Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/cEY4_oxa006P5RDwnA1ZzqFve_U.roa
File:                     cEY4_oxa006P5RDwnA1ZzqFve_U.roa (raw, json)
Hash identifier:          aljeYfMZh5A8r1hZ1ho6VGSZLpMMc/WsIq8gaCshO9A=
Subject key identifier:   70:46:38:FE:8C:5A:D3:4E:8F:E5:10:F0:9C:0D:59:CE:A1:6F:7B:F5
Certificate issuer:       /CN=6832c32d2259013991260d530d9120031aaefcd0
Certificate serial:       0194258FC195403B5D3438F8FF90797CC523
Authority key identifier: 68:32:C3:2D:22:59:01:39:91:26:0D:53:0D:91:20:03:1A:AE:FC:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/cEY4_oxa006P5RDwnA1ZzqFve_U.roa
Signing time:             Thu 02 Jan 2025 05:49:25 +0000
ROA not before:           Thu 02 Jan 2025 05:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        145.46.168.0/24 maxlen: 24
                          145.46.169.0/24 maxlen: 24
                          145.46.170.0/24 maxlen: 24
                          145.46.171.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:c1:95:40:3b:5d:34:38:f8:ff:90:79:7c:c5:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6832c32d2259013991260d530d9120031aaefcd0
        Validity
            Not Before: Jan  2 05:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=704638fe8c5ad34e8fe510f09c0d59cea16f7bf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:08:4b:a0:9e:70:85:03:94:82:fb:1d:a4:9e:
                    c8:af:26:4d:4c:6a:e2:56:c1:91:86:5f:84:ab:ff:
                    34:e0:d3:86:59:6d:9b:e5:69:d6:02:d9:c3:be:c8:
                    f2:26:93:b3:10:cb:1b:3e:75:4e:f7:23:e3:e2:a9:
                    97:da:3e:0a:c9:15:8c:a8:7f:04:63:3a:8c:e6:b8:
                    31:8b:37:ce:d0:3d:0d:16:25:2d:33:1f:6f:0d:6f:
                    26:ca:06:5f:67:c5:b3:a3:1b:b8:da:76:45:1e:b5:
                    70:e2:ff:d0:e3:fe:c4:72:12:77:55:b1:6b:d1:e6:
                    37:a5:0d:c9:c4:71:2b:25:29:f2:b8:f6:be:c2:71:
                    26:73:04:a9:6a:69:09:22:0e:37:29:b6:fd:87:2e:
                    6f:9e:ba:6f:bc:b0:01:6d:15:8b:a6:1a:f5:9b:26:
                    54:3a:f1:77:28:06:66:f4:1d:b6:18:0a:1d:2f:35:
                    1a:fc:34:fd:d1:df:44:dc:41:29:aa:91:b4:3e:a9:
                    b8:07:f8:5b:ab:94:c2:04:60:10:26:1d:f4:89:1b:
                    8f:fe:33:fc:ae:f4:88:87:99:ea:23:2a:3e:87:0b:
                    c4:47:89:4b:02:82:e9:3e:a8:51:26:a0:de:c2:8f:
                    21:a9:27:44:53:4c:e0:6c:8c:db:d8:70:e4:67:40:
                    21:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:46:38:FE:8C:5A:D3:4E:8F:E5:10:F0:9C:0D:59:CE:A1:6F:7B:F5
            X509v3 Authority Key Identifier:
                keyid:68:32:C3:2D:22:59:01:39:91:26:0D:53:0D:91:20:03:1A:AE:FC:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aDLDLSJZATmRJg1TDZEgAxqu_NA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/cEY4_oxa006P5RDwnA1ZzqFve_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/94b66e-3e0d-4332-ab4f-770f8eab2ae7/1/aDLDLSJZATmRJg1TDZEgAxqu_NA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.46.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a5:af:53:d4:99:c0:00:bf:1b:1a:9a:5f:da:1d:a6:f6:b2:9e:
         20:04:f9:d2:ea:6f:47:4a:f1:bb:b6:0d:7c:34:82:f4:39:02:
         2d:c6:0d:46:00:d1:2f:6e:e2:14:7e:e5:86:ea:26:bb:bc:d0:
         de:47:67:03:da:53:6b:eb:bf:58:d5:d9:7d:a2:13:ae:b7:29:
         de:50:2b:d1:16:67:8a:78:56:38:f1:de:51:fb:d2:3d:bd:08:
         f9:82:b3:56:96:6a:55:c7:06:f5:79:02:47:5c:0e:31:9e:f3:
         0d:db:e2:98:a2:c1:33:be:b2:9f:ae:9c:2f:18:21:8b:fc:6c:
         9c:d8:64:db:fb:f0:58:df:75:50:69:43:99:9e:32:b0:fe:b0:
         e8:5b:26:37:0b:2b:ba:9e:27:c5:a4:cb:42:58:57:15:31:73:
         5e:14:e3:77:7f:7c:96:fd:b7:6d:f2:55:3c:1d:37:84:30:8c:
         60:90:29:8e:0a:00:81:81:86:0f:91:5b:4a:88:59:05:7d:cb:
         47:d3:c3:78:20:66:cc:d0:08:1d:dc:27:6f:49:c4:72:f7:a9:
         14:13:5a:12:95:ea:df:bd:41:0a:9b:53:85:90:b6:34:9d:c5:
         03:56:f1:f6:70:e4:05:ce:1e:7c:6a:99:5a:44:f3:58:a7:53:
         50:20:8c:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj8GVQDtdNDj4/5B5fMUjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MzJjMzJkMjI1OTAxMzk5MTI2MGQ1MzBkOTEyMDAzMWFh
ZWZjZDAwHhcNMjUwMTAyMDU0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDQ2MzhmZThjNWFkMzRlOGZlNTEwZjA5YzBkNTljZWExNmY3YmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApAhLoJ5whQOUgvsdpJ7IryZNTGri
VsGRhl+Eq/804NOGWW2b5WnWAtnDvsjyJpOzEMsbPnVO9yPj4qmX2j4KyRWMqH8E
YzqM5rgxizfO0D0NFiUtMx9vDW8mygZfZ8Wzoxu42nZFHrVw4v/Q4/7EchJ3VbFr
0eY3pQ3JxHErJSnyuPa+wnEmcwSpamkJIg43Kbb9hy5vnrpvvLABbRWLphr1myZU
OvF3KAZm9B22GAodLzUa/DT90d9E3EEpqpG0Pqm4B/hbq5TCBGAQJh30iRuP/jP8
rvSIh5nqIyo+hwvER4lLAoLpPqhRJqDewo8hqSdEU0zgbIzb2HDkZ0AhKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBGOP6MWtNOj+UQ8JwNWc6hb3v1MB8GA1UdIwQY
MBaAFGgywy0iWQE5kSYNUw2RIAMarvzQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYURMRExTSlpBVG1SSmcxVERaRWdBeHF1X05BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85NGI2NmUtM2UwZC00MzMyLWFiNGYt
NzcwZjhlYWIyYWU3LzEvY0VZNF9veGEwMDZQNVJEd25BMVp6cUZ2ZV9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85NGI2NmUtM2UwZC00MzMyLWFiNGYtNzcwZjhlYWIyYWU3
LzEvYURMRExTSlpBVG1SSmcxVERaRWdBeHF1X05BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCkS6oMA0G
CSqGSIb3DQEBCwUAA4IBAQClr1PUmcAAvxsaml/aHab2sp4gBPnS6m9HSvG7tg18
NIL0OQItxg1GANEvbuIUfuWG6ia7vNDeR2cD2lNr679Y1dl9ohOutyneUCvRFmeK
eFY48d5R+9I9vQj5grNWlmpVxwb1eQJHXA4xnvMN2+KYosEzvrKfrpwvGCGL/Gyc
2GTb+/BY33VQaUOZnjKw/rDoWyY3Cyu6nifFpMtCWFcVMXNeFON3f3yW/bdt8lU8
HTeEMIxgkCmOCgCBgYYPkVtKiFkFfctH08N4IGbM0Agd3CdvScRy96kUE1oSlerf
vUEKm1OFkLY0ncUDVvH2cOQFzh58aplaRPNYp1NQIIw4
-----END CERTIFICATE-----