Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/46l3zcDNK_2V63AreaLMsQrAgaE.roa
File:                     46l3zcDNK_2V63AreaLMsQrAgaE.roa (raw, json)
Hash identifier:          yY63fb353nPGfB15WkNs5SfqIg+XAt04c2yklxwzqUk=
Subject key identifier:   E3:A9:77:CD:C0:CD:2B:FD:95:EB:70:2B:79:A2:CC:B1:0A:C0:81:A1
Certificate issuer:       /CN=297364f502534e8771a0c6259794c26e26d4bca4
Certificate serial:       01942521CC55286095782A2657DAE302D4C8
Authority key identifier: 29:73:64:F5:02:53:4E:87:71:A0:C6:25:97:94:C2:6E:26:D4:BC:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/46l3zcDNK_2V63AreaLMsQrAgaE.roa
Signing time:             Thu 02 Jan 2025 03:49:19 +0000
ROA not before:           Thu 02 Jan 2025 03:49:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198394
IP address blocks:        141.105.164.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:cc:55:28:60:95:78:2a:26:57:da:e3:02:d4:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297364f502534e8771a0c6259794c26e26d4bca4
        Validity
            Not Before: Jan  2 03:49:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e3a977cdc0cd2bfd95eb702b79a2ccb10ac081a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:02:ed:17:d8:46:b6:c8:5a:e3:6e:7a:00:23:
                    4d:22:5e:f8:dc:80:21:d4:9c:ab:f5:69:b1:49:83:
                    dc:61:38:07:e0:1b:ef:4e:8e:47:f0:fb:a2:c9:34:
                    09:62:3b:db:57:b8:8e:10:40:7d:b9:4c:fd:cd:d3:
                    d2:c5:fa:0c:54:64:bd:5c:d2:f9:d6:eb:cd:6e:7f:
                    b5:d0:a2:b3:5e:4b:d6:55:39:a9:d1:98:79:ba:e3:
                    56:92:70:e8:70:2c:2c:40:28:9a:ef:22:63:4e:a3:
                    22:79:39:83:e2:70:c5:f2:34:e1:af:cd:fc:5e:b1:
                    b3:eb:90:c2:a3:65:f4:2c:f4:56:6f:98:88:70:c4:
                    df:ea:62:75:79:90:ff:2c:60:cf:4e:cf:ac:39:e0:
                    a1:10:ad:f8:12:c8:c2:47:89:1e:1c:4f:56:1b:61:
                    04:eb:39:7f:85:7e:3f:fb:bc:1b:5e:45:2c:63:a4:
                    5a:c8:b3:81:98:b5:89:f9:8c:92:aa:a0:1b:62:8b:
                    c3:e4:4a:72:50:58:fa:6d:f0:26:93:59:4c:97:ca:
                    0c:6e:c5:04:28:a1:db:3f:80:02:bb:f9:1f:25:b3:
                    23:b4:24:00:26:c1:40:c4:8d:6d:0a:e1:34:9a:8f:
                    0b:59:5f:3d:ae:d6:20:07:dd:a2:fb:e5:79:a6:40:
                    f2:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:A9:77:CD:C0:CD:2B:FD:95:EB:70:2B:79:A2:CC:B1:0A:C0:81:A1
            X509v3 Authority Key Identifier:
                keyid:29:73:64:F5:02:53:4E:87:71:A0:C6:25:97:94:C2:6E:26:D4:BC:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXNk9QJTTodxoMYll5TCbibUvKQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/46l3zcDNK_2V63AreaLMsQrAgaE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/045820-3546-407c-83a5-0a0f3e78a493/1/KXNk9QJTTodxoMYll5TCbibUvKQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.105.164.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:d0:7f:2c:d7:57:9b:6d:48:71:6b:12:df:49:54:a3:6a:ae:
         c4:9d:54:53:2a:76:a5:ca:6d:61:72:90:45:64:64:1a:ed:7c:
         f0:d2:6b:b2:84:05:58:45:94:77:ea:98:18:c2:3a:fb:02:1a:
         79:8b:14:8e:f6:99:71:1e:36:2e:f6:36:a0:9d:53:9c:49:78:
         5a:ea:b1:f5:d9:06:72:c0:99:04:7f:90:3e:e6:12:b3:74:28:
         fd:a8:a0:c2:e7:9e:d5:33:4f:b4:5d:1e:60:13:63:5a:ac:e4:
         9c:7e:26:2f:d9:a3:ca:49:ed:ed:36:f2:d7:a2:b3:ee:c9:e7:
         db:0c:8d:04:04:0e:44:38:25:a0:6e:ef:c6:f2:5a:ff:56:7e:
         c8:67:88:81:51:d5:69:de:44:6b:cf:dc:ba:e7:9b:7f:2a:5e:
         83:26:f7:9c:c0:64:ea:ef:09:79:30:10:ea:ef:b8:a0:99:ce:
         d9:1f:9f:6a:d5:6d:ec:31:9b:d7:0a:ff:46:12:b9:2e:4e:19:
         c6:64:0c:a1:f4:be:90:3c:d3:19:0c:ed:b7:6a:b1:db:32:61:
         ff:4e:18:bf:fa:86:fc:15:ea:db:00:ce:9c:42:10:03:5b:e1:
         4e:83:a7:a7:dc:3c:3f:1e:8e:13:76:19:a2:54:d6:10:83:e7:
         4a:8c:ab:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIcxVKGCVeComV9rjAtTIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzM2NGY1MDI1MzRlODc3MWEwYzYyNTk3OTRjMjZlMjZk
NGJjYTQwHhcNMjUwMTAyMDM0OTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2E5NzdjZGMwY2QyYmZkOTVlYjcwMmI3OWEyY2NiMTBhYzA4MWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5gLtF9hGtsha4256ACNNIl743IAh
1Jyr9WmxSYPcYTgH4BvvTo5H8PuiyTQJYjvbV7iOEEB9uUz9zdPSxfoMVGS9XNL5
1uvNbn+10KKzXkvWVTmp0Zh5uuNWknDocCwsQCia7yJjTqMieTmD4nDF8jThr838
XrGz65DCo2X0LPRWb5iIcMTf6mJ1eZD/LGDPTs+sOeChEK34EsjCR4keHE9WG2EE
6zl/hX4/+7wbXkUsY6RayLOBmLWJ+YySqqAbYovD5EpyUFj6bfAmk1lMl8oMbsUE
KKHbP4ACu/kfJbMjtCQAJsFAxI1tCuE0mo8LWV89rtYgB92i++V5pkDyVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOpd83AzSv9letwK3mizLEKwIGhMB8GA1UdIwQY
MBaAFClzZPUCU06HcaDGJZeUwm4m1LykMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hOazlRSlRUb2R4b01ZbGw1VENiaWJVdktRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wNDU4MjAtMzU0Ni00MDdjLTgzYTUt
MGEwZjNlNzhhNDkzLzEvNDZsM3pjRE5LXzJWNjNBcmVhTE1zUXJBZ2FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wNDU4MjAtMzU0Ni00MDdjLTgzYTUtMGEwZjNlNzhhNDkz
LzEvS1hOazlRSlRUb2R4b01ZbGw1VENiaWJVdktRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBjWmkMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ0H8s11ebbUhxaxLfSVSjaq7EnVRTKnalym1hcpBF
ZGQa7Xzw0muyhAVYRZR36pgYwjr7Ahp5ixSO9plxHjYu9jagnVOcSXha6rH12QZy
wJkEf5A+5hKzdCj9qKDC557VM0+0XR5gE2NarOScfiYv2aPKSe3tNvLXorPuyefb
DI0EBA5EOCWgbu/G8lr/Vn7IZ4iBUdVp3kRrz9y655t/Kl6DJvecwGTq7wl5MBDq
77igmc7ZH59q1W3sMZvXCv9GErkuThnGZAyh9L6QPNMZDO23arHbMmH/Thi/+ob8
FerbAM6cQhADW+FOg6en3Dw/Ho4TdhmiVNYQg+dKjKvo
-----END CERTIFICATE-----