Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/mldrwLJpesjnj5aKwUEtNxwcIt0.roa
File:                     mldrwLJpesjnj5aKwUEtNxwcIt0.roa (raw, json)
Hash identifier:          Yqfn3aE8gft9fmdAE2YrPGmZXgurBxQuiLes9eTp6vY=
Subject key identifier:   9A:57:6B:C0:B2:69:7A:C8:E7:8F:96:8A:C1:41:2D:37:1C:1C:22:DD
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019425FC6DD5F38003BDA384EE600364D7B0
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/mldrwLJpesjnj5aKwUEtNxwcIt0.roa
Signing time:             Thu 02 Jan 2025 07:48:07 +0000
ROA not before:           Thu 02 Jan 2025 07:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12697
IP address blocks:        46.249.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 09:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:6d:d5:f3:80:03:bd:a3:84:ee:60:03:64:d7:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 07:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a576bc0b2697ac8e78f968ac1412d371c1c22dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:bb:7f:25:dc:39:c9:ae:96:66:e8:57:26:34:
                    03:85:ef:7a:8a:59:03:43:db:94:61:03:7e:25:ce:
                    16:fd:ff:5c:75:d6:87:78:b3:4b:79:cd:cc:fe:ef:
                    1e:96:c8:97:e8:18:6b:33:87:1a:f7:63:f5:0d:84:
                    c3:f7:b7:21:90:1b:27:e0:c4:f7:c4:a1:ca:08:7b:
                    cd:3f:35:55:f1:71:c8:2a:52:82:a0:da:31:81:04:
                    73:5a:5b:af:02:8a:18:53:46:6e:83:a0:fd:43:19:
                    e5:ce:b6:dd:94:a6:a3:8f:48:6b:74:f8:d7:22:e5:
                    13:de:58:cb:15:d9:bc:f4:d6:61:fa:c5:f3:ef:08:
                    5c:1b:58:0f:ab:66:50:7b:b4:34:0e:25:97:2e:4d:
                    37:12:d0:e3:fd:ad:a1:23:1d:82:7d:8f:bf:ed:1e:
                    c2:dc:67:e5:58:71:22:15:99:bd:2e:8f:81:52:70:
                    30:a9:96:8d:ce:4e:db:31:6e:e4:0d:3c:d8:ec:83:
                    28:f1:b8:29:c5:bc:97:aa:de:11:12:af:ce:36:0a:
                    90:12:3f:5e:16:00:ad:c4:ea:6d:69:ae:08:28:d9:
                    39:b7:60:64:98:cf:89:b7:5c:e6:eb:38:d9:ef:aa:
                    f8:0b:f1:0c:78:99:64:f6:65:9e:11:4f:8b:09:19:
                    9b:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:57:6B:C0:B2:69:7A:C8:E7:8F:96:8A:C1:41:2D:37:1C:1C:22:DD
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/mldrwLJpesjnj5aKwUEtNxwcIt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.249.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:06:c6:34:23:d6:ea:fc:eb:e9:1d:24:95:ea:f8:8f:af:4c:
         30:6a:e7:cf:0f:2f:e6:fc:9e:b3:5f:79:f4:4b:ec:89:5b:84:
         c2:73:16:9c:74:c1:9e:14:19:fa:a5:29:bd:e2:34:97:54:dc:
         be:ea:13:4e:43:38:71:6a:47:94:60:19:3a:5b:62:a3:86:0d:
         99:84:88:5e:7a:fb:81:b5:dc:19:22:fa:31:94:95:4e:6b:2b:
         04:37:36:06:fd:ea:20:24:24:62:89:a3:1f:63:ca:35:8a:3b:
         cf:8d:64:32:de:5b:a2:a0:bb:9d:92:09:24:14:22:15:b9:9f:
         57:af:9d:32:ee:39:eb:76:a5:b0:2a:da:26:92:4d:0c:32:ba:
         f6:d6:d3:5a:ee:90:f1:0c:1d:6f:34:25:25:a7:ea:a1:9e:4f:
         1a:53:ab:ac:8b:48:f0:2b:01:74:88:9b:57:a1:89:ca:d1:2e:
         94:09:31:b9:e2:9c:a6:9e:dd:0b:a4:89:87:08:91:09:5a:57:
         81:c5:43:6b:64:75:32:06:fa:90:d0:3a:f2:c3:07:09:03:88:
         87:5e:79:b8:40:b5:9d:d6:5f:13:cf:6f:11:88:82:f1:d7:69:
         31:58:38:53:c4:56:9f:1d:e5:71:5e:04:2e:85:1e:c6:9f:00:
         08:90:ff:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/G3V84ADvaOE7mADZNewMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwMTAyMDc0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTU3NmJjMGIyNjk3YWM4ZTc4Zjk2OGFjMTQxMmQzNzFjMWMyMmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwLt/Jdw5ya6WZuhXJjQDhe96ilkD
Q9uUYQN+Jc4W/f9cddaHeLNLec3M/u8elsiX6BhrM4ca92P1DYTD97chkBsn4MT3
xKHKCHvNPzVV8XHIKlKCoNoxgQRzWluvAooYU0Zug6D9QxnlzrbdlKajj0hrdPjX
IuUT3ljLFdm89NZh+sXz7whcG1gPq2ZQe7Q0DiWXLk03EtDj/a2hIx2CfY+/7R7C
3GflWHEiFZm9Lo+BUnAwqZaNzk7bMW7kDTzY7IMo8bgpxbyXqt4REq/ONgqQEj9e
FgCtxOptaa4IKNk5t2BkmM+Jt1zm6zjZ76r4C/EMeJlk9mWeEU+LCRmbNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJpXa8CyaXrI54+WisFBLTccHCLdMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvbWxkcndMSnBlc2puajVhS3dVRXROeHdjSXQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvlgMA0G
CSqGSIb3DQEBCwUAA4IBAQBVBsY0I9bq/OvpHSSV6viPr0wwaufPDy/m/J6zX3n0
S+yJW4TCcxacdMGeFBn6pSm94jSXVNy+6hNOQzhxakeUYBk6W2Kjhg2ZhIheevuB
tdwZIvoxlJVOaysENzYG/eogJCRiiaMfY8o1ijvPjWQy3luioLudkgkkFCIVuZ9X
r50y7jnrdqWwKtomkk0MMrr21tNa7pDxDB1vNCUlp+qhnk8aU6usi0jwKwF0iJtX
oYnK0S6UCTG54pymnt0LpImHCJEJWleBxUNrZHUyBvqQ0DrywwcJA4iHXnm4QLWd
1l8Tz28RiILx12kxWDhTxFafHeVxXgQuhR7GnwAIkP8B
-----END CERTIFICATE-----