Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/CnpXvHCjQBhGkHjS4GEBrsyD0Ls.roa
File:                     CnpXvHCjQBhGkHjS4GEBrsyD0Ls.roa (raw, json)
Hash identifier:          +4TTYcJ513NTSkhs1YvjASWAiCdz18RdzHM8dcd7WKs=
Subject key identifier:   0A:7A:57:BC:70:A3:40:18:46:90:78:D2:E0:61:01:AE:CC:83:D0:BB
Certificate issuer:       /CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
Certificate serial:       0196C49B3FA920454E9131F544551AE960BC
Authority key identifier: 83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/CnpXvHCjQBhGkHjS4GEBrsyD0Ls.roa
Signing time:             Mon 12 May 2025 13:07:10 +0000
ROA not before:           Mon 12 May 2025 13:07:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142111
IP address blocks:        109.122.46.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c4:9b:3f:a9:20:45:4e:91:31:f5:44:55:1a:e9:60:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e3f5ef825556b014a085d32565bb0cbc5ac8d
        Validity
            Not Before: May 12 13:07:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a7a57bc70a34018469078d2e06101aecc83d0bb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:b9:f5:7f:8e:df:7e:07:b9:03:3b:de:48:74:
                    6d:99:65:d6:b1:aa:36:5c:58:40:52:b8:c4:5b:cd:
                    b0:6e:93:fe:95:a9:8c:2c:ce:f6:73:ad:25:d4:72:
                    99:40:4a:e8:4a:6a:5c:82:2e:42:45:51:3b:b2:52:
                    55:89:b2:9a:f6:bb:d1:8b:bf:7e:d8:41:06:93:9f:
                    d4:41:68:b0:c7:e6:88:ef:48:ef:f6:37:e8:95:74:
                    0f:2e:19:1b:45:f6:10:5f:e4:e9:45:49:3f:dd:5f:
                    6a:69:50:a3:1e:7c:6b:ba:72:b2:06:b6:1d:e9:c8:
                    5e:f5:30:c2:98:db:2e:cc:10:5b:a5:0a:4d:47:1d:
                    57:16:6b:a4:15:8d:29:68:54:63:a6:87:64:5f:9b:
                    de:d2:4f:92:bc:eb:84:68:d7:ff:2c:51:d9:df:48:
                    f6:63:aa:70:c7:dd:20:b5:29:6b:b5:7a:67:98:5e:
                    0f:41:e0:70:d2:6f:fa:86:05:4d:42:47:8d:20:9c:
                    80:cf:12:05:23:07:d0:32:d5:d2:89:12:e9:0e:d0:
                    c8:b0:0a:e2:93:38:25:ee:46:05:4f:31:8f:76:ee:
                    81:a8:ab:f9:1c:a1:4b:36:85:63:18:b0:02:6a:ff:
                    ae:42:b5:2f:63:05:2b:b8:25:aa:be:e5:4c:09:d6:
                    5f:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:7A:57:BC:70:A3:40:18:46:90:78:D2:E0:61:01:AE:CC:83:D0:BB
            X509v3 Authority Key Identifier:
