Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/572ec8-7456-4e55-b776-d8ece26afec0/1/rxnNIrhG3QldlOPtvjeA2wvjFbs.roa
File:                     rxnNIrhG3QldlOPtvjeA2wvjFbs.roa (raw, json)
Hash identifier:          2BblVg4dCI71TgTK0hUX2laI8AdtzWYFSV42O2qiwl4=
Subject key identifier:   AF:19:CD:22:B8:46:DD:09:5D:94:E3:ED:BE:37:80:DB:0B:E3:15:BB
Certificate issuer:       /CN=e3e46e2c4016a8d7392c8574134fd4793b9415a4
Certificate serial:       01942369DF9D5F18B05965CC35C7A6A6FF64
Authority key identifier: E3:E4:6E:2C:40:16:A8:D7:39:2C:85:74:13:4F:D4:79:3B:94:15:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4-RuLEAWqNc5LIV0E0_UeTuUFaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/572ec8-7456-4e55-b776-d8ece26afec0/1/rxnNIrhG3QldlOPtvjeA2wvjFbs.roa
Signing time:             Wed 01 Jan 2025 19:48:48 +0000
ROA not before:           Wed 01 Jan 2025 19:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31726
IP address blocks:        46.228.48.0/20 maxlen: 20
                          77.95.72.0/21 maxlen: 21
                          185.229.228.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/572ec8-7456-4e55-b776-d8ece26afec0/1/4-RuLEAWqNc5LIV0E0_UeTuUFaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/572ec8-7456-4e55-b776-d8ece26afec0/1/4-RuLEAWqNc5LIV0E0_UeTuUFaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4-RuLEAWqNc5LIV0E0_UeTuUFaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 10:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:df:9d:5f:18:b0:59:65:cc:35:c7:a6:a6:ff:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3e46e2c4016a8d7392c8574134fd4793b9415a4
        Validity
            Not Before: Jan  1 19:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af19cd22b846dd095d94e3edbe3780db0be315bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ca:1f:7f:63:f4:76:1d:2d:a0:f3:75:f5:56:
                    fe:22:11:9b:1d:4f:87:eb:80:9c:6a:29:45:57:5a:
                    d5:62:d3:94:f3:39:1e:fc:0e:b2:ff:fa:c8:31:d3:
                    75:0d:95:7f:a1:8a:43:c4:02:33:56:38:75:56:37:
                    ca:8c:00:14:c3:a8:93:2b:d3:ef:ed:5b:b4:72:54:
                    86:c5:83:5d:4f:49:69:f8:8b:98:80:61:f5:1e:e4:
                    cd:aa:de:e8:dc:21:19:1e:20:60:c0:33:fe:8e:82:
                    87:3f:84:d0:13:de:d5:71:21:6a:6d:6d:c4:86:51:
                    44:72:72:68:63:e0:4e:df:37:c0:a6:ca:2e:e5:99:
                    25:66:ba:48:d6:3f:77:ff:35:ed:31:fe:30:cf:60:
                    d5:a8:aa:82:6f:1b:a6:10:04:ed:bd:39:4e:25:c1:
                    f6:81:5d:3f:b4:99:06:38:6c:79:2c:bb:86:15:55:
                    16:c9:f6:f3:35:33:02:15:c0:cc:57:d8:a7:0c:a3:
                    32:ff:d2:c2:fc:3a:11:73:7e:18:20:b0:14:18:0b:
                    78:88:ad:7b:e8:bd:28:3a:0c:db:46:4d:58:72:c8:
                    32:64:18:24:9e:18:53:a2:30:24:9f:db:5c:4a:a0:
                    38:5a:39:9c:41:07:2b:d6:7d:57:29:bd:97:ed:05:
                    da:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:19:CD:22:B8:46:DD:09:5D:94:E3:ED:BE:37:80:DB:0B:E3:15:BB
            X509v3 Authority Key Identifier:
                keyid:E3:E4:6E:2C:40:16:A8:D7:39:2C:85:74:13:4F:D4:79:3B:94:15:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4-RuLEAWqNc5LIV0E0_UeTuUFaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/572ec8-7456-4e55-b776-d8ece26afec0/1/rxnNIrhG3QldlOPtvjeA2wvjFbs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/572ec8-7456-4e55-b776-d8ece26afec0/1/4-RuLEAWqNc5LIV0E0_UeTuUFaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.228.48.0/20
                  77.95.72.0/21
                  185.229.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6a:69:4c:33:76:77:05:9b:83:a0:dc:dd:fc:25:92:4f:70:44:
         11:4d:5a:9a:6c:d8:84:78:1a:e0:ea:71:75:73:35:9e:54:48:
         8f:ca:7f:32:8d:8b:ab:44:71:df:5e:d0:60:91:bb:4b:d5:44:
         84:8a:4b:c8:a4:a3:f6:8f:48:a4:ef:c7:05:94:ed:60:e8:4d:
         e4:49:35:72:6e:d6:b9:66:24:8a:fa:a1:0b:34:a2:79:15:1f:
         01:56:f3:27:60:12:29:27:ac:a2:ec:16:b6:ad:0f:07:03:24:
         10:c3:74:e7:78:53:90:14:2a:15:93:26:e9:cd:8c:50:1d:cd:
         66:dc:b7:01:d9:11:4a:13:c4:9c:81:3c:b9:99:2e:3d:ce:4a:
         63:d2:f0:2c:59:ae:41:78:a5:24:3d:63:0a:54:ac:1c:d5:5b:
         ac:9a:c7:28:4e:fd:fc:74:99:c2:f5:f9:f5:70:1e:f1:37:04:
         86:76:c6:ff:4e:68:f2:dd:5e:a8:25:2c:d4:bd:2c:08:0c:85:
         de:fa:63:f7:1b:54:3f:02:83:31:5c:fd:8e:c2:73:4a:46:36:
         38:c9:f1:31:5d:2d:68:70:98:68:35:fc:0c:a6:d0:23:c7:5b:
         cf:37:56:34:d7:78:40:17:02:99:f3:5e:fd:c7:a4:c4:7a:34:
         81:7d:3c:f5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQjad+dXxiwWWXMNcempv9kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZTQ2ZTJjNDAxNmE4ZDczOTJjODU3NDEzNGZkNDc5M2I5
NDE1YTQwHhcNMjUwMTAxMTk0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjE5Y2QyMmI4NDZkZDA5NWQ5NGUzZWRiZTM3ODBkYjBiZTMxNWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscoff2P0dh0toPN19Vb+IhGbHU+H
64CcailFV1rVYtOU8zke/A6y//rIMdN1DZV/oYpDxAIzVjh1VjfKjAAUw6iTK9Pv
7Vu0clSGxYNdT0lp+IuYgGH1HuTNqt7o3CEZHiBgwDP+joKHP4TQE97VcSFqbW3E
hlFEcnJoY+BO3zfApsou5ZklZrpI1j93/zXtMf4wz2DVqKqCbxumEATtvTlOJcH2
gV0/tJkGOGx5LLuGFVUWyfbzNTMCFcDMV9inDKMy/9LC/DoRc34YILAUGAt4iK17
6L0oOgzbRk1YcsgyZBgknhhTojAkn9tcSqA4WjmcQQcr1n1XKb2X7QXa4QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFK8ZzSK4Rt0JXZTj7b43gNsL4xW7MB8GA1UdIwQY
MBaAFOPkbixAFqjXOSyFdBNP1Hk7lBWkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNC1SdUxFQVdxTmM1TElWMEUwX1VlVHVVRmFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81NzJlYzgtNzQ1Ni00ZTU1LWI3NzYt
ZDhlY2UyNmFmZWMwLzEvcnhuTklyaEczUWxkbE9QdHZqZUEyd3ZqRmJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81NzJlYzgtNzQ1Ni00ZTU1LWI3NzYtZDhlY2UyNmFmZWMw
LzEvNC1SdUxFQVdxTmM1TElWMEUwX1VlVHVVRmFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQELuQwAwQD
TV9IAwQCueXkMA0GCSqGSIb3DQEBCwUAA4IBAQBqaUwzdncFm4Og3N38JZJPcEQR
TVqabNiEeBrg6nF1czWeVEiPyn8yjYurRHHfXtBgkbtL1USEikvIpKP2j0ik78cF
lO1g6E3kSTVybta5ZiSK+qELNKJ5FR8BVvMnYBIpJ6yi7Ba2rQ8HAyQQw3TneFOQ
FCoVkybpzYxQHc1m3LcB2RFKE8ScgTy5mS49zkpj0vAsWa5BeKUkPWMKVKwc1Vus
mscoTv38dJnC9fn1cB7xNwSGdsb/Tmjy3V6oJSzUvSwIDIXe+mP3G1Q/AoMxXP2O
wnNKRjY4yfExXS1ocJhoNfwMptAjx1vPN1Y013hAFwKZ8179x6TEejSBfTz1
-----END CERTIFICATE-----