Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/A9GxPF4ifZ6rbABmHPjtyPKjmzE.roa
File:                     A9GxPF4ifZ6rbABmHPjtyPKjmzE.roa (raw, json)
Hash identifier:          W77hd6FGDraLnDkaoT1pKx2we4vpUTM+eeqG9pbSJEo=
Subject key identifier:   03:D1:B1:3C:5E:22:7D:9E:AB:6C:00:66:1C:F8:ED:C8:F2:A3:9B:31
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       019424453ED489204800153FD77D217222CE
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/A9GxPF4ifZ6rbABmHPjtyPKjmzE.roa
Signing time:             Wed 01 Jan 2025 23:48:25 +0000
ROA not before:           Wed 01 Jan 2025 23:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6830
IP address blocks:        46.34.44.0/24 maxlen: 24
                          46.34.45.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 01:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:3e:d4:89:20:48:00:15:3f:d7:7d:21:72:22:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Jan  1 23:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=03d1b13c5e227d9eab6c00661cf8edc8f2a39b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:cd:e0:6a:64:c5:8c:9a:01:be:e8:75:24:30:
                    84:59:45:dc:f4:ca:1b:46:1b:83:38:82:76:b6:12:
                    0d:63:7e:5d:66:12:f1:cc:fd:57:6c:fa:fe:f7:5d:
                    87:c6:df:c4:9f:82:c3:01:b7:43:0f:e3:ec:28:4f:
                    a1:05:a7:62:8e:32:f0:e6:e5:8c:12:9b:e1:aa:e4:
                    43:de:2a:2d:69:d2:6b:1e:16:26:ac:ed:24:b2:3d:
                    3a:9e:72:ae:cd:df:59:3d:ae:6f:ff:ab:44:f9:1e:
                    e8:18:58:bb:cc:0f:95:b9:73:55:19:9e:19:9e:7e:
                    94:f4:03:65:f2:35:c7:02:6a:2d:27:50:fe:b2:b4:
                    5b:6e:a6:bb:9c:03:a6:fd:1f:3d:af:52:c0:c0:cc:
                    d1:7e:72:40:73:c4:9f:62:76:fd:82:bb:7a:65:dd:
                    b8:86:8e:83:54:63:5c:f5:53:a2:fc:e1:15:f3:84:
                    76:28:4b:07:6a:f1:4c:33:0b:48:01:52:c0:92:26:
                    4e:77:28:de:fc:d3:29:95:a9:07:1b:d4:fe:8b:f9:
                    88:bc:db:39:4e:66:e0:f4:02:ec:cc:09:90:5f:ae:
                    8e:da:02:32:5d:cc:27:e0:49:84:b8:91:54:b0:4e:
                    ec:e9:46:96:b3:92:0a:b8:51:a4:82:92:db:1c:7d:
                    28:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:D1:B1:3C:5E:22:7D:9E:AB:6C:00:66:1C:F8:ED:C8:F2:A3:9B:31
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/A9GxPF4ifZ6rbABmHPjtyPKjmzE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.44.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:c2:e0:1a:13:3e:f6:39:bb:d3:c1:12:d2:77:97:a5:ef:b6:
         6d:13:91:b3:dc:2f:bc:52:c6:4a:70:f8:e8:99:c0:39:24:f3:
         db:f2:f5:89:2d:2e:31:ea:65:df:b5:68:a9:ed:e3:ae:1f:27:
         47:90:c8:53:e0:ec:de:ed:49:f9:50:07:90:5f:7e:d1:70:55:
         04:21:e1:85:1a:22:22:1d:b4:e7:ad:d1:19:6d:19:cb:ef:14:
         0a:19:e9:0f:07:45:25:cb:df:36:6f:19:fe:21:5d:04:54:49:
         55:2e:90:12:b0:83:e8:39:5b:2a:24:73:18:a7:22:31:4c:52:
         ac:4f:1e:1a:7f:0b:0b:a1:c6:9b:cf:f4:84:87:38:6f:89:63:
         8d:9d:dc:29:e8:31:71:a5:fc:94:57:1b:f5:88:70:3c:c9:9e:
         8d:da:5e:5b:32:5f:33:e5:a8:4f:cf:01:98:74:5a:18:1e:54:
         06:da:3e:1d:70:90:c9:97:ac:be:27:4c:b9:51:ab:27:2c:7e:
         cb:46:f0:4d:56:56:dd:f1:9c:0d:fc:df:3a:25:7b:b8:22:e7:
         2a:4e:39:f8:c1:e3:e7:59:6c:f9:0d:d8:77:05:a4:ef:af:1c:
         0c:14:60:9b:8f:ba:b9:59:71:14:f2:38:59:b9:bd:fb:ff:4a:
         c7:4c:c4:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRT7UiSBIABU/130hciLOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjUwMTAxMjM0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2QxYjEzYzVlMjI3ZDllYWI2YzAwNjYxY2Y4ZWRjOGYyYTM5YjMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnc3gamTFjJoBvuh1JDCEWUXc9Mob
RhuDOIJ2thINY35dZhLxzP1XbPr+912Hxt/En4LDAbdDD+PsKE+hBadijjLw5uWM
EpvhquRD3iotadJrHhYmrO0ksj06nnKuzd9ZPa5v/6tE+R7oGFi7zA+VuXNVGZ4Z
nn6U9ANl8jXHAmotJ1D+srRbbqa7nAOm/R89r1LAwMzRfnJAc8SfYnb9grt6Zd24
ho6DVGNc9VOi/OEV84R2KEsHavFMMwtIAVLAkiZOdyje/NMplakHG9T+i/mIvNs5
Tmbg9ALszAmQX66O2gIyXcwn4EmEuJFUsE7s6UaWs5IKuFGkgpLbHH0o6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAPRsTxeIn2eq2wAZhz47cjyo5sxMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvQTlHeFBGNGlmWjZyYkFCbUhQanR5UEtqbXpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLiIsMA0G
CSqGSIb3DQEBCwUAA4IBAQCBwuAaEz72ObvTwRLSd5el77ZtE5Gz3C+8UsZKcPjo
mcA5JPPb8vWJLS4x6mXftWip7eOuHydHkMhT4Oze7Un5UAeQX37RcFUEIeGFGiIi
HbTnrdEZbRnL7xQKGekPB0Uly982bxn+IV0EVElVLpASsIPoOVsqJHMYpyIxTFKs
Tx4afwsLocabz/SEhzhviWONndwp6DFxpfyUVxv1iHA8yZ6N2l5bMl8z5ahPzwGY
dFoYHlQG2j4dcJDJl6y+J0y5UasnLH7LRvBNVlbd8ZwN/N86JXu4IucqTjn4wePn
WWz5Ddh3BaTvrxwMFGCbj7q5WXEU8jhZub37/0rHTMSg
-----END CERTIFICATE-----