Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/89220f-91ec-4ce1-99c5-10912279a125/1/0842G3MJ_Mx-vuE2aWTimTA0Grw.roa
File:                     0842G3MJ_Mx-vuE2aWTimTA0Grw.roa (raw, json)
Hash identifier:          K7Le/zUw2iAAOyfWrwQ4Sh89G1E5cTErCvOs0AbWaCg=
Subject key identifier:   D3:CE:36:1B:73:09:FC:CC:7E:BE:E1:36:69:64:E2:99:30:34:1A:BC
Certificate issuer:       /CN=12b7ad8587f32b27265e9c67a6132bf9b3f020fc
Certificate serial:       01942F52206CA0DF48DFEECA4D20D5922A69
Authority key identifier: 12:B7:AD:85:87:F3:2B:27:26:5E:9C:67:A6:13:2B:F9:B3:F0:20:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ErethYfzKycmXpxnphMr-bPwIPw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/89220f-91ec-4ce1-99c5-10912279a125/1/0842G3MJ_Mx-vuE2aWTimTA0Grw.roa
Signing time:             Sat 04 Jan 2025 03:18:18 +0000
ROA not before:           Sat 04 Jan 2025 03:18:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52194
IP address blocks:        46.173.176.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/89220f-91ec-4ce1-99c5-10912279a125/1/ErethYfzKycmXpxnphMr-bPwIPw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/89220f-91ec-4ce1-99c5-10912279a125/1/ErethYfzKycmXpxnphMr-bPwIPw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ErethYfzKycmXpxnphMr-bPwIPw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:2f:52:20:6c:a0:df:48:df:ee:ca:4d:20:d5:92:2a:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12b7ad8587f32b27265e9c67a6132bf9b3f020fc
        Validity
            Not Before: Jan  4 03:18:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3ce361b7309fccc7ebee1366964e29930341abc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a4:05:0b:f1:9a:c5:a2:60:33:14:7d:3f:25:
                    73:7d:45:d1:7a:d1:f1:09:06:b6:ce:4e:cb:97:a2:
                    2e:f3:d8:c2:d4:9a:ee:a5:49:81:38:69:e9:86:18:
                    a5:34:36:99:28:0f:c5:43:cf:2c:03:1b:9a:24:75:
                    0f:ed:4e:59:86:16:21:e3:3a:51:ea:30:51:3a:c7:
                    58:14:33:40:cb:ce:a3:02:f2:32:84:bf:a5:b3:e9:
                    c9:e2:3b:55:87:f4:31:0e:cb:9c:12:20:d5:cf:07:
                    e6:7e:cb:3e:fd:4c:f6:c2:4f:c8:28:77:9e:8d:66:
                    39:07:98:01:1a:1b:94:8c:55:61:d5:8c:d0:1c:1d:
                    47:41:ac:18:80:18:8c:cc:56:20:8f:79:8d:35:49:
                    ff:2a:4d:ce:8a:77:09:1d:9c:51:ce:0f:b5:ba:d0:
                    ea:6e:44:70:6d:85:a9:6c:4e:0d:b5:69:f8:26:c5:
                    3f:68:95:20:80:4b:39:e1:c1:3c:b2:37:33:7a:f1:
                    f2:c8:4f:90:a0:52:70:cd:dd:da:3e:b8:40:30:d5:
                    a0:f0:3f:f5:e6:82:d8:11:37:94:c6:ae:af:98:39:
                    f2:ac:aa:70:fd:a6:2b:c2:27:c7:88:46:17:83:68:
                    5f:b4:f0:93:51:ce:db:6d:c7:f8:e8:6d:ba:a8:ad:
                    aa:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:CE:36:1B:73:09:FC:CC:7E:BE:E1:36:69:64:E2:99:30:34:1A:BC
            X509v3 Authority Key Identifier:
                keyid:12:B7:AD:85:87:F3:2B:27:26:5E:9C:67:A6:13:2B:F9:B3:F0:20:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ErethYfzKycmXpxnphMr-bPwIPw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/89220f-91ec-4ce1-99c5-10912279a125/1/0842G3MJ_Mx-vuE2aWTimTA0Grw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/89220f-91ec-4ce1-99c5-10912279a125/1/ErethYfzKycmXpxnphMr-bPwIPw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.173.176.0/20

    Signature Algorithm: sha256WithRSAEncryption
         49:0e:7d:73:66:aa:31:ac:11:f0:2c:44:2a:62:ee:33:80:cc:
         00:09:b3:6b:02:78:db:7b:4a:c0:4e:2f:23:5f:e3:07:ce:2e:
         1b:7e:32:f9:c0:d4:30:b0:fe:58:0b:e1:25:f5:37:e9:a0:e3:
         a4:7c:ae:65:8f:bb:a5:9e:b0:db:7c:cf:a9:62:fc:42:12:85:
         2d:6b:44:52:06:1b:02:7f:dd:c5:1d:a1:26:0a:a7:42:b3:79:
         d4:96:a5:08:31:60:5b:17:32:a7:be:74:b6:eb:e4:23:82:2d:
         b7:ae:b0:4f:f0:4c:b5:01:90:66:b5:95:2a:b0:bc:f3:ca:c5:
         db:80:15:66:4d:47:b5:51:a6:0b:6e:ec:80:c5:a5:de:e7:36:
         aa:18:2b:cb:1a:18:ab:85:44:cf:4f:4b:52:50:b0:68:7c:63:
         e6:94:69:ab:26:34:fe:6c:5f:4a:47:ea:69:2e:8e:bb:10:34:
         ff:43:44:bf:1e:2a:25:c1:90:ea:88:57:eb:4c:a9:41:7b:13:
         1c:b4:13:c0:02:31:12:7b:9a:98:36:18:6b:8d:76:e8:44:06:
         c4:8b:73:a4:90:62:8b:71:83:c6:fc:6c:e2:04:58:34:e8:c2:
         31:02:d1:98:11:0d:26:76:fc:9c:d7:2f:fd:eb:e3:1a:1b:3a:
         b2:0c:8e:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQvUiBsoN9I3+7KTSDVkippMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYjdhZDg1ODdmMzJiMjcyNjVlOWM2N2E2MTMyYmY5YjNm
MDIwZmMwHhcNMjUwMTA0MDMxODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2NlMzYxYjczMDlmY2NjN2ViZWUxMzY2OTY0ZTI5OTMwMzQxYWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqQFC/GaxaJgMxR9PyVzfUXRetHx
CQa2zk7Ll6Iu89jC1JrupUmBOGnphhilNDaZKA/FQ88sAxuaJHUP7U5ZhhYh4zpR
6jBROsdYFDNAy86jAvIyhL+ls+nJ4jtVh/QxDsucEiDVzwfmfss+/Uz2wk/IKHee
jWY5B5gBGhuUjFVh1YzQHB1HQawYgBiMzFYgj3mNNUn/Kk3OincJHZxRzg+1utDq
bkRwbYWpbE4NtWn4JsU/aJUggEs54cE8sjczevHyyE+QoFJwzd3aPrhAMNWg8D/1
5oLYETeUxq6vmDnyrKpw/aYrwifHiEYXg2hftPCTUc7bbcf46G26qK2quwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPONhtzCfzMfr7hNmlk4pkwNBq8MB8GA1UdIwQY
MBaAFBK3rYWH8ysnJl6cZ6YTK/mz8CD8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXJldGhZZnpLeWNtWHB4bnBoTXItYlB3SVB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni84OTIyMGYtOTFlYy00Y2UxLTk5YzUt
MTA5MTIyNzlhMTI1LzEvMDg0MkczTUpfTXgtdnVFMmFXVGltVEEwR3J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni84OTIyMGYtOTFlYy00Y2UxLTk5YzUtMTA5MTIyNzlhMTI1
LzEvRXJldGhZZnpLeWNtWHB4bnBoTXItYlB3SVB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQELq2wMA0G
CSqGSIb3DQEBCwUAA4IBAQBJDn1zZqoxrBHwLEQqYu4zgMwACbNrAnjbe0rATi8j
X+MHzi4bfjL5wNQwsP5YC+El9TfpoOOkfK5lj7ulnrDbfM+pYvxCEoUta0RSBhsC
f93FHaEmCqdCs3nUlqUIMWBbFzKnvnS26+Qjgi23rrBP8Ey1AZBmtZUqsLzzysXb
gBVmTUe1UaYLbuyAxaXe5zaqGCvLGhirhUTPT0tSULBofGPmlGmrJjT+bF9KR+pp
Lo67EDT/Q0S/HiolwZDqiFfrTKlBexMctBPAAjESe5qYNhhrjXboRAbEi3OkkGKL
cYPG/GziBFg06MIxAtGYEQ0mdvyc1y/96+MaGzqyDI7O
-----END CERTIFICATE-----