Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/LDm4Z6KcMo2VYx3_khyYeC8O4Iw.roa
File:                     LDm4Z6KcMo2VYx3_khyYeC8O4Iw.roa (raw, json)
Hash identifier:          zcLdl9fx/6GOLrBrDhcPW18T+TQSB2ZgDSkWNEHGluY=
Subject key identifier:   2C:39:B8:67:A2:9C:32:8D:95:63:1D:FF:92:1C:98:78:2F:0E:E0:8C
Certificate issuer:       /CN=e1ac0322b3eab6572ece2a0ac5abf164a5bbff20
Certificate serial:       01977890B1B3FA77604B2F5CBFDC8CFC1AD2
Authority key identifier: E1:AC:03:22:B3:EA:B6:57:2E:CE:2A:0A:C5:AB:F1:64:A5:BB:FF:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4awDIrPqtlcuzioKxavxZKW7_yA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/LDm4Z6KcMo2VYx3_khyYeC8O4Iw.roa
Signing time:             Mon 16 Jun 2025 11:47:17 +0000
ROA not before:           Mon 16 Jun 2025 11:47:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44789
IP address blocks:        46.31.178.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/4awDIrPqtlcuzioKxavxZKW7_yA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/4awDIrPqtlcuzioKxavxZKW7_yA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4awDIrPqtlcuzioKxavxZKW7_yA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 21 Jun 2025 13:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:78:90:b1:b3:fa:77:60:4b:2f:5c:bf:dc:8c:fc:1a:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ac0322b3eab6572ece2a0ac5abf164a5bbff20
        Validity
            Not Before: Jun 16 11:47:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c39b867a29c328d95631dff921c98782f0ee08c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:bf:14:c5:32:90:14:80:e6:08:08:ff:97:c7:
                    0d:b3:66:88:1d:af:21:43:d8:ee:f0:c9:1c:fa:d9:
                    6b:98:24:49:12:65:6d:c6:9c:77:7a:aa:29:46:26:
                    11:72:19:b9:4e:30:f5:cf:4d:a7:10:f8:4e:69:58:
                    43:a0:62:60:fc:06:6b:2d:73:e5:fe:d9:56:60:92:
                    31:68:db:3c:79:a5:f8:10:b7:3c:69:0b:38:60:78:
                    de:45:f3:9a:79:66:14:87:45:44:de:61:0e:8c:9b:
                    8c:d8:1a:a3:dc:a5:d8:23:18:53:f2:87:8f:66:29:
                    22:39:9d:40:1c:94:e3:2e:6e:4e:64:68:92:74:23:
                    97:61:8c:a4:c3:28:7e:8a:c4:8d:a6:b4:cc:f2:4f:
                    47:32:12:db:a5:7c:23:aa:df:64:56:46:b2:14:b6:
                    61:bb:43:f6:fc:57:9f:b5:ae:2e:59:7d:ed:ec:c1:
                    1b:9e:db:ca:c2:fc:90:13:8e:79:93:05:30:9e:06:
                    0c:1b:3d:65:a4:d7:c6:b7:20:23:30:af:be:93:00:
                    7f:35:ab:69:78:15:76:51:17:8d:fa:83:6d:17:0e:
                    0f:39:62:47:ef:aa:3f:c0:87:d0:e6:6e:75:72:30:
                    8d:d1:54:29:e5:16:f6:01:3e:93:26:d3:e5:b2:02:
                    10:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:39:B8:67:A2:9C:32:8D:95:63:1D:FF:92:1C:98:78:2F:0E:E0:8C
            X509v3 Authority Key Identifier:
                keyid:E1:AC:03:22:B3:EA:B6:57:2E:CE:2A:0A:C5:AB:F1:64:A5:BB:FF:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4awDIrPqtlcuzioKxavxZKW7_yA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/LDm4Z6KcMo2VYx3_khyYeC8O4Iw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/ff0036-8313-4b3d-ad7f-8d81fdc6f170/1/4awDIrPqtlcuzioKxavxZKW7_yA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:75:45:ea:e4:5f:b4:b7:3d:69:ac:b9:3a:48:90:33:a9:ca:
         77:ec:70:a5:0e:76:33:5f:44:b8:37:f3:5c:23:25:b8:c0:db:
         1c:b9:b9:28:7e:6e:d1:3b:18:68:dd:9b:9f:6b:37:bf:ad:64:
         72:f2:ec:f6:f8:a3:fc:6f:ea:41:88:a7:2b:01:4a:db:4b:58:
         36:3e:82:e1:a4:6f:f5:61:f5:be:da:2f:6f:bc:92:2b:c4:08:
         82:13:23:74:9f:cc:a3:d1:26:ac:84:04:58:4a:f9:1f:4a:29:
         30:9d:98:91:a3:38:f4:3d:8f:1b:94:74:28:bc:f6:a5:d5:6e:
         08:02:ad:3f:7d:37:a8:72:28:53:0f:29:3c:09:b5:4b:21:6b:
         57:24:ae:f3:56:28:bc:e7:f4:ce:8a:d7:77:8f:10:91:50:24:
         f5:0b:78:84:f5:53:bb:8b:ac:42:d1:63:e6:ed:57:d5:92:1c:
         15:3d:67:c4:30:44:73:c6:1e:55:8f:dd:d9:70:06:ab:b2:ea:
         86:c3:57:2d:cf:07:02:64:8a:76:cb:2d:27:27:55:62:33:1b:
         4a:74:e8:38:e1:64:ac:a2:12:d4:1a:85:09:b9:fe:b0:d8:90:
         e1:5b:e1:2d:68:b0:bd:ff:f4:7f:5b:b1:33:e1:2c:e1:2a:5d:
         c1:e2:a0:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd4kLGz+ndgSy9cv9yM/BrSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxYWMwMzIyYjNlYWI2NTcyZWNlMmEwYWM1YWJmMTY0YTVi
YmZmMjAwHhcNMjUwNjE2MTE0NzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzM5Yjg2N2EyOWMzMjhkOTU2MzFkZmY5MjFjOTg3ODJmMGVlMDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5L8UxTKQFIDmCAj/l8cNs2aIHa8h
Q9ju8Mkc+tlrmCRJEmVtxpx3eqopRiYRchm5TjD1z02nEPhOaVhDoGJg/AZrLXPl
/tlWYJIxaNs8eaX4ELc8aQs4YHjeRfOaeWYUh0VE3mEOjJuM2Bqj3KXYIxhT8oeP
ZikiOZ1AHJTjLm5OZGiSdCOXYYykwyh+isSNprTM8k9HMhLbpXwjqt9kVkayFLZh
u0P2/Fefta4uWX3t7MEbntvKwvyQE455kwUwngYMGz1lpNfGtyAjMK++kwB/Natp
eBV2UReN+oNtFw4POWJH76o/wIfQ5m51cjCN0VQp5Rb2AT6TJtPlsgIQJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCw5uGeinDKNlWMd/5IcmHgvDuCMMB8GA1UdIwQY
MBaAFOGsAyKz6rZXLs4qCsWr8WSlu/8gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGF3RElyUHF0bGN1emlvS3hhdnhaS1c3X3lBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9mZjAwMzYtODMxMy00YjNkLWFkN2Yt
OGQ4MWZkYzZmMTcwLzEvTERtNFo2S2NNbzJWWXgzX2toeVllQzhPNEl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9mZjAwMzYtODMxMy00YjNkLWFkN2YtOGQ4MWZkYzZmMTcw
LzEvNGF3RElyUHF0bGN1emlvS3hhdnhaS1c3X3lBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLh+yMA0G
CSqGSIb3DQEBCwUAA4IBAQAPdUXq5F+0tz1prLk6SJAzqcp37HClDnYzX0S4N/Nc
IyW4wNscubkofm7ROxho3Zufaze/rWRy8uz2+KP8b+pBiKcrAUrbS1g2PoLhpG/1
YfW+2i9vvJIrxAiCEyN0n8yj0SashARYSvkfSikwnZiRozj0PY8blHQovPal1W4I
Aq0/fTeocihTDyk8CbVLIWtXJK7zVii85/TOitd3jxCRUCT1C3iE9VO7i6xC0WPm
7VfVkhwVPWfEMERzxh5Vj93ZcAarsuqGw1ctzwcCZIp2yy0nJ1ViMxtKdOg44WSs
ohLUGoUJuf6w2JDhW+EtaLC9//R/W7Ez4SzhKl3B4qAt
-----END CERTIFICATE-----