Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/pG1KZHc4pymXEXUvmeM4GHLYNlA.roa
File:                     pG1KZHc4pymXEXUvmeM4GHLYNlA.roa (raw, json)
Hash identifier:          5KHE9uzvNu4RIDxwOSdN7PmOQXacqTWtDjsMZfOaj8Y=
Subject key identifier:   A4:6D:4A:64:77:38:A7:29:97:11:75:2F:99:E3:38:18:72:D8:36:50
Certificate issuer:       /CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
Certificate serial:       0196687D172B21B45B8FB7A05F58A350B920
Authority key identifier: BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/pG1KZHc4pymXEXUvmeM4GHLYNlA.roa
Signing time:             Thu 24 Apr 2025 15:49:10 +0000
ROA not before:           Thu 24 Apr 2025 15:49:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204779
IP address blocks:        46.254.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:68:7d:17:2b:21:b4:5b:8f:b7:a0:5f:58:a3:50:b9:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba31bcf923c5f25cafbdabdfdd46e511f95df0d1
        Validity
            Not Before: Apr 24 15:49:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a46d4a647738a7299711752f99e3381872d83650
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:78:e5:04:f4:a8:bc:32:68:6e:5e:07:87:c4:
                    e9:2a:a3:ba:d4:0d:a7:15:0d:64:ab:90:0e:21:88:
                    86:2c:8a:2e:79:11:6c:88:3a:47:08:da:da:7e:6e:
                    a0:0c:a3:14:87:25:02:37:25:57:f1:72:2d:d9:74:
                    40:b6:d7:47:49:87:95:18:b4:43:b7:79:6f:f0:e6:
                    18:08:b3:67:8d:d4:b0:a7:08:f5:f3:9c:a1:25:71:
                    d5:e4:79:80:b8:26:88:44:39:69:58:53:fd:af:ae:
                    d2:06:0e:08:9a:02:be:87:30:2e:63:59:a9:37:cf:
                    ff:f6:8d:45:ad:c1:fa:e2:61:88:64:85:a5:5d:9e:
                    33:78:c5:80:da:99:31:b3:d2:11:7b:23:dc:05:70:
                    f4:18:38:60:34:ba:71:63:d3:c2:ee:d3:c8:fd:91:
                    be:e1:0a:8d:59:01:2e:27:b2:58:8f:61:f7:d4:ec:
                    97:35:45:09:13:69:8b:59:51:95:70:94:38:c9:9e:
                    4e:18:77:78:11:be:57:c4:91:d1:4f:41:70:42:53:
                    d9:04:36:b1:43:c0:35:7a:40:ca:cd:0f:9d:98:63:
                    d2:e3:c4:40:de:18:a6:18:4b:52:9b:90:b5:07:44:
                    8b:f3:2e:db:27:08:23:9f:37:9d:1e:44:ad:1a:b1:
                    f3:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:6D:4A:64:77:38:A7:29:97:11:75:2F:99:E3:38:18:72:D8:36:50
            X509v3 Authority Key Identifier:
                keyid:BA:31:BC:F9:23:C5:F2:5C:AF:BD:AB:DF:DD:46:E5:11:F9:5D:F0:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ujG8-SPF8lyvvavf3UblEfld8NE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/pG1KZHc4pymXEXUvmeM4GHLYNlA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/76a7f1-748d-406c-a51f-1ba343f17ec2/1/ujG8-SPF8lyvvavf3UblEfld8NE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:e1:87:d6:ca:90:b5:1f:ce:7c:06:cd:74:ab:43:33:ca:07:
         46:4f:61:e7:a9:bf:b2:41:77:94:e8:87:69:9b:7b:5a:ab:db:
         19:2a:84:12:2a:f2:c5:2c:21:9d:c6:1e:c4:94:e8:01:e3:d1:
         ed:6c:73:67:ea:b3:a4:6e:65:0c:f4:8e:26:38:ca:cb:ed:42:
         f2:ec:fb:83:da:1e:e0:28:6d:d3:94:cf:e0:1d:99:da:66:c4:
         bd:b2:21:45:79:6d:b4:67:66:d0:5c:b9:76:d7:8e:ba:79:71:
         b3:f1:74:66:af:6b:96:1e:d2:7e:08:d5:3e:1e:e5:b5:e9:c5:
         29:a3:b9:6f:84:23:46:21:f6:82:fb:be:89:93:0c:ee:34:79:
         eb:01:fe:c6:c9:9e:94:91:23:d7:5b:bc:e5:54:31:e9:48:d6:
         a8:18:a4:55:ca:5b:48:67:51:d4:74:fa:f7:c2:70:3f:5c:cf:
         3e:6f:e5:16:92:a6:24:21:b8:30:ab:18:85:5e:70:49:bb:e8:
         06:88:49:be:21:1d:af:0e:f8:3d:1d:52:43:c2:72:c6:60:ac:
         e3:94:56:a1:1a:07:c7:a4:0e:88:68:3f:6e:8d:45:83:32:15:
         bc:23:99:65:8e:09:1a:32:9b:03:e9:7e:30:bb:de:a7:ae:ee:
         b0:19:28:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZofRcrIbRbj7egX1ijULkgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMzFiY2Y5MjNjNWYyNWNhZmJkYWJkZmRkNDZlNTExZjk1
ZGYwZDEwHhcNMjUwNDI0MTU0OTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDZkNGE2NDc3MzhhNzI5OTcxMTc1MmY5OWUzMzgxODcyZDgzNjUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkXjlBPSovDJobl4Hh8TpKqO61A2n
FQ1kq5AOIYiGLIoueRFsiDpHCNrafm6gDKMUhyUCNyVX8XIt2XRAttdHSYeVGLRD
t3lv8OYYCLNnjdSwpwj185yhJXHV5HmAuCaIRDlpWFP9r67SBg4ImgK+hzAuY1mp
N8//9o1FrcH64mGIZIWlXZ4zeMWA2pkxs9IReyPcBXD0GDhgNLpxY9PC7tPI/ZG+
4QqNWQEuJ7JYj2H31OyXNUUJE2mLWVGVcJQ4yZ5OGHd4Eb5XxJHRT0FwQlPZBDax
Q8A1ekDKzQ+dmGPS48RA3himGEtSm5C1B0SL8y7bJwgjnzedHkStGrHz/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKRtSmR3OKcplxF1L5njOBhy2DZQMB8GA1UdIwQY
MBaAFLoxvPkjxfJcr72r391G5RH5XfDRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYt
MWJhMzQzZjE3ZWMyLzEvcEcxS1pIYzRweW1YRVhVdm1lTTRHSExZTmxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83NmE3ZjEtNzQ4ZC00MDZjLWE1MWYtMWJhMzQzZjE3ZWMy
LzEvdWpHOC1TUEY4bHl2dmF2ZjNVYmxFZmxkOE5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALv7RMA0G
CSqGSIb3DQEBCwUAA4IBAQA+4YfWypC1H858Bs10q0MzygdGT2Hnqb+yQXeU6Idp
m3taq9sZKoQSKvLFLCGdxh7ElOgB49HtbHNn6rOkbmUM9I4mOMrL7ULy7PuD2h7g
KG3TlM/gHZnaZsS9siFFeW20Z2bQXLl21466eXGz8XRmr2uWHtJ+CNU+HuW16cUp
o7lvhCNGIfaC+76JkwzuNHnrAf7GyZ6UkSPXW7zlVDHpSNaoGKRVyltIZ1HUdPr3
wnA/XM8+b+UWkqYkIbgwqxiFXnBJu+gGiEm+IR2vDvg9HVJDwnLGYKzjlFahGgfH
pA6IaD9ujUWDMhW8I5lljgkaMpsD6X4wu96nru6wGShi
-----END CERTIFICATE-----