Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/cb-Dhm2S7yuwCNWsNScfaBo6oXw.roa
File:                     cb-Dhm2S7yuwCNWsNScfaBo6oXw.roa (raw, json)
Hash identifier:          J+KyWBF8H7wOSns7EevIqdAKoxcTuVx5xXIDZNTfJqM=
Subject key identifier:   71:BF:83:86:6D:92:EF:2B:B0:08:D5:AC:35:27:1F:68:1A:3A:A1:7C
Certificate issuer:       /CN=11bfa2961fa0e0b07041293ddc0c3693a9e0a238
Certificate serial:       018CC26D71D87DAF8A81D5F0F98C4A5A0799
Authority key identifier: 11:BF:A2:96:1F:A0:E0:B0:70:41:29:3D:DC:0C:36:93:A9:E0:A2:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eb-ilh-g4LBwQSk93Aw2k6ngojg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/cb-Dhm2S7yuwCNWsNScfaBo6oXw.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208892
IP address blocks:        46.22.171.0/24 maxlen: 24
                          80.82.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/Eb-ilh-g4LBwQSk93Aw2k6ngojg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/Eb-ilh-g4LBwQSk93Aw2k6ngojg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eb-ilh-g4LBwQSk93Aw2k6ngojg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 19:02:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:71:d8:7d:af:8a:81:d5:f0:f9:8c:4a:5a:07:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11bfa2961fa0e0b07041293ddc0c3693a9e0a238
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71bf83866d92ef2bb008d5ac35271f681a3aa17c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:53:ce:2b:14:25:45:42:80:7d:0c:89:12:1f:
                    d8:f1:b7:a1:70:38:ef:1f:18:8f:4f:55:84:ae:99:
                    43:1e:ed:61:e6:b1:ad:ae:8d:80:8d:39:2d:f8:73:
                    62:7d:9a:19:2f:fd:8d:6c:23:8a:53:e8:63:f9:11:
                    11:2b:fb:19:76:7a:8d:de:f1:0c:17:49:02:1b:bd:
                    2f:df:da:3c:f7:1c:d4:ca:9b:f4:97:9e:3c:74:90:
                    f5:7a:ed:10:a0:27:b4:45:cd:d2:1c:c1:23:50:ec:
                    be:5c:a8:a2:4b:2a:d5:c9:12:b0:0b:3c:f6:5c:86:
                    7a:e8:9e:24:d5:53:bb:52:8c:e9:91:fb:c3:3f:67:
                    10:6f:d3:7f:80:14:39:07:e2:24:03:2e:a6:ab:01:
                    ee:5b:e2:5f:1e:e9:52:70:fc:d1:34:4e:ab:9f:49:
                    94:62:bc:bd:29:e4:f7:f1:d5:8f:f8:e8:6c:79:6a:
                    87:cd:ff:92:ba:a8:30:02:c9:03:84:b9:3a:1c:42:
                    d8:9a:98:b3:46:03:58:1f:d7:2f:3c:a3:86:ce:8c:
                    9d:22:13:8b:db:62:b0:84:9b:7a:e9:2d:5e:d9:8d:
                    43:ad:98:51:e4:1f:cc:90:12:35:ec:98:50:a5:f6:
                    f9:6a:fd:2f:f1:5b:f6:8b:77:65:54:73:87:bd:d5:
                    68:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:BF:83:86:6D:92:EF:2B:B0:08:D5:AC:35:27:1F:68:1A:3A:A1:7C
            X509v3 Authority Key Identifier:
