Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/1d72ce-be4c-4498-a823-3aebc9f817ce/1/IrS-qV3W0Ik-KE138sR-ycmjsj0.roa
File:                     IrS-qV3W0Ik-KE138sR-ycmjsj0.roa (raw, json)
Hash identifier:          ZrhZqy7V3sNpl24EYUX1sc+YyDytYvN7JDm/U17ihTc=
Subject key identifier:   22:B4:BE:A9:5D:D6:D0:89:3E:28:4D:77:F2:C4:7E:C9:C9:A3:B2:3D
Certificate issuer:       /CN=297a4229714f34e29d3d92b25f7b59c748f0dfc6
Certificate serial:       019427483C45676A0CCE8F75DB005E415398
Authority key identifier: 29:7A:42:29:71:4F:34:E2:9D:3D:92:B2:5F:7B:59:C7:48:F0:DF:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXpCKXFPNOKdPZKyX3tZx0jw38Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/1d72ce-be4c-4498-a823-3aebc9f817ce/1/IrS-qV3W0Ik-KE138sR-ycmjsj0.roa
Signing time:             Thu 02 Jan 2025 13:50:32 +0000
ROA not before:           Thu 02 Jan 2025 13:50:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44430
IP address blocks:        46.16.120.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/1d72ce-be4c-4498-a823-3aebc9f817ce/1/KXpCKXFPNOKdPZKyX3tZx0jw38Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/1d72ce-be4c-4498-a823-3aebc9f817ce/1/KXpCKXFPNOKdPZKyX3tZx0jw38Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXpCKXFPNOKdPZKyX3tZx0jw38Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 22:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:3c:45:67:6a:0c:ce:8f:75:db:00:5e:41:53:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297a4229714f34e29d3d92b25f7b59c748f0dfc6
        Validity
            Not Before: Jan  2 13:50:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22b4bea95dd6d0893e284d77f2c47ec9c9a3b23d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:7e:7c:f6:91:2f:a4:04:9b:3b:5e:40:d9:ab:
                    92:20:e6:33:ea:ed:c5:19:20:ad:bc:59:5c:a2:6f:
                    6a:10:5b:93:11:3d:01:43:62:e8:5d:71:0b:4a:fa:
                    3e:6e:09:6b:4f:0c:a7:6b:63:f7:28:f1:73:92:e6:
                    e5:f5:7e:84:25:8c:f1:10:61:4e:18:d9:32:13:06:
                    5e:a7:f8:4d:ba:17:c7:8b:83:82:ac:03:72:cc:b2:
                    2f:39:9f:73:80:12:48:fd:f9:8c:e2:32:04:14:8b:
                    d1:ca:6c:46:2d:61:c8:ed:f4:85:d9:9e:8b:4b:d6:
                    6f:ea:b7:ff:b1:47:62:df:65:97:90:d1:a6:77:22:
                    c6:4a:69:59:1b:36:e6:ac:9c:51:89:7f:b9:f8:fb:
                    9b:f0:7a:ff:be:c6:b5:ec:d3:64:1b:43:cc:ab:86:
                    91:9c:7d:98:8b:8c:c8:db:08:00:f0:b5:b5:11:bd:
                    56:6f:35:b0:74:de:df:db:16:29:81:c7:d2:85:3e:
                    eb:27:e4:bd:09:d7:7a:68:ac:24:cb:0a:b3:78:ce:
                    73:c8:14:80:0c:b8:31:1c:21:5b:f9:50:2c:03:fa:
                    f3:56:3d:db:6c:de:2f:a9:0b:c7:a1:34:3a:8b:5f:
                    fa:fa:5e:2f:c9:f2:6d:be:b3:98:c0:49:14:30:8b:
                    11:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:B4:BE:A9:5D:D6:D0:89:3E:28:4D:77:F2:C4:7E:C9:C9:A3:B2:3D
            X509v3 Authority Key Identifier:
