Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/3f7463-4d4f-41a6-8d72-3951378aa766/1/N0qByPu3emMo9XfORXwQEiEDLX4.roa
File:                     N0qByPu3emMo9XfORXwQEiEDLX4.roa (raw, json)
Hash identifier:          WDWKjOtvs4aBJ9ngAGga+267IwwKrgiGUR6VHAFxV3g=
Subject key identifier:   37:4A:81:C8:FB:B7:7A:63:28:F5:77:CE:45:7C:10:12:21:03:2D:7E
Certificate issuer:       /CN=9813e2f6351d3b4d1e61aa4016f1b2cfa62d7cdf
Certificate serial:       019422FB02C0A760598D47B8AB81D00ECA4C
Authority key identifier: 98:13:E2:F6:35:1D:3B:4D:1E:61:AA:40:16:F1:B2:CF:A6:2D:7C:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mBPi9jUdO00eYapAFvGyz6YtfN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/3f7463-4d4f-41a6-8d72-3951378aa766/1/N0qByPu3emMo9XfORXwQEiEDLX4.roa
Signing time:             Wed 01 Jan 2025 17:47:42 +0000
ROA not before:           Wed 01 Jan 2025 17:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51484
IP address blocks:        46.45.64.0/18 maxlen: 18
                          46.45.104.0/23 maxlen: 23
                          46.45.112.0/20 maxlen: 20
                          2a03:24c0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/3f7463-4d4f-41a6-8d72-3951378aa766/1/mBPi9jUdO00eYapAFvGyz6YtfN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/3f7463-4d4f-41a6-8d72-3951378aa766/1/mBPi9jUdO00eYapAFvGyz6YtfN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mBPi9jUdO00eYapAFvGyz6YtfN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 08:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:02:c0:a7:60:59:8d:47:b8:ab:81:d0:0e:ca:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9813e2f6351d3b4d1e61aa4016f1b2cfa62d7cdf
        Validity
            Not Before: Jan  1 17:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=374a81c8fbb77a6328f577ce457c101221032d7e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:52:81:3f:fe:d4:96:27:42:9d:92:14:26:e9:
                    dd:a3:fb:f5:61:9c:32:a4:31:bd:e0:2e:f8:b2:3c:
                    9b:0d:a9:da:08:08:e7:8b:a2:c8:06:1d:39:de:f1:
                    b1:ed:c1:e1:38:72:1b:df:cd:5c:42:c9:50:c3:1f:
                    46:ab:26:88:b7:a9:ef:a4:73:fc:15:d6:55:9e:9b:
                    fc:02:9c:72:b0:bd:09:02:5e:88:f5:6f:a5:1f:17:
                    0c:4e:da:e6:df:34:3a:a0:96:90:e1:af:6b:b3:d1:
                    61:dd:d5:f2:a1:bb:c3:25:c8:b8:0c:42:45:35:9d:
                    5c:de:12:35:31:49:eb:ba:fb:b5:60:9d:ef:7e:25:
                    54:a1:54:cc:fc:d6:0a:36:62:92:80:03:40:6c:cf:
                    29:99:fd:cb:a5:1a:63:d2:df:fb:eb:1f:c1:6c:16:
                    98:70:38:25:00:89:c9:73:7b:8a:8d:49:10:ed:7e:
                    f7:89:22:41:c5:0e:8b:b1:8c:78:03:b8:4d:fe:44:
                    76:0c:22:b1:0b:a7:35:83:91:d1:67:be:c8:2f:00:
                    f1:27:08:24:46:4f:a7:12:68:bc:f7:75:d2:d2:1a:
                    8d:ab:2a:df:c4:48:47:3f:b7:e1:d8:5a:00:9b:8a:
                    15:02:f7:e6:b9:7d:da:a2:f6:cd:65:37:06:07:ef:
                    37:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:4A:81:C8:FB:B7:7A:63:28:F5:77:CE:45:7C:10:12:21:03:2D:7E
            X509v3 Authority Key Identifier:
