Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/X_mEYYeWr9-8-K3hPb_xZPAlhyU.roa
File:                     X_mEYYeWr9-8-K3hPb_xZPAlhyU.roa (raw, json)
Hash identifier:          6DNXGEiBb6ULQJ057yIjE1b50LAb3WIwVPg+KL0u4Kc=
Subject key identifier:   5F:F9:84:61:87:96:AF:DF:BC:F8:AD:E1:3D:BF:F1:64:F0:25:87:25
Certificate issuer:       /CN=aa44eb091b3a33a87beb8e004ab15ef178fbaa00
Certificate serial:       019423D7200205A7DFEA8FB4F86952737E7D
Authority key identifier: AA:44:EB:09:1B:3A:33:A8:7B:EB:8E:00:4A:B1:5E:F1:78:FB:AA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qkTrCRs6M6h7644ASrFe8Xj7qgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/X_mEYYeWr9-8-K3hPb_xZPAlhyU.roa
Signing time:             Wed 01 Jan 2025 21:48:08 +0000
ROA not before:           Wed 01 Jan 2025 21:48:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209283
IP address blocks:        46.243.183.0/24 maxlen: 24
                          46.243.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/qkTrCRs6M6h7644ASrFe8Xj7qgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/qkTrCRs6M6h7644ASrFe8Xj7qgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qkTrCRs6M6h7644ASrFe8Xj7qgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 20:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:20:02:05:a7:df:ea:8f:b4:f8:69:52:73:7e:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa44eb091b3a33a87beb8e004ab15ef178fbaa00
        Validity
            Not Before: Jan  1 21:48:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5ff984618796afdfbcf8ade13dbff164f0258725
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:b3:7b:0e:34:d9:e9:3a:1f:41:b7:a2:a5:4d:
                    0f:79:52:7c:76:db:e5:3b:fd:b3:32:39:d6:61:65:
                    96:3b:99:22:59:2c:f0:ee:14:0c:b7:1d:ba:d8:8d:
                    3e:5f:75:32:fb:7e:fa:52:a4:1c:25:e2:e3:a8:fe:
                    ea:20:cc:64:c6:52:40:57:fe:e8:b6:38:8f:d7:b3:
                    63:ae:b1:03:20:fe:78:25:51:c6:39:76:e7:2e:a9:
                    61:f2:5a:fb:c9:1a:10:a0:24:d4:d6:09:2a:c1:5c:
                    2b:31:21:dd:33:1d:13:9a:ac:02:d9:88:45:8d:1f:
                    6e:16:d4:78:f8:36:ad:86:d2:f9:9a:93:5b:d9:ef:
                    76:e9:50:9e:db:bd:68:6a:c1:0c:dc:8b:2a:c9:ae:
                    fd:ea:ec:7e:67:1f:b1:0c:18:7d:59:87:96:80:b4:
                    8e:90:46:08:db:f6:8c:9a:45:2c:bf:9d:56:7f:33:
                    30:3d:b1:c3:ba:80:a4:8b:ef:44:d4:c2:5c:3e:fd:
                    22:0f:09:9f:e8:a9:22:f5:d5:eb:88:ec:51:f0:33:
                    94:0f:53:30:d2:d8:f9:61:35:dc:56:b5:88:4c:5e:
                    34:89:58:66:65:88:e5:8c:51:4c:bd:92:5e:b9:ab:
                    4d:cc:3d:23:32:d9:11:25:cc:44:68:07:4e:5a:d9:
                    0d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:F9:84:61:87:96:AF:DF:BC:F8:AD:E1:3D:BF:F1:64:F0:25:87:25
            X509v3 Authority Key Identifier:
