Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/NiiYntce0l2g8rM0crSiQd9ju9Q.roa
File:                     NiiYntce0l2g8rM0crSiQd9ju9Q.roa (raw, json)
Hash identifier:          dXNA4zFEqgeMGWVbP7xCDHL9Yv22/YkYEyRq1Xgq0Qk=
Subject key identifier:   36:28:98:9E:D7:1E:D2:5D:A0:F2:B3:34:72:B4:A2:41:DF:63:BB:D4
Certificate issuer:       /CN=c1bf8f3e609072889e74dd0fb4e27f9bac47b3b0
Certificate serial:       019425217AF0ED8FCBD3F32D73BDED425961
Authority key identifier: C1:BF:8F:3E:60:90:72:88:9E:74:DD:0F:B4:E2:7F:9B:AC:47:B3:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wb-PPmCQcoiedN0PtOJ_m6xHs7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/NiiYntce0l2g8rM0crSiQd9ju9Q.roa
Signing time:             Thu 02 Jan 2025 03:48:58 +0000
ROA not before:           Thu 02 Jan 2025 03:48:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44668
IP address blocks:        46.33.44.0/22 maxlen: 22
                          46.33.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/wb-PPmCQcoiedN0PtOJ_m6xHs7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/wb-PPmCQcoiedN0PtOJ_m6xHs7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wb-PPmCQcoiedN0PtOJ_m6xHs7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:7a:f0:ed:8f:cb:d3:f3:2d:73:bd:ed:42:59:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1bf8f3e609072889e74dd0fb4e27f9bac47b3b0
        Validity
            Not Before: Jan  2 03:48:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3628989ed71ed25da0f2b33472b4a241df63bbd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:66:8d:07:33:6e:55:14:b4:a6:56:ab:9b:22:
                    66:e8:f9:3b:42:86:a6:fb:96:90:3d:67:e6:04:59:
                    fb:15:2a:16:65:1c:9c:da:d9:4b:71:9e:03:89:70:
                    ca:0e:da:1f:fd:85:0b:a9:3b:13:4f:c3:fe:eb:dc:
                    a0:78:5d:f6:69:bf:24:4b:3e:3e:a2:4c:2a:05:31:
                    74:79:f6:35:b2:fe:54:a7:92:45:8d:12:67:46:63:
                    73:f2:ab:e4:6c:79:c4:d7:f4:d4:02:ae:88:2f:b8:
                    99:ab:d9:bf:95:92:9c:57:de:c0:c3:cb:80:14:0e:
                    5a:c4:18:58:6b:84:70:de:b2:7f:a8:4c:94:e7:ac:
                    0b:30:48:07:b8:97:31:01:4a:76:aa:52:13:c1:22:
                    63:f3:50:79:3e:08:df:08:b2:d7:35:43:69:6b:5b:
                    8d:f5:a0:77:e0:bc:8d:fc:0f:e2:c8:32:48:56:25:
                    a4:98:f2:89:b5:06:23:b5:46:45:56:26:63:25:07:
                    15:dd:94:22:c1:ae:3e:bd:1d:bb:fc:a9:76:60:ce:
                    86:5a:4f:a7:dc:7c:c8:d7:48:f8:24:c9:e5:ca:89:
                    47:f0:87:3a:5d:b3:f5:63:eb:d8:4c:67:da:c6:3d:
                    de:f6:14:37:7d:a4:a2:a4:8a:ad:24:52:ba:c1:0c:
                    62:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:28:98:9E:D7:1E:D2:5D:A0:F2:B3:34:72:B4:A2:41:DF:63:BB:D4
            X509v3 Authority Key Identifier:
                keyid:C1:BF:8F:3E:60:90:72:88:9E:74:DD:0F:B4:E2:7F:9B:AC:47:B3:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wb-PPmCQcoiedN0PtOJ_m6xHs7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/NiiYntce0l2g8rM0crSiQd9ju9Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/wb-PPmCQcoiedN0PtOJ_m6xHs7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.33.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:90:f1:16:8c:19:e2:4d:b1:36:e6:c6:ea:34:77:f6:e6:34:
         69:ae:f5:04:82:94:b9:8f:f4:69:0e:63:e1:e3:bb:92:a5:6d:
         ba:2f:bb:15:7a:ac:fa:c5:e7:d5:9e:e3:5c:94:42:7f:7f:0d:
         9b:02:d5:6d:4a:60:14:7e:c6:e6:82:95:6d:1d:6e:4b:2b:e1:
         99:d9:35:d0:7e:59:1c:86:33:5c:80:ff:18:d2:e0:7e:05:0b:
         28:ab:5a:5e:33:1e:9b:14:41:43:b2:e4:4f:6e:3c:f1:40:56:
         8c:4f:3b:e8:4d:6c:4e:cf:79:18:bf:2a:1d:8e:67:c6:bd:ba:
         ef:cb:64:ba:e8:74:c2:bf:45:b0:91:f6:15:bc:c4:d1:d8:57:
         42:ce:a9:65:3a:c6:22:83:df:44:6c:c4:2e:3d:fe:db:f0:f4:
         5c:5c:48:c3:ff:24:d3:63:f7:08:1a:0f:38:8f:35:10:75:37:
         74:b9:0f:b2:30:c3:a7:b6:66:f9:3d:9a:c5:25:3c:f7:cb:57:
         91:9e:f9:b5:e7:79:ea:c8:6d:da:8d:e1:dd:13:bc:1c:d3:b0:
         88:ab:6e:a4:43:42:06:76:43:67:79:30:29:d8:be:70:c1:9b:
         bf:b8:05:9c:e1:30:67:6d:fd:42:eb:cf:63:79:25:d4:5c:dc:
         e9:49:b4:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIXrw7Y/L0/Mtc73tQllhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYmY4ZjNlNjA5MDcyODg5ZTc0ZGQwZmI0ZTI3ZjliYWM0
N2IzYjAwHhcNMjUwMTAyMDM0ODU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjI4OTg5ZWQ3MWVkMjVkYTBmMmIzMzQ3MmI0YTI0MWRmNjNiYmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2aNBzNuVRS0plarmyJm6Pk7Qoam
+5aQPWfmBFn7FSoWZRyc2tlLcZ4DiXDKDtof/YULqTsTT8P+69ygeF32ab8kSz4+
okwqBTF0efY1sv5Up5JFjRJnRmNz8qvkbHnE1/TUAq6IL7iZq9m/lZKcV97Aw8uA
FA5axBhYa4Rw3rJ/qEyU56wLMEgHuJcxAUp2qlITwSJj81B5PgjfCLLXNUNpa1uN
9aB34LyN/A/iyDJIViWkmPKJtQYjtUZFViZjJQcV3ZQiwa4+vR27/Kl2YM6GWk+n
3HzI10j4JMnlyolH8Ic6XbP1Y+vYTGfaxj3e9hQ3faSipIqtJFK6wQxiAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDYomJ7XHtJdoPKzNHK0okHfY7vUMB8GA1UdIwQY
MBaAFMG/jz5gkHKInnTdD7Tif5usR7OwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2ItUFBtQ1Fjb2llZE4wUHRPSl9tNnhIczdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9hMWM2YzAtZTc1NC00NzllLTg1MWQt
MGQwZGEwZDEwNDMyLzEvTmlpWW50Y2UwbDJnOHJNMGNyU2lRZDlqdTlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9hMWM2YzAtZTc1NC00NzllLTg1MWQtMGQwZGEwZDEwNDMy
LzEvd2ItUFBtQ1Fjb2llZE4wUHRPSl9tNnhIczdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLiEsMA0G
CSqGSIb3DQEBCwUAA4IBAQCskPEWjBniTbE25sbqNHf25jRprvUEgpS5j/RpDmPh
47uSpW26L7sVeqz6xefVnuNclEJ/fw2bAtVtSmAUfsbmgpVtHW5LK+GZ2TXQflkc
hjNcgP8Y0uB+BQsoq1peMx6bFEFDsuRPbjzxQFaMTzvoTWxOz3kYvyodjmfGvbrv
y2S66HTCv0WwkfYVvMTR2FdCzqllOsYig99EbMQuPf7b8PRcXEjD/yTTY/cIGg84
jzUQdTd0uQ+yMMOntmb5PZrFJTz3y1eRnvm153nqyG3ajeHdE7wc07CIq26kQ0IG
dkNneTAp2L5wwZu/uAWc4TBnbf1C689jeSXUXNzpSbTY
-----END CERTIFICATE-----