Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/3mF0o8ObxMG1vPes91bWbw0tnsA.roa
File:                     3mF0o8ObxMG1vPes91bWbw0tnsA.roa (raw, json)
Hash identifier:          UJhMkfjPft/QeBcE4Z26qo9FCGStMKR3bjVpARVrtgI=
Subject key identifier:   DE:61:74:A3:C3:9B:C4:C1:B5:BC:F7:AC:F7:56:D6:6F:0D:2D:9E:C0
Certificate issuer:       /CN=ed6da9e41686d21c12799c8e84b274aa8241508c
Certificate serial:       019424B38763BCB999562EF9D67794125648
Authority key identifier: ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/3mF0o8ObxMG1vPes91bWbw0tnsA.roa
Signing time:             Thu 02 Jan 2025 01:48:52 +0000
ROA not before:           Thu 02 Jan 2025 01:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61962
IP address blocks:        46.143.244.0/23 maxlen: 23
                          46.143.244.0/24 maxlen: 24
                          46.143.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:87:63:bc:b9:99:56:2e:f9:d6:77:94:12:56:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed6da9e41686d21c12799c8e84b274aa8241508c
        Validity
            Not Before: Jan  2 01:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=de6174a3c39bc4c1b5bcf7acf756d66f0d2d9ec0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:33:95:3a:d3:89:c9:e4:1b:fa:70:24:d2:1e:
                    a2:b1:cd:ba:34:85:fc:50:7e:e9:73:cd:ac:21:6e:
                    65:ba:79:0f:e3:d1:b1:53:32:10:36:a5:c7:fb:33:
                    4f:3c:cc:08:db:0d:87:8d:61:4d:0c:01:82:6e:d1:
                    9c:85:b8:c3:8e:0f:dd:1e:33:9d:fd:3f:db:de:52:
                    03:9f:48:5e:7f:c7:47:91:cd:9d:75:61:bb:5f:8b:
                    c3:f4:a8:91:36:af:b4:f0:82:aa:6e:59:0b:64:93:
                    87:ba:62:0c:5c:67:d9:6d:ca:ee:2e:5c:62:ca:28:
                    d2:74:02:fe:85:c7:a4:2c:e2:04:11:dd:b3:0c:c1:
                    65:52:28:ec:39:e6:00:10:24:39:04:f3:a7:e2:88:
                    57:c6:8c:ad:a2:20:da:d1:08:3c:b5:47:64:a8:2a:
                    66:e2:28:3e:42:d8:17:e7:c1:0a:99:60:f7:73:c7:
                    bc:a2:07:98:3b:e8:4f:10:cf:c1:2a:b1:35:bc:6c:
                    8f:78:d9:f1:ff:97:77:96:5b:41:54:43:1b:84:ea:
                    4f:37:af:5a:f9:57:6c:f9:f3:64:89:df:33:4b:e9:
                    1f:5b:e7:0d:e9:6d:9d:e8:0c:14:28:70:02:32:18:
                    cb:10:47:7b:af:7b:49:7c:08:f1:48:b8:9a:15:4c:
                    e9:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:61:74:A3:C3:9B:C4:C1:B5:BC:F7:AC:F7:56:D6:6F:0D:2D:9E:C0
            X509v3 Authority Key Identifier:
                keyid:ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/3mF0o8ObxMG1vPes91bWbw0tnsA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.143.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:01:d0:2a:4c:b9:e6:7c:c8:a9:06:f9:01:38:3e:89:77:11:
         14:2e:f4:75:a3:f5:37:b8:ae:99:88:a5:e0:a2:67:4c:cd:db:
         27:02:78:58:08:b9:5f:f8:26:40:20:fc:c2:5e:8a:f8:56:cf:
         f7:e8:87:a2:f5:c7:a5:64:0e:8a:ec:8c:30:fd:1e:73:c6:80:
         43:29:d6:fe:74:21:82:39:e9:a2:9c:09:d0:2a:0e:bd:27:c9:
         87:c3:75:7e:8c:6c:1d:9b:5a:b1:26:ca:22:35:4f:74:b2:44:
         22:e7:18:f2:01:e7:4e:07:69:7a:9c:2e:17:4c:5d:98:da:88:
         9b:2b:0d:6f:3b:fe:8d:cc:92:f8:a2:0b:60:a5:31:1b:1a:53:
         c9:27:5e:ad:c0:13:de:f8:7f:a6:d3:83:0b:27:ca:0f:9a:c7:
         7e:80:60:de:08:d1:66:b2:f0:2d:1f:33:17:92:22:8f:f4:6b:
         8d:20:79:81:e0:c9:49:e6:08:cb:71:76:3b:c9:e9:37:32:66:
         56:fd:54:ce:aa:a0:1e:d1:a1:b0:4c:ec:05:25:d6:c3:40:82:
         aa:bf:86:a6:8a:3e:1b:3b:6c:e0:9b:ff:84:83:c3:6d:a4:5c:
         8a:09:7a:91:c2:47:5c:cf:b8:60:c7:76:8d:ed:15:48:40:f5:
         8d:1c:7f:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks4djvLmZVi751neUElZIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNmRhOWU0MTY4NmQyMWMxMjc5OWM4ZTg0YjI3NGFhODI0
MTUwOGMwHhcNMjUwMTAyMDE0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTYxNzRhM2MzOWJjNGMxYjViY2Y3YWNmNzU2ZDY2ZjBkMmQ5ZWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5jOVOtOJyeQb+nAk0h6isc26NIX8
UH7pc82sIW5lunkP49GxUzIQNqXH+zNPPMwI2w2HjWFNDAGCbtGchbjDjg/dHjOd
/T/b3lIDn0hef8dHkc2ddWG7X4vD9KiRNq+08IKqblkLZJOHumIMXGfZbcruLlxi
yijSdAL+hcekLOIEEd2zDMFlUijsOeYAECQ5BPOn4ohXxoytoiDa0Qg8tUdkqCpm
4ig+QtgX58EKmWD3c8e8ogeYO+hPEM/BKrE1vGyPeNnx/5d3lltBVEMbhOpPN69a
+Vds+fNkid8zS+kfW+cN6W2d6AwUKHACMhjLEEd7r3tJfAjxSLiaFUzprwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN5hdKPDm8TBtbz3rPdW1m8NLZ7AMB8GA1UdIwQY
MBaAFO1tqeQWhtIcEnmcjoSydKqCQVCMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYt
MjlmMWJlYjJmMjgyLzEvM21GMG84T2J4TUcxdlBlczkxYldidzB0bnNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYtMjlmMWJlYjJmMjgy
LzEvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLo/0MA0G
CSqGSIb3DQEBCwUAA4IBAQCHAdAqTLnmfMipBvkBOD6JdxEULvR1o/U3uK6ZiKXg
omdMzdsnAnhYCLlf+CZAIPzCXor4Vs/36Iei9celZA6K7Iww/R5zxoBDKdb+dCGC
OeminAnQKg69J8mHw3V+jGwdm1qxJsoiNU90skQi5xjyAedOB2l6nC4XTF2Y2oib
Kw1vO/6NzJL4ogtgpTEbGlPJJ16twBPe+H+m04MLJ8oPmsd+gGDeCNFmsvAtHzMX
kiKP9GuNIHmB4MlJ5gjLcXY7yek3MmZW/VTOqqAe0aGwTOwFJdbDQIKqv4amij4b
O2zgm/+Eg8NtpFyKCXqRwkdcz7hgx3aN7RVIQPWNHH/b
-----END CERTIFICATE-----