Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/Bs46C8G9Xvlaiic-U_vabhAJhco.roa
File:                     Bs46C8G9Xvlaiic-U_vabhAJhco.roa (raw, json)
Hash identifier:          3sJguMlQk0GQr3vKdqIN2WvzrXMmi6x68HlsMnn5UuM=
Subject key identifier:   06:CE:3A:0B:C1:BD:5E:F9:5A:8A:27:3E:53:FB:DA:6E:10:09:85:CA
Certificate issuer:       /CN=49c403d43b5f38fca2119cd1409a92763edefe71
Certificate serial:       01942220001AA39B5A8B3D5D786EBE75131F
Authority key identifier: 49:C4:03:D4:3B:5F:38:FC:A2:11:9C:D1:40:9A:92:76:3E:DE:FE:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/Bs46C8G9Xvlaiic-U_vabhAJhco.roa
Signing time:             Wed 01 Jan 2025 13:48:30 +0000
ROA not before:           Wed 01 Jan 2025 13:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39838
IP address blocks:        176.57.202.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:00:1a:a3:9b:5a:8b:3d:5d:78:6e:be:75:13:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49c403d43b5f38fca2119cd1409a92763edefe71
        Validity
            Not Before: Jan  1 13:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=06ce3a0bc1bd5ef95a8a273e53fbda6e100985ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:f3:84:fc:af:00:c2:e7:cf:5d:ab:72:50:54:
                    2e:8c:da:d8:af:c1:c0:c7:98:44:dc:f1:6f:6c:0e:
                    d2:6b:d3:80:ce:4e:ed:e0:e4:12:d4:1c:c6:b3:cc:
                    4e:41:ed:dd:72:7c:f3:79:9c:f9:bf:bb:e7:cf:54:
                    72:24:02:2f:ac:85:1d:8c:78:f1:a8:6d:34:f9:54:
                    fb:e2:f2:77:29:94:f4:d5:32:15:a8:a3:e5:86:ff:
                    92:bd:11:76:4d:80:33:8a:21:6f:06:a3:7c:b6:d0:
                    f7:79:8b:f0:7f:db:29:3c:fc:95:5e:31:da:de:33:
                    ab:e1:a8:a0:1e:11:1e:ff:21:35:53:32:65:42:de:
                    80:f8:76:94:b7:a8:4a:4c:01:96:48:2b:a7:84:25:
                    f8:23:0e:2d:f9:9c:7e:6c:53:fc:f3:94:da:bd:32:
                    58:bb:62:f6:09:44:68:91:45:5a:08:1c:15:7d:bd:
                    eb:d8:d0:62:c1:0b:9e:69:36:61:d4:20:29:53:30:
                    d7:53:c3:c0:f7:e9:3a:f4:27:c5:08:a5:03:9b:0a:
                    04:48:ea:39:f2:d5:96:0a:7c:2f:c1:8a:81:80:e9:
                    ed:f6:1f:1c:29:6c:92:d0:79:b4:51:8e:47:e8:e4:
                    0b:a1:af:a6:74:30:d0:a8:82:ef:67:1e:47:06:09:
                    d7:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:CE:3A:0B:C1:BD:5E:F9:5A:8A:27:3E:53:FB:DA:6E:10:09:85:CA
            X509v3 Authority Key Identifier:
                keyid:49:C4:03:D4:3B:5F:38:FC:A2:11:9C:D1:40:9A:92:76:3E:DE:FE:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/Bs46C8G9Xvlaiic-U_vabhAJhco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.57.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:6f:59:2f:df:c4:a8:4b:80:ac:9a:c1:ec:b6:66:db:14:2c:
