Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/IKIaPVEC7ZbEaCMhpJqZ0jMkQH8.roa
File:                     IKIaPVEC7ZbEaCMhpJqZ0jMkQH8.roa (raw, json)
Hash identifier:          PiDwHKmucbfKY3E1G2Y4hhfNCPsTP9QFeqe7CIJxSOc=
Subject key identifier:   20:A2:1A:3D:51:02:ED:96:C4:68:23:21:A4:9A:99:D2:33:24:40:7F
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       01942369F44ABCACA9CD8389A578017D1F13
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/IKIaPVEC7ZbEaCMhpJqZ0jMkQH8.roa
Signing time:             Wed 01 Jan 2025 19:48:53 +0000
ROA not before:           Wed 01 Jan 2025 19:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     146839
IP address blocks:        46.3.96.0/20 maxlen: 24
                          46.232.48.0/21 maxlen: 24
                          46.232.56.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:f4:4a:bc:ac:a9:cd:83:89:a5:78:01:7d:1f:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  1 19:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=20a21a3d5102ed96c4682321a49a99d23324407f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:3c:9c:0b:f6:b5:11:a6:51:47:c9:c5:11:0d:
                    c2:09:27:1f:97:82:43:37:26:95:58:89:b2:1d:12:
                    b0:db:77:ea:bb:ca:4c:ce:2a:94:f1:7d:a9:0e:b9:
                    8e:78:53:bb:5d:32:f7:a1:4f:44:00:d6:e0:40:11:
                    b0:37:63:b4:ba:69:18:2c:ea:af:d0:52:6d:1e:8d:
                    a0:a3:9c:5b:cf:23:af:78:23:19:6d:4c:6a:c4:6a:
                    ee:9a:7e:ff:47:ab:56:45:34:0e:7f:79:2f:9a:73:
                    24:26:e1:92:b9:62:8a:16:c7:6b:2a:5f:d1:29:d1:
                    95:5d:49:2b:f9:e8:55:03:a8:bf:e5:4b:f3:b6:c1:
                    33:18:d5:01:5e:1d:55:06:b3:fd:d1:75:77:6d:64:
                    36:47:37:a8:14:b3:d7:f1:78:35:96:5d:c4:c3:d9:
                    86:5c:51:47:08:25:19:c0:a5:2d:7e:8d:89:65:bd:
                    77:8d:66:41:f9:e2:06:32:03:98:0a:da:10:28:c2:
                    fd:b9:00:d8:ed:79:c4:82:e1:28:76:c6:3a:f6:27:
                    13:05:c1:b0:0e:6a:d7:4a:53:cc:16:e8:87:83:99:
                    ce:db:96:30:94:96:27:9f:48:21:1b:d1:c7:a6:c1:
                    be:fe:bf:90:f5:48:2c:b1:3b:7e:eb:2f:d7:b3:f8:
                    7b:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:A2:1A:3D:51:02:ED:96:C4:68:23:21:A4:9A:99:D2:33:24:40:7F
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/IKIaPVEC7ZbEaCMhpJqZ0jMkQH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.96.0/20
                  46.232.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         84:02:1a:7f:98:75:d0:13:49:61:90:e9:d2:65:68:99:f7:65:
         d6:f5:7d:91:be:5d:99:af:64:62:69:d0:52:1b:50:9f:c7:5e:
         ad:64:96:84:46:1d:ed:7b:df:00:99:38:e4:95:0e:ec:84:72:
         36:28:6d:9b:7c:3f:aa:50:7d:8f:96:39:b9:64:6b:b4:17:af:
         41:86:72:0e:f1:03:df:41:6c:23:f2:fe:32:80:c9:2d:5d:d8:
         72:b1:7e:d9:1f:db:3a:57:da:62:97:1b:d9:e3:97:2e:72:e1:
         37:6c:b6:5a:8d:ad:a5:7d:7d:10:9d:49:2f:aa:10:eb:29:a6:
         c4:e9:68:2e:be:5e:69:f7:d5:e0:87:6f:96:a7:bb:d6:89:b1:
         72:b8:2b:27:c5:7e:ba:67:d2:da:c0:d0:5d:c6:84:96:2e:9a:
         18:45:11:35:21:f3:7e:b1:da:47:f4:d1:4c:aa:82:07:95:92:
         b2:24:05:f5:57:4d:25:34:19:f8:d3:2a:cc:5b:ac:ab:bb:47:
         65:00:9d:73:f7:51:5e:da:63:f5:0a:4a:08:d0:00:3a:c7:35:
         df:71:77:3e:a9:df:18:f1:2a:5d:76:0e:62:41:2d:94:21:78:
         c8:c0:64:2c:70:b8:72:a5:8a:7f:0f:ec:b7:74:92:9e:2f:49:
         c2:c1:cb:79
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjafRKvKypzYOJpXgBfR8TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjUwMTAxMTk0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGEyMWEzZDUxMDJlZDk2YzQ2ODIzMjFhNDlhOTlkMjMzMjQ0MDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzjycC/a1EaZRR8nFEQ3CCScfl4JD
NyaVWImyHRKw23fqu8pMziqU8X2pDrmOeFO7XTL3oU9EANbgQBGwN2O0umkYLOqv
0FJtHo2go5xbzyOveCMZbUxqxGrumn7/R6tWRTQOf3kvmnMkJuGSuWKKFsdrKl/R
KdGVXUkr+ehVA6i/5UvztsEzGNUBXh1VBrP90XV3bWQ2RzeoFLPX8Xg1ll3Ew9mG
XFFHCCUZwKUtfo2JZb13jWZB+eIGMgOYCtoQKML9uQDY7XnEguEodsY69icTBcGw
DmrXSlPMFuiHg5nO25YwlJYnn0ghG9HHpsG+/r+Q9UgssTt+6y/Xs/h73wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCCiGj1RAu2WxGgjIaSamdIzJEB/MB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvSUtJYVBWRUM3WmJFYUNNaHBKcVowak1rUUg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQELgNgAwQE
LugwMA0GCSqGSIb3DQEBCwUAA4IBAQCEAhp/mHXQE0lhkOnSZWiZ92XW9X2Rvl2Z
r2RiadBSG1Cfx16tZJaERh3te98AmTjklQ7shHI2KG2bfD+qUH2Pljm5ZGu0F69B
hnIO8QPfQWwj8v4ygMktXdhysX7ZH9s6V9pilxvZ45cucuE3bLZaja2lfX0QnUkv
qhDrKabE6Wguvl5p99Xgh2+Wp7vWibFyuCsnxX66Z9LawNBdxoSWLpoYRRE1IfN+
sdpH9NFMqoIHlZKyJAX1V00lNBn40yrMW6yru0dlAJ1z91Fe2mP1CkoI0AA6xzXf
cXc+qd8Y8Spddg5iQS2UIXjIwGQscLhypYp/D+y3dJKeL0nCwct5
-----END CERTIFICATE-----