Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/ztoXV0czkggEzKpWeBIPpNx7Y00.roa
File:                     ztoXV0czkggEzKpWeBIPpNx7Y00.roa (raw, json)
Hash identifier:          MW72dY631rN8xBMa8x273b/yH8cBTnl1fp+7hzq29aE=
Subject key identifier:   CE:DA:17:57:47:33:92:08:04:CC:AA:56:78:12:0F:A4:DC:7B:63:4D
Certificate issuer:       /CN=1e514098a5a9736cda4303e0495e94652390aa91
Certificate serial:       01942143C6C994A381D4C2FFC047C11818FE
Authority key identifier: 1E:51:40:98:A5:A9:73:6C:DA:43:03:E0:49:5E:94:65:23:90:AA:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/ztoXV0czkggEzKpWeBIPpNx7Y00.roa
Signing time:             Wed 01 Jan 2025 09:47:57 +0000
ROA not before:           Wed 01 Jan 2025 09:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        46.232.210.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:c6:c9:94:a3:81:d4:c2:ff:c0:47:c1:18:18:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e514098a5a9736cda4303e0495e94652390aa91
        Validity
            Not Before: Jan  1 09:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ceda17574733920804ccaa5678120fa4dc7b634d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:b5:54:b8:3c:14:80:d9:0b:b7:39:f9:be:98:
                    f7:a7:28:6d:45:3e:72:8d:fd:28:b0:c2:48:d4:90:
                    87:ba:9a:52:29:90:f0:5b:f5:dd:55:fa:9a:95:76:
                    50:17:51:00:6e:6a:8b:a0:95:bf:67:9e:0c:94:a9:
                    59:7f:86:a6:5a:23:66:6f:3b:53:39:f3:19:ee:f2:
                    8d:51:57:a2:d2:2a:54:35:a4:7b:a1:a1:04:6e:22:
                    02:03:4f:d0:90:64:22:06:b5:9b:52:d9:bf:6e:65:
                    a8:1d:a8:1a:b7:f3:33:23:7a:69:ab:d4:d8:01:e8:
                    4b:1e:5d:61:a6:1b:2b:c0:14:2e:64:d7:6f:61:5b:
                    65:de:40:cb:ba:ad:c3:67:7f:9a:b7:d8:97:56:84:
                    ee:c4:58:23:4d:2d:c1:d3:39:db:b9:80:6c:8e:22:
                    ae:49:76:de:d2:b9:a0:cd:13:82:1f:67:0d:93:fc:
                    76:2f:af:1b:58:90:e0:e8:29:f5:05:d0:f7:6e:b9:
                    63:a0:12:f8:82:6f:52:d2:55:e8:8d:37:c0:9c:e3:
                    66:27:17:6a:19:f8:19:6b:9d:1d:41:bb:7d:af:73:
                    ce:ef:43:58:3c:d8:db:bc:fd:13:a5:46:1b:59:b0:
                    4f:79:16:ec:f9:60:0a:d7:fe:38:8e:56:8c:a5:3d:
                    a4:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:DA:17:57:47:33:92:08:04:CC:AA:56:78:12:0F:A4:DC:7B:63:4D
            X509v3 Authority Key Identifier:
                keyid:1E:51:40:98:A5:A9:73:6C:DA:43:03:E0:49:5E:94:65:23:90:AA:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/ztoXV0czkggEzKpWeBIPpNx7Y00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.232.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7d:d9:cd:74:c8:8f:63:47:9a:9e:b5:0c:37:7e:87:23:e7:21:
