Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/h0enUiIAANS6EFLl0t8er3Nridg.roa
File:                     h0enUiIAANS6EFLl0t8er3Nridg.roa (raw, json)
Hash identifier:          eTGNLuykdLfcimSWukfZEzs2eVkD+WvSR/qnTS5j1Kc=
Subject key identifier:   87:47:A7:52:22:00:00:D4:BA:10:52:E5:D2:DF:1E:AF:73:6B:89:D8
Certificate issuer:       /CN=c1bf8f3e609072889e74dd0fb4e27f9bac47b3b0
Certificate serial:       018CC2DAE2BEFA50AC081EF98FADD520A764
Authority key identifier: C1:BF:8F:3E:60:90:72:88:9E:74:DD:0F:B4:E2:7F:9B:AC:47:B3:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wb-PPmCQcoiedN0PtOJ_m6xHs7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/h0enUiIAANS6EFLl0t8er3Nridg.roa
Signing time:             Mon 01 Jan 2024 02:29:33 +0000
ROA not before:           Mon 01 Jan 2024 02:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44668
IP address blocks:        46.33.44.0/22 maxlen: 22
                          46.33.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/wb-PPmCQcoiedN0PtOJ_m6xHs7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/wb-PPmCQcoiedN0PtOJ_m6xHs7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wb-PPmCQcoiedN0PtOJ_m6xHs7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 04:03:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:e2:be:fa:50:ac:08:1e:f9:8f:ad:d5:20:a7:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1bf8f3e609072889e74dd0fb4e27f9bac47b3b0
        Validity
            Not Before: Jan  1 02:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8747a752220000d4ba1052e5d2df1eaf736b89d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:ba:19:58:f0:72:7a:b9:5f:5f:0f:e7:44:b4:
                    86:83:56:3d:5f:9f:c9:d8:32:95:98:c2:98:69:83:
                    30:07:c0:99:7b:02:9b:c4:e5:17:e1:fb:51:2b:f3:
                    9d:13:21:01:e7:8e:f4:99:2c:8b:4f:42:04:e3:65:
                    0e:58:e8:13:6a:fb:ed:70:1b:6e:c3:03:8c:29:ee:
                    5f:6a:fc:80:fd:c9:a5:f2:b8:e0:7e:8f:3c:96:53:
                    36:a1:72:5e:2d:c7:78:9e:84:21:be:a6:da:52:3d:
                    2c:a2:6f:f7:83:04:27:70:99:04:ac:53:9b:d7:d6:
                    35:22:78:77:e2:1e:ff:93:21:29:d9:1b:e9:57:e9:
                    1c:28:05:e8:e7:73:cd:3e:cc:78:4a:73:94:ec:55:
                    4c:79:01:b3:07:ad:93:24:1e:0b:35:af:8c:a1:ca:
                    c2:70:79:a9:c9:fb:7d:10:9c:c2:6e:11:08:09:be:
                    b6:9b:41:9e:2b:e9:31:87:e2:18:3b:80:f9:c1:3c:
                    b6:96:f5:0a:52:45:a8:35:80:3a:2b:10:4c:5b:54:
                    cc:13:f1:cb:80:24:d7:33:5f:17:a2:49:ed:8f:c1:
                    ef:a0:a6:3e:56:ee:ca:cf:bf:df:66:65:a6:16:8e:
                    10:9e:ed:af:03:79:f0:6d:76:22:77:61:e9:11:54:
                    8f:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:47:A7:52:22:00:00:D4:BA:10:52:E5:D2:DF:1E:AF:73:6B:89:D8
            X509v3 Authority Key Identifier:
