Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/dffbc8-b149-46b4-bbb8-31ea2094b557/1/Mbpk8QVkIW5FKgYutE5nhEuorhg.roa
File:                     Mbpk8QVkIW5FKgYutE5nhEuorhg.roa (raw, json)
Hash identifier:          XJAfJvP6njUJvUjL+QeRVdBXhasJwe6UWIW0OOiZ2es=
Subject key identifier:   31:BA:64:F1:05:64:21:6E:45:2A:06:2E:B4:4E:67:84:4B:A8:AE:18
Certificate issuer:       /CN=38837e48aaf598bcab54a5fc8ae43b17be254229
Certificate serial:       019423D730E2F5C01567103A2968E71FB4E3
Authority key identifier: 38:83:7E:48:AA:F5:98:BC:AB:54:A5:FC:8A:E4:3B:17:BE:25:42:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OIN-SKr1mLyrVKX8iuQ7F74lQik.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/dffbc8-b149-46b4-bbb8-31ea2094b557/1/Mbpk8QVkIW5FKgYutE5nhEuorhg.roa
Signing time:             Wed 01 Jan 2025 21:48:12 +0000
ROA not before:           Wed 01 Jan 2025 21:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212816
IP address blocks:        46.18.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/dffbc8-b149-46b4-bbb8-31ea2094b557/1/OIN-SKr1mLyrVKX8iuQ7F74lQik.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/dffbc8-b149-46b4-bbb8-31ea2094b557/1/OIN-SKr1mLyrVKX8iuQ7F74lQik.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OIN-SKr1mLyrVKX8iuQ7F74lQik.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 18:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:30:e2:f5:c0:15:67:10:3a:29:68:e7:1f:b4:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38837e48aaf598bcab54a5fc8ae43b17be254229
        Validity
            Not Before: Jan  1 21:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=31ba64f10564216e452a062eb44e67844ba8ae18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:a8:4d:ee:e7:8b:ac:95:9b:cb:22:81:35:7a:
                    78:ff:dc:e3:be:4b:ed:c1:79:1e:e3:ac:a6:18:30:
                    fa:9e:4f:18:29:d5:4c:d7:57:99:f8:b5:92:e4:7c:
                    9c:83:10:34:a7:cf:be:1e:95:45:30:f2:99:9e:f1:
                    29:61:87:41:49:7b:5e:48:39:c5:d7:1b:63:fa:97:
                    a8:52:c5:89:76:9d:7d:37:4e:8d:82:a2:16:c0:bd:
                    06:86:b9:23:8c:a0:eb:02:c5:b8:f2:85:97:d0:60:
                    b5:02:a1:b4:25:df:8d:4f:4f:08:8e:c4:5e:3f:c7:
                    8e:58:0a:cd:61:9e:ad:9d:17:ee:77:67:b4:8a:e3:
                    29:f1:f8:a0:44:6c:f3:d2:80:04:a9:8a:87:ea:ea:
                    97:15:73:a4:7e:7b:bc:82:7a:fa:31:73:8c:84:ef:
                    63:39:72:0b:8d:4d:c4:37:3d:db:4a:53:cf:00:a4:
                    2e:7a:4a:47:0c:24:a5:97:a2:9b:8f:6e:c8:ee:2d:
                    a3:86:70:bc:e1:cb:90:c5:d6:9e:ea:3c:9e:09:32:
                    d9:69:4e:12:04:bd:94:fa:5b:d5:1f:61:49:87:61:
                    17:91:7c:7e:ff:46:63:77:cf:19:87:a4:7b:c1:1b:
                    4e:7f:73:24:ca:ca:40:09:1a:fc:54:79:43:7e:5a:
                    fb:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:BA:64:F1:05:64:21:6E:45:2A:06:2E:B4:4E:67:84:4B:A8:AE:18
            X509v3 Authority Key Identifier:
                keyid:38:83:7E:48:AA:F5:98:BC:AB:54:A5:FC:8A:E4:3B:17:BE:25:42:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OIN-SKr1mLyrVKX8iuQ7F74lQik.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/dffbc8-b149-46b4-bbb8-31ea2094b557/1/Mbpk8QVkIW5FKgYutE5nhEuorhg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/dffbc8-b149-46b4-bbb8-31ea2094b557/1/OIN-SKr1mLyrVKX8iuQ7F74lQik.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:bf:6b:b1:e5:b4:22:19:d7:55:23:ec:ff:a8:64:1b:35:18:
         3f:4b:37:d9:58:fc:f7:e3:16:0f:5f:2d:02:db:cc:1e:49:81:
         9a:ea:b4:6f:20:df:6f:78:b0:af:a1:d8:95:37:cf:3d:c6:2c:
         ea:f0:b5:44:16:bd:5c:ac:87:1a:40:e0:7f:8f:65:b3:e5:00:
         3a:68:6a:07:c9:bd:05:46:2f:b0:f4:25:e9:75:f0:cc:db:03:
         ae:70:a4:44:52:92:6a:23:a3:eb:fa:6b:0c:a2:a6:20:26:d2:
         55:8b:28:70:6f:d9:35:e4:ce:b2:62:c0:63:05:6a:91:54:89:
         0b:0a:1c:1b:c4:cd:ec:fb:5f:4b:f5:fa:2b:37:b9:6d:91:58:
         f8:23:9d:1e:85:7e:5b:2b:9c:60:96:4d:13:47:7a:7c:5d:2c:
         45:47:04:40:53:58:84:4a:69:5a:ad:96:0a:1a:0d:30:b2:5d:
         e3:52:8a:c7:47:5b:70:68:a2:ea:5a:60:e5:db:f8:cb:fe:86:
         41:4f:4c:55:c5:64:75:74:77:e3:62:aa:2b:41:17:76:94:7e:
         1a:2d:aa:6c:6f:26:ac:d7:0b:c1:5f:02:f0:31:00:71:ab:23:
         b0:6c:26:81:75:b1:9c:dd:db:c0:5a:a1:ab:39:f2:69:26:16:
         39:40:df:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1zDi9cAVZxA6KWjnH7TjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4ODM3ZTQ4YWFmNTk4YmNhYjU0YTVmYzhhZTQzYjE3YmUy
NTQyMjkwHhcNMjUwMTAxMjE0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMWJhNjRmMTA1NjQyMTZlNDUyYTA2MmViNDRlNjc4NDRiYThhZTE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuqhN7ueLrJWbyyKBNXp4/9zjvkvt
wXke46ymGDD6nk8YKdVM11eZ+LWS5HycgxA0p8++HpVFMPKZnvEpYYdBSXteSDnF
1xtj+peoUsWJdp19N06NgqIWwL0GhrkjjKDrAsW48oWX0GC1AqG0Jd+NT08IjsRe
P8eOWArNYZ6tnRfud2e0iuMp8figRGzz0oAEqYqH6uqXFXOkfnu8gnr6MXOMhO9j
OXILjU3ENz3bSlPPAKQuekpHDCSll6Kbj27I7i2jhnC84cuQxdae6jyeCTLZaU4S
BL2U+lvVH2FJh2EXkXx+/0Zjd88Zh6R7wRtOf3MkyspACRr8VHlDflr7+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDG6ZPEFZCFuRSoGLrROZ4RLqK4YMB8GA1UdIwQY
MBaAFDiDfkiq9Zi8q1Sl/IrkOxe+JUIpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0lOLVNLcjFtTHlyVktYOGl1UTdGNzRsUWlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9kZmZiYzgtYjE0OS00NmI0LWJiYjgt
MzFlYTIwOTRiNTU3LzEvTWJwazhRVmtJVzVGS2dZdXRFNW5oRXVvcmhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9kZmZiYzgtYjE0OS00NmI0LWJiYjgtMzFlYTIwOTRiNTU3
LzEvT0lOLVNLcjFtTHlyVktYOGl1UTdGNzRsUWlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhJsMA0G
CSqGSIb3DQEBCwUAA4IBAQATv2ux5bQiGddVI+z/qGQbNRg/SzfZWPz34xYPXy0C
28weSYGa6rRvIN9veLCvodiVN889xizq8LVEFr1crIcaQOB/j2Wz5QA6aGoHyb0F
Ri+w9CXpdfDM2wOucKREUpJqI6Pr+msMoqYgJtJViyhwb9k15M6yYsBjBWqRVIkL
ChwbxM3s+19L9forN7ltkVj4I50ehX5bK5xglk0TR3p8XSxFRwRAU1iESmlarZYK
Gg0wsl3jUorHR1twaKLqWmDl2/jL/oZBT0xVxWR1dHfjYqorQRd2lH4aLapsbyas
1wvBXwLwMQBxqyOwbCaBdbGc3dvAWqGrOfJpJhY5QN8C
-----END CERTIFICATE-----