Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/M9easQkcHSQPdpi5ZGfGU4pWoUc.roa
File:                     M9easQkcHSQPdpi5ZGfGU4pWoUc.roa (raw, json)
Hash identifier:          2qkDycWdk7MJuJuaUzoNpBWkEOF+xOcflpW8m5S6jUM=
Subject key identifier:   33:D7:9A:B1:09:1C:1D:24:0F:76:98:B9:64:67:C6:53:8A:56:A1:47
Certificate issuer:       /CN=8f4669216a2078cb024231f4632eab4da7ee4bc1
Certificate serial:       0195F0E1E0710BD13D916B8850DFB8C116C7
Authority key identifier: 8F:46:69:21:6A:20:78:CB:02:42:31:F4:63:2E:AB:4D:A7:EE:4B:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/M9easQkcHSQPdpi5ZGfGU4pWoUc.roa
Signing time:             Tue 01 Apr 2025 10:24:49 +0000
ROA not before:           Tue 01 Apr 2025 10:24:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44486
IP address blocks:        185.46.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f0:e1:e0:71:0b:d1:3d:91:6b:88:50:df:b8:c1:16:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f4669216a2078cb024231f4632eab4da7ee4bc1
        Validity
            Not Before: Apr  1 10:24:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=33d79ab1091c1d240f7698b96467c6538a56a147
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:42:2b:82:2e:2d:fa:1a:0a:d9:13:20:54:6c:
                    17:df:42:38:f3:1d:c8:42:6f:ad:31:94:7f:08:16:
                    fd:44:3c:87:0b:18:7a:83:b6:68:cc:85:44:72:d7:
                    fb:0c:aa:3f:ca:5f:45:1d:d9:bf:6f:d3:84:cf:75:
                    ab:6c:a0:7e:23:98:97:4e:da:5c:f2:c3:cc:9f:64:
                    bd:e5:59:02:86:7d:1d:83:9d:94:71:9c:2f:c0:d7:
                    1a:9d:3b:0a:3e:18:57:49:57:f5:5c:76:d5:6a:18:
                    10:70:08:fe:53:b2:83:79:e4:bc:eb:32:35:a1:e1:
                    0b:1c:0f:0c:20:2a:aa:4e:e4:29:fb:8a:80:21:03:
                    aa:10:a4:a9:a6:35:08:08:90:c5:86:7c:55:bc:d2:
                    22:77:31:22:0a:e1:2d:e7:7e:9d:f8:e2:15:30:f3:
                    64:50:3d:3c:f8:0c:a3:21:e7:3e:16:8b:91:c7:6b:
                    52:fe:5b:1a:45:3c:31:23:11:5b:ae:80:b3:4b:b6:
                    e2:f1:5e:1b:80:29:3e:41:c1:ea:52:d5:fb:29:63:
                    d6:25:a6:b0:91:1a:a0:7f:47:4f:9e:49:15:ad:1d:
                    b1:09:e9:d4:55:25:76:04:e6:5b:7e:44:1f:27:af:
                    a4:1c:f0:2d:2e:c4:19:d5:dd:d1:2f:8d:0d:f7:54:
                    35:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:D7:9A:B1:09:1C:1D:24:0F:76:98:B9:64:67:C6:53:8A:56:A1:47
            X509v3 Authority Key Identifier:
                keyid:8F:46:69:21:6A:20:78:CB:02:42:31:F4:63:2E:AB:4D:A7:EE:4B:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j0ZpIWogeMsCQjH0Yy6rTafuS8E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/M9easQkcHSQPdpi5ZGfGU4pWoUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/da48e2-ff63-4bcd-82a2-d7b8eb4608e2/1/j0ZpIWogeMsCQjH0Yy6rTafuS8E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:c3:f1:ef:7f:d2:18:37:58:e7:5a:82:ab:ee:40:6c:61:d5:
