Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/d55683-fec2-47fd-ac6e-9e82da7315cf/1/rTI3MC_cflVKmz4QHcC39TCJNIM.roa
File:                     rTI3MC_cflVKmz4QHcC39TCJNIM.roa (raw, json)
Hash identifier:          Gn7Y1Iho0e2nKKiZXGFb+cFXQIXgua4De8STjxaheIw=
Subject key identifier:   AD:32:37:30:2F:DC:7E:55:4A:9B:3E:10:1D:C0:B7:F5:30:89:34:83
Certificate issuer:       /CN=3c1b83888696fc44478c693d6e7803e9516250e6
Certificate serial:       019426D9CA4BCA0C8FE921AA6E55C25C24C2
Authority key identifier: 3C:1B:83:88:86:96:FC:44:47:8C:69:3D:6E:78:03:E9:51:62:50:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PBuDiIaW_ERHjGk9bngD6VFiUOY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/d55683-fec2-47fd-ac6e-9e82da7315cf/1/rTI3MC_cflVKmz4QHcC39TCJNIM.roa
Signing time:             Thu 02 Jan 2025 11:49:54 +0000
ROA not before:           Thu 02 Jan 2025 11:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5413
IP address blocks:        46.31.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/d55683-fec2-47fd-ac6e-9e82da7315cf/1/PBuDiIaW_ERHjGk9bngD6VFiUOY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/d55683-fec2-47fd-ac6e-9e82da7315cf/1/PBuDiIaW_ERHjGk9bngD6VFiUOY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PBuDiIaW_ERHjGk9bngD6VFiUOY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 20:01:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:ca:4b:ca:0c:8f:e9:21:aa:6e:55:c2:5c:24:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c1b83888696fc44478c693d6e7803e9516250e6
        Validity
            Not Before: Jan  2 11:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ad3237302fdc7e554a9b3e101dc0b7f530893483
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:c8:cd:62:a9:43:ba:c5:8f:23:d6:68:93:c7:
                    41:c2:f9:ee:7f:6a:3a:3c:75:42:55:38:58:20:27:
                    6b:aa:32:48:9e:51:0b:03:02:b2:ea:9b:25:1c:40:
                    da:6e:6e:e0:51:1f:a8:b2:ef:09:dc:4d:f1:26:43:
                    ed:05:4e:d3:16:d1:9d:af:e8:02:74:cf:be:50:bd:
                    97:d7:e6:ee:12:51:86:b0:37:61:97:08:05:23:e9:
                    86:c6:45:8f:5f:c3:41:cd:55:69:47:2c:54:3c:5a:
                    f5:52:90:77:8e:d2:81:92:64:45:7e:18:db:a6:c9:
                    21:25:90:f3:e0:2a:bf:4e:3c:24:3e:99:fd:d5:95:
                    44:a7:8d:0e:3d:3b:5a:ca:fa:1c:d8:46:08:85:1f:
                    43:61:05:53:a1:dd:42:6c:7d:3c:48:22:b6:57:91:
                    3d:7b:75:6e:76:ee:2a:d6:ba:0a:7f:d0:d3:fb:49:
                    81:6f:bb:e4:7e:f3:f7:43:2a:74:b5:27:15:09:73:
                    d7:09:c3:ad:24:c9:e5:e7:ee:ef:ab:bb:f2:51:d6:
                    92:3d:22:d5:74:af:e0:be:c6:16:2f:24:ec:cc:64:
                    db:ab:f9:d6:bc:b5:59:e0:e4:f0:f4:32:b2:79:4f:
                    53:37:a5:1e:d8:24:71:97:2b:4d:79:42:2b:51:bf:
                    38:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:32:37:30:2F:DC:7E:55:4A:9B:3E:10:1D:C0:B7:F5:30:89:34:83
            X509v3 Authority Key Identifier:
                keyid:3C:1B:83:88:86:96:FC:44:47:8C:69:3D:6E:78:03:E9:51:62:50:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PBuDiIaW_ERHjGk9bngD6VFiUOY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/d55683-fec2-47fd-ac6e-9e82da7315cf/1/rTI3MC_cflVKmz4QHcC39TCJNIM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/d55683-fec2-47fd-ac6e-9e82da7315cf/1/PBuDiIaW_ERHjGk9bngD6VFiUOY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c0:aa:09:23:aa:d5:94:4b:4c:20:fa:33:63:a6:53:95:93:1a:
         37:26:f1:47:5f:d0:dd:6d:9f:e7:3b:94:95:67:93:a4:4c:5e:
         6b:27:36:a7:80:ad:09:b2:2b:b0:b3:57:ba:02:64:fa:f0:14:
         d2:f0:ed:5b:43:3c:21:d9:d0:d6:6b:87:06:df:54:bd:da:9f:
         bf:89:b8:ca:31:bf:9a:26:7d:31:e8:5e:45:52:63:28:77:14:
         0e:b6:12:49:7f:29:83:d6:68:e3:6c:d4:cf:7d:3a:ee:7e:41:
         45:a9:be:6e:fe:e0:2d:1e:1e:5c:ed:24:81:62:e6:ca:f7:44:
         65:2c:50:c1:61:06:99:c0:05:30:3e:cc:11:5f:74:13:65:27:
         c4:2d:50:aa:8b:d8:2a:16:43:d6:44:11:e8:c5:9f:a6:70:de:
         04:08:75:ff:c0:9a:81:4a:dd:1f:c2:31:af:d4:ee:b3:7f:b5:
         5b:ea:18:c9:0f:71:69:2e:1a:ea:98:92:84:d9:59:c3:24:a6:
         3e:ce:42:67:86:d2:20:2e:45:5b:e6:c5:a0:57:0d:78:47:e8:
         37:62:a0:42:cb:bc:93:07:50:e1:86:1c:b3:89:72:5a:ac:1b:
         c1:72:d3:91:c7:06:8f:99:ee:8e:0c:ab:6f:91:e1:69:31:30:
         d0:95:37:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2cpLygyP6SGqblXCXCTCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjMWI4Mzg4ODY5NmZjNDQ0NzhjNjkzZDZlNzgwM2U5NTE2
MjUwZTYwHhcNMjUwMTAyMTE0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDMyMzczMDJmZGM3ZTU1NGE5YjNlMTAxZGMwYjdmNTMwODkzNDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5MjNYqlDusWPI9Zok8dBwvnuf2o6
PHVCVThYICdrqjJInlELAwKy6pslHEDabm7gUR+osu8J3E3xJkPtBU7TFtGdr+gC
dM++UL2X1+buElGGsDdhlwgFI+mGxkWPX8NBzVVpRyxUPFr1UpB3jtKBkmRFfhjb
pskhJZDz4Cq/TjwkPpn91ZVEp40OPTtayvoc2EYIhR9DYQVTod1CbH08SCK2V5E9
e3Vudu4q1roKf9DT+0mBb7vkfvP3Qyp0tScVCXPXCcOtJMnl5+7vq7vyUdaSPSLV
dK/gvsYWLyTszGTbq/nWvLVZ4OTw9DKyeU9TN6Ue2CRxlytNeUIrUb84mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK0yNzAv3H5VSps+EB3At/UwiTSDMB8GA1UdIwQY
MBaAFDwbg4iGlvxER4xpPW54A+lRYlDmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEJ1RGlJYVdfRVJIakdrOWJuZ0Q2VkZpVU9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9kNTU2ODMtZmVjMi00N2ZkLWFjNmUt
OWU4MmRhNzMxNWNmLzEvclRJM01DX2NmbFZLbXo0UUhjQzM5VENKTklNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9kNTU2ODMtZmVjMi00N2ZkLWFjNmUtOWU4MmRhNzMxNWNm
LzEvUEJ1RGlJYVdfRVJIakdrOWJuZ0Q2VkZpVU9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALh9HMA0G
CSqGSIb3DQEBCwUAA4IBAQDAqgkjqtWUS0wg+jNjplOVkxo3JvFHX9DdbZ/nO5SV
Z5OkTF5rJzangK0Jsiuws1e6AmT68BTS8O1bQzwh2dDWa4cG31S92p+/ibjKMb+a
Jn0x6F5FUmModxQOthJJfymD1mjjbNTPfTrufkFFqb5u/uAtHh5c7SSBYubK90Rl
LFDBYQaZwAUwPswRX3QTZSfELVCqi9gqFkPWRBHoxZ+mcN4ECHX/wJqBSt0fwjGv
1O6zf7Vb6hjJD3FpLhrqmJKE2VnDJKY+zkJnhtIgLkVb5sWgVw14R+g3YqBCy7yT
B1DhhhyziXJarBvBctORxwaPme6ODKtvkeFpMTDQlTcX
-----END CERTIFICATE-----