Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/Hjny0sgET9oELwpATK6U1gtl8kg.roa
File:                     Hjny0sgET9oELwpATK6U1gtl8kg.roa (raw, json)
Hash identifier:          C9e0cp+OY9QSbTu5yRSPmJqbtzoolqj3l4osQKfuHzM=
Subject key identifier:   1E:39:F2:D2:C8:04:4F:DA:04:2F:0A:40:4C:AE:94:D6:0B:65:F2:48
Certificate issuer:       /CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
Certificate serial:       018CC349549ECF314B5A1D09BA09D09B8739
Authority key identifier: A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/Hjny0sgET9oELwpATK6U1gtl8kg.roa
Signing time:             Mon 01 Jan 2024 04:30:12 +0000
ROA not before:           Mon 01 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207560
IP address blocks:        46.229.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:54:9e:cf:31:4b:5a:1d:09:ba:09:d0:9b:87:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
        Validity
            Not Before: Jan  1 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1e39f2d2c8044fda042f0a404cae94d60b65f248
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:13:e1:48:51:2f:65:ae:7d:6d:df:41:65:6e:
                    b6:aa:67:a0:c0:14:6e:76:a3:08:5a:69:68:3f:a9:
                    10:01:9a:af:fe:88:9f:64:de:c1:8f:a5:be:4c:f0:
                    cb:52:5a:6e:f3:c7:6e:12:c0:4f:70:80:4c:b4:09:
                    40:37:9a:14:50:3c:7f:0e:80:c6:f5:8e:c8:85:53:
                    e4:ba:f8:a8:c9:71:bf:40:ae:1a:a2:ad:01:2f:2f:
                    a8:e1:3f:bd:8e:7b:24:ab:86:3a:9a:d1:56:7e:ed:
                    33:1d:87:20:c6:52:0a:0c:c2:e1:40:5a:11:03:f9:
                    f9:87:5a:88:c5:36:29:46:47:ac:ba:71:24:c5:db:
                    4a:ab:d8:ca:98:8d:06:93:6c:27:70:10:c5:d2:09:
                    26:0c:ca:0b:58:8c:4d:5b:88:d3:18:9c:9a:ca:68:
                    9a:aa:88:ab:f7:65:de:59:56:fb:80:26:b4:c3:aa:
                    25:3d:4d:d8:55:10:91:ad:58:c0:46:c3:b9:83:98:
                    68:5a:7a:90:4c:43:33:5c:8f:1e:8b:55:fe:f8:00:
                    8a:53:de:45:b2:5d:b3:2d:fd:f3:57:b5:c3:39:97:
                    48:6b:7b:a2:63:07:0b:42:71:25:47:66:90:ca:07:
                    00:9c:1b:06:45:25:da:6f:e8:7b:81:2d:2f:ee:7a:
                    18:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:39:F2:D2:C8:04:4F:DA:04:2F:0A:40:4C:AE:94:D6:0B:65:F2:48
            X509v3 Authority Key Identifier:
                keyid:A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/Hjny0sgET9oELwpATK6U1gtl8kg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.229.55.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:1d:13:30:a3:12:43:b2:13:ad:1b:f6:72:ca:f2:3d:b4:da:
         31:ec:33:59:c1:7d:07:2a:7a:de:c2:1a:c7:fe:32:c3:00:e6:
         25:3b:b8:b3:c1:91:0a:b8:a9:61:ac:91:ca:90:f2:65:ea:ec:
         70:36:55:eb:86:59:31:a7:ae:60:3e:01:6b:ba:e6:c9:f3:13:
         3a:1f:a7:4a:ce:9c:bc:78:cd:13:20:16:61:0e:64:a6:28:8e:
         a4:47:81:ab:af:26:75:b2:59:25:ab:06:88:83:07:00:bd:48:
         f5:be:bc:d2:7f:34:14:09:4d:83:b7:3d:ec:b1:7f:35:0b:0f:
         43:90:1f:b5:44:ee:4e:75:e7:8a:27:06:14:f9:db:75:71:9e:
         77:1c:38:15:59:9a:7b:0b:90:e0:e8:33:6c:55:90:17:61:39:
         b8:f8:05:3e:57:ec:e6:70:5d:9b:a5:4e:00:84:95:9b:a6:b7:
         59:7a:23:3b:98:c8:4a:29:c8:77:eb:ec:0a:51:49:a8:ca:e6:
         8e:d0:38:ed:b9:bf:56:66:ad:f5:31:e8:b0:78:56:c0:b6:26:
         26:24:24:ac:22:41:e0:4e:ba:87:b1:ca:1f:8b:e0:ab:bf:18:
         f1:8a:37:fe:fd:6e:b3:ef:76:15:7d:83:c2:af:8b:db:62:fa:
         6c:3b:be:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVSezzFLWh0JugnQm4c5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YmNjMTJhZmE0ZjA1NzM5ZjQ1ZjYwNWUyMjFjNjRjM2Mw
ZDJlZDYwHhcNMjQwMTAxMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTM5ZjJkMmM4MDQ0ZmRhMDQyZjBhNDA0Y2FlOTRkNjBiNjVmMjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhPhSFEvZa59bd9BZW62qmegwBRu
dqMIWmloP6kQAZqv/oifZN7Bj6W+TPDLUlpu88duEsBPcIBMtAlAN5oUUDx/DoDG
9Y7IhVPkuvioyXG/QK4aoq0BLy+o4T+9jnskq4Y6mtFWfu0zHYcgxlIKDMLhQFoR
A/n5h1qIxTYpRkesunEkxdtKq9jKmI0Gk2wncBDF0gkmDMoLWIxNW4jTGJyaymia
qoir92XeWVb7gCa0w6olPU3YVRCRrVjARsO5g5hoWnqQTEMzXI8ei1X++ACKU95F
sl2zLf3zV7XDOZdIa3uiYwcLQnElR2aQygcAnBsGRSXab+h7gS0v7noY7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB458tLIBE/aBC8KQEyulNYLZfJIMB8GA1UdIwQY
MBaAFKS8wSr6TwVzn0X2BeIhxkw8DS7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2Mt
ODhiMDE2YmJkNTgxLzEvSGpueTBzZ0VUOW9FTHdwQVRLNlUxZ3RsOGtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2MtODhiMDE2YmJkNTgx
LzEvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuU3MA0G
CSqGSIb3DQEBCwUAA4IBAQAJHRMwoxJDshOtG/ZyyvI9tNox7DNZwX0HKnrewhrH
/jLDAOYlO7izwZEKuKlhrJHKkPJl6uxwNlXrhlkxp65gPgFruubJ8xM6H6dKzpy8
eM0TIBZhDmSmKI6kR4GrryZ1slklqwaIgwcAvUj1vrzSfzQUCU2Dtz3ssX81Cw9D
kB+1RO5OdeeKJwYU+dt1cZ53HDgVWZp7C5Dg6DNsVZAXYTm4+AU+V+zmcF2bpU4A
hJWbprdZeiM7mMhKKch36+wKUUmoyuaO0Djtub9WZq31MeiweFbAtiYmJCSsIkHg
TrqHscofi+Crvxjxijf+/W6z73YVfYPCr4vbYvpsO76K
-----END CERTIFICATE-----