Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/tkwaNKS943lqIrcwP4wFPu7CmLA.roa
File:                     tkwaNKS943lqIrcwP4wFPu7CmLA.roa (raw, json)
Hash identifier:          LUFlc4a0Hl1DhNUuKnQE9p25tD0hoETIl0Xrym01FDA=
Subject key identifier:   B6:4C:1A:34:A4:BD:E3:79:6A:22:B7:30:3F:8C:05:3E:EE:C2:98:B0
Certificate issuer:       /CN=ed6da9e41686d21c12799c8e84b274aa8241508c
Certificate serial:       019424B383436245296AED65CB9628754380
Authority key identifier: ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/tkwaNKS943lqIrcwP4wFPu7CmLA.roa
Signing time:             Thu 02 Jan 2025 01:48:51 +0000
ROA not before:           Thu 02 Jan 2025 01:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42163
IP address blocks:        46.143.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:83:43:62:45:29:6a:ed:65:cb:96:28:75:43:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed6da9e41686d21c12799c8e84b274aa8241508c
        Validity
            Not Before: Jan  2 01:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b64c1a34a4bde3796a22b7303f8c053eeec298b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:5b:7c:89:f0:28:38:d4:bc:44:8f:d6:06:58:
                    2d:fd:c3:99:af:06:59:99:7f:84:3b:64:2d:c0:2a:
                    dd:e6:b4:5b:31:1f:43:6f:eb:4e:17:9a:be:98:4d:
                    01:51:25:4b:47:11:fc:ec:d4:4b:9c:b5:32:f2:25:
                    21:ec:b4:4c:27:a9:8b:42:45:63:03:e1:20:1a:32:
                    64:36:44:f3:77:20:96:c1:00:fe:7f:30:b0:7f:26:
                    45:3d:58:5b:13:47:f6:5f:b9:2d:b2:c9:10:fa:5f:
                    bf:c7:41:91:68:95:e0:37:c5:7f:e3:77:23:a9:77:
                    ec:58:04:76:01:1d:ec:8c:c3:36:23:ec:ed:fd:a8:
                    1f:e6:c7:40:e3:d6:11:ea:cb:4c:96:37:7a:26:7b:
                    cb:a6:8e:31:32:a9:6d:4f:25:8f:7a:bc:42:1d:91:
                    be:0b:71:31:6e:ef:a2:81:91:1d:18:d1:d5:f3:03:
                    2c:b8:48:27:eb:1a:e8:a1:da:ff:15:f8:4b:b6:48:
                    18:fa:04:58:21:a3:01:33:b8:04:77:e5:71:29:86:
                    4a:d8:62:c4:19:e6:bc:eb:ba:bd:c4:db:8b:17:fa:
                    51:15:af:dd:87:8f:39:79:50:af:71:32:01:3c:1e:
                    d2:25:9e:f8:f0:21:65:7a:1d:f0:ca:63:fa:7a:19:
                    41:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:4C:1A:34:A4:BD:E3:79:6A:22:B7:30:3F:8C:05:3E:EE:C2:98:B0
            X509v3 Authority Key Identifier:
                keyid:ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/tkwaNKS943lqIrcwP4wFPu7CmLA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.143.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:f0:a0:a3:cc:d4:b6:49:73:5b:41:3e:2c:2a:a5:3e:64:a4:
         db:65:f4:33:40:ea:75:e7:e0:de:8b:0a:c7:a8:06:a7:29:95:
         b6:8a:00:30:5a:25:40:26:9a:97:80:25:b9:e6:21:41:be:c9:
         36:88:a7:40:21:28:e8:e5:6a:40:e3:2d:0b:89:2e:e7:1c:4d:
         d8:c9:e9:bd:c2:6f:6a:85:74:bc:21:12:7b:39:98:aa:f5:c5:
         df:65:9e:6a:d3:43:c2:57:8c:2d:38:70:bf:d7:1c:7d:50:2e:
         72:fd:15:1c:04:b0:7f:75:f7:fe:6e:a4:d5:23:e6:ea:bd:3b:
         f3:2d:e9:55:50:49:ef:30:69:92:b9:a2:ea:c7:32:03:0e:5e:
         c7:6d:d8:1f:ac:58:37:5b:13:8f:1b:82:e8:fd:44:f3:e8:dd:
         e5:13:c2:90:66:dd:5e:32:a7:bb:12:7f:2c:c6:f4:48:6b:a5:
         75:df:90:cd:3c:8a:b0:d0:9a:d4:b5:36:84:24:1a:39:e5:0e:
         05:d2:da:4c:16:a3:78:66:cc:c8:52:0f:a5:35:9f:ca:1c:62:
         b9:06:89:e2:c0:fc:2b:27:10:c6:3f:62:59:16:b9:0d:12:34:
         62:47:49:0a:9d:f2:ec:6e:93:5b:14:60:93:cd:d3:61:ec:ae:
         14:66:cf:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks4NDYkUpau1ly5YodUOAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNmRhOWU0MTY4NmQyMWMxMjc5OWM4ZTg0YjI3NGFhODI0
MTUwOGMwHhcNMjUwMTAyMDE0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNjRjMWEzNGE0YmRlMzc5NmEyMmI3MzAzZjhjMDUzZWVlYzI5OGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Vt8ifAoONS8RI/WBlgt/cOZrwZZ
mX+EO2QtwCrd5rRbMR9Db+tOF5q+mE0BUSVLRxH87NRLnLUy8iUh7LRMJ6mLQkVj
A+EgGjJkNkTzdyCWwQD+fzCwfyZFPVhbE0f2X7ktsskQ+l+/x0GRaJXgN8V/43cj
qXfsWAR2AR3sjMM2I+zt/agf5sdA49YR6stMljd6JnvLpo4xMqltTyWPerxCHZG+
C3Exbu+igZEdGNHV8wMsuEgn6xroodr/FfhLtkgY+gRYIaMBM7gEd+VxKYZK2GLE
Gea867q9xNuLF/pRFa/dh485eVCvcTIBPB7SJZ748CFleh3wymP6ehlBHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLZMGjSkveN5aiK3MD+MBT7uwpiwMB8GA1UdIwQY
MBaAFO1tqeQWhtIcEnmcjoSydKqCQVCMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYt
MjlmMWJlYjJmMjgyLzEvdGt3YU5LUzk0M2xxSXJjd1A0d0ZQdTdDbUxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYtMjlmMWJlYjJmMjgy
LzEvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALo/CMA0G
CSqGSIb3DQEBCwUAA4IBAQBB8KCjzNS2SXNbQT4sKqU+ZKTbZfQzQOp15+DeiwrH
qAanKZW2igAwWiVAJpqXgCW55iFBvsk2iKdAISjo5WpA4y0LiS7nHE3Yyem9wm9q
hXS8IRJ7OZiq9cXfZZ5q00PCV4wtOHC/1xx9UC5y/RUcBLB/dff+bqTVI+bqvTvz
LelVUEnvMGmSuaLqxzIDDl7HbdgfrFg3WxOPG4Lo/UTz6N3lE8KQZt1eMqe7En8s
xvRIa6V135DNPIqw0JrUtTaEJBo55Q4F0tpMFqN4ZszIUg+lNZ/KHGK5BoniwPwr
JxDGP2JZFrkNEjRiR0kKnfLsbpNbFGCTzdNh7K4UZs8L
-----END CERTIFICATE-----