         b7:67:65:a8:5d:2d:a6:a5:8e:90:88:09:0b:97:84:b3:78:50:
         e0:eb:a8:c9:b5:ad:23:45:8a:8d:1b:80:9b:69:3f:7f:8b:17:
         da:0e:08:b9:8c:3d:af:89:f1:70:28:ba:4b:90:a6:4b:77:1b:
         a3:00:7a:b1:6b:d5:67:a4:30:50:94:7b:58:e6:60:b3:5f:f6:
         c2:11:35:5d:ed:f2:17:a5:b3:7d:87:9a:2e:9f:84:34:5d:6b:
         da:34:85:f2:27:8b:f9:6d:f3:43:4c:67:d9:7f:63:b4:ca:8c:
         b5:43:3c:2a:c6:57:56:12:ca:91:a0:f2:ca:06:f9:5f:d6:ad:
         01:d5:b7:01:d7:ee:1f:73:3e:c8:53:fc:72:fc:76:77:28:29:
         92:ca:55:7e:ef:53:44:e2:17:67:91:32:d5:10:74:f2:38:3a:
         c1:ff:43:52:95:42:7a:99:24:88:c4:7b:07:56:7b:c6:45:48:
         24:8f:99:25:23:a2:7a:e7:b0:07:a4:5a:d9:8d:09:1b:42:34:
         e6:c1:49:b7:ee:b7:93:fa:f0:c5:49:72:f3:af:a7:59:1d:32:
         d5:d8:61:36:2c:ee:51:06:08:87:c5:84:0e:30:78:c2:f0:ed:
         12:f5:37:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIAAao5taiz1deG6+dRMfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YzQwM2Q0M2I1ZjM4ZmNhMjExOWNkMTQwOWE5Mjc2M2Vk
ZWZlNzEwHhcNMjUwMTAxMTM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNmNlM2EwYmMxYmQ1ZWY5NWE4YTI3M2U1M2ZiZGE2ZTEwMDk4NWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3/OE/K8AwufPXatyUFQujNrYr8HA
x5hE3PFvbA7Sa9OAzk7t4OQS1BzGs8xOQe3dcnzzeZz5v7vnz1RyJAIvrIUdjHjx
qG00+VT74vJ3KZT01TIVqKPlhv+SvRF2TYAziiFvBqN8ttD3eYvwf9spPPyVXjHa
3jOr4aigHhEe/yE1UzJlQt6A+HaUt6hKTAGWSCunhCX4Iw4t+Zx+bFP885TavTJY
u2L2CURokUVaCBwVfb3r2NBiwQueaTZh1CApUzDXU8PA9+k69CfFCKUDmwoESOo5
8tWWCnwvwYqBgOnt9h8cKWyS0Hm0UY5H6OQLoa+mdDDQqILvZx5HBgnXeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAbOOgvBvV75WoonPlP72m4QCYXKMB8GA1UdIwQY
MBaAFEnEA9Q7Xzj8ohGc0UCaknY+3v5xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2NRRDFEdGZPUHlpRVp6UlFKcVNkajdlX25FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9hMmY4N2ItNDgxMS00ZmUxLWIxNWQt
Zjg4OWNhMTYxYzAxLzEvQnM0NkM4RzlYdmxhaWljLVVfdmFiaEFKaGNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9hMmY4N2ItNDgxMS00ZmUxLWIxNWQtZjg4OWNhMTYxYzAx
LzEvU2NRRDFEdGZPUHlpRVp6UlFKcVNkajdlX25FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsDnKMA0G
CSqGSIb3DQEBCwUAA4IBAQCDb1kv38SoS4CsmsHstmbbFCy3Z2WoXS2mpY6QiAkL
l4SzeFDg66jJta0jRYqNG4CbaT9/ixfaDgi5jD2vifFwKLpLkKZLdxujAHqxa9Vn
pDBQlHtY5mCzX/bCETVd7fIXpbN9h5oun4Q0XWvaNIXyJ4v5bfNDTGfZf2O0yoy1
QzwqxldWEsqRoPLKBvlf1q0B1bcB1+4fcz7IU/xy/HZ3KCmSylV+71NE4hdnkTLV
EHTyODrB/0NSlUJ6mSSIxHsHVnvGRUgkj5klI6J657AHpFrZjQkbQjTmwUm37reT
+vDFSXLzr6dZHTLV2GE2LO5RBgiHxYQOMHjC8O0S9Tdx
-----END CERTIFICATE-----