Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS46450.roa
File:                     AS46450.roa (raw, json)
Hash identifier:          M36fXRRq0dBG4sfMvYOqBg+N3PKxExMFcurqbwFy7Yg=
Subject key identifier:   76:8D:49:41:BA:6E:8D:24:67:3D:48:48:90:CE:EA:29:25:80:71:EA
Certificate issuer:       /CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
Certificate serial:       2A3E2E5D8CD88F9408C5AE18080B464A9CA65A7F
Authority key identifier: 03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS46450.roa
Signing time:             Sun 20 Apr 2025 15:54:02 +0000
ROA not before:           Sun 20 Apr 2025 15:49:02 +0000
ROA not after:            Sun 19 Apr 2026 15:54:02 +0000
asID:                     46450
IP address blocks:        91.199.168.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 05:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            2a:3e:2e:5d:8c:d8:8f:94:08:c5:ae:18:08:0b:46:4a:9c:a6:5a:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=03b1ba3fdb91d8d9ea76c5776320eb7eb2d6ed9d
        Validity
            Not Before: Apr 20 15:49:02 2025 GMT
            Not After : Apr 19 15:54:02 2026 GMT
        Subject: CN=768D4941BA6E8D24673D484890CEEA29258071EA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:07:1a:07:87:f3:b6:48:a8:bb:a5:53:75:f3:
                    bf:1e:cb:0c:f7:6d:ab:d6:9e:fa:e3:11:8e:f0:76:
                    4d:ce:54:b5:7f:35:f3:d2:7c:4b:3c:8e:51:2f:c3:
                    a3:33:a3:d3:7e:dd:5d:90:c5:cd:db:7f:64:e6:2c:
                    b7:6f:27:89:59:4f:9d:55:2c:a3:0b:92:bb:57:84:
                    dd:7d:6a:45:74:c2:5a:08:e2:0c:d5:1c:46:d5:c8:
                    c1:8b:2d:f2:17:bb:f2:45:f7:53:25:d3:4d:e6:f3:
                    e6:f3:06:d6:05:c6:bc:7f:2d:31:c6:ae:e4:c1:88:
                    6d:19:a1:30:7f:54:ec:02:fc:5e:05:46:59:cf:17:
                    c6:5c:ca:3c:51:f4:11:18:75:cd:27:5e:38:31:7e:
                    c0:a9:7d:a2:12:21:ff:2c:ad:2c:a4:3c:e2:01:ce:
                    4f:79:7f:68:0d:af:f5:e3:19:0f:e0:f3:b8:ca:bb:
                    53:6c:65:bf:23:96:6e:32:b7:65:5b:69:a0:2d:c9:
                    fb:8b:d3:1b:99:95:54:c9:1c:9e:2b:11:54:45:60:
                    98:3e:2e:76:db:b5:4a:81:52:23:49:7e:fd:41:18:
                    a0:48:c7:c6:48:f2:be:30:56:78:16:bd:a3:40:4d:
                    a7:2d:4f:41:68:9b:5c:e4:d0:b2:91:1b:ea:9c:4b:
                    b9:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:8D:49:41:BA:6E:8D:24:67:3D:48:48:90:CE:EA:29:25:80:71:EA
            X509v3 Authority Key Identifier:
