Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/47d7f7-b019-42e9-bb08-d69c0134f5a8/1/J--9FTqyd7jwis3viXw5cnMN5-o.roa
File:                     J--9FTqyd7jwis3viXw5cnMN5-o.roa (raw, json)
Hash identifier:          DC3T7Frr+GR57cEYLFoZVlKHfiR/SiiUWqjetZEXAWY=
Subject key identifier:   27:EF:BD:15:3A:B2:77:B8:F0:8A:CD:EF:89:7C:39:72:73:0D:E7:EA
Certificate issuer:       /CN=3cec061c5ed56dca07753fe4b5b8c090d97ad0e1
Certificate serial:       019421B231AA4C9E29D1B51AEBC427FF16C9
Authority key identifier: 3C:EC:06:1C:5E:D5:6D:CA:07:75:3F:E4:B5:B8:C0:90:D9:7A:D0:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/POwGHF7VbcoHdT_ktbjAkNl60OE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/47d7f7-b019-42e9-bb08-d69c0134f5a8/1/J--9FTqyd7jwis3viXw5cnMN5-o.roa
Signing time:             Wed 01 Jan 2025 11:48:33 +0000
ROA not before:           Wed 01 Jan 2025 11:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52103
IP address blocks:        46.174.64.0/22 maxlen: 22
                          46.174.68.0/24 maxlen: 24
                          46.174.69.0/24 maxlen: 24
                          46.174.70.0/24 maxlen: 24
                          46.174.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/47d7f7-b019-42e9-bb08-d69c0134f5a8/1/POwGHF7VbcoHdT_ktbjAkNl60OE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/47d7f7-b019-42e9-bb08-d69c0134f5a8/1/POwGHF7VbcoHdT_ktbjAkNl60OE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/POwGHF7VbcoHdT_ktbjAkNl60OE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:31:aa:4c:9e:29:d1:b5:1a:eb:c4:27:ff:16:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3cec061c5ed56dca07753fe4b5b8c090d97ad0e1
        Validity
            Not Before: Jan  1 11:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27efbd153ab277b8f08acdef897c3972730de7ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d3:05:ea:a3:6e:3c:ca:fc:10:07:58:7f:84:
                    63:2f:94:92:45:0a:24:ba:12:77:f4:bb:dc:ab:29:
                    b0:31:c9:43:7a:25:55:7c:18:40:6e:d8:ed:a4:82:
                    1a:5d:2d:99:24:c6:a2:d3:48:d3:20:51:45:ca:49:
                    fd:33:49:70:ce:4c:0c:13:92:37:55:7d:f0:8f:64:
                    11:0b:57:a3:91:16:7a:5b:68:c4:8c:6d:a4:aa:68:
                    99:45:78:92:29:2f:c5:f5:b2:ef:06:ab:43:1a:75:
                    83:11:18:71:a6:e4:8f:d2:08:f1:f1:ca:e1:8d:0a:
                    44:bb:4f:ef:b4:2e:a2:6d:d8:ab:c0:92:04:94:b7:
                    19:ba:7d:99:43:c0:3c:b5:a8:f4:9b:b9:f7:72:11:
                    05:9e:ab:da:d4:ab:b6:28:76:33:93:d2:90:07:fb:
                    34:7c:ac:e4:65:78:2d:f4:e5:53:ac:a5:51:3b:36:
                    bc:6a:b6:e7:fd:ec:68:76:43:f8:8e:05:a9:43:b0:
                    3e:a4:db:c3:24:1e:05:dd:57:32:37:9b:73:90:43:
                    76:6d:a4:a6:10:5c:e2:99:a3:bf:9f:b3:81:9c:a3:
                    bc:f4:f3:bb:0c:03:88:08:74:f5:55:86:69:ce:d2:
                    85:3f:95:e6:5b:c1:b5:26:93:36:7e:b7:48:ba:e4:
                    dc:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:EF:BD:15:3A:B2:77:B8:F0:8A:CD:EF:89:7C:39:72:73:0D:E7:EA