                keyid:11:BF:A2:96:1F:A0:E0:B0:70:41:29:3D:DC:0C:36:93:A9:E0:A2:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eb-ilh-g4LBwQSk93Aw2k6ngojg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/cb-Dhm2S7yuwCNWsNScfaBo6oXw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/Eb-ilh-g4LBwQSk93Aw2k6ngojg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.22.171.0/24
                  80.82.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:d0:92:0b:39:7c:b6:50:43:30:28:a4:2d:07:e0:d1:1f:f5:
         63:4b:13:f9:ae:6b:92:b7:0e:b4:bd:f6:6d:ad:fb:d6:9d:75:
         c2:46:72:06:70:ac:84:4c:98:ed:90:85:d0:e3:5c:f0:7b:b5:
         71:1d:2c:e3:89:4b:52:f0:d4:d5:26:c1:4a:34:95:a7:07:d7:
         74:c2:b2:5d:e5:28:f7:37:18:7e:df:2f:13:ea:f5:e0:a9:79:
         ca:0d:96:46:75:42:25:17:c9:cb:ef:e8:e7:90:1f:d9:c0:e2:
         e4:97:ef:ee:39:d0:d3:31:49:e3:b7:cf:47:09:dc:6c:36:ee:
         1d:31:8e:d8:d4:4d:fa:a1:57:88:71:b6:da:27:c3:35:de:07:
         4f:a1:3a:b6:40:f5:80:40:07:50:59:3b:35:b6:5a:76:e5:70:
         aa:17:bf:c5:8a:00:38:3d:7e:bf:4d:29:e3:b2:8c:a6:6f:05:
         5e:2e:87:50:67:6c:a7:68:19:e7:b9:db:10:74:fa:7f:98:9f:
         b3:0a:35:8f:39:fc:a2:b3:6d:db:d4:7e:60:4c:de:4a:ae:26:
         0d:fb:95:75:44:b0:1e:5b:c7:49:77:48:fc:26:bd:58:f2:ea:
         bb:8e:a7:74:e7:18:f5:3f:6b:02:eb:49:ed:b9:13:08:e9:2c:
         fc:37:11:a1
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbXHYfa+KgdXw+YxKWgeZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYmZhMjk2MWZhMGUwYjA3MDQxMjkzZGRjMGMzNjkzYTll
MGEyMzgwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWJmODM4NjZkOTJlZjJiYjAwOGQ1YWMzNTI3MWY2ODFhM2FhMTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvVPOKxQlRUKAfQyJEh/Y8behcDjv
HxiPT1WErplDHu1h5rGtro2AjTkt+HNifZoZL/2NbCOKU+hj+RERK/sZdnqN3vEM
F0kCG70v39o89xzUypv0l548dJD1eu0QoCe0Rc3SHMEjUOy+XKiiSyrVyRKwCzz2
XIZ66J4k1VO7UozpkfvDP2cQb9N/gBQ5B+IkAy6mqwHuW+JfHulScPzRNE6rn0mU
Yry9KeT38dWP+OhseWqHzf+SuqgwAskDhLk6HELYmpizRgNYH9cvPKOGzoydIhOL
22KwhJt66S1e2Y1DrZhR5B/MkBI17JhQpfb5av0v8Vv2i3dlVHOHvdVonwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHG/g4Ztku8rsAjVrDUnH2gaOqF8MB8GA1UdIwQY
MBaAFBG/opYfoOCwcEEpPdwMNpOp4KI4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWItaWxoLWc0TEJ3UVNrOTNBdzJrNm5nb2pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8xNzMxNzMtODE5Zi00YmM5LTkyZDgt
Nzg3OTFjOTM1NmEzLzEvY2ItRGhtMlM3eXV3Q05Xc05TY2ZhQm82b1h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8xNzMxNzMtODE5Zi00YmM5LTkyZDgtNzg3OTFjOTM1NmEz
LzEvRWItaWxoLWc0TEJ3UVNrOTNBdzJrNm5nb2pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALharAwQA
UFIXMA0GCSqGSIb3DQEBCwUAA4IBAQBQ0JILOXy2UEMwKKQtB+DRH/VjSxP5rmuS
tw60vfZtrfvWnXXCRnIGcKyETJjtkIXQ41zwe7VxHSzjiUtS8NTVJsFKNJWnB9d0
wrJd5Sj3Nxh+3y8T6vXgqXnKDZZGdUIlF8nL7+jnkB/ZwOLkl+/uOdDTMUnjt89H
CdxsNu4dMY7Y1E36oVeIcbbaJ8M13gdPoTq2QPWAQAdQWTs1tlp25XCqF7/FigA4
PX6/TSnjsoymbwVeLodQZ2ynaBnnudsQdPp/mJ+zCjWPOfyis23b1H5gTN5KriYN
+5V1RLAeW8dJd0j8Jr1Y8uq7jqd05xj1P2sC60ntuRMI6Sz8NxGh
-----END CERTIFICATE-----