                keyid:03:B1:BA:3F:DB:91:D8:D9:EA:76:C5:77:63:20:EB:7E:B2:D6:ED:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/03B1BA3FDB91D8D9EA76C5776320EB7EB2D6ED9D.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/A7G6P9uR2NnqdsV3YyDrfrLW7Z0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/7ff0f555-dba7-4192-a01d-f6916d5bb84e/0/AS46450.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:2a:f7:68:de:0a:cb:98:0b:f5:d6:0b:96:d7:d3:4b:c6:3f:
         7a:74:0c:79:80:16:79:79:3c:4c:fb:64:16:23:55:b8:58:a2:
         23:18:bc:be:43:c4:d4:37:d9:cd:92:ba:ec:5e:64:d1:af:ed:
         9c:f5:44:19:4b:51:e4:74:0d:fc:15:cb:29:50:5a:04:a4:da:
         a5:3b:0f:94:bc:aa:29:40:dd:43:5f:4d:7d:29:1d:88:8f:32:
         86:ce:7f:43:76:7b:45:06:17:13:08:6b:3c:da:46:6c:98:32:
         95:e7:0d:bc:02:3d:ea:65:a3:1c:50:87:12:bd:1f:62:3e:05:
         62:bb:6a:80:4b:9f:f9:60:7d:7b:b7:ee:8b:67:b7:80:e4:11:
         86:55:ac:c9:a6:96:33:87:a1:48:b5:be:8c:ed:5e:dc:f1:c7:
         20:23:7e:6b:4f:4e:ce:e6:bf:41:b9:88:5a:d2:de:6a:3a:7f:
         b4:9c:ea:0c:23:a6:8e:f1:eb:17:f0:9a:4a:66:ab:aa:d2:25:
         43:d0:21:10:60:d7:51:ee:ab:b8:a3:4a:76:e8:74:9c:3d:4f:
         65:a2:c9:6a:21:ff:f0:61:73:04:0d:ad:e7:a6:6f:4f:4e:85:
         88:50:e4:de:29:1c:3e:c7:70:c4:8b:b8:b4:4d:dd:be:57:aa:
         b2:63:0e:67
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUKj4uXYzYj5QIxa4YCAtGSpymWn8wDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMDNiMWJhM2ZkYjkxZDhkOWVhNzZjNTc3NjMyMGViN2Vi
MmQ2ZWQ5ZDAeFw0yNTA0MjAxNTQ5MDJaFw0yNjA0MTkxNTU0MDJaMDMxMTAvBgNV
BAMTKDc2OEQ0OTQxQkE2RThEMjQ2NzNENDg0ODkwQ0VFQTI5MjU4MDcxRUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDDBxoHh/O2SKi7pVN1878eywz3
bavWnvrjEY7wdk3OVLV/NfPSfEs8jlEvw6Mzo9N+3V2Qxc3bf2TmLLdvJ4lZT51V
LKMLkrtXhN19akV0wloI4gzVHEbVyMGLLfIXu/JF91Ml003m8+bzBtYFxrx/LTHG
ruTBiG0ZoTB/VOwC/F4FRlnPF8ZcyjxR9BEYdc0nXjgxfsCpfaISIf8srSykPOIB
zk95f2gNr/XjGQ/g87jKu1NsZb8jlm4yt2VbaaAtyfuL0xuZlVTJHJ4rEVRFYJg+
LnbbtUqBUiNJfv1BGKBIx8ZI8r4wVngWvaNATactT0Fom1zk0LKRG+qcS7nHAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUdo1JQbpujSRnPUhIkM7qKSWAceowHwYDVR0j
BBgwFoAUA7G6P9uR2NnqdsV3YyDrfrLW7Z0wDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvN2ZmMGY1NTUtZGJhNy00MTkyLWEwMWQtZjY5MTZkNWJi
ODRlLzAvMDNCMUJBM0ZEQjkxRDhEOUVBNzZDNTc3NjMyMEVCN0VCMkQ2RUQ5RC5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0E3RzZQOXVSMk5ucWRzVjNZeURyZnJM
VzdaMC5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzdmZjBmNTU1LWRiYTct
NDE5Mi1hMDFkLWY2OTE2ZDViYjg0ZS8wL0FTNDY0NTAucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABbx6gw
DQYJKoZIhvcNAQELBQADggEBAAQq92jeCsuYC/XWC5bX00vGP3p0DHmAFnl5PEz7
ZBYjVbhYoiMYvL5DxNQ32c2SuuxeZNGv7Zz1RBlLUeR0DfwVyylQWgSk2qU7D5S8
qilA3UNfTX0pHYiPMobOf0N2e0UGFxMIazzaRmyYMpXnDbwCPeploxxQhxK9H2I+
BWK7aoBLn/lgfXu37otnt4DkEYZVrMmmljOHoUi1voztXtzxxyAjfmtPTs7mv0G5
iFrS3mo6f7Sc6gwjpo7x6xfwmkpmq6rSJUPQIRBg11Huq7ijSnbodJw9T2WiyWoh
//BhcwQNreemb09OhYhQ5N4pHD7HcMSLuLRN3b5XqrJjDmc=
-----END CERTIFICATE-----