                keyid:AA:44:EB:09:1B:3A:33:A8:7B:EB:8E:00:4A:B1:5E:F1:78:FB:AA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qkTrCRs6M6h7644ASrFe8Xj7qgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/X_mEYYeWr9-8-K3hPb_xZPAlhyU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/qkTrCRs6M6h7644ASrFe8Xj7qgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.183.0/24
                  46.243.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:8b:33:34:aa:90:07:f0:d3:47:ab:7a:39:28:05:35:00:29:
         4d:4a:13:52:cc:f4:ad:12:da:c8:9e:62:1b:03:fb:b5:b9:f8:
         47:03:88:12:72:ab:14:b5:c5:c5:e2:3e:ac:ec:0b:66:9e:3c:
         6d:82:30:22:89:7e:c2:ca:88:03:c1:38:e4:a3:4e:8e:23:44:
         0b:91:41:ee:cc:31:9c:e5:0b:45:93:25:89:d2:ac:32:34:66:
         51:ca:4b:4c:b9:67:49:2e:27:cf:30:75:cc:0f:6f:70:5c:7a:
         a2:2e:68:b4:16:ba:cd:8c:66:89:f7:ac:6b:d7:c4:e5:1a:87:
         87:0b:b7:0f:8a:7f:12:9e:ca:04:ab:7f:a3:f9:cb:68:ef:53:
         73:06:78:f8:bf:a9:3b:e6:4e:e3:c1:e7:6e:74:32:75:6c:2b:
         2d:11:6d:16:17:ce:5b:9f:1f:2e:29:f6:4f:6b:7c:83:c8:a8:
         d0:7b:e6:16:c3:73:49:4b:45:20:c1:35:57:d6:d8:30:59:7a:
         c6:a9:0e:07:08:ae:84:c5:1b:57:b0:36:f1:3d:a0:36:07:52:
         53:b2:1e:15:c7:98:81:6d:db:e8:90:6e:71:b6:86:e3:4f:7a:
         d3:92:e7:42:d6:46:e0:e7:f9:b4:89:f2:fa:52:60:ac:97:68:
         f7:75:3c:4c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj1yACBaff6o+0+GlSc359MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNDRlYjA5MWIzYTMzYTg3YmViOGUwMDRhYjE1ZWYxNzhm
YmFhMDAwHhcNMjUwMTAxMjE0ODA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZmY5ODQ2MTg3OTZhZmRmYmNmOGFkZTEzZGJmZjE2NGYwMjU4NzI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAibN7DjTZ6TofQbeipU0PeVJ8dtvl
O/2zMjnWYWWWO5kiWSzw7hQMtx262I0+X3Uy+376UqQcJeLjqP7qIMxkxlJAV/7o
tjiP17NjrrEDIP54JVHGOXbnLqlh8lr7yRoQoCTU1gkqwVwrMSHdMx0TmqwC2YhF
jR9uFtR4+DathtL5mpNb2e926VCe271oasEM3Isqya796ux+Zx+xDBh9WYeWgLSO
kEYI2/aMmkUsv51WfzMwPbHDuoCki+9E1MJcPv0iDwmf6Kki9dXriOxR8DOUD1Mw
0tj5YTXcVrWITF40iVhmZYjljFFMvZJeuatNzD0jMtkRJcxEaAdOWtkNUwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF/5hGGHlq/fvPit4T2/8WTwJYclMB8GA1UdIwQY
MBaAFKpE6wkbOjOoe+uOAEqxXvF4+6oAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWtUckNSczZNNmg3NjQ0QVNyRmU4WGo3cWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mYjdhN2QtMDY1NS00NTg3LThhZjkt
NzcwMGUyNWZmNzY5LzEvWF9tRVlZZVdyOS04LUszaFBiX3haUEFsaHlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mYjdhN2QtMDY1NS00NTg3LThhZjktNzcwMGUyNWZmNzY5
LzEvcWtUckNSczZNNmg3NjQ0QVNyRmU4WGo3cWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALvO3AwQA
LvO6MA0GCSqGSIb3DQEBCwUAA4IBAQC1izM0qpAH8NNHq3o5KAU1AClNShNSzPSt
EtrInmIbA/u1ufhHA4gScqsUtcXF4j6s7AtmnjxtgjAiiX7CyogDwTjko06OI0QL
kUHuzDGc5QtFkyWJ0qwyNGZRyktMuWdJLifPMHXMD29wXHqiLmi0FrrNjGaJ96xr
18TlGoeHC7cPin8SnsoEq3+j+cto71NzBnj4v6k75k7jwedudDJ1bCstEW0WF85b
nx8uKfZPa3yDyKjQe+YWw3NJS0UgwTVX1tgwWXrGqQ4HCK6ExRtXsDbxPaA2B1JT
sh4Vx5iBbdvokG5xtobjT3rTkudC1kbg5/m0ifL6UmCsl2j3dTxM
-----END CERTIFICATE-----