                keyid:83:3E:3F:5E:F8:25:55:6B:01:4A:08:5D:32:56:5B:B0:CB:C5:AC:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4_XvglVWsBSghdMlZbsMvFrI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/CnpXvHCjQBhGkHjS4GEBrsyD0Ls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/d26618-b340-4f50-b330-318a26d4a8c9/1/gz4_XvglVWsBSghdMlZbsMvFrI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.122.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:43:61:d0:c7:d3:87:b0:bb:af:6f:df:a9:70:9e:5f:ec:ac:
         94:21:78:6c:a8:78:50:9e:d7:0c:68:1d:9a:31:4a:c6:58:a2:
         56:ae:0f:dc:40:45:b9:f4:0d:75:87:8a:a7:90:a4:e0:eb:57:
         23:bd:98:3c:fa:37:d2:46:6f:47:4d:cc:21:6b:59:09:53:9e:
         61:1b:ae:af:d0:0e:ab:f6:de:52:e4:8a:f8:d9:06:16:db:00:
         3e:c4:d6:4f:4c:3b:50:5d:1b:b8:19:93:2d:12:3a:d4:36:63:
         7b:4d:6a:94:06:af:8c:72:68:1b:5f:d1:b5:12:cc:47:7f:89:
         92:1e:d0:73:8f:66:01:53:2f:d2:1f:96:52:9b:e8:24:0d:cb:
         d5:8f:d4:ef:4c:bb:37:80:4b:84:f1:10:75:30:0e:c1:e0:6c:
         63:75:c3:62:84:26:cf:45:a8:c5:54:66:22:a4:8a:0f:7e:82:
         28:39:cc:36:f8:f2:58:bc:b8:2e:9f:91:59:dc:1f:20:11:74:
         6d:29:1e:39:f9:bf:c6:f1:1e:51:f5:78:8d:30:38:2d:54:2b:
         ec:fa:66:67:ba:5c:64:26:74:6f:c5:2c:7f:26:91:63:72:49:
         1d:e8:6d:2d:f2:28:c6:c0:06:ad:0a:0c:8e:96:6c:33:f5:ca:
         42:35:da:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbEmz+pIEVOkTH1RFUa6WC8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UzZjVlZjgyNTU1NmIwMTRhMDg1ZDMyNTY1YmIwY2Jj
NWFjOGQwHhcNMjUwNTEyMTMwNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTdhNTdiYzcwYTM0MDE4NDY5MDc4ZDJlMDYxMDFhZWNjODNkMGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxLn1f47ffge5AzveSHRtmWXWsao2
XFhAUrjEW82wbpP+lamMLM72c60l1HKZQEroSmpcgi5CRVE7slJVibKa9rvRi79+
2EEGk5/UQWiwx+aI70jv9jfolXQPLhkbRfYQX+TpRUk/3V9qaVCjHnxrunKyBrYd
6che9TDCmNsuzBBbpQpNRx1XFmukFY0paFRjpodkX5ve0k+SvOuEaNf/LFHZ30j2
Y6pwx90gtSlrtXpnmF4PQeBw0m/6hgVNQkeNIJyAzxIFIwfQMtXSiRLpDtDIsAri
kzgl7kYFTzGPdu6BqKv5HKFLNoVjGLACav+uQrUvYwUruCWqvuVMCdZffQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAp6V7xwo0AYRpB40uBhAa7Mg9C7MB8GA1UdIwQY
MBaAFIM+P174JVVrAUoIXTJWW7DLxayNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAt
MzE4YTI2ZDRhOGM5LzEvQ25wWHZIQ2pRQmhHa0hqUzRHRUJyc3lEMExzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy9kMjY2MTgtYjM0MC00ZjUwLWIzMzAtMzE4YTI2ZDRhOGM5
LzEvZ3o0X1h2Z2xWV3NCU2doZE1sWmJzTXZGckkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbXouMA0G
CSqGSIb3DQEBCwUAA4IBAQCPQ2HQx9OHsLuvb9+pcJ5f7KyUIXhsqHhQntcMaB2a
MUrGWKJWrg/cQEW59A11h4qnkKTg61cjvZg8+jfSRm9HTcwha1kJU55hG66v0A6r
9t5S5Ir42QYW2wA+xNZPTDtQXRu4GZMtEjrUNmN7TWqUBq+McmgbX9G1EsxHf4mS
HtBzj2YBUy/SH5ZSm+gkDcvVj9TvTLs3gEuE8RB1MA7B4GxjdcNihCbPRajFVGYi
pIoPfoIoOcw2+PJYvLgun5FZ3B8gEXRtKR45+b/G8R5R9XiNMDgtVCvs+mZnulxk
JnRvxSx/JpFjckkd6G0t8ijGwAatCgyOlmwz9cpCNdrX
-----END CERTIFICATE-----