         65:1d:33:71:f1:15:7d:0b:31:66:1b:85:38:1f:47:3a:22:30:
         c0:2c:aa:82:66:39:3c:4f:df:df:e6:f6:6f:64:73:be:64:7e:
         04:5b:01:4e:8b:d7:01:0d:f1:5a:6f:2e:24:cf:b1:72:1c:6b:
         13:14:d3:23:c6:81:e3:9a:4b:6e:7e:81:f8:af:b0:de:e2:24:
         bc:75:4b:d7:79:31:db:85:86:43:fe:8d:e5:83:73:f8:75:8f:
         71:c8:d7:e7:0a:73:76:69:a8:14:9d:e9:7d:a7:0b:14:cc:6a:
         5c:fa:07:1e:33:7e:e9:3f:fe:4e:a9:a0:b0:06:86:78:43:aa:
         ea:50:ca:5b:91:61:39:14:65:03:71:10:2b:0b:1a:0e:3c:6e:
         1c:a5:b2:7f:8c:59:0c:45:41:ab:a2:61:14:2e:c4:f6:88:8b:
         18:f4:00:e4:c3:a6:2e:ff:81:55:2d:82:95:86:10:59:b2:50:
         d3:65:4a:a5:6f:3e:7a:a4:ac:c0:cc:37:c6:f1:ed:1a:15:28:
         9c:39:d9:cf:1f:ac:b8:e2:f1:0b:bd:a7:16:76:a5:43:68:3b:
         43:34:2f:14:45:ce:64:48:c6:81:41:29:09:60:87:70:f8:f7:
         b4:b7:85:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXw4eBxC9E9kWuIUN+4wRbHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNDY2OTIxNmEyMDc4Y2IwMjQyMzFmNDYzMmVhYjRkYTdl
ZTRiYzEwHhcNMjUwNDAxMTAyNDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzM2Q3OWFiMTA5MWMxZDI0MGY3Njk4Yjk2NDY3YzY1MzhhNTZhMTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6EIrgi4t+hoK2RMgVGwX30I48x3I
Qm+tMZR/CBb9RDyHCxh6g7ZozIVEctf7DKo/yl9FHdm/b9OEz3WrbKB+I5iXTtpc
8sPMn2S95VkChn0dg52UcZwvwNcanTsKPhhXSVf1XHbVahgQcAj+U7KDeeS86zI1
oeELHA8MICqqTuQp+4qAIQOqEKSppjUICJDFhnxVvNIidzEiCuEt536d+OIVMPNk
UD08+AyjIec+FouRx2tS/lsaRTwxIxFbroCzS7bi8V4bgCk+QcHqUtX7KWPWJaaw
kRqgf0dPnkkVrR2xCenUVSV2BOZbfkQfJ6+kHPAtLsQZ1d3RL40N91Q1DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDPXmrEJHB0kD3aYuWRnxlOKVqFHMB8GA1UdIwQY
MBaAFI9GaSFqIHjLAkIx9GMuq02n7kvBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajBacElXb2dlTXNDUWpIMFl5NnJUYWZ1UzhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi9kYTQ4ZTItZmY2My00YmNkLTgyYTIt
ZDdiOGViNDYwOGUyLzEvTTllYXNRa2NIU1FQZHBpNVpHZkdVNHBXb1VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi9kYTQ4ZTItZmY2My00YmNkLTgyYTItZDdiOGViNDYwOGUy
LzEvajBacElXb2dlTXNDUWpIMFl5NnJUYWZ1UzhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS5wMA0G
CSqGSIb3DQEBCwUAA4IBAQBDw/Hvf9IYN1jnWoKr7kBsYdVlHTNx8RV9CzFmG4U4
H0c6IjDALKqCZjk8T9/f5vZvZHO+ZH4EWwFOi9cBDfFaby4kz7FyHGsTFNMjxoHj
mktufoH4r7De4iS8dUvXeTHbhYZD/o3lg3P4dY9xyNfnCnN2aagUnel9pwsUzGpc
+gceM37pP/5OqaCwBoZ4Q6rqUMpbkWE5FGUDcRArCxoOPG4cpbJ/jFkMRUGromEU
LsT2iIsY9ADkw6Yu/4FVLYKVhhBZslDTZUqlbz56pKzAzDfG8e0aFSicOdnPH6y4
4vELvacWdqVDaDtDNC8URc5kSMaBQSkJYIdw+Pe0t4UA
-----END CERTIFICATE-----