                keyid:98:13:E2:F6:35:1D:3B:4D:1E:61:AA:40:16:F1:B2:CF:A6:2D:7C:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mBPi9jUdO00eYapAFvGyz6YtfN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/3f7463-4d4f-41a6-8d72-3951378aa766/1/N0qByPu3emMo9XfORXwQEiEDLX4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/3f7463-4d4f-41a6-8d72-3951378aa766/1/mBPi9jUdO00eYapAFvGyz6YtfN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.45.64.0/18
                IPv6:
                  2a03:24c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         a5:a6:14:9f:58:84:ee:36:f8:97:b1:89:e2:fd:89:1e:af:36:
         89:81:34:2c:c1:29:0b:31:d7:ce:a2:d4:be:50:30:58:23:c4:
         ea:30:ea:1d:69:0f:5a:71:3a:04:86:bd:b7:0b:d9:99:33:db:
         56:1f:00:29:ec:6f:69:3e:af:92:9f:2e:8e:35:da:f2:dd:0c:
         e6:ec:a6:0e:65:58:4e:b3:3d:f8:9d:fe:12:7b:c4:2b:95:67:
         4b:6f:0b:d9:95:84:ad:5f:58:78:fa:67:2a:7e:22:25:b4:aa:
         f5:88:aa:51:cf:f9:df:68:5d:ca:91:49:68:e5:bd:7d:6a:d9:
         5d:4f:ef:ed:92:6b:53:21:e0:8a:91:bf:d4:8b:81:73:5d:f1:
         b0:85:7a:df:4a:a2:39:fc:4c:09:04:14:09:59:72:5e:e2:40:
         f0:ce:87:75:80:ed:56:83:0d:ce:6e:ae:63:77:69:63:f2:ba:
         b4:af:39:d8:ef:57:2b:a2:87:5b:1a:d7:c4:e7:6a:22:7a:e4:
         3a:c9:e5:7a:a9:7d:39:17:50:a2:fd:53:34:0c:12:0b:09:cc:
         9a:ca:ac:cb:7f:b6:c4:db:01:22:01:0c:53:a1:9d:7a:4c:4f:
         07:d9:45:4a:fc:ff:54:6e:0e:f3:96:aa:10:eb:4d:dd:77:81:
         bd:4d:4f:e2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQi+wLAp2BZjUe4q4HQDspMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MTNlMmY2MzUxZDNiNGQxZTYxYWE0MDE2ZjFiMmNmYTYy
ZDdjZGYwHhcNMjUwMTAxMTc0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzRhODFjOGZiYjc3YTYzMjhmNTc3Y2U0NTdjMTAxMjIxMDMyZDdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFKBP/7UlidCnZIUJundo/v1YZwy
pDG94C74sjybDanaCAjni6LIBh053vGx7cHhOHIb381cQslQwx9GqyaIt6nvpHP8
FdZVnpv8ApxysL0JAl6I9W+lHxcMTtrm3zQ6oJaQ4a9rs9Fh3dXyobvDJci4DEJF
NZ1c3hI1MUnruvu1YJ3vfiVUoVTM/NYKNmKSgANAbM8pmf3LpRpj0t/76x/BbBaY
cDglAInJc3uKjUkQ7X73iSJBxQ6LsYx4A7hN/kR2DCKxC6c1g5HRZ77ILwDxJwgk
Rk+nEmi893XS0hqNqyrfxEhHP7fh2FoAm4oVAvfmuX3aovbNZTcGB+831wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDdKgcj7t3pjKPV3zkV8EBIhAy1+MB8GA1UdIwQY
MBaAFJgT4vY1HTtNHmGqQBbxss+mLXzfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUJQaTlqVWRPMDBlWWFwQUZ2R3l6Nll0Zk44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zZjc0NjMtNGQ0Zi00MWE2LThkNzIt
Mzk1MTM3OGFhNzY2LzEvTjBxQnlQdTNlbU1vOVhmT1JYd1FFaUVETFg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zZjc0NjMtNGQ0Zi00MWE2LThkNzItMzk1MTM3OGFhNzY2
LzEvbUJQaTlqVWRPMDBlWWFwQUZ2R3l6Nll0Zk44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQGLi1AMA8E
AgACMAkDBwAqAyTAAAAwDQYJKoZIhvcNAQELBQADggEBAKWmFJ9YhO42+JexieL9
iR6vNomBNCzBKQsx186i1L5QMFgjxOow6h1pD1pxOgSGvbcL2Zkz21YfACnsb2k+
r5KfLo412vLdDObspg5lWE6zPfid/hJ7xCuVZ0tvC9mVhK1fWHj6Zyp+IiW0qvWI
qlHP+d9oXcqRSWjlvX1q2V1P7+2Sa1Mh4IqRv9SLgXNd8bCFet9Kojn8TAkEFAlZ
cl7iQPDOh3WA7VaDDc5urmN3aWPyurSvOdjvVyuih1sa18TnaiJ65DrJ5XqpfTkX
UKL9UzQMEgsJzJrKrMt/tsTbASIBDFOhnXpMTwfZRUr8/1RuDvOWqhDrTd13gb1N
T+I=
-----END CERTIFICATE-----