Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS46844.roa
File:                     AS46844.roa (raw, json)
Hash identifier:          zYlax3luewm5NNEbGKTgTAZcDC+P92kWb2VxrC+iXl4=
Subject key identifier:   3A:FF:CC:54:86:5F:DC:01:78:EC:CC:AD:32:DC:98:3D:CD:AB:3C:F0
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       1944FAD0BD1C692DFC16173E2797AF2B1E3DB471
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS46844.roa
Signing time:             Sat 18 Jan 2025 05:53:51 +0000
ROA not before:           Sat 18 Jan 2025 05:48:51 +0000
ROA not after:            Sat 17 Jan 2026 05:53:51 +0000
asID:                     46844
IP address blocks:        191.101.48.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Feb 2025 07:05:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            19:44:fa:d0:bd:1c:69:2d:fc:16:17:3e:27:97:af:2b:1e:3d:b4:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Jan 18 05:48:51 2025 GMT
            Not After : Jan 17 05:53:51 2026 GMT
        Subject: CN=3AFFCC54865FDC0178ECCCAD32DC983DCDAB3CF0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:2b:87:fb:c7:4c:00:0d:26:1b:03:2c:1f:ce:
                    48:ea:57:e8:8c:68:6f:94:93:de:b3:0b:dd:f9:cd:
                    bb:04:13:51:f7:e8:7f:a4:d8:3b:4a:b1:fe:05:dc:
                    71:f6:c2:7b:db:82:c3:71:32:50:af:fa:8e:20:da:
                    9a:eb:d9:05:7b:7e:34:f8:8e:e4:16:b4:5b:ab:ec:
                    65:bf:e6:43:42:25:ab:65:4b:c5:df:27:31:8a:a6:
                    05:63:a3:9d:6d:4d:d2:b1:84:89:b5:47:82:69:e3:
                    54:61:5b:7d:78:d8:9b:71:c3:5c:bc:53:a4:ec:bf:
                    99:47:22:c6:44:73:ae:26:62:32:3d:da:6a:73:de:
                    4c:78:79:1d:ca:8e:99:9c:5c:a9:5d:22:c7:8c:7c:
                    35:b3:2b:03:01:02:7a:dd:8b:25:6e:8e:69:30:3f:
                    b7:e2:9c:91:89:da:09:c1:c1:c4:b7:3c:a5:fb:44:
                    ac:ae:ba:6c:05:d4:9b:4d:e1:dc:6d:19:72:5a:57:
                    eb:af:06:51:79:8c:5f:2a:92:17:95:47:ad:cf:7f:
                    97:12:05:13:0a:61:61:c0:96:21:41:ed:27:cd:5d:
                    67:ae:59:cf:6b:76:e4:ce:4c:a1:71:85:5a:ae:10:
                    a7:d7:4f:c4:bd:82:e9:08:d1:05:a7:bc:f2:5b:e9:
                    57:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:FF:CC:54:86:5F:DC:01:78:EC:CC:AD:32:DC:98:3D:CD:AB:3C:F0
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS46844.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:38:31:a2:32:15:ee:b5:c0:9b:4c:6e:cd:e1:83:d7:42:1d:
         8c:64:7a:a3:93:0f:4d:06:52:36:b9:e6:8c:ec:38:5c:dc:85:
         0f:eb:2e:ef:fa:2c:02:87:c5:a4:65:1e:c0:8e:ed:cf:b6:cf:
         0b:d9:f9:cc:b7:1a:fa:74:c5:ea:44:f2:5c:dc:a9:3f:4a:fe:
         05:f0:7b:02:a3:c2:b3:c1:30:da:c1:b4:0c:06:91:37:fc:0d:
         f4:0b:77:b3:5e:eb:c0:a7:c2:39:31:13:34:39:ab:eb:2d:21:
         90:61:df:27:8f:f4:1e:ab:0d:a5:40:e3:52:f3:b5:1a:37:00:
         b8:2e:b2:36:d2:fc:bb:bf:7b:c6:9f:cb:db:26:8d:f4:1a:ae:
         7f:42:16:1a:0a:15:9a:a4:ea:d9:f9:aa:8c:2d:f4:38:3d:ff:
         82:12:5a:bc:9f:da:09:ef:fc:00:52:c4:08:97:1f:d2:55:61:
         f2:50:bf:44:e6:b1:4f:64:93:92:47:c9:16:d7:b8:18:0a:a9:
         37:be:6f:7a:39:90:cf:e7:01:50:eb:c3:7e:31:7c:30:84:ee:
         4a:57:b6:84:0a:5e:5f:32:1a:27:b8:45:e1:fe:b2:2e:9e:49:
         48:03:93:38:db:b0:02:20:17:3d:fe:43:6b:bb:4a:a0:4c:55:
         66:c0:8f:1c
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUGUT60L0caS38Fhc+J5evKx49tHEwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNTAxMTgwNTQ4NTFaFw0yNjAxMTcwNTUzNTFaMDMxMTAvBgNV
BAMTKDNBRkZDQzU0ODY1RkRDMDE3OEVDQ0NBRDMyREM5ODNEQ0RBQjNDRjAwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCaK4f7x0wADSYbAywfzkjqV+iM
aG+Uk96zC935zbsEE1H36H+k2DtKsf4F3HH2wnvbgsNxMlCv+o4g2prr2QV7fjT4
juQWtFur7GW/5kNCJatlS8XfJzGKpgVjo51tTdKxhIm1R4Jp41RhW3142Jtxw1y8
U6Tsv5lHIsZEc64mYjI92mpz3kx4eR3KjpmcXKldIseMfDWzKwMBAnrdiyVujmkw
P7finJGJ2gnBwcS3PKX7RKyuumwF1JtN4dxtGXJaV+uvBlF5jF8qkheVR63Pf5cS
BRMKYWHAliFB7SfNXWeuWc9rduTOTKFxhVquEKfXT8S9gukI0QWnvPJb6VchAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUOv/MVIZf3AF47MytMtyYPc2rPPAwHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDY4NDQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/ZTAw
DQYJKoZIhvcNAQELBQADggEBACc4MaIyFe61wJtMbs3hg9dCHYxkeqOTD00GUja5
5ozsOFzchQ/rLu/6LAKHxaRlHsCO7c+2zwvZ+cy3Gvp0xepE8lzcqT9K/gXwewKj
wrPBMNrBtAwGkTf8DfQLd7Ne68CnwjkxEzQ5q+stIZBh3yeP9B6rDaVA41LztRo3
ALgusjbS/Lu/e8afy9smjfQarn9CFhoKFZqk6tn5qowt9Dg9/4ISWryf2gnv/ABS
xAiXH9JVYfJQv0TmsU9kk5JHyRbXuBgKqTe+b3o5kM/nAVDrw34xfDCE7kpXtoQK
Xl8yGie4ReH+si6eSUgDkzjbsAIgFz3+Q2u7SqBMVWbAjxw=
-----END CERTIFICATE-----