Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/46LwT3myXVrKskprjHnrNdm1oew.roa
File:                     46LwT3myXVrKskprjHnrNdm1oew.roa (raw, json)
Hash identifier:          DyBB9MsmNRsg8FEme02F6pYGo5PwRlbuMCc3llnxckA=
Subject key identifier:   E3:A2:F0:4F:79:B2:5D:5A:CA:B2:4A:6B:8C:79:EB:35:D9:B5:A1:EC
Certificate issuer:       /CN=f13533399f55eb52e6b2200c7cae4272b74d6464
Certificate serial:       01975950D18BD195922B99633269255ABAAE
Authority key identifier: F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/46LwT3myXVrKskprjHnrNdm1oew.roa
Signing time:             Tue 10 Jun 2025 10:09:17 +0000
ROA not before:           Tue 10 Jun 2025 10:09:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42337
IP address blocks:        178.239.149.0/24 maxlen: 24
                          185.215.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:59:50:d1:8b:d1:95:92:2b:99:63:32:69:25:5a:ba:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f13533399f55eb52e6b2200c7cae4272b74d6464
        Validity
            Not Before: Jun 10 10:09:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e3a2f04f79b25d5acab24a6b8c79eb35d9b5a1ec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:3b:33:73:b1:2f:63:36:18:86:8b:3c:d1:2e:
                    f9:0d:7b:e1:8a:96:9b:a4:04:0a:c9:90:10:f9:36:
                    2d:60:01:f9:dd:4b:fb:7b:ad:41:6c:df:ec:55:5c:
                    74:15:a0:6c:b8:02:88:05:34:04:4b:65:40:a8:b4:
                    3c:e5:b3:41:de:50:f6:37:10:78:51:16:f8:f6:99:
                    12:e2:66:21:37:7b:a7:a6:ce:b1:e3:67:23:cf:e1:
                    9b:b7:6e:d7:6a:f8:0e:51:57:08:2b:b2:bc:98:e5:
                    e8:d8:c6:f6:7a:a9:53:6f:f5:cd:0b:f1:0d:62:d1:
                    bc:99:10:a1:8d:91:67:70:52:f5:a6:93:f5:50:10:
                    19:68:08:79:57:b8:2d:80:a2:90:98:ec:10:2e:4f:
                    78:73:2e:f3:fe:5d:8d:52:6d:87:79:aa:83:cb:0b:
                    d9:59:42:85:ec:a7:45:95:f0:9a:6e:be:21:f5:ae:
                    e5:07:88:1d:3a:8d:22:08:0c:8c:38:f6:b2:43:28:
                    7a:e9:c0:2b:8f:85:d4:c4:9b:c5:7d:0d:64:26:7c:
                    d6:44:bc:77:c8:20:26:08:23:ba:46:64:a3:46:42:
                    22:5e:eb:87:a4:a7:80:c3:97:44:c7:5d:15:6b:d8:
                    d1:7f:25:f7:19:ad:c5:1f:86:da:97:82:eb:28:e3:
                    9b:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:A2:F0:4F:79:B2:5D:5A:CA:B2:4A:6B:8C:79:EB:35:D9:B5:A1:EC
            X509v3 Authority Key Identifier:
                keyid:F1:35:33:39:9F:55:EB:52:E6:B2:20:0C:7C:AE:42:72:B7:4D:64:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/46LwT3myXVrKskprjHnrNdm1oew.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/844eeb-cdf1-47f1-bcfa-989166881969/1/8TUzOZ9V61LmsiAMfK5CcrdNZGQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.239.149.0/24
