Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/iTL48tihI-jSr_mP1B3k9BPcqFk.roa
File:                     iTL48tihI-jSr_mP1B3k9BPcqFk.roa (raw, json)
Hash identifier:          r5p5vRI3z0PUvi9slj/UiapNKpOLBAYTyIZgb356OFc=
Subject key identifier:   89:32:F8:F2:D8:A1:23:E8:D2:AF:F9:8F:D4:1D:E4:F4:13:DC:A8:59
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019427B5AFDEE4E077A6FBDCF293A803A217
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/iTL48tihI-jSr_mP1B3k9BPcqFk.roa
Signing time:             Thu 02 Jan 2025 15:50:05 +0000
ROA not before:           Thu 02 Jan 2025 15:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201776
IP address blocks:        46.161.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:af:de:e4:e0:77:a6:fb:dc:f2:93:a8:03:a2:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 15:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8932f8f2d8a123e8d2aff98fd41de4f413dca859
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:d7:a4:1b:71:2b:25:cf:49:82:2d:dc:2d:d6:
                    b9:4b:2b:1e:b9:56:8e:88:5d:16:93:69:93:29:db:
                    c8:91:b4:9c:3b:c5:28:5b:76:4b:20:96:8b:70:46:
                    4e:dc:ed:4f:1d:85:3f:59:97:a0:68:8e:65:81:88:
                    01:a0:05:0d:0a:49:68:07:45:2d:60:b0:8c:eb:ba:
                    b6:03:e3:9e:5b:dd:4b:5c:c6:01:25:82:d5:6c:54:
                    d4:a0:4e:91:86:87:32:90:55:46:24:75:2f:05:3a:
                    fb:78:9b:0d:d1:94:19:66:a6:87:36:bf:79:ce:73:
                    c0:7b:69:2b:de:7b:51:5e:35:18:28:98:7e:56:1b:
                    05:85:62:bb:f7:4f:84:67:cb:5e:8b:e4:87:74:ac:
                    5c:0d:85:63:96:8f:b4:a8:08:8d:18:fe:9b:d8:c3:
                    97:3a:70:d2:b4:d4:9d:61:ec:34:1c:fd:be:5b:0e:
                    b2:f5:60:9a:99:5c:a4:41:d8:42:42:d8:c0:24:3d:
                    d5:fa:be:2f:8b:cf:fb:34:08:2f:e9:de:f5:23:78:
                    7d:58:7e:1d:56:f5:4a:0b:7c:55:c3:a4:11:09:1c:
                    cc:aa:74:1b:30:4e:b2:81:7b:06:03:9a:c1:32:39:
                    3a:b4:2e:cc:7f:28:0a:e3:e6:64:03:8d:35:3d:c3:
                    39:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:32:F8:F2:D8:A1:23:E8:D2:AF:F9:8F:D4:1D:E4:F4:13:DC:A8:59
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/iTL48tihI-jSr_mP1B3k9BPcqFk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.161.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:bd:7a:42:f2:26:eb:bf:3d:c9:26:64:92:d9:20:16:5f:de:
         33:0b:6d:49:ae:2e:bd:d4:b0:c8:92:6c:96:a8:7c:32:88:d2:
         6b:33:ca:fc:a4:75:90:68:45:83:60:f2:43:c6:a6:cf:46:df:
         ea:3e:aa:97:ca:2e:55:db:78:36:fc:7e:f6:43:12:6d:21:a0:
         12:41:94:91:67:2a:c2:78:97:f3:8b:1e:ed:2e:91:3d:9b:c5:
         e1:0d:9e:f5:d9:e1:88:d8:9a:88:fd:d4:b2:bb:16:73:37:1f:
         4e:8d:9d:11:cb:ec:c7:aa:7d:b1:46:a4:06:cf:d8:cd:82:e3:
         f7:f2:a8:0a:6e:e8:c2:f3:83:77:d1:e3:af:f5:34:24:75:08:
         5c:94:e1:95:1d:1d:a2:1e:5a:71:c4:8f:e1:18:a2:2a:e2:28:
         2c:ec:47:ba:f0:f1:76:1c:3f:e0:1c:82:27:a3:51:99:49:43:
         07:52:31:37:29:0d:7b:4b:98:5d:22:7f:a3:ed:ef:a6:78:8e:
         a5:e3:ef:6e:60:a9:2b:cb:14:8a:2d:9e:dd:d2:58:29:53:bb:
         d4:9b:45:ee:f9:d3:a7:c6:ef:a7:20:e4:00:5b:38:14:a2:2e:
         a2:41:55:dd:22:f4:fd:5b:9a:71:43:13:66:eb:d5:8d:2a:32:
         a7:29:e9:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnta/e5OB3pvvc8pOoA6IXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwMTAyMTU1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTMyZjhmMmQ4YTEyM2U4ZDJhZmY5OGZkNDFkZTRmNDEzZGNhODU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj9ekG3ErJc9Jgi3cLda5SyseuVaO
iF0Wk2mTKdvIkbScO8UoW3ZLIJaLcEZO3O1PHYU/WZegaI5lgYgBoAUNCkloB0Ut
YLCM67q2A+OeW91LXMYBJYLVbFTUoE6RhocykFVGJHUvBTr7eJsN0ZQZZqaHNr95
znPAe2kr3ntRXjUYKJh+VhsFhWK790+EZ8tei+SHdKxcDYVjlo+0qAiNGP6b2MOX
OnDStNSdYew0HP2+Ww6y9WCamVykQdhCQtjAJD3V+r4vi8/7NAgv6d71I3h9WH4d
VvVKC3xVw6QRCRzMqnQbME6ygXsGA5rBMjk6tC7MfygK4+ZkA401PcM56wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIky+PLYoSPo0q/5j9Qd5PQT3KhZMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvaVRMNDh0aWhJLWpTcl9tUDFCM2s5QlBjcUZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALqEJMA0G
CSqGSIb3DQEBCwUAA4IBAQBFvXpC8ibrvz3JJmSS2SAWX94zC21Jri691LDIkmyW
qHwyiNJrM8r8pHWQaEWDYPJDxqbPRt/qPqqXyi5V23g2/H72QxJtIaASQZSRZyrC
eJfzix7tLpE9m8XhDZ712eGI2JqI/dSyuxZzNx9OjZ0Ry+zHqn2xRqQGz9jNguP3
8qgKbujC84N30eOv9TQkdQhclOGVHR2iHlpxxI/hGKIq4igs7Ee68PF2HD/gHIIn
o1GZSUMHUjE3KQ17S5hdIn+j7e+meI6l4+9uYKkryxSKLZ7d0lgpU7vUm0Xu+dOn
xu+nIOQAWzgUoi6iQVXdIvT9W5pxQxNm69WNKjKnKems
-----END CERTIFICATE-----