                keyid:C1:BF:8F:3E:60:90:72:88:9E:74:DD:0F:B4:E2:7F:9B:AC:47:B3:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wb-PPmCQcoiedN0PtOJ_m6xHs7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/h0enUiIAANS6EFLl0t8er3Nridg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/a1c6c0-e754-479e-851d-0d0da0d10432/1/wb-PPmCQcoiedN0PtOJ_m6xHs7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.33.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9b:2d:3f:f0:48:e9:02:f1:3c:95:ce:0d:4b:06:64:db:b3:b3:
         41:f9:1c:15:1e:15:f0:2c:8b:81:4d:05:fb:66:26:92:01:0d:
         e1:63:28:58:d6:e7:87:86:26:c4:89:31:51:b9:57:54:15:cb:
         17:af:f5:46:e5:29:98:2f:32:c5:bb:61:84:6c:08:78:fe:b9:
         91:2c:a3:2e:be:f2:d1:5b:1a:a2:9a:7f:f7:92:fd:b0:48:2a:
         bf:32:89:f8:60:00:15:9b:5c:dd:52:51:ed:eb:3d:f3:d7:db:
         88:8d:99:38:85:92:a3:27:6c:95:e8:a6:72:84:95:5f:96:d9:
         41:70:cc:49:23:89:8e:9c:14:47:bf:ea:ce:90:2b:01:6f:ec:
         a9:ab:46:e1:a7:7a:01:b8:8a:90:63:8b:6d:1a:75:f3:58:ac:
         21:ce:f6:a8:4c:5c:35:c4:e4:ef:32:af:5b:af:a9:15:ce:ed:
         14:46:77:a7:1d:c3:9a:97:4d:58:03:c5:43:fb:8b:8e:8c:8c:
         db:0f:c7:14:d2:4a:ab:91:87:cb:5b:e8:6f:f7:61:ad:c6:98:
         46:1a:68:09:ad:d9:36:63:78:85:29:6e:dc:50:26:22:6b:9a:
         09:3e:ec:a6:90:b5:d0:4a:db:49:f6:5e:85:3c:52:b7:bf:86:
         ca:66:68:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2uK++lCsCB75j63VIKdkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxYmY4ZjNlNjA5MDcyODg5ZTc0ZGQwZmI0ZTI3ZjliYWM0
N2IzYjAwHhcNMjQwMTAxMDIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzQ3YTc1MjIyMDAwMGQ0YmExMDUyZTVkMmRmMWVhZjczNmI4OWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLoZWPByerlfXw/nRLSGg1Y9X5/J
2DKVmMKYaYMwB8CZewKbxOUX4ftRK/OdEyEB5470mSyLT0IE42UOWOgTavvtcBtu
wwOMKe5favyA/cml8rjgfo88llM2oXJeLcd4noQhvqbaUj0som/3gwQncJkErFOb
19Y1Inh34h7/kyEp2RvpV+kcKAXo53PNPsx4SnOU7FVMeQGzB62TJB4LNa+MocrC
cHmpyft9EJzCbhEICb62m0GeK+kxh+IYO4D5wTy2lvUKUkWoNYA6KxBMW1TME/HL
gCTXM18Xokntj8HvoKY+Vu7Kz7/fZmWmFo4Qnu2vA3nwbXYid2HpEVSPRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIdHp1IiAADUuhBS5dLfHq9za4nYMB8GA1UdIwQY
MBaAFMG/jz5gkHKInnTdD7Tif5usR7OwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2ItUFBtQ1Fjb2llZE4wUHRPSl9tNnhIczdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9hMWM2YzAtZTc1NC00NzllLTg1MWQt
MGQwZGEwZDEwNDMyLzEvaDBlblVpSUFBTlM2RUZMbDB0OGVyM05yaWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9hMWM2YzAtZTc1NC00NzllLTg1MWQtMGQwZGEwZDEwNDMy
LzEvd2ItUFBtQ1Fjb2llZE4wUHRPSl9tNnhIczdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLiEsMA0G
CSqGSIb3DQEBCwUAA4IBAQCbLT/wSOkC8TyVzg1LBmTbs7NB+RwVHhXwLIuBTQX7
ZiaSAQ3hYyhY1ueHhibEiTFRuVdUFcsXr/VG5SmYLzLFu2GEbAh4/rmRLKMuvvLR
Wxqimn/3kv2wSCq/Mon4YAAVm1zdUlHt6z3z19uIjZk4hZKjJ2yV6KZyhJVfltlB
cMxJI4mOnBRHv+rOkCsBb+ypq0bhp3oBuIqQY4ttGnXzWKwhzvaoTFw1xOTvMq9b
r6kVzu0URnenHcOal01YA8VD+4uOjIzbD8cU0kqrkYfLW+hv92GtxphGGmgJrdk2
Y3iFKW7cUCYia5oJPuymkLXQSttJ9l6FPFK3v4bKZmjC
-----END CERTIFICATE-----