         42:b1:a9:cf:7c:34:f9:09:53:b4:77:73:5d:ae:2a:4b:7a:cf:
         fa:e6:51:95:25:c4:1e:1b:16:bf:3a:c9:2d:c9:6b:3a:34:49:
         f3:8d:d9:71:ef:c1:02:84:a8:7b:e7:9d:9c:9d:c3:f1:a3:9e:
         d3:cd:86:57:af:56:d1:c4:4b:76:b1:68:9a:2c:cd:5f:9b:61:
         73:05:cc:27:8d:b8:df:de:b7:72:37:81:83:a9:36:cb:30:3b:
         d0:77:21:ae:a9:7a:aa:e3:dc:43:26:39:30:c1:cb:ce:92:46:
         e5:c6:23:76:75:9c:b3:02:6c:25:94:35:6a:d3:bd:f0:2a:9f:
         13:a3:79:f3:af:85:27:b6:fa:76:45:54:3c:3b:b9:14:a3:c4:
         9d:45:bf:9b:e9:cb:29:9b:b4:f2:58:79:db:c0:b7:e1:6c:15:
         23:f7:7f:d8:cf:87:fd:a0:99:93:ea:df:c6:71:7f:3b:b3:08:
         e3:c8:b2:30:b0:a1:9e:a3:22:58:45:e0:13:05:88:07:f6:7a:
         9f:24:b1:61:fa:36:32:36:dc:a3:72:23:e8:12:bd:de:f9:c5:
         a7:e6:e5:aa:bf:4a:3e:7b:93:fa:65:98:ee:85:6a:2a:ec:49:
         18:cc:cc:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ8bJlKOB1ML/wEfBGBj+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNTE0MDk4YTVhOTczNmNkYTQzMDNlMDQ5NWU5NDY1MjM5
MGFhOTEwHhcNMjUwMTAxMDk0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWRhMTc1NzQ3MzM5MjA4MDRjY2FhNTY3ODEyMGZhNGRjN2I2MzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7VUuDwUgNkLtzn5vpj3pyhtRT5y
jf0osMJI1JCHuppSKZDwW/XdVfqalXZQF1EAbmqLoJW/Z54MlKlZf4amWiNmbztT
OfMZ7vKNUVei0ipUNaR7oaEEbiICA0/QkGQiBrWbUtm/bmWoHagat/MzI3ppq9TY
AehLHl1hphsrwBQuZNdvYVtl3kDLuq3DZ3+at9iXVoTuxFgjTS3B0znbuYBsjiKu
SXbe0rmgzROCH2cNk/x2L68bWJDg6Cn1BdD3brljoBL4gm9S0lXojTfAnONmJxdq
GfgZa50dQbt9r3PO70NYPNjbvP0TpUYbWbBPeRbs+WAK1/44jlaMpT2kSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM7aF1dHM5IIBMyqVngSD6Tce2NNMB8GA1UdIwQY
MBaAFB5RQJilqXNs2kMD4ElelGUjkKqRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxGQW1LV3BjMnphUXdQZ1NWNlVaU09RcXBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8zNWRmY2ItZDkyZC00OGZlLTlkYWQt
ODU0MzgxNjg2YzdiLzEvenRvWFYwY3prZ2dFektwV2VCSVBwTng3WTAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8zNWRmY2ItZDkyZC00OGZlLTlkYWQtODU0MzgxNjg2Yzdi
LzEvSGxGQW1LV3BjMnphUXdQZ1NWNlVaU09RcXBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLujSMA0G
CSqGSIb3DQEBCwUAA4IBAQB92c10yI9jR5qetQw3focj5yFCsanPfDT5CVO0d3Nd
ripLes/65lGVJcQeGxa/OsktyWs6NEnzjdlx78EChKh7552cncPxo57TzYZXr1bR
xEt2sWiaLM1fm2FzBcwnjbjf3rdyN4GDqTbLMDvQdyGuqXqq49xDJjkwwcvOkkbl
xiN2dZyzAmwllDVq073wKp8To3nzr4Untvp2RVQ8O7kUo8SdRb+b6cspm7TyWHnb
wLfhbBUj93/Yz4f9oJmT6t/GcX87swjjyLIwsKGeoyJYReATBYgH9nqfJLFh+jYy
NtyjciPoEr3e+cWn5uWqv0o+e5P6ZZjuhWoq7EkYzMy8
-----END CERTIFICATE-----