Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/d3pxfpSAdMX5-xYmVFQaOfvLDSg.roa
File:                     d3pxfpSAdMX5-xYmVFQaOfvLDSg.roa (raw, json)
Hash identifier:          NLZDZC6DgJ7PomVCUoylLvrMZJUUP5EGmw8tlYepepc=
Subject key identifier:   77:7A:71:7E:94:80:74:C5:F9:FB:16:26:54:54:1A:39:FB:CB:0D:28
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019420683172DA663A73B85E5BF733BFFDEC
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/d3pxfpSAdMX5-xYmVFQaOfvLDSg.roa
Signing time:             Wed 01 Jan 2025 05:48:06 +0000
ROA not before:           Wed 01 Jan 2025 05:48:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     63023
IP address blocks:        46.254.106.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:19:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:31:72:da:66:3a:73:b8:5e:5b:f7:33:bf:fd:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jan  1 05:48:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=777a717e948074c5f9fb162654541a39fbcb0d28
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d3:76:34:a3:b8:e7:ee:73:3c:e3:d4:e6:3a:
                    2c:34:5d:ac:ec:97:8c:94:46:ed:d2:7d:c4:6e:15:
                    47:85:a5:ff:5e:65:98:5d:11:f5:17:80:b3:59:e9:
                    8a:5a:f0:2e:44:90:01:3a:bf:d7:7e:9e:99:dd:80:
                    bd:83:85:e0:c0:99:26:bb:00:68:0f:71:17:e6:13:
                    28:14:2d:6b:d6:73:e0:8a:2b:68:29:6a:23:73:c5:
                    38:9a:74:33:bb:3e:90:1c:2e:7c:55:3b:d8:d5:f7:
                    a0:ee:3f:1a:bc:ab:d8:c5:82:aa:85:47:a5:f6:54:
                    43:76:5e:c9:00:97:b3:25:51:68:2b:a3:8f:cd:47:
                    c2:86:12:d8:79:6d:79:07:8c:91:5b:e0:55:1e:9c:
                    60:89:61:2a:b0:d3:10:5d:21:44:b1:92:7e:92:e6:
                    c6:60:3a:fd:16:43:67:0b:8c:77:5c:3f:e6:ab:5d:
                    0b:75:86:61:b2:0e:99:c0:56:50:4a:3a:ec:7c:13:
                    a9:18:47:b1:fd:66:ef:83:64:ec:8b:ad:c6:79:d9:
                    60:f8:44:ed:80:53:9e:bf:0e:f0:fd:4a:50:43:a1:
                    3a:f5:fc:4a:3e:36:54:01:7f:54:e7:c0:c2:7a:08:
                    6d:3a:a8:f4:bf:2f:b4:6e:10:f7:3f:4a:f7:b4:2a:
                    2f:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:7A:71:7E:94:80:74:C5:F9:FB:16:26:54:54:1A:39:FB:CB:0D:28
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/d3pxfpSAdMX5-xYmVFQaOfvLDSg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.254.106.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:09:45:c0:4f:44:3c:14:3d:3f:50:07:b1:b0:f6:14:80:32:
         1b:b4:25:ed:49:da:bb:06:a5:d0:05:0d:1d:6d:03:ff:19:5c:
         aa:1c:ae:68:ff:74:e3:49:86:ad:aa:83:f3:01:2e:44:fa:23:
         aa:bc:29:ff:90:59:c8:7c:88:0b:36:32:e4:94:95:d3:e0:31:
         f5:93:80:15:a5:8e:31:aa:40:d8:e5:52:74:b6:dd:f6:e0:88:
         06:35:6f:a3:75:e8:23:dc:e5:a3:8c:ff:a5:9d:fc:11:32:0b:
         d3:7a:a9:b6:39:2d:04:44:82:53:25:c6:f3:fc:d0:0c:eb:d6:
         ab:5a:a8:2b:6b:a6:96:bf:11:dc:ba:f8:56:a7:aa:11:cf:27:
         6e:a9:8e:3d:5c:3b:ca:48:f5:14:df:4c:1f:ec:c4:62:e0:a6:
         bb:df:e5:45:2b:81:24:90:bc:9d:01:59:59:a2:a3:cc:a7:c5:
         d7:6a:05:a4:10:79:ab:b1:be:ac:0f:d6:3f:6f:27:a4:3c:02:
         79:54:38:61:92:f8:e8:53:c1:1e:d3:6f:c1:d5:fe:f7:91:27:
         53:c0:44:57:e2:61:65:5f:87:bf:e4:4f:49:d0:08:49:0d:d3:
         50:0e:08:a3:76:1e:85:59:c6:f4:ba:1d:6d:87:86:51:1f:2f:
         6c:01:36:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaDFy2mY6c7heW/czv/3sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjUwMTAxMDU0ODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzdhNzE3ZTk0ODA3NGM1ZjlmYjE2MjY1NDU0MWEzOWZiY2IwZDI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9N2NKO45+5zPOPU5josNF2s7JeM
lEbt0n3EbhVHhaX/XmWYXRH1F4CzWemKWvAuRJABOr/Xfp6Z3YC9g4XgwJkmuwBo
D3EX5hMoFC1r1nPgiitoKWojc8U4mnQzuz6QHC58VTvY1feg7j8avKvYxYKqhUel
9lRDdl7JAJezJVFoK6OPzUfChhLYeW15B4yRW+BVHpxgiWEqsNMQXSFEsZJ+kubG
YDr9FkNnC4x3XD/mq10LdYZhsg6ZwFZQSjrsfBOpGEex/Wbvg2Tsi63Gedlg+ETt
gFOevw7w/UpQQ6E69fxKPjZUAX9U58DCeghtOqj0vy+0bhD3P0r3tCov0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHd6cX6UgHTF+fsWJlRUGjn7yw0oMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvZDNweGZwU0FkTVg1LXhZbVZGUWFPZnZMRFNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALv5qMA0G
CSqGSIb3DQEBCwUAA4IBAQBrCUXAT0Q8FD0/UAexsPYUgDIbtCXtSdq7BqXQBQ0d
bQP/GVyqHK5o/3TjSYatqoPzAS5E+iOqvCn/kFnIfIgLNjLklJXT4DH1k4AVpY4x
qkDY5VJ0tt324IgGNW+jdegj3OWjjP+lnfwRMgvTeqm2OS0ERIJTJcbz/NAM69ar
Wqgra6aWvxHcuvhWp6oRzyduqY49XDvKSPUU30wf7MRi4Ka73+VFK4EkkLydAVlZ
oqPMp8XXagWkEHmrsb6sD9Y/byekPAJ5VDhhkvjoU8Ee02/B1f73kSdTwERX4mFl
X4e/5E9J0AhJDdNQDgijdh6FWcb0uh1th4ZRHy9sATYm
-----END CERTIFICATE-----