Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/cCMlm41ratuRvJx2G7TErBhnBjo.roa
File:                     cCMlm41ratuRvJx2G7TErBhnBjo.roa (raw, json)
Hash identifier:          KQlV1baL0MntuEDWVB37jSjm2Om6g3ArRiE5Nu3pQDI=
Subject key identifier:   70:23:25:9B:8D:6B:6A:DB:91:BC:9C:76:1B:B4:C4:AC:18:67:06:3A
Certificate issuer:       /CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
Certificate serial:       018CC349555FB582C817259EDBA008A9AE3C
Authority key identifier: A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/cCMlm41ratuRvJx2G7TErBhnBjo.roa
Signing time:             Mon 01 Jan 2024 04:30:12 +0000
ROA not before:           Mon 01 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210490
IP address blocks:        46.229.54.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:55:5f:b5:82:c8:17:25:9e:db:a0:08:a9:ae:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
        Validity
            Not Before: Jan  1 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7023259b8d6b6adb91bc9c761bb4c4ac1867063a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:42:26:2c:cf:21:c9:75:1e:c9:0f:38:30:fc:
                    47:c0:21:a3:d9:48:5d:d0:d3:8f:cc:0c:3b:a0:0f:
                    23:ff:9e:72:4b:7d:08:b9:c2:97:48:9b:18:2c:ea:
                    8f:e3:aa:fb:b1:43:b0:80:97:cb:0f:92:b2:a2:52:
                    50:73:2c:9e:1e:50:47:25:48:7b:44:a7:77:78:65:
                    c0:ab:2c:6e:5a:ae:fd:a3:0b:57:be:9b:85:b9:7c:
                    ff:b8:09:88:71:d3:26:2e:3d:9d:18:b5:40:32:89:
                    54:3c:2d:b9:3c:f6:d0:03:3b:78:89:08:8a:63:ef:
                    2e:dd:cf:f4:7a:29:14:88:40:9b:89:9f:94:b3:57:
                    85:26:0a:e5:81:2c:86:7d:6a:5c:70:3f:6f:04:c0:
                    c4:ff:49:e2:a4:7b:e0:a2:b4:51:d1:18:78:99:fa:
                    a8:60:01:48:8e:08:fc:5b:a2:46:de:69:68:0f:14:
                    14:a6:9a:f1:3b:87:d5:2e:bd:0e:f7:3e:d5:80:67:
                    13:93:4d:cc:ec:69:24:4a:f2:54:c6:4e:ba:bc:3b:
                    6b:85:ca:ee:db:1b:16:a1:c7:08:5e:f6:70:cd:57:
                    d8