Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/04DvboAfEMS4bua_G1JxxtdFNrI.roa
File:                     04DvboAfEMS4bua_G1JxxtdFNrI.roa (raw, json)
Hash identifier:          +occGkUNU4pP1c+ydoXyKlVUgc7SpgacVJrMaxf0bFE=
Subject key identifier:   D3:80:EF:6E:80:1F:10:C4:B8:6E:E6:BF:1B:52:71:C6:D7:45:36:B2
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       018CCA2A34D98BA40A4F173A5A75FB833894
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/04DvboAfEMS4bua_G1JxxtdFNrI.roa
Signing time:             Tue 02 Jan 2024 12:33:32 +0000
ROA not before:           Tue 02 Jan 2024 12:33:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46450
IP address blocks:        109.111.48.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 13:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:34:d9:8b:a4:0a:4f:17:3a:5a:75:fb:83:38:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Jan  2 12:33:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d380ef6e801f10c4b86ee6bf1b5271c6d74536b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:50:4d:bb:54:16:39:fd:28:de:17:6a:be:f3:
                    82:35:b1:58:56:91:35:90:6c:c4:b6:96:ec:21:85:
                    2a:94:d5:83:5b:1c:dd:94:0f:ee:f5:7a:28:64:fc:
                    c4:2c:0d:98:66:69:3c:19:d7:8f:d7:9b:3c:96:2c:
                    2c:ad:6b:e9:07:2a:d3:1e:43:ee:52:0c:28:bc:94:
                    8e:e4:5b:1b:f0:22:5b:ac:45:29:64:e6:ba:dd:98:
                    49:00:22:9a:fc:12:cc:23:de:fb:7a:24:f0:79:b4:
                    bb:87:58:e4:41:d9:99:88:ef:19:4f:99:14:70:33:
                    bf:5b:fa:26:1f:2f:de:b6:8d:f4:74:22:65:ce:fd:
                    00:5a:c2:29:af:a7:e6:d1:c1:96:84:7a:63:7a:a0:
                    c2:a1:72:41:43:e5:83:be:84:df:84:6d:48:1e:22:
                    80:70:ac:36:49:f6:ac:5d:c6:35:53:c3:e8:da:fa:
                    7e:72:14:a0:a2:3a:ec:b7:3f:ef:bd:41:d7:ef:13:
                    a3:6f:8e:e2:c7:bb:d5:36:e3:48:6a:86:4c:d2:93:
                    8f:78:56:bc:f4:51:db:82:09:42:11:f0:37:cf:2e:
                    57:a8:96:17:cf:5f:5b:b3:71:2b:17:d6:5a:70:15:
                    2c:bf:fa:3f:2e:cb:95:00:aa:74:59:34:57:64:c7:
                    49:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:80:EF:6E:80:1F:10:C4:B8:6E:E6:BF:1B:52:71:C6:D7:45:36:B2
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/04DvboAfEMS4bua_G1JxxtdFNrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.111.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:d8:6a:52:24:37:96:32:98:72:a8:c1:dd:d1:67:7b:39:23:
         8c:a8:2c:48:15:19:40:c4:b2:04:c2:a1:b2:8d:49:71:68:f1:
         0b:2d:2f:db:a2:8d:53:48:4f:0d:52:7c:cf:7f:21:af:ae:c2:
         08:93:9d:72:fb:58:32:91:ee:44:2c:e4:f0:7d:97:45:77:6d:
         1a:d8:cf:2b:4e:b9:c5:f6:3e:aa:f4:3a:71:83:87:91:22:59:
         2a:33:52:6b:74:ef:ce:b8:74:7b:80:9c:24:9c:a0:59:f2:50:
         1c:e8:e1:66:62:2b:c5:cc:76:b7:b1:5d:1c:e9:1b:26:a4:47:
         81:39:8f:f1:4a:74:9e:62:e0:8c:0c:ec:3b:d1:0d:7a:d4:07:
         fd:8d:6f:ee:4d:7a:99:67:d8:9c:4b:77:f1:e2:86:04:9d:ee:
         c0:42:f6:00:b8:ba:b4:28:2f:d3:cc:3d:52:59:22:70:56:91:
         61:a7:62:65:7e:b9:2a:a4:84:b4:c0:c9:fd:e3:36:b4:27:e8:
         78:df:12:bf:ed:24:64:ef:ee:14:6c:8e:90:7e:55:0d:02:1e:
         3b:c1:0c:77:e7:bc:53:a6:a7:08:36:d0:64:93:9e:09:2c:bc:
         47:d3:bf:d4:d7:da:42:bb:99:21:20:3a:4c:cd:18:72:5f:9d:
         90:03:03:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKjTZi6QKTxc6WnX7gziUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjQwMTAyMTIzMzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzgwZWY2ZTgwMWYxMGM0Yjg2ZWU2YmYxYjUyNzFjNmQ3NDUzNmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVBNu1QWOf0o3hdqvvOCNbFYVpE1
kGzEtpbsIYUqlNWDWxzdlA/u9XooZPzELA2YZmk8GdeP15s8liwsrWvpByrTHkPu
UgwovJSO5Fsb8CJbrEUpZOa63ZhJACKa/BLMI977eiTwebS7h1jkQdmZiO8ZT5kU
cDO/W/omHy/eto30dCJlzv0AWsIpr6fm0cGWhHpjeqDCoXJBQ+WDvoTfhG1IHiKA
cKw2SfasXcY1U8Po2vp+chSgojrstz/vvUHX7xOjb47ix7vVNuNIaoZM0pOPeFa8
9FHbgglCEfA3zy5XqJYXz19bs3ErF9ZacBUsv/o/LsuVAKp0WTRXZMdJTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNOA726AHxDEuG7mvxtSccbXRTayMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvMDREdmJvQWZFTVM0YnVhX0cxSnh4dGRGTnJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCbW8wMA0G
CSqGSIb3DQEBCwUAA4IBAQA22GpSJDeWMphyqMHd0Wd7OSOMqCxIFRlAxLIEwqGy
jUlxaPELLS/boo1TSE8NUnzPfyGvrsIIk51y+1gyke5ELOTwfZdFd20a2M8rTrnF
9j6q9Dpxg4eRIlkqM1JrdO/OuHR7gJwknKBZ8lAc6OFmYivFzHa3sV0c6RsmpEeB
OY/xSnSeYuCMDOw70Q161Af9jW/uTXqZZ9icS3fx4oYEne7AQvYAuLq0KC/TzD1S
WSJwVpFhp2JlfrkqpIS0wMn94za0J+h43xK/7SRk7+4UbI6QflUNAh47wQx357xT
pqcINtBkk54JLLxH07/U19pCu5khIDpMzRhyX52QAwNn
-----END CERTIFICATE-----