Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/46jADdHLKU7NIyeYvDkR9sakzHU.roa
File:                     46jADdHLKU7NIyeYvDkR9sakzHU.roa (raw, json)
Hash identifier:          byWqvbSSzcE1Xc0qEaXyUWnOp7q2hSYPDvEBq1c3RLI=
Subject key identifier:   E3:A8:C0:0D:D1:CB:29:4E:CD:23:27:98:BC:39:11:F6:C6:A4:CC:75
Certificate issuer:       /CN=753d476db96de1e58623119a70b9d7b00b676da0
Certificate serial:       0194258F9CC53FEE52DA3149FC2848853F11
Authority key identifier: 75:3D:47:6D:B9:6D:E1:E5:86:23:11:9A:70:B9:D7:B0:0B:67:6D:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dT1Hbblt4eWGIxGacLnXsAtnbaA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/46jADdHLKU7NIyeYvDkR9sakzHU.roa
Signing time:             Thu 02 Jan 2025 05:49:16 +0000
ROA not before:           Thu 02 Jan 2025 05:49:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20980
IP address blocks:        193.108.8.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/dT1Hbblt4eWGIxGacLnXsAtnbaA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/dT1Hbblt4eWGIxGacLnXsAtnbaA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dT1Hbblt4eWGIxGacLnXsAtnbaA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:9c:c5:3f:ee:52:da:31:49:fc:28:48:85:3f:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=753d476db96de1e58623119a70b9d7b00b676da0
        Validity
            Not Before: Jan  2 05:49:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e3a8c00dd1cb294ecd232798bc3911f6c6a4cc75
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:f8:ea:56:9f:c6:fe:28:32:4f:0f:48:a5:ba:
                    91:e6:14:9c:c6:36:e0:24:2d:45:14:48:40:70:96:
                    94:d2:7b:d7:b6:48:f2:d6:43:8a:a5:ef:f9:dc:fa:
                    78:2d:1b:d4:2e:91:e0:79:1c:6c:a8:63:77:c6:06:
                    be:67:56:6d:42:79:97:54:e9:73:1c:2c:8f:52:8d:
                    10:7e:52:ac:ad:b4:7a:08:2a:db:5f:6d:87:a1:43:
                    95:98:d0:72:70:13:ba:b0:ac:a4:42:a6:1f:41:5b:
                    7b:20:87:39:a0:98:22:16:1f:8f:53:bc:9a:9b:a9:
                    fd:ca:93:db:c3:07:a5:2f:27:c9:e6:1a:ce:ed:14:
                    6b:4e:e5:c9:d5:51:dd:46:22:02:a8:cb:43:cd:e3:
                    f6:41:2c:26:d1:09:1a:58:1d:56:97:ed:82:7a:00:
                    64:37:5e:5b:c1:44:47:c0:62:e0:19:47:bb:70:79:
                    69:29:22:e8:67:b2:57:79:65:2a:75:41:6a:e7:2c:
                    45:d0:16:98:dc:dc:f4:c6:27:44:24:16:1a:ac:51:
                    d3:c5:84:eb:4a:72:36:df:5d:be:c9:08:a6:7a:18:
                    b6:da:93:1d:85:27:d5:98:03:1d:3d:f2:3d:18:0e:
                    30:13:c0:b5:2a:d0:95:ab:20:97:88:7b:87:cf:1c:
                    71:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:A8:C0:0D:D1:CB:29:4E:CD:23:27:98:BC:39:11:F6:C6:A4:CC:75
            X509v3 Authority Key Identifier:
                keyid:75:3D:47:6D:B9:6D:E1:E5:86:23:11:9A:70:B9:D7:B0:0B:67:6D:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dT1Hbblt4eWGIxGacLnXsAtnbaA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/46jADdHLKU7NIyeYvDkR9sakzHU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/6a9cf9-c0cc-4011-860e-4685782ac2c3/1/dT1Hbblt4eWGIxGacLnXsAtnbaA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         92:95:2f:38:91:f0:59:32:70:0b:ab:43:2e:58:94:3d:1c:c1:
         5c:d7:fa:3f:50:e0:cc:b2:57:dc:df:f1:54:0e:54:2d:df:21:
         7a:78:b5:c2:6d:e9:83:db:ec:b1:2a:69:86:ef:d0:5c:6c:4d:
         34:de:a6:4f:70:13:63:02:fd:25:2a:32:df:d1:7a:c7:f4:fc:
         2d:47:c7:8c:61:e8:df:7e:1e:c7:32:42:7b:62:83:45:17:b1:
         79:9f:76:69:3c:23:22:1d:f1:aa:dd:08:b8:54:12:4d:82:0e:
         66:4d:11:56:68:b7:f9:d5:07:07:13:38:20:fe:11:f2:de:6d:
         a8:ae:60:7f:d1:29:26:09:a2:17:a7:a7:56:b2:7c:a3:63:8c:
         8b:f6:a1:ca:9b:97:f6:84:4e:65:9e:09:c8:1f:14:bc:9f:43:
         c1:e4:7f:3f:f5:1a:0e:25:60:00:07:f4:09:73:76:73:62:eb:
         df:f9:40:31:8c:bd:a2:bf:36:a2:e2:3d:ef:60:ad:f3:e7:98:
         c7:79:70:f9:08:3d:e5:3b:f6:8e:f8:43:f4:9c:36:82:2f:63:
         ba:c2:9d:52:3a:d0:9d:b0:0a:62:ac:e8:fa:87:2a:c9:af:f7:
         10:49:0c:25:11:88:0a:46:37:ff:78:c6:09:1f:e3:62:12:51:
         3f:16:33:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj5zFP+5S2jFJ/ChIhT8RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1M2Q0NzZkYjk2ZGUxZTU4NjIzMTE5YTcwYjlkN2IwMGI2
NzZkYTAwHhcNMjUwMTAyMDU0OTE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2E4YzAwZGQxY2IyOTRlY2QyMzI3OThiYzM5MTFmNmM2YTRjYzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPjqVp/G/igyTw9IpbqR5hScxjbg
JC1FFEhAcJaU0nvXtkjy1kOKpe/53Pp4LRvULpHgeRxsqGN3xga+Z1ZtQnmXVOlz
HCyPUo0QflKsrbR6CCrbX22HoUOVmNBycBO6sKykQqYfQVt7IIc5oJgiFh+PU7ya
m6n9ypPbwwelLyfJ5hrO7RRrTuXJ1VHdRiICqMtDzeP2QSwm0QkaWB1Wl+2CegBk
N15bwURHwGLgGUe7cHlpKSLoZ7JXeWUqdUFq5yxF0BaY3Nz0xidEJBYarFHTxYTr
SnI2312+yQimehi22pMdhSfVmAMdPfI9GA4wE8C1KtCVqyCXiHuHzxxxWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOowA3RyylOzSMnmLw5EfbGpMx1MB8GA1UdIwQY
MBaAFHU9R225beHlhiMRmnC517ALZ22gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZFQxSGJibHQ0ZVdHSXhHYWNMblhzQXRuYmFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi82YTljZjktYzBjYy00MDExLTg2MGUt
NDY4NTc4MmFjMmMzLzEvNDZqQURkSExLVTdOSXllWXZEa1I5c2FrekhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi82YTljZjktYzBjYy00MDExLTg2MGUtNDY4NTc4MmFjMmMz
LzEvZFQxSGJibHQ0ZVdHSXhHYWNMblhzQXRuYmFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwWwIMA0G
CSqGSIb3DQEBCwUAA4IBAQCSlS84kfBZMnALq0MuWJQ9HMFc1/o/UODMslfc3/FU
DlQt3yF6eLXCbemD2+yxKmmG79BcbE003qZPcBNjAv0lKjLf0XrH9PwtR8eMYejf
fh7HMkJ7YoNFF7F5n3ZpPCMiHfGq3Qi4VBJNgg5mTRFWaLf51QcHEzgg/hHy3m2o
rmB/0SkmCaIXp6dWsnyjY4yL9qHKm5f2hE5lngnIHxS8n0PB5H8/9RoOJWAAB/QJ
c3ZzYuvf+UAxjL2ivzai4j3vYK3z55jHeXD5CD3lO/aO+EP0nDaCL2O6wp1SOtCd
sApirOj6hyrJr/cQSQwlEYgKRjf/eMYJH+NiElE/FjNx
-----END CERTIFICATE-----