            X509v3 Authority Key Identifier:
                keyid:3C:EC:06:1C:5E:D5:6D:CA:07:75:3F:E4:B5:B8:C0:90:D9:7A:D0:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/POwGHF7VbcoHdT_ktbjAkNl60OE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/47d7f7-b019-42e9-bb08-d69c0134f5a8/1/J--9FTqyd7jwis3viXw5cnMN5-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/47d7f7-b019-42e9-bb08-d69c0134f5a8/1/POwGHF7VbcoHdT_ktbjAkNl60OE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.174.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         29:51:36:fb:44:a9:8a:2f:21:22:a4:ac:32:fb:71:2f:9c:ce:
         88:46:01:07:77:24:f0:fc:d9:e0:30:ec:77:45:5c:47:41:2e:
         35:66:d4:58:23:05:36:7d:3a:19:45:02:aa:f1:18:d5:84:f4:
         70:57:80:1d:65:38:cd:97:76:33:9a:87:4c:20:80:0e:02:ff:
         75:cd:37:4a:e1:64:a9:c2:c7:40:0d:fc:01:2c:8d:72:54:7c:
         f1:65:33:58:c2:56:e3:33:2d:82:ee:9f:fc:f6:d0:d2:d6:24:
         1e:7b:98:c6:80:2f:bf:27:aa:d5:f7:9e:2e:31:e8:6e:a5:53:
         86:1d:b4:14:89:be:c8:ca:57:45:75:8f:f4:fc:92:61:ca:18:
         6c:a4:6c:39:e5:a2:e7:7c:71:3d:55:76:c5:0d:c7:d1:e6:8b:
         69:73:1c:dd:cf:ba:62:c5:7e:41:65:24:2a:77:c1:73:e8:f9:
         ff:ca:1e:59:d1:a0:87:c5:1c:f8:3a:52:d0:5b:41:b4:09:00:
         3c:fd:02:ae:9c:06:ee:fb:85:47:05:9c:cd:62:a5:f3:6f:4c:
         35:eb:cb:54:ec:9e:fc:71:d1:b7:b8:b1:89:0a:fb:05:a8:ac:
         c4:b1:ff:2a:90:68:06:ed:4d:f2:d3:74:4f:82:35:86:70:c2:
         a5:91:df:d3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsjGqTJ4p0bUa68Qn/xbJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjZWMwNjFjNWVkNTZkY2EwNzc1M2ZlNGI1YjhjMDkwZDk3
YWQwZTEwHhcNMjUwMTAxMTE0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2VmYmQxNTNhYjI3N2I4ZjA4YWNkZWY4OTdjMzk3MjczMGRlN2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9MF6qNuPMr8EAdYf4RjL5SSRQok
uhJ39LvcqymwMclDeiVVfBhAbtjtpIIaXS2ZJMai00jTIFFFykn9M0lwzkwME5I3
VX3wj2QRC1ejkRZ6W2jEjG2kqmiZRXiSKS/F9bLvBqtDGnWDERhxpuSP0gjx8crh
jQpEu0/vtC6ibdirwJIElLcZun2ZQ8A8taj0m7n3chEFnqva1Ku2KHYzk9KQB/s0
fKzkZXgt9OVTrKVROza8arbn/exodkP4jgWpQ7A+pNvDJB4F3VcyN5tzkEN2baSm
EFzimaO/n7OBnKO89PO7DAOICHT1VYZpztKFP5XmW8G1JpM2frdIuuTc+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCfvvRU6sne48IrN74l8OXJzDefqMB8GA1UdIwQY
MBaAFDzsBhxe1W3KB3U/5LW4wJDZetDhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUE93R0hGN1ZiY29IZFRfa3RiakFrTmw2ME9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC80N2Q3ZjctYjAxOS00MmU5LWJiMDgt
ZDY5YzAxMzRmNWE4LzEvSi0tOUZUcXlkN2p3aXMzdmlYdzVjbk1ONS1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC80N2Q3ZjctYjAxOS00MmU5LWJiMDgtZDY5YzAxMzRmNWE4
LzEvUE93R0hGN1ZiY29IZFRfa3RiakFrTmw2ME9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLq5AMA0G
CSqGSIb3DQEBCwUAA4IBAQApUTb7RKmKLyEipKwy+3EvnM6IRgEHdyTw/NngMOx3
RVxHQS41ZtRYIwU2fToZRQKq8RjVhPRwV4AdZTjNl3YzmodMIIAOAv91zTdK4WSp
wsdADfwBLI1yVHzxZTNYwlbjMy2C7p/89tDS1iQee5jGgC+/J6rV954uMehupVOG
HbQUib7IyldFdY/0/JJhyhhspGw55aLnfHE9VXbFDcfR5otpcxzdz7pixX5BZSQq
d8Fz6Pn/yh5Z0aCHxRz4OlLQW0G0CQA8/QKunAbu+4VHBZzNYqXzb0w168tU7J78
cdG3uLGJCvsFqKzEsf8qkGgG7U3y03RPgjWGcMKlkd/T
-----END CERTIFICATE-----