Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/zR1KG9QDRNox6dSdf5Sdi6Q2q_I.roa
File:                     zR1KG9QDRNox6dSdf5Sdi6Q2q_I.roa (raw, json)
Hash identifier:          WFq2GOXNf1TCXH0TmLYZ4UY1jza704xfNc6aCDDU2oQ=
Subject key identifier:   CD:1D:4A:1B:D4:03:44:DA:31:E9:D4:9D:7F:94:9D:8B:A4:36:AB:F2
Certificate issuer:       /CN=e754c347d68d15493de71bb962f0a567e134d603
Certificate serial:       019423D70CFB4A06544A80F5754696D74446
Authority key identifier: E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/zR1KG9QDRNox6dSdf5Sdi6Q2q_I.roa
Signing time:             Wed 01 Jan 2025 21:48:03 +0000
ROA not before:           Wed 01 Jan 2025 21:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207569
IP address blocks:        198.105.124.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:0c:fb:4a:06:54:4a:80:f5:75:46:96:d7:44:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e754c347d68d15493de71bb962f0a567e134d603
        Validity
            Not Before: Jan  1 21:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cd1d4a1bd40344da31e9d49d7f949d8ba436abf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:c5:1a:ce:10:89:90:68:61:d8:31:29:cb:ef:
                    00:d3:d8:0f:b7:38:9d:b5:f9:3c:aa:2a:d8:9b:10:
                    71:e9:23:34:e1:ee:c4:38:b8:0e:66:33:9d:ec:66:
                    0c:f3:8c:ee:68:e7:df:44:15:6a:b0:18:48:ed:8c:
                    97:48:52:f8:f9:bc:8f:aa:66:fc:88:f5:e0:6d:9e:
                    6f:51:40:de:0e:e0:64:a0:63:f0:d3:42:78:5c:35:
                    b1:59:1e:23:a2:5b:2f:70:21:aa:c4:f1:af:f7:61:
                    57:bf:43:97:1a:c7:50:af:85:9a:bd:d9:ae:a2:a8:
                    d3:fc:23:88:89:d4:20:d8:b0:c8:90:51:1c:2d:74:
                    6c:67:97:0d:7b:0f:00:58:81:7d:69:0a:bf:1f:a5:
                    dd:f4:f8:78:0f:90:cd:05:f8:d4:02:b1:44:61:d7:
                    10:c4:22:dc:a8:27:82:52:9c:b8:5c:dd:ae:8c:33:
                    50:17:7d:a7:0a:b9:13:a2:7e:31:05:17:79:f6:bf:
                    30:8f:1c:f7:b5:c3:f0:b4:73:35:9f:5e:e6:ca:1d:
                    ac:b1:96:dc:5d:52:d2:9c:9a:86:53:20:ac:c8:06:
                    c5:2c:b9:01:08:9c:16:a3:2c:da:42:3f:78:87:64:
                    e1:a6:15:c6:e8:82:a5:a1:36:44:3c:27:f8:78:20:
                    3f:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:1D:4A:1B:D4:03:44:DA:31:E9:D4:9D:7F:94:9D:8B:A4:36:AB:F2
            X509v3 Authority Key Identifier:
                keyid:E7:54:C3:47:D6:8D:15:49:3D:E7:1B:B9:62:F0:A5:67:E1:34:D6:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51TDR9aNFUk95xu5YvClZ-E01gM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/zR1KG9QDRNox6dSdf5Sdi6Q2q_I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/46db3a-a573-4f28-b43b-37b62d223924/1/51TDR9aNFUk95xu5YvClZ-E01gM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.105.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:44:7a:b6:92:b1:90:df:fd:1d:92:f4:5c:82:5c:67:0b:f0:
         a9:ae:e6:f2:0d:85:c6:ba:b2:16:48:07:6a:da:bc:d9:56:5d:
         1e:ba:2e:69:f5:42:3b:60:83:5c:87:89:55:93:c6:25:ce:cc:
         aa:96:aa:36:e1:30:f8:e9:01:ac:9b:a3:d4:a6:e6:8b:49:79:
         87:5c:8f:dc:fe:3c:71:2c:df:51:0b:13:e0:21:f1:e0:26:7f:
         df:3b:7c:ba:b0:6c:26:45:61:25:ba:f5:3e:bc:6b:e7:49:81:
         e6:88:97:e8:d7:79:b5:48:94:99:81:ef:f0:b5:9a:ae:07:d3:
         f1:4f:99:9c:2c:b2:0c:4c:d8:a2:1c:56:c1:e3:98:7f:52:ec:
         19:0e:e7:d6:d7:db:11:17:55:03:4d:ae:29:2c:d6:d1:10:be:
         c9:80:ee:7e:13:43:c0:ca:3e:b5:c6:2d:b6:23:24:cb:99:cd:
         f7:97:9e:c1:7d:a9:65:b0:bd:79:a5:2c:ab:1e:d2:84:1e:1e:
         8c:61:45:ed:33:ab:93:0f:b6:45:fd:ee:aa:fb:08:ea:91:0a:
         6d:62:e7:8a:b7:14:63:e6:58:17:b0:01:7d:d7:73:ea:4b:03:
         eb:0e:85:fb:75:07:51:de:53:cf:9e:52:d9:03:2c:61:9b:c3:
         ae:0e:2a:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1wz7SgZUSoD1dUaW10RGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTRjMzQ3ZDY4ZDE1NDkzZGU3MWJiOTYyZjBhNTY3ZTEz
NGQ2MDMwHhcNMjUwMTAxMjE0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZDFkNGExYmQ0MDM0NGRhMzFlOWQ0OWQ3Zjk0OWQ4YmE0MzZhYmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwsUazhCJkGhh2DEpy+8A09gPtzid
tfk8qirYmxBx6SM04e7EOLgOZjOd7GYM84zuaOffRBVqsBhI7YyXSFL4+byPqmb8
iPXgbZ5vUUDeDuBkoGPw00J4XDWxWR4jolsvcCGqxPGv92FXv0OXGsdQr4Wavdmu
oqjT/COIidQg2LDIkFEcLXRsZ5cNew8AWIF9aQq/H6Xd9Ph4D5DNBfjUArFEYdcQ
xCLcqCeCUpy4XN2ujDNQF32nCrkTon4xBRd59r8wjxz3tcPwtHM1n17myh2ssZbc
XVLSnJqGUyCsyAbFLLkBCJwWoyzaQj94h2ThphXG6IKloTZEPCf4eCA/pwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM0dShvUA0TaMenUnX+UnYukNqvyMB8GA1UdIwQY
MBaAFOdUw0fWjRVJPecbuWLwpWfhNNYDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2It
MzdiNjJkMjIzOTI0LzEvelIxS0c5UURSTm94NmRTZGY1U2RpNlEycV9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80NmRiM2EtYTU3My00ZjI4LWI0M2ItMzdiNjJkMjIzOTI0
LzEvNTFURFI5YU5GVWs5NXh1NVl2Q2xaLUUwMWdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBxml8MA0G
CSqGSIb3DQEBCwUAA4IBAQCCRHq2krGQ3/0dkvRcglxnC/CprubyDYXGurIWSAdq
2rzZVl0eui5p9UI7YINch4lVk8Ylzsyqlqo24TD46QGsm6PUpuaLSXmHXI/c/jxx
LN9RCxPgIfHgJn/fO3y6sGwmRWEluvU+vGvnSYHmiJfo13m1SJSZge/wtZquB9Px
T5mcLLIMTNiiHFbB45h/UuwZDufW19sRF1UDTa4pLNbREL7JgO5+E0PAyj61xi22
IyTLmc33l57BfallsL15pSyrHtKEHh6MYUXtM6uTD7ZF/e6q+wjqkQptYueKtxRj
5lgXsAF913PqSwPrDoX7dQdR3lPPnlLZAyxhm8OuDio1
-----END CERTIFICATE-----