                  185.215.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:94:d1:b5:9a:c4:cf:93:e0:88:48:a9:19:f1:9d:c2:22:62:
         89:34:1a:0b:75:b8:f8:f4:21:77:81:a2:41:e8:17:a5:a0:b8:
         a9:16:ec:79:74:82:d4:db:cd:45:34:1f:ff:11:84:8b:c0:dc:
         da:1c:dc:ef:08:be:bb:26:a9:40:9c:f0:01:21:2c:21:51:bc:
         33:d0:7a:a5:cd:7d:e4:8d:53:b4:9f:cf:20:7c:08:45:26:8e:
         44:de:e8:e6:89:48:8f:b0:22:b8:01:e3:95:2e:4c:82:1b:9f:
         cc:f8:e5:7d:71:6b:0c:db:c0:5c:f9:a1:3a:e7:5a:fd:a7:bd:
         fd:f5:d0:fd:20:0b:38:9f:4b:d3:d4:b6:46:e9:93:f8:4c:36:
         3b:95:1c:f5:3a:1e:94:c1:35:fd:f1:3d:dc:e2:57:c3:5d:61:
         28:5b:e8:22:b4:5a:1b:8c:d7:a9:b2:d4:4f:12:a0:20:51:af:
         16:2d:e9:09:b8:95:4e:e1:75:f7:15:b5:a8:dd:4f:c6:64:da:
         4b:c3:12:80:c6:d6:36:8f:89:df:88:77:f1:73:b1:b5:60:b9:
         b4:a7:e4:cc:04:76:30:a9:66:a5:7a:19:89:07:ff:05:74:04:
         79:f6:7f:3d:00:26:f7:44:82:79:0f:89:a8:19:06:f7:e0:18:
         29:91:c9:71
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdZUNGL0ZWSK5ljMmklWrquMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxMzUzMzM5OWY1NWViNTJlNmIyMjAwYzdjYWU0MjcyYjc0
ZDY0NjQwHhcNMjUwNjEwMTAwOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2EyZjA0Zjc5YjI1ZDVhY2FiMjRhNmI4Yzc5ZWIzNWQ5YjVhMWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDszc7EvYzYYhos80S75DXvhipab
pAQKyZAQ+TYtYAH53Uv7e61BbN/sVVx0FaBsuAKIBTQES2VAqLQ85bNB3lD2NxB4
URb49pkS4mYhN3unps6x42cjz+Gbt27XavgOUVcIK7K8mOXo2Mb2eqlTb/XNC/EN
YtG8mRChjZFncFL1ppP1UBAZaAh5V7gtgKKQmOwQLk94cy7z/l2NUm2HeaqDywvZ
WUKF7KdFlfCabr4h9a7lB4gdOo0iCAyMOPayQyh66cArj4XUxJvFfQ1kJnzWRLx3
yCAmCCO6RmSjRkIiXuuHpKeAw5dEx10Va9jRfyX3Ga3FH4bal4LrKOOb4wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOOi8E95sl1ayrJKa4x56zXZtaHsMB8GA1UdIwQY
MBaAFPE1MzmfVetS5rIgDHyuQnK3TWRkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEt
OTg5MTY2ODgxOTY5LzEvNDZMd1QzbXlYVnJLc2twcmpIbnJOZG0xb2V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi84NDRlZWItY2RmMS00N2YxLWJjZmEtOTg5MTY2ODgxOTY5
LzEvOFRVek9aOVY2MUxtc2lBTWZLNUNjcmROWkdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsu+VAwQA
udfkMA0GCSqGSIb3DQEBCwUAA4IBAQBxlNG1msTPk+CISKkZ8Z3CImKJNBoLdbj4
9CF3gaJB6BeloLipFux5dILU281FNB//EYSLwNzaHNzvCL67JqlAnPABISwhUbwz
0HqlzX3kjVO0n88gfAhFJo5E3ujmiUiPsCK4AeOVLkyCG5/M+OV9cWsM28Bc+aE6
51r9p7399dD9IAs4n0vT1LZG6ZP4TDY7lRz1Oh6UwTX98T3c4lfDXWEoW+gitFob
jNepstRPEqAgUa8WLekJuJVO4XX3FbWo3U/GZNpLwxKAxtY2j4nfiHfxc7G1YLm0
p+TMBHYwqWalehmJB/8FdAR59n89ACb3RIJ5D4moGQb34Bgpkclx
-----END CERTIFICATE-----