Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/Dx5FhBrZZELGzOEoOYjOQgEtqO0.roa
File:                     Dx5FhBrZZELGzOEoOYjOQgEtqO0.roa (raw, json)
Hash identifier:          KCgCEgctUS7Rpr5Y2lyKXbnXeeBrDbnuOsvXdWPfJZo=
Subject key identifier:   0F:1E:45:84:1A:D9:64:42:C6:CC:E1:28:39:88:CE:42:01:2D:A8:ED
Certificate issuer:       /CN=d4375814344df0bf6d017733acdc488f002631b2
Certificate serial:       0194221F390D91B3BF1747281A02A8EE710D
Authority key identifier: D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/Dx5FhBrZZELGzOEoOYjOQgEtqO0.roa
Signing time:             Wed 01 Jan 2025 13:47:38 +0000
ROA not before:           Wed 01 Jan 2025 13:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     141167
IP address blocks:        46.8.112.0/23 maxlen: 24
                          46.8.114.0/23 maxlen: 24
                          46.8.118.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:39:0d:91:b3:bf:17:47:28:1a:02:a8:ee:71:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4375814344df0bf6d017733acdc488f002631b2
        Validity
            Not Before: Jan  1 13:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0f1e45841ad96442c6cce1283988ce42012da8ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:34:76:21:09:44:66:e7:64:ff:a1:f2:c8:c1:
                    c6:c9:f7:28:60:05:e8:9d:5b:ea:8f:da:56:03:50:
                    d7:5b:4c:51:1d:85:dc:5e:35:29:e2:01:a5:27:e2:
                    24:84:6a:a8:55:a6:ee:b4:35:41:31:ff:a8:3e:ca:
                    6d:c8:66:2a:a7:be:f8:e2:7d:91:a4:13:5e:cc:ad:
                    18:6a:a1:43:cf:98:c7:9b:4b:3c:a5:52:8e:19:af:
                    54:e3:40:06:22:e1:03:e3:c4:b9:1d:03:4b:bc:df:
                    17:31:8b:98:cb:01:84:ac:69:ff:22:92:e8:97:60:
                    d8:4e:8b:3a:8f:08:df:2b:c9:a6:c4:da:9a:55:c0:
                    02:88:5a:af:26:c0:2b:23:dd:95:0d:89:22:eb:45:
                    3e:1a:cf:8e:59:05:2e:46:1b:04:a4:fb:55:7c:fc:
                    3a:32:be:70:7b:f9:28:52:d4:8f:48:b2:a6:e3:b5:
                    05:f3:47:84:f2:ac:0c:76:fe:57:c9:76:1c:a9:ca:
                    35:84:17:a5:13:96:31:f0:ef:1a:12:df:59:7e:da:
                    aa:5e:70:87:36:16:c4:8c:80:db:47:11:df:fd:e8:
                    49:e4:0b:c8:cb:e7:46:fa:91:83:dd:a9:13:a7:64:
                    57:7c:e6:89:09:0d:61:80:48:fb:69:7a:4d:c2:d5:
                    a0:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:1E:45:84:1A:D9:64:42:C6:CC:E1:28:39:88:CE:42:01:2D:A8:ED
            X509v3 Authority Key Identifier:
                keyid:D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/Dx5FhBrZZELGzOEoOYjOQgEtqO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.112.0/22
                  46.8.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:b5:89:8f:42:55:2c:d6:af:ac:93:e2:55:66:60:4d:e7:ef:
         bb:92:fd:98:c7:02:36:fb:e7:00:56:dc:3f:31:12:7f:89:c6:
         38:a7:18:2c:ea:b0:53:9a:34:f5:8e:eb:bd:31:d5:f1:c9:97:
         0b:d2:9f:55:27:7a:4f:10:74:8a:4e:5a:72:57:4b:29:50:1b:
         dc:c9:9d:38:fe:ad:9e:25:f7:50:75:1a:8c:b7:4b:d9:1a:2a:
         20:b4:7e:e9:83:a3:63:61:a3:5f:d7:ed:a0:17:1e:cd:4c:67:
         4f:a3:be:31:18:b5:d4:d3:cb:b0:a9:12:8f:c9:de:6c:a0:e6:
         47:da:91:52:58:66:71:7d:e8:a8:bf:8a:38:9f:26:d2:dc:d5:
         8f:24:4b:19:d7:ca:d8:82:7d:68:c8:41:f5:b1:b7:bf:96:f3:
         67:ea:c9:9b:ef:7e:ab:a0:9b:50:60:2f:44:f0:b6:70:ca:13:
         c2:c7:17:eb:ae:22:78:17:09:8d:83:59:dc:39:31:3d:8f:5d:
         a9:2d:7d:96:68:03:4a:63:da:de:1d:ab:1d:ab:89:14:17:df:
         f3:65:45:53:bc:db:42:60:7c:20:3c:2b:f1:ec:ea:ae:51:a4:
         d3:59:a9:88:a7:5b:5d:db:c2:16:35:09:9f:4c:77:af:98:40:
         e2:9d:91:82
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiHzkNkbO/F0coGgKo7nENMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Mzc1ODE0MzQ0ZGYwYmY2ZDAxNzczM2FjZGM0ODhmMDAy
NjMxYjIwHhcNMjUwMTAxMTM0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjFlNDU4NDFhZDk2NDQyYzZjY2UxMjgzOTg4Y2U0MjAxMmRhOGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzR2IQlEZudk/6HyyMHGyfcoYAXo
nVvqj9pWA1DXW0xRHYXcXjUp4gGlJ+IkhGqoVabutDVBMf+oPsptyGYqp7744n2R
pBNezK0YaqFDz5jHm0s8pVKOGa9U40AGIuED48S5HQNLvN8XMYuYywGErGn/IpLo
l2DYTos6jwjfK8mmxNqaVcACiFqvJsArI92VDYki60U+Gs+OWQUuRhsEpPtVfPw6
Mr5we/koUtSPSLKm47UF80eE8qwMdv5XyXYcqco1hBelE5Yx8O8aEt9ZftqqXnCH
NhbEjIDbRxHf/ehJ5AvIy+dG+pGD3akTp2RXfOaJCQ1hgEj7aXpNwtWgSQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA8eRYQa2WRCxszhKDmIzkIBLajtMB8GA1UdIwQY
MBaAFNQ3WBQ0TfC/bQF3M6zcSI8AJjGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2Yt
MzY3MWQ2N2ViOWY4LzEvRHg1RmhCclpaRUxHek9Fb09Zak9RZ0V0cU8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2YtMzY3MWQ2N2ViOWY4
LzEvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLghwAwQB
Lgh2MA0GCSqGSIb3DQEBCwUAA4IBAQBEtYmPQlUs1q+sk+JVZmBN5++7kv2YxwI2
++cAVtw/MRJ/icY4pxgs6rBTmjT1juu9MdXxyZcL0p9VJ3pPEHSKTlpyV0spUBvc
yZ04/q2eJfdQdRqMt0vZGiogtH7pg6NjYaNf1+2gFx7NTGdPo74xGLXU08uwqRKP
yd5soOZH2pFSWGZxfeiov4o4nybS3NWPJEsZ18rYgn1oyEH1sbe/lvNn6smb736r
oJtQYC9E8LZwyhPCxxfrriJ4FwmNg1ncOTE9j12pLX2WaANKY9reHasdq4kUF9/z
ZUVTvNtCYHwgPCvx7OquUaTTWamIp1td28IWNQmfTHevmEDinZGC
-----END CERTIFICATE-----