Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/x07rijEZOn9T311yrMQx6xcIpzk.roa
File:                     x07rijEZOn9T311yrMQx6xcIpzk.roa (raw, json)
Hash identifier:          8vOfmWLdHF5Hk9wADt1Mv+BGSqPQXg6o4b8Ihu/9LIA=
Subject key identifier:   C7:4E:EB:8A:31:19:3A:7F:53:DF:5D:72:AC:C4:31:EB:17:08:A7:39
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       01942369EA3DE6F0A2D5B840AE4D40DDEAC1
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/x07rijEZOn9T311yrMQx6xcIpzk.roa
Signing time:             Wed 01 Jan 2025 19:48:51 +0000
ROA not before:           Wed 01 Jan 2025 19:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35251
IP address blocks:        46.3.112.0/23 maxlen: 24
                          46.3.114.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:ea:3d:e6:f0:a2:d5:b8:40:ae:4d:40:dd:ea:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  1 19:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c74eeb8a31193a7f53df5d72acc431eb1708a739
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:1b:71:d0:f5:5e:e2:46:2b:53:04:42:cc:98:
                    92:4e:63:a0:a3:39:f9:1d:63:e0:6c:e0:b8:de:c6:
                    47:f7:66:7f:07:fe:39:42:0e:e4:0e:fb:ea:e7:4b:
                    af:cf:b3:b4:27:18:78:5d:b5:27:51:2c:f5:4f:05:
                    6f:d1:29:e5:8f:e2:76:20:b3:62:38:b1:ce:d8:8c:
                    f9:e3:d9:c0:c2:1d:94:c8:71:2b:7f:41:d0:c8:d2:
                    16:24:81:07:00:9e:15:3b:e8:95:53:89:1f:00:34:
                    01:e7:77:d9:da:e2:fe:61:6e:a1:83:a3:55:dc:22:
                    b3:11:d7:e0:20:0b:85:4a:a1:86:8e:2f:d4:f7:e6:
                    c6:cb:2c:5f:81:1f:63:97:1b:c2:b0:03:52:40:77:
                    a5:e0:d6:cc:7f:c3:81:3a:f7:46:4a:fa:65:51:81:
                    94:84:fc:97:cd:84:72:db:3a:b3:f8:07:0b:a9:ef:
                    74:8c:1d:ab:6d:40:2c:c2:b6:84:5b:a1:18:c2:66:
                    2e:7f:73:8b:b5:30:c0:ee:f8:ca:2b:b1:8b:d5:20:
                    24:2e:27:eb:da:a3:33:a0:f2:96:5e:83:5f:20:df:
                    79:19:a2:88:6d:20:b5:3b:16:e2:d2:a3:15:dc:ee:
                    0f:4a:78:2f:fc:0b:8b:f2:62:cb:65:e8:43:17:7e:
                    b9:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:4E:EB:8A:31:19:3A:7F:53:DF:5D:72:AC:C4:31:EB:17:08:A7:39
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/x07rijEZOn9T311yrMQx6xcIpzk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:61:f4:16:03:e4:1c:f3:3e:9a:f5:74:89:30:2b:f7:d9:74:
         35:e2:61:fd:27:c1:e4:34:17:e7:4e:70:4a:40:a0:d8:2a:78:
         2f:7e:75:d6:73:a1:75:60:db:f6:ba:21:18:c6:bf:78:12:34:
         3a:7d:a3:af:67:e1:2e:cf:12:30:cd:0a:ab:cc:3d:01:dd:7b:
         84:be:43:d5:f3:42:4a:f8:00:ed:35:ab:30:df:47:af:f6:4f:
         71:7d:6e:6f:ab:2b:59:cd:bf:78:31:1c:07:66:64:9e:c8:e9:
         85:76:16:f5:58:d3:ed:ae:15:5b:1e:cd:9b:77:c1:61:54:ad:
         86:36:b1:e1:3f:f3:19:2b:4b:37:ea:9a:70:d7:d1:80:09:a6:
         cf:90:cd:a2:51:bc:07:ff:23:39:2d:f5:0f:bd:82:10:6d:40:
         f2:67:86:29:ad:cf:63:c3:b7:56:26:af:cf:61:cc:a9:0e:2b:
         54:8b:89:dd:48:82:0f:5e:70:5b:99:ef:22:41:78:0a:ad:ed:
         df:8f:6b:32:fa:b6:5e:ac:d1:df:8a:68:7a:e9:2f:9e:32:c8:
         6d:e9:8c:64:7e:a7:4c:fb:d6:ea:f8:2d:4f:8d:27:2f:ca:d1:
         b8:1d:a7:9f:80:ea:17:69:0a:fd:0b:f3:30:d2:35:d5:90:8b:
         65:62:d9:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaeo95vCi1bhArk1A3erBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjUwMTAxMTk0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzRlZWI4YTMxMTkzYTdmNTNkZjVkNzJhY2M0MzFlYjE3MDhhNzM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6xtx0PVe4kYrUwRCzJiSTmOgozn5
HWPgbOC43sZH92Z/B/45Qg7kDvvq50uvz7O0Jxh4XbUnUSz1TwVv0Snlj+J2ILNi
OLHO2Iz549nAwh2UyHErf0HQyNIWJIEHAJ4VO+iVU4kfADQB53fZ2uL+YW6hg6NV
3CKzEdfgIAuFSqGGji/U9+bGyyxfgR9jlxvCsANSQHel4NbMf8OBOvdGSvplUYGU
hPyXzYRy2zqz+AcLqe90jB2rbUAswraEW6EYwmYuf3OLtTDA7vjKK7GL1SAkLifr
2qMzoPKWXoNfIN95GaKIbSC1Oxbi0qMV3O4PSngv/AuL8mLLZehDF365qwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMdO64oxGTp/U99dcqzEMesXCKc5MB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEveDA3cmlqRVpPbjlUMzExeXJNUXg2eGNJcHprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLgNwMA0G
CSqGSIb3DQEBCwUAA4IBAQAAYfQWA+Qc8z6a9XSJMCv32XQ14mH9J8HkNBfnTnBK
QKDYKngvfnXWc6F1YNv2uiEYxr94EjQ6faOvZ+EuzxIwzQqrzD0B3XuEvkPV80JK
+ADtNasw30ev9k9xfW5vqytZzb94MRwHZmSeyOmFdhb1WNPtrhVbHs2bd8FhVK2G
NrHhP/MZK0s36ppw19GACabPkM2iUbwH/yM5LfUPvYIQbUDyZ4Yprc9jw7dWJq/P
YcypDitUi4ndSIIPXnBbme8iQXgKre3fj2sy+rZerNHfimh66S+eMsht6YxkfqdM
+9bq+C1PjScvytG4HaefgOoXaQr9C/Mw0jXVkItlYtnk
-----END CERTIFICATE-----