Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/M5xSNSg74xAiPhHirIDMnYyKKDI.roa
File:                     M5xSNSg74xAiPhHirIDMnYyKKDI.roa (raw, json)
Hash identifier:          kFY18cM1/c9JgLsf0tF1GX9g3u8AHSeqmtNVMWpdTXM=
Subject key identifier:   33:9C:52:35:28:3B:E3:10:22:3E:11:E2:AC:80:CC:9D:8C:8A:28:32
Certificate issuer:       /CN=1cee91296c94992d151a232240e6cf3a176d2039
Certificate serial:       019423D7748087C61346658E3A431E3B1743
Authority key identifier: 1C:EE:91:29:6C:94:99:2D:15:1A:23:22:40:E6:CF:3A:17:6D:20:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HO6RKWyUmS0VGiMiQObPOhdtIDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/M5xSNSg74xAiPhHirIDMnYyKKDI.roa
Signing time:             Wed 01 Jan 2025 21:48:29 +0000
ROA not before:           Wed 01 Jan 2025 21:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212621
IP address blocks:        46.172.90.0/24 maxlen: 24
                          46.172.93.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/HO6RKWyUmS0VGiMiQObPOhdtIDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/HO6RKWyUmS0VGiMiQObPOhdtIDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HO6RKWyUmS0VGiMiQObPOhdtIDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 21:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:74:80:87:c6:13:46:65:8e:3a:43:1e:3b:17:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cee91296c94992d151a232240e6cf3a176d2039
        Validity
            Not Before: Jan  1 21:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=339c5235283be310223e11e2ac80cc9d8c8a2832
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:31:ad:46:32:e2:2c:c8:32:4b:f7:68:84:4c:
                    3c:2d:4c:52:99:ce:b3:e4:c5:e8:7e:ef:f3:12:f6:
                    7f:25:3b:b4:d0:42:6e:af:eb:3c:99:c7:d0:e3:5c:
                    95:3b:71:11:c5:40:8b:42:42:6a:c1:51:b5:ed:9b:
                    96:44:5e:01:95:28:18:8c:df:0a:12:5c:10:cc:5c:
                    35:61:e1:aa:72:f9:fe:de:b6:a6:f5:91:b3:c5:40:
                    fb:11:a5:18:af:05:11:ca:c2:b1:aa:c9:96:79:c4:
                    f3:26:f6:75:39:3a:64:3a:ff:9c:51:42:18:12:a3:
                    a9:16:7c:f2:23:35:ad:af:e1:a2:6f:47:d0:cf:b7:
                    a0:02:07:66:21:3b:ef:ad:08:38:52:2a:c9:8d:2b:
                    c4:86:cf:50:9c:e6:5b:7d:60:72:b7:93:b4:8f:42:
                    6b:c1:a4:6d:4e:d7:f5:57:82:b8:81:98:82:84:bd:
                    69:aa:0a:c7:e4:d0:ac:c0:74:7f:5b:60:23:08:a0:
                    09:ed:90:a2:de:56:b0:32:58:75:ef:99:7c:b1:b7:
                    ce:b7:4d:88:92:14:22:c2:e5:5a:20:31:fb:e0:78:
                    b2:31:44:96:d4:72:71:3f:3b:aa:fa:b3:3b:43:b5:
                    27:2f:bf:29:06:c0:ce:0c:e8:37:9f:a5:a2:9b:80:
                    64:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:9C:52:35:28:3B:E3:10:22:3E:11:E2:AC:80:CC:9D:8C:8A:28:32
            X509v3 Authority Key Identifier:
                keyid:1C:EE:91:29:6C:94:99:2D:15:1A:23:22:40:E6:CF:3A:17:6D:20:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HO6RKWyUmS0VGiMiQObPOhdtIDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/M5xSNSg74xAiPhHirIDMnYyKKDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/HO6RKWyUmS0VGiMiQObPOhdtIDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.172.90.0/24
                  46.172.93.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:3f:13:46:76:88:f7:b4:c2:e5:11:ab:f6:ba:7a:9f:ae:39:
         e0:da:7c:37:5c:c1:c3:59:4f:ad:4c:6d:db:51:8b:64:bc:7b:
         c2:93:12:da:ae:6d:41:e6:69:e3:bd:10:04:2a:46:6e:14:fe:
         00:85:77:92:f9:a8:bd:7c:8a:8f:7a:e8:b8:07:ec:4f:b1:8f:
         43:8c:c6:cd:02:3c:67:b8:fb:02:a5:50:3b:a1:e8:bc:5c:f8:
         2e:da:15:3e:0c:0d:c0:b0:8f:73:9c:f8:9a:e5:78:8a:0e:21:
         d0:c0:d2:b4:d3:07:4a:86:2d:22:b5:19:c5:59:99:32:0c:05:
         ff:47:36:9b:31:03:7b:da:75:cd:ba:b3:b7:bb:a5:5c:3e:df:
         3a:5d:8f:ce:18:db:4e:dd:3b:61:ee:4c:03:01:b8:ae:97:1b:
         d5:87:fd:c3:42:ac:46:8b:94:26:49:28:d5:d2:11:e3:96:ae:
         f2:53:2d:d2:b5:4d:9c:46:19:59:60:b0:08:22:c3:83:cb:76:
         67:3b:c2:c1:73:98:13:29:8a:6c:ea:c3:05:31:08:15:ff:67:
         88:1f:35:03:50:b3:f8:c6:4c:a3:23:18:de:6b:fb:ff:f4:74:
         99:d0:0d:25:3e:47:5f:df:10:95:32:61:f9:33:5d:be:2d:5d:
         cc:85:eb:b0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj13SAh8YTRmWOOkMeOxdDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjZWU5MTI5NmM5NDk5MmQxNTFhMjMyMjQwZTZjZjNhMTc2
ZDIwMzkwHhcNMjUwMTAxMjE0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzljNTIzNTI4M2JlMzEwMjIzZTExZTJhYzgwY2M5ZDhjOGEyODMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTGtRjLiLMgyS/dohEw8LUxSmc6z
5MXofu/zEvZ/JTu00EJur+s8mcfQ41yVO3ERxUCLQkJqwVG17ZuWRF4BlSgYjN8K
ElwQzFw1YeGqcvn+3ram9ZGzxUD7EaUYrwURysKxqsmWecTzJvZ1OTpkOv+cUUIY
EqOpFnzyIzWtr+Gib0fQz7egAgdmITvvrQg4UirJjSvEhs9QnOZbfWByt5O0j0Jr
waRtTtf1V4K4gZiChL1pqgrH5NCswHR/W2AjCKAJ7ZCi3lawMlh175l8sbfOt02I
khQiwuVaIDH74HiyMUSW1HJxPzuq+rM7Q7UnL78pBsDODOg3n6Wim4BkTwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDOcUjUoO+MQIj4R4qyAzJ2MiigyMB8GA1UdIwQY
MBaAFBzukSlslJktFRojIkDmzzoXbSA5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSE82UktXeVVtUzBWR2lNaVFPYlBPaGR0SURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9jOTFlYzMtMjgyMC00MTdiLTlhYWQt
YmFjYWI0NzVlNmNjLzEvTTV4U05TZzc0eEFpUGhIaXJJRE1uWXlLS0RJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9jOTFlYzMtMjgyMC00MTdiLTlhYWQtYmFjYWI0NzVlNmNj
LzEvSE82UktXeVVtUzBWR2lNaVFPYlBPaGR0SURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALqxaAwQA
LqxdMA0GCSqGSIb3DQEBCwUAA4IBAQAMPxNGdoj3tMLlEav2unqfrjng2nw3XMHD
WU+tTG3bUYtkvHvCkxLarm1B5mnjvRAEKkZuFP4AhXeS+ai9fIqPeui4B+xPsY9D
jMbNAjxnuPsCpVA7oei8XPgu2hU+DA3AsI9znPia5XiKDiHQwNK00wdKhi0itRnF
WZkyDAX/RzabMQN72nXNurO3u6VcPt86XY/OGNtO3Tth7kwDAbiulxvVh/3DQqxG
i5QmSSjV0hHjlq7yUy3StU2cRhlZYLAIIsODy3ZnO8LBc5gTKYps6sMFMQgV/2eI
HzUDULP4xkyjIxjea/v/9HSZ0A0lPkdf3xCVMmH5M12+LV3Mheuw
-----END CERTIFICATE-----