Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS46450.roa
File:                     AS46450.roa (raw, json)
Hash identifier:          q2W1fUkw02iEpkXbpZVU9MaWbmdlUb0RohuHDsP8+Ts=
Subject key identifier:   EB:F7:51:02:3B:F5:76:6D:BF:AA:DA:F6:07:AC:AA:A5:BE:31:F3:44
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       0BA0083598B5CD230814F499943F5739826D99BA
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS46450.roa
Signing time:             Tue 28 Jan 2025 22:17:33 +0000
ROA not before:           Tue 28 Jan 2025 22:12:33 +0000
ROA not after:            Tue 27 Jan 2026 22:17:33 +0000
asID:                     46450
IP address blocks:        82.22.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            0b:a0:08:35:98:b5:cd:23:08:14:f4:99:94:3f:57:39:82:6d:99:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Jan 28 22:12:33 2025 GMT
            Not After : Jan 27 22:17:33 2026 GMT
        Subject: CN=EBF751023BF5766DBFAADAF607ACAAA5BE31F344
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:2e:15:1b:11:1b:57:99:dd:59:1d:4a:cf:81:
                    17:a5:42:88:99:82:c6:08:61:3e:8f:b3:68:bb:41:
                    71:44:d3:8e:21:d7:10:a1:24:f1:f3:c3:63:9d:de:
                    52:76:b6:03:08:bb:f6:76:96:af:da:80:da:3d:84:
                    99:9b:3c:a6:b0:da:67:41:fc:19:32:49:23:b5:cc:
                    22:85:8a:c6:af:d6:8a:4f:78:e2:d4:b4:8f:9b:a5:
                    80:ef:83:f0:fc:b0:5c:4f:ff:d8:d3:f5:35:fd:7d:
                    a5:50:1e:f1:82:30:bc:b4:6a:ca:d6:e4:fc:95:b3:
                    fa:43:92:fc:5e:a8:62:f2:7d:b2:33:93:4c:37:53:
                    66:db:fa:a3:ae:e6:b5:6a:70:09:8d:fc:7b:00:09:
                    94:83:db:e4:b8:0d:21:66:2e:d0:04:76:b8:ed:21:
                    eb:f6:6d:d3:70:f0:f8:e2:08:8a:d9:91:b7:f0:61:
                    6c:14:f3:72:d4:6e:ad:33:4f:7f:ec:19:bf:25:5c:
                    97:b3:2c:a9:6e:27:ca:b4:9a:9e:c5:c1:17:46:6d:
                    fa:9e:8e:c1:77:ee:03:17:c8:9a:08:47:94:19:d3:
                    fa:72:97:63:f2:03:60:fa:3c:f1:64:23:79:56:09:
                    5c:0f:1c:b9:e5:b7:34:b5:43:2e:fd:92:14:15:00:
                    72:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:F7:51:02:3B:F5:76:6D:BF:AA:DA:F6:07:AC:AA:A5:BE:31:F3:44
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS46450.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.22.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:76:6f:8f:11:85:5a:41:52:6e:8e:65:3a:3d:15:ff:0a:60:
         5e:a5:37:7f:1e:81:1c:88:b7:12:33:d2:5c:97:60:24:6a:ed:
         6e:e9:10:ef:5a:fd:00:ca:8d:75:da:3d:88:7d:c4:ac:3c:39:
         83:de:58:99:e8:18:24:ca:2a:43:4b:2a:71:46:a4:38:3e:22:
         e9:b1:32:dc:3f:11:dc:22:da:2f:fd:64:84:42:be:02:ca:eb:
         84:f1:8a:cb:0e:d0:f9:6e:4e:14:15:68:08:f0:e9:76:56:74:
         40:64:37:94:99:03:bc:e3:09:d2:e6:50:b2:a6:e6:41:b3:c9:
         8a:2a:20:c2:5e:dd:89:78:71:6c:ff:65:49:f5:77:d2:78:b4:
         d8:45:53:8a:ce:e1:c3:2f:a7:f3:f8:f2:de:1a:fd:33:e1:4d:
         32:60:be:b7:d0:46:da:16:22:84:ff:f6:b6:55:ed:f9:31:aa:
         8d:89:de:19:db:4d:99:37:51:52:07:31:1b:ad:7e:86:bb:1b:
         1d:26:5a:be:31:ee:3d:73:12:75:3c:28:a0:76:a6:b2:ad:f9:
         a3:39:ef:42:74:82:d6:69:a9:fe:fd:31:06:f3:03:0b:3b:2a:
         98:9b:2a:8a:3d:72:68:af:4f:c9:44:c0:9d:cf:d3:ef:86:b0:
         f8:1a:d4:28
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUC6AINZi1zSMIFPSZlD9XOYJtmbowDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNTAxMjgyMjEyMzNaFw0yNjAxMjcyMjE3MzNaMDMxMTAvBgNV
BAMTKEVCRjc1MTAyM0JGNTc2NkRCRkFBREFGNjA3QUNBQUE1QkUzMUYzNDQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDOLhUbERtXmd1ZHUrPgRelQoiZ
gsYIYT6Ps2i7QXFE044h1xChJPHzw2Od3lJ2tgMIu/Z2lq/agNo9hJmbPKaw2mdB
/BkySSO1zCKFisav1opPeOLUtI+bpYDvg/D8sFxP/9jT9TX9faVQHvGCMLy0asrW
5PyVs/pDkvxeqGLyfbIzk0w3U2bb+qOu5rVqcAmN/HsACZSD2+S4DSFmLtAEdrjt
Iev2bdNw8PjiCIrZkbfwYWwU83LUbq0zT3/sGb8lXJezLKluJ8q0mp7FwRdGbfqe
jsF37gMXyJoIR5QZ0/pyl2PyA2D6PPFkI3lWCVwPHLnltzS1Qy79khQVAHJjAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU6/dRAjv1dm2/qtr2B6yqpb4x80QwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNDY0NTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABSFsAw
DQYJKoZIhvcNAQELBQADggEBAKZ2b48RhVpBUm6OZTo9Ff8KYF6lN38egRyItxIz
0lyXYCRq7W7pEO9a/QDKjXXaPYh9xKw8OYPeWJnoGCTKKkNLKnFGpDg+IumxMtw/
Edwi2i/9ZIRCvgLK64TxissO0PluThQVaAjw6XZWdEBkN5SZA7zjCdLmULKm5kGz
yYoqIMJe3Yl4cWz/ZUn1d9J4tNhFU4rO4cMvp/P48t4a/TPhTTJgvrfQRtoWIoT/
9rZV7fkxqo2J3hnbTZk3UVIHMRutfoa7Gx0mWr4x7j1zEnU8KKB2prKt+aM570J0
gtZpqf79MQbzAws7KpibKoo9cmivT8lEwJ3P0++GsPga1Cg=
-----END CERTIFICATE-----