Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/sYn86kZKw4G3fFE4L_epfK7wXCA.roa
File:                     sYn86kZKw4G3fFE4L_epfK7wXCA.roa (raw, json)
Hash identifier:          fdCIDuHioT3v4CHhE018xXjPJRG+/QyggQzYrvRftpc=
Subject key identifier:   B1:89:FC:EA:46:4A:C3:81:B7:7C:51:38:2F:F7:A9:7C:AE:F0:5C:20
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       0196639A7B57618DBFCD3618A18A65581D13
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/sYn86kZKw4G3fFE4L_epfK7wXCA.roa
Signing time:             Wed 23 Apr 2025 17:03:10 +0000
ROA not before:           Wed 23 Apr 2025 17:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211439
IP address blocks:        46.34.56.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:63:9a:7b:57:61:8d:bf:cd:36:18:a1:8a:65:58:1d:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Apr 23 17:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b189fcea464ac381b77c51382ff7a97caef05c20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:74:71:32:d2:da:49:8e:4c:0c:e1:3a:39:63:
                    9d:e9:4b:5f:91:2b:0a:56:09:4e:86:1c:33:ab:67:
                    db:7b:55:29:ca:c1:ea:18:98:0f:8e:3f:a9:22:1e:
                    6e:fd:44:76:ec:a8:e3:af:17:7c:07:f1:2a:09:77:
                    2b:88:76:b5:38:57:38:d8:d7:df:b6:0e:77:a3:97:
                    5b:d0:52:64:2c:55:c6:df:33:8f:37:69:0d:28:f6:
                    c4:8c:71:7a:9a:95:ca:7f:cc:d3:8e:8e:b4:c3:c6:
                    18:21:16:c6:8e:37:86:22:16:83:85:20:a8:69:9e:
                    56:3b:db:96:33:ea:15:5c:12:5f:30:8d:cb:1d:55:
                    9e:62:a8:41:47:21:95:71:6f:b7:80:46:f0:e0:ac:
                    76:f5:95:1e:2f:3d:aa:64:0c:2d:88:92:15:b1:46:
                    95:a9:ee:fa:b7:51:b1:4e:2a:b5:60:7d:64:4e:7f:
                    ab:d6:79:38:c1:22:d0:97:87:f7:f5:35:b0:dd:94:
                    3f:f8:59:bd:e4:b2:7d:2c:ff:8f:08:76:26:4d:3a:
                    0e:95:11:07:29:b5:58:9b:45:79:c0:26:f2:c5:4a:
                    d0:62:c8:db:68:fb:87:af:26:a9:f2:b3:5a:35:04:
                    8f:8a:7d:3b:3f:f0:3b:b9:26:60:7d:32:d6:0a:cf:
                    18:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:89:FC:EA:46:4A:C3:81:B7:7C:51:38:2F:F7:A9:7C:AE:F0:5C:20
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/sYn86kZKw4G3fFE4L_epfK7wXCA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         42:09:a2:10:80:8d:7f:c1:8b:8e:e3:55:31:6b:e9:72:b2:a7:
         90:7c:ca:9c:af:8f:17:83:c0:a1:65:4a:fb:42:e6:5a:b3:f2:
         e5:e9:53:af:1b:0b:e8:ad:de:31:23:af:26:68:06:24:1c:d6:
         cf:45:40:60:07:98:f9:5d:15:fe:56:8a:1a:1e:c5:94:b5:b2:
         13:bc:98:69:44:a8:43:84:30:98:1d:9b:c9:2a:00:40:3c:4e:
         42:85:5a:70:3f:b5:53:b1:84:43:5e:50:9c:b9:b8:1e:50:18:
         15:45:b9:8c:5d:06:3d:80:1f:0b:fa:8e:34:5d:2b:58:ac:cc:
         44:3f:87:1a:e5:3f:b8:06:54:2e:f3:29:2a:3f:c2:ff:6f:ed:
         d4:8d:c3:90:a8:1f:04:b5:38:6c:9c:0f:96:6f:3e:f3:7a:c3:
         8b:bf:14:fb:98:5d:18:de:fc:51:1d:13:1c:4c:5e:6c:93:2e:
         7e:99:07:69:a1:03:e6:17:26:dc:02:4c:95:f9:f5:40:57:80:
         c0:84:0f:36:33:8d:47:a3:cb:77:5e:fe:a3:66:19:48:c9:22:
         a8:26:c4:3c:44:d6:86:f6:d6:ea:8c:29:4c:c7:1d:f7:4f:69:
         01:ac:15:a3:ae:47:b1:e2:ec:dc:82:16:82:05:e5:4e:df:da:
         30:72:51:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZjmntXYY2/zTYYoYplWB0TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjUwNDIzMTcwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTg5ZmNlYTQ2NGFjMzgxYjc3YzUxMzgyZmY3YTk3Y2FlZjA1YzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6HRxMtLaSY5MDOE6OWOd6UtfkSsK
VglOhhwzq2fbe1UpysHqGJgPjj+pIh5u/UR27Kjjrxd8B/EqCXcriHa1OFc42Nff
tg53o5db0FJkLFXG3zOPN2kNKPbEjHF6mpXKf8zTjo60w8YYIRbGjjeGIhaDhSCo
aZ5WO9uWM+oVXBJfMI3LHVWeYqhBRyGVcW+3gEbw4Kx29ZUeLz2qZAwtiJIVsUaV
qe76t1GxTiq1YH1kTn+r1nk4wSLQl4f39TWw3ZQ/+Fm95LJ9LP+PCHYmTToOlREH
KbVYm0V5wCbyxUrQYsjbaPuHryap8rNaNQSPin07P/A7uSZgfTLWCs8YOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGJ/OpGSsOBt3xROC/3qXyu8FwgMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvc1luODZrWkt3NEczZkZFNExfZXBmSzd3WENBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLiI4MA0G
CSqGSIb3DQEBCwUAA4IBAQBCCaIQgI1/wYuO41Uxa+lysqeQfMqcr48Xg8ChZUr7
QuZas/Ll6VOvGwvord4xI68maAYkHNbPRUBgB5j5XRX+VooaHsWUtbITvJhpRKhD
hDCYHZvJKgBAPE5ChVpwP7VTsYRDXlCcubgeUBgVRbmMXQY9gB8L+o40XStYrMxE
P4ca5T+4BlQu8ykqP8L/b+3UjcOQqB8EtThsnA+Wbz7zesOLvxT7mF0Y3vxRHRMc
TF5sky5+mQdpoQPmFybcAkyV+fVAV4DAhA82M41Ho8t3Xv6jZhlIySKoJsQ8RNaG
9tbqjClMxx33T2kBrBWjrkex4uzcghaCBeVO39owclHK
-----END CERTIFICATE-----