                keyid:29:7A:42:29:71:4F:34:E2:9D:3D:92:B2:5F:7B:59:C7:48:F0:DF:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXpCKXFPNOKdPZKyX3tZx0jw38Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1d72ce-be4c-4498-a823-3aebc9f817ce/1/IrS-qV3W0Ik-KE138sR-ycmjsj0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/1d72ce-be4c-4498-a823-3aebc9f817ce/1/KXpCKXFPNOKdPZKyX3tZx0jw38Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ac:91:3a:8a:32:54:2e:0e:02:5f:82:78:c1:23:5d:b9:19:e8:
         98:4b:8f:e5:70:48:f9:51:e5:3c:21:9e:1f:5f:d7:2e:64:66:
         d4:7d:39:df:07:35:75:99:b2:11:a1:d1:61:a2:ed:49:65:90:
         31:a5:50:a5:a4:2f:fb:f5:04:a8:bd:16:0b:d0:d5:94:34:5a:
         56:5d:42:f4:9a:83:e3:56:8d:2b:bd:bb:3d:aa:e0:08:33:73:
         de:2b:c3:0b:41:fe:69:38:cf:9c:79:0d:49:46:79:91:75:61:
         d9:5a:53:14:2e:98:63:ef:e6:88:d7:32:da:e2:98:7c:2a:87:
         e3:81:c0:fb:d8:47:7d:46:ad:ff:1a:6a:b8:3f:32:b5:97:98:
         a5:4d:7d:6f:62:71:51:76:65:ff:2c:00:f2:29:d5:42:a9:01:
         77:10:1f:cb:e4:9d:b8:1c:47:ca:79:34:83:b4:c2:50:0b:3d:
         d1:6b:5c:73:33:08:27:6d:61:03:7f:97:f3:d1:2a:4b:9f:94:
         67:25:ca:ea:cf:a3:d8:4e:5e:89:96:b9:5b:ad:7d:1e:b6:2a:
         88:7d:8b:f7:7d:b8:8a:c2:4b:2e:dd:8e:a5:e0:2f:b7:79:f2:
         50:84:11:de:4b:a5:73:dc:40:0a:15:eb:67:65:bc:f3:3e:8d:
         24:7b:19:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSDxFZ2oMzo912wBeQVOYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2E0MjI5NzE0ZjM0ZTI5ZDNkOTJiMjVmN2I1OWM3NDhm
MGRmYzYwHhcNMjUwMTAyMTM1MDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmI0YmVhOTVkZDZkMDg5M2UyODRkNzdmMmM0N2VjOWM5YTNiMjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmX589pEvpASbO15A2auSIOYz6u3F
GSCtvFlcom9qEFuTET0BQ2LoXXELSvo+bglrTwyna2P3KPFzkubl9X6EJYzxEGFO
GNkyEwZep/hNuhfHi4OCrANyzLIvOZ9zgBJI/fmM4jIEFIvRymxGLWHI7fSF2Z6L
S9Zv6rf/sUdi32WXkNGmdyLGSmlZGzbmrJxRiX+5+Pub8Hr/vsa17NNkG0PMq4aR
nH2Yi4zI2wgA8LW1Eb1WbzWwdN7f2xYpgcfShT7rJ+S9Cdd6aKwkywqzeM5zyBSA
DLgxHCFb+VAsA/rzVj3bbN4vqQvHoTQ6i1/6+l4vyfJtvrOYwEkUMIsRCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCK0vqld1tCJPihNd/LEfsnJo7I9MB8GA1UdIwQY
MBaAFCl6QilxTzTinT2Ssl97WcdI8N/GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1hwQ0tYRlBOT0tkUFpLeVgzdFp4MGp3MzhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8xZDcyY2UtYmU0Yy00NDk4LWE4MjMt
M2FlYmM5ZjgxN2NlLzEvSXJTLXFWM1cwSWstS0UxMzhzUi15Y21qc2owLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8xZDcyY2UtYmU0Yy00NDk4LWE4MjMtM2FlYmM5ZjgxN2Nl
LzEvS1hwQ0tYRlBOT0tkUFpLeVgzdFp4MGp3MzhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLhB4MA0G
CSqGSIb3DQEBCwUAA4IBAQCskTqKMlQuDgJfgnjBI125GeiYS4/lcEj5UeU8IZ4f
X9cuZGbUfTnfBzV1mbIRodFhou1JZZAxpVClpC/79QSovRYL0NWUNFpWXUL0moPj
Vo0rvbs9quAIM3PeK8MLQf5pOM+ceQ1JRnmRdWHZWlMULphj7+aI1zLa4ph8Kofj
gcD72Ed9Rq3/Gmq4PzK1l5ilTX1vYnFRdmX/LADyKdVCqQF3EB/L5J24HEfKeTSD
tMJQCz3Ra1xzMwgnbWEDf5fz0SpLn5RnJcrqz6PYTl6JlrlbrX0etiqIfYv3fbiK
wksu3Y6l4C+3efJQhBHeS6Vz3EAKFetnZbzzPo0kexmi
-----END CERTIFICATE-----