Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/OVTjGADJ7YYJwQ0oJOwTN2X0vSY.roa
File:                     OVTjGADJ7YYJwQ0oJOwTN2X0vSY.roa (raw, json)
Hash identifier:          qsBTTkXpQxhgbXJV5zUDTdGyL3Kcpnnbr12OpzsF9V0=
Subject key identifier:   39:54:E3:18:00:C9:ED:86:09:C1:0D:28:24:EC:13:37:65:F4:BD:26
Certificate issuer:       /CN=e1ac0322b3eab6572ece2a0ac5abf164a5bbff20
Certificate serial:       019422FB70030DA6F359DBFDFD86C4875CD7
Authority key identifier: E1:AC:03:22:B3:EA:B6:57:2E:CE:2A:0A:C5:AB:F1:64:A5:BB:FF:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4awDIrPqtlcuzioKxavxZKW7_yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/OVTjGADJ7YYJwQ0oJOwTN2X0vSY.roa
Signing time:             Wed 01 Jan 2025 17:48:11 +0000
ROA not before:           Wed 01 Jan 2025 17:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50181
IP address blocks:        46.31.176.0/23 maxlen: 23
                          77.243.220.0/23 maxlen: 23
                          77.243.222.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/4awDIrPqtlcuzioKxavxZKW7_yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/4awDIrPqtlcuzioKxavxZKW7_yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4awDIrPqtlcuzioKxavxZKW7_yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:70:03:0d:a6:f3:59:db:fd:fd:86:c4:87:5c:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ac0322b3eab6572ece2a0ac5abf164a5bbff20
        Validity
            Not Before: Jan  1 17:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3954e31800c9ed8609c10d2824ec133765f4bd26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:c8:9d:98:86:79:d3:c8:2f:93:02:31:16:08:
                    e8:79:18:cb:17:37:4f:70:15:12:d1:a6:02:82:18:
                    e5:8f:67:a1:bd:f8:22:da:06:c9:7c:18:d3:ef:25:
                    26:78:9f:05:76:ca:ca:29:26:0e:5c:b1:cb:8a:0e:
                    32:0c:19:5e:8e:75:d1:6e:94:10:ef:75:22:71:a1:
                    ce:03:7b:1b:5c:dc:68:1d:fd:17:87:a7:fd:9c:96:
                    05:66:52:3e:ae:2e:0e:07:bd:a2:4a:19:99:b2:4d:
                    00:cf:d1:92:5a:7e:c4:69:3d:b7:82:fa:05:65:4c:
                    1f:6b:28:52:55:f4:5a:3d:01:ec:66:55:cb:44:d7:
                    9b:37:13:66:9a:ab:ef:42:9f:6c:89:1b:f5:19:84:
                    35:a9:4c:1d:61:34:c8:29:3c:39:4a:18:3e:52:2b:
                    52:f2:9b:7e:2e:ce:5c:70:46:02:a8:7f:b1:0d:93:
                    9f:5e:8b:43:db:3f:ae:77:1a:db:11:d8:97:22:65:
                    eb:09:77:41:82:3c:be:47:cc:3d:97:b1:42:ff:52:
                    73:dd:d5:06:a5:f7:b0:85:9d:a3:f6:a2:39:83:e0:
                    fe:9e:a9:87:d9:a2:3f:27:c6:7c:a4:72:6d:b7:5c:
                    e7:21:4a:3c:20:a1:84:df:3b:7b:b7:ce:c4:d1:b7:
                    7a:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:54:E3:18:00:C9:ED:86:09:C1:0D:28:24:EC:13:37:65:F4:BD:26
            X509v3 Authority Key Identifier:
                keyid:E1:AC:03:22:B3:EA:B6:57:2E:CE:2A:0A:C5:AB:F1:64:A5:BB:FF:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4awDIrPqtlcuzioKxavxZKW7_yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/OVTjGADJ7YYJwQ0oJOwTN2X0vSY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/4awDIrPqtlcuzioKxavxZKW7_yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.176.0/23
                  77.243.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:a4:73:75:da:a5:d7:3b:62:31:86:08:2c:cf:74:81:96:07:
         0b:e0:1f:62:f9:6b:3e:e8:37:25:fa:62:20:bb:05:7b:fc:85:
         91:b4:66:c6:34:93:cf:17:48:dc:24:a2:b7:af:bd:f3:d8:de:
         ec:64:9c:38:19:9e:f9:0e:30:73:df:20:c5:8a:54:6b:90:22:
         46:ac:37:a5:e9:d3:8f:f2:7d:bb:15:1a:d7:36:b8:14:97:47:
         fa:08:fc:0b:c2:2b:a1:78:b4:dc:58:5d:d7:7e:1e:40:18:52:
         c9:24:83:ad:f9:45:fd:5d:31:ea:b5:8c:5b:56:64:0c:1d:93:
         16:29:5f:9c:e9:09:03:0c:b7:dd:34:dc:ec:ce:2b:cb:cf:5c:
         8d:91:99:1b:60:3d:4b:6c:3f:94:df:37:04:af:3c:16:44:c6:
         a9:ef:2e:74:e9:1a:80:b9:66:25:0d:93:54:9b:e7:b1:8d:65:
         0b:53:50:e9:69:04:82:19:5a:a0:76:06:73:a8:42:dc:73:27:
         39:53:b0:90:7b:f7:cd:e6:90:cf:a6:73:42:71:8d:12:6a:2b:
         69:32:32:c3:08:c5:25:68:ae:71:9d:80:c7:55:d3:97:fa:64:
         e4:be:76:86:5d:5c:48:4b:96:5a:7a:f6:59:e9:50:fb:dd:7c:
         af:c8:80:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+3ADDabzWdv9/YbEh1zXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxYWMwMzIyYjNlYWI2NTcyZWNlMmEwYWM1YWJmMTY0YTVi
YmZmMjAwHhcNMjUwMTAxMTc0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTU0ZTMxODAwYzllZDg2MDljMTBkMjgyNGVjMTMzNzY1ZjRiZDI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA78idmIZ508gvkwIxFgjoeRjLFzdP
cBUS0aYCghjlj2ehvfgi2gbJfBjT7yUmeJ8FdsrKKSYOXLHLig4yDBlejnXRbpQQ
73UicaHOA3sbXNxoHf0Xh6f9nJYFZlI+ri4OB72iShmZsk0Az9GSWn7EaT23gvoF
ZUwfayhSVfRaPQHsZlXLRNebNxNmmqvvQp9siRv1GYQ1qUwdYTTIKTw5Shg+UitS
8pt+Ls5ccEYCqH+xDZOfXotD2z+udxrbEdiXImXrCXdBgjy+R8w9l7FC/1Jz3dUG
pfewhZ2j9qI5g+D+nqmH2aI/J8Z8pHJtt1znIUo8IKGE3zt7t87E0bd6JQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDlU4xgAye2GCcENKCTsEzdl9L0mMB8GA1UdIwQY
MBaAFOGsAyKz6rZXLs4qCsWr8WSlu/8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGF3RElyUHF0bGN1emlvS3hhdnhaS1c3X3lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9mZjAwMzYtODMxMy00YjNkLWFkN2Yt
OGQ4MWZkYzZmMTcwLzEvT1ZUakdBREo3WVlKd1Ewb0pPd1ROMlgwdlNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9mZjAwMzYtODMxMy00YjNkLWFkN2YtOGQ4MWZkYzZmMTcw
LzEvNGF3RElyUHF0bGN1emlvS3hhdnhaS1c3X3lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLh+wAwQC
TfPcMA0GCSqGSIb3DQEBCwUAA4IBAQA8pHN12qXXO2Ixhggsz3SBlgcL4B9i+Ws+
6Dcl+mIguwV7/IWRtGbGNJPPF0jcJKK3r73z2N7sZJw4GZ75DjBz3yDFilRrkCJG
rDel6dOP8n27FRrXNrgUl0f6CPwLwiuheLTcWF3Xfh5AGFLJJIOt+UX9XTHqtYxb
VmQMHZMWKV+c6QkDDLfdNNzszivLz1yNkZkbYD1LbD+U3zcErzwWRMap7y506RqA
uWYlDZNUm+exjWULU1DpaQSCGVqgdgZzqELccyc5U7CQe/fN5pDPpnNCcY0Saitp
MjLDCMUlaK5xnYDHVdOX+mTkvnaGXVxIS5ZaevZZ6VD73XyvyIA4
-----END CERTIFICATE-----