92s0lhKmWE_sTzMD4Ayro.roa
File:                     2EnX4m92s0lhKmWE_sTzMD4Ayro.roa (raw, json)
Hash identifier:          gA57KxZUSDCVnGJyJOSYKPN5gZzPfcQGEC6QQbL5A80=
Subject key identifier:   D8:49:D7:E2:6F:76:B3:49:61:2A:65:84:FE:C4:F3:30:3E:00:CA:BA
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       019420D5E7D9AD7810C73599F3BA9DDB90D5
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/2EnX4m92s0lhKmWE_sTzMD4Ayro.roa
Signing time:             Wed 01 Jan 2025 07:47:56 +0000
ROA not before:           Wed 01 Jan 2025 07:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215762
IP address blocks:        46.23.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:e7:d9:ad:78:10:c7:35:99:f3:ba:9d:db:90:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 07:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d849d7e26f76b349612a6584fec4f3303e00caba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:2c:9a:5b:e9:73:db:d9:bb:07:eb:80:1c:d7:
                    4c:da:b0:98:ce:55:75:be:a1:17:f9:ab:25:98:40:
                    b6:e3:3c:74:7c:f4:c9:17:5c:33:c1:36:84:ae:cb:
                    ef:05:96:6e:2e:e3:20:df:ff:a7:fe:21:52:9f:09:
                    81:d4:d5:63:22:ab:80:a6:01:d2:7a:33:51:23:f8:
                    59:7c:ba:7b:8c:ba:dc:0e:0e:88:ca:dd:50:94:76:
                    30:c1:af:1a:a1:2f:b5:31:0e:6f:d0:92:3f:88:c2:
                    82:c5:ca:fa:07:8e:84:3b:e1:66:73:0f:7a:27:ff:
                    38:20:fe:2c:6f:ef:ee:11:9d:25:b7:84:ff:16:d1:
                    91:dc:bd:58:d3:5f:20:59:dc:01:7e:5d:f2:93:ea:
                    33:ec:50:be:fe:ae:d2:8a:fd:59:07:5a:d9:cb:d8:
                    f0:76:bf:7f:82:a1:75:50:1c:59:38:54:a4:6e:c1:
                    e7:38:b7:63:5a:25:22:24:5e:45:3f:8c:5a:f0:e9:
                    76:d7:6b:0e:45:71:80:f1:8d:d4:32:d3:54:8f:3a:
                    3a:c9:30:31:0b:0c:d8:03:eb:d3:2c:7e:c2:fa:6a:
                    28:bd:83:4a:c2:1d:75:ec:5f:5a:1d:76:95:97:5f:
                    0a:c1:66:81:80:03:09:f9:4e:0c:60:95:96:0e:ea:
                    a3:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:49:D7:E2:6F:76:B3:49:61:2A:65:84:FE:C4:F3:30:3E:00:CA:BA
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/2EnX4m92s0lhKmWE_sTzMD4Ayro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.23.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:75:7c:6b:e7:8b:fc:1c:33:37:eb:7c:d4:e4:1c:6c:d3:25:
         c9:1e:38:74:5e:db:12:91:47:46:c4:14:6a:f5:ac:52:6e:a7:
         af:c0:5f:bf:b4:5e:1b:bf:37:32:34:a7:df:29:30:98:81:a3:
         10:42:21:3e:04:69:6e:fd:33:2d:92:20:e6:a1:78:cc:6c:45:
         3d:bb:a9:ef:ac:65:0d:91:22:06:b3:88:49:72:a6:30:e9:17:
         83:e0:5e:12:9c:10:ef:ed:64:e7:35:37:ca:a5:61:1b:6d:73:
         ff:45:9b:21:11:77:6d:f8:a0:20:d4:13:b5:50:a6:8e:b9:8b:
         7b:1a:18:40:2a:fd:97:60:47:26:2d:d6:a5:73:88:4b:33:06:
         55:3b:8f:b0:08:1e:b3:00:b4:9f:d9:42:f3:80:2e:59:a3:fc:
         73:ff:cc:6c:91:0e:93:cb:4a:26:84:f3:cb:ca:10:7f:1c:24:
         b9:c3:16:69:d7:e8:e8:32:9f:ed:5d:19:7a:b3:99:93:d9:20:
         b3:3f:30:05:bc:16:19:01:dc:70:67:5b:75:93:a1:f2:f8:54:
         00:26:1b:fb:93:6b:e1:44:39:cb:1a:70:7b:33:a5:b4:18:36:
         a0:34:87:e0:67:9f:c4:a6:7e:12:e4:4d:e9:48:37:09:02:87:
         cc:85:a5:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1efZrXgQxzWZ87qd25DVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjUwMTAxMDc0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODQ5ZDdlMjZmNzZiMzQ5NjEyYTY1ODRmZWM0ZjMzMDNlMDBjYWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3CyaW+lz29m7B+uAHNdM2rCYzlV1
vqEX+aslmEC24zx0fPTJF1wzwTaErsvvBZZuLuMg3/+n/iFSnwmB1NVjIquApgHS
ejNRI/hZfLp7jLrcDg6Iyt1QlHYwwa8aoS+1MQ5v0JI/iMKCxcr6B46EO+Fmcw96
J/84IP4sb+/uEZ0lt4T/FtGR3L1Y018gWdwBfl3yk+oz7FC+/q7Siv1ZB1rZy9jw
dr9/gqF1UBxZOFSkbsHnOLdjWiUiJF5FP4xa8Ol212sORXGA8Y3UMtNUjzo6yTAx
CwzYA+vTLH7C+moovYNKwh117F9aHXaVl18KwWaBgAMJ+U4MYJWWDuqjJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNhJ1+JvdrNJYSplhP7E8zA+AMq6MB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEvMkVuWDRtOTJzMGxoS21XRV9zVHpNRDRBeXJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhdsMA0G
CSqGSIb3DQEBCwUAA4IBAQBPdXxr54v8HDM363zU5Bxs0yXJHjh0XtsSkUdGxBRq
9axSbqevwF+/tF4bvzcyNKffKTCYgaMQQiE+BGlu/TMtkiDmoXjMbEU9u6nvrGUN
kSIGs4hJcqYw6ReD4F4SnBDv7WTnNTfKpWEbbXP/RZshEXdt+KAg1BO1UKaOuYt7
GhhAKv2XYEcmLdalc4hLMwZVO4+wCB6zALSf2ULzgC5Zo/xz/8xskQ6Ty0omhPPL
yhB/HCS5wxZp1+joMp/tXRl6s5mT2SCzPzAFvBYZAdxwZ1t1k6Hy+FQAJhv7k2vh
RDnLGnB7M6W0GDagNIfgZ5/Epn4S5E3pSDcJAofMhaX1
-----END CERTIFICATE-----