Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/5e935b-2340-4806-b33b-faca0eb3357d/1/IrF-9wkj7eNtv0srLfHPyI1GtTA.roa
File:                     IrF-9wkj7eNtv0srLfHPyI1GtTA.roa (raw, json)
Hash identifier:          mAMlIob8u84HdQAxB78nZwUMGcefLJXlEaHY1RBkM0I=
Subject key identifier:   22:B1:7E:F7:09:23:ED:E3:6D:BF:4B:2B:2D:F1:CF:C8:8D:46:B5:30
Certificate issuer:       /CN=46fbcfc13d4d5ff6d37c226f11e121204c367d17
Certificate serial:       01942143AF2245BEDEBB09D372A4366ABD44
Authority key identifier: 46:FB:CF:C1:3D:4D:5F:F6:D3:7C:22:6F:11:E1:21:20:4C:36:7D:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RvvPwT1NX_bTfCJvEeEhIEw2fRc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/5e935b-2340-4806-b33b-faca0eb3357d/1/IrF-9wkj7eNtv0srLfHPyI1GtTA.roa
Signing time:             Wed 01 Jan 2025 09:47:51 +0000
ROA not before:           Wed 01 Jan 2025 09:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5578
IP address blocks:        185.161.174.0/24 maxlen: 24
                          185.161.175.0/24 maxlen: 24
                          2a07:c387::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/5e935b-2340-4806-b33b-faca0eb3357d/1/RvvPwT1NX_bTfCJvEeEhIEw2fRc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/5e935b-2340-4806-b33b-faca0eb3357d/1/RvvPwT1NX_bTfCJvEeEhIEw2fRc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RvvPwT1NX_bTfCJvEeEhIEw2fRc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:af:22:45:be:de:bb:09:d3:72:a4:36:6a:bd:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46fbcfc13d4d5ff6d37c226f11e121204c367d17
        Validity
            Not Before: Jan  1 09:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22b17ef70923ede36dbf4b2b2df1cfc88d46b530
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:17:bc:06:90:f0:de:cb:cf:13:b3:c1:24:06:
                    1b:1c:af:1e:b6:8c:0a:12:d1:e5:49:b4:ac:a7:30:
                    72:e1:89:e7:c7:bd:82:22:f3:1b:9e:a2:f5:7f:e0:
                    ed:18:15:96:47:a6:4b:60:58:a0:45:d9:0c:dd:6f:
                    8c:3f:50:e1:47:9a:08:93:0c:05:61:3b:0c:ec:63:
                    f5:b3:52:48:96:c7:61:80:9c:5d:eb:de:82:4a:b0:
                    f9:e6:4b:e5:2e:fa:94:9d:cf:40:a5:b8:42:77:a2:
                    b8:1d:df:8a:ed:1e:4e:c7:63:b0:de:d4:71:a6:41:
                    a0:2b:e4:7d:5f:05:bf:cd:c2:c4:ee:03:90:d4:4b:
                    95:14:cd:ca:a6:e1:e9:ca:e8:4a:c7:ae:2b:24:eb:
                    4c:ce:ab:ed:6b:0b:e0:f3:0f:25:5b:82:c4:77:81:
                    58:4c:aa:77:aa:8a:4b:ce:5a:a2:b0:3a:9f:e0:d6:
                    be:cf:b6:3a:a2:0e:7f:23:db:23:c1:94:71:cd:0c:
                    be:32:e8:a8:a6:dc:28:c9:3a:e1:95:50:3f:19:bc:
                    4e:bc:bd:3f:b9:48:44:76:ae:ac:1d:76:03:74:28:
                    20:77:68:d9:03:6c:e6:22:f5:f3:83:01:b3:d7:6b:
                    5d:b8:33:ce:0e:64:a8:3e:dd:84:e1:8c:e4:c5:d1:
                    9b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:B1:7E:F7:09:23:ED:E3:6D:BF:4B:2B:2D:F1:CF:C8:8D:46:B5:30
            X509v3 Authority Key Identifier:
                keyid:46:FB:CF:C1:3D:4D:5F:F6:D3:7C:22:6F:11:E1:21:20:4C:36:7D:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RvvPwT1NX_bTfCJvEeEhIEw2fRc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e935b-2340-4806-b33b-faca0eb3357d/1/IrF-9wkj7eNtv0srLfHPyI1GtTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/5e935b-2340-4806-b33b-faca0eb3357d/1/RvvPwT1NX_bTfCJvEeEhIEw2fRc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.161.174.0/23
                IPv6:
                  2a07:c387::/32

    Signature Algorithm: sha256WithRSAEncryption
         93:27:33:74:8c:a4:57:9f:5e:dd:8f:20:1b:f7:0e:3f:5b:48:
         72:d2:ee:d7:70:34:77:ae:64:1a:d0:b5:d7:2b:a4:bc:bf:07:
         2c:91:51:1d:09:5e:fa:16:ce:ae:0f:3a:d3:f8:f7:ad:b3:16:
         ad:5f:77:f7:b3:29:22:d8:46:03:72:1a:d5:16:b0:e1:13:ba:
         af:e0:b8:6e:14:0d:ca:d6:00:eb:75:a5:aa:59:10:49:b9:c1:
         f5:09:2f:86:4f:bc:66:04:e3:8e:a7:41:e3:4c:d9:87:fa:01:
         6a:36:cb:09:32:1d:46:a6:4f:39:a3:22:fb:d9:32:ae:8b:ec:
         a6:fa:b2:b9:7f:27:be:d2:a4:61:e7:85:2b:49:b8:cd:65:52:
         eb:d7:bd:a9:e1:23:fb:32:7a:a6:9e:9b:3c:13:48:6d:85:17:
         fa:d5:65:84:83:6b:32:c3:b4:fc:db:55:ef:76:92:01:48:5f:
         80:d2:80:43:9a:db:d0:09:62:d5:d8:a8:23:65:d0:4c:88:71:
         65:c3:aa:dc:1f:5d:1e:30:6b:26:53:4e:33:51:d7:b5:ac:57:
         3d:ed:2f:17:f8:f8:b2:e3:9f:fa:e6:97:e5:1c:e3:cc:0e:47:
         26:2e:f4:95:b9:05:25:a0:3b:60:9e:04:0c:ed:a5:ce:d8:01:
         ab:04:36:5b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhQ68iRb7euwnTcqQ2ar1EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2ZmJjZmMxM2Q0ZDVmZjZkMzdjMjI2ZjExZTEyMTIwNGMz
NjdkMTcwHhcNMjUwMTAxMDk0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmIxN2VmNzA5MjNlZGUzNmRiZjRiMmIyZGYxY2ZjODhkNDZiNTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAohe8BpDw3svPE7PBJAYbHK8etowK
EtHlSbSspzBy4Ynnx72CIvMbnqL1f+DtGBWWR6ZLYFigRdkM3W+MP1DhR5oIkwwF
YTsM7GP1s1JIlsdhgJxd696CSrD55kvlLvqUnc9ApbhCd6K4Hd+K7R5Ox2Ow3tRx
pkGgK+R9XwW/zcLE7gOQ1EuVFM3KpuHpyuhKx64rJOtMzqvtawvg8w8lW4LEd4FY
TKp3qopLzlqisDqf4Na+z7Y6og5/I9sjwZRxzQy+MuioptwoyTrhlVA/GbxOvL0/
uUhEdq6sHXYDdCggd2jZA2zmIvXzgwGz12tduDPODmSoPt2E4YzkxdGbUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCKxfvcJI+3jbb9LKy3xz8iNRrUwMB8GA1UdIwQY
MBaAFEb7z8E9TV/203wibxHhISBMNn0XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnZ2UHdUMU5YX2JUZkNKdkVlRWhJRXcyZlJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS81ZTkzNWItMjM0MC00ODA2LWIzM2It
ZmFjYTBlYjMzNTdkLzEvSXJGLTl3a2o3ZU50djBzckxmSFB5STFHdFRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS81ZTkzNWItMjM0MC00ODA2LWIzM2ItZmFjYTBlYjMzNTdk
LzEvUnZ2UHdUMU5YX2JUZkNKdkVlRWhJRXcyZlJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuaGuMA0E
AgACMAcDBQAqB8OHMA0GCSqGSIb3DQEBCwUAA4IBAQCTJzN0jKRXn17djyAb9w4/
W0hy0u7XcDR3rmQa0LXXK6S8vwcskVEdCV76Fs6uDzrT+PetsxatX3f3syki2EYD
chrVFrDhE7qv4LhuFA3K1gDrdaWqWRBJucH1CS+GT7xmBOOOp0HjTNmH+gFqNssJ
Mh1Gpk85oyL72TKui+ym+rK5fye+0qRh54UrSbjNZVLr172p4SP7Mnqmnps8E0ht
hRf61WWEg2syw7T821XvdpIBSF+A0oBDmtvQCWLV2KgjZdBMiHFlw6rcH10eMGsm
U04zUde1rFc97S8X+Piy45/65pflHOPMDkcmLvSVuQUloDtgngQM7aXO2AGrBDZb
-----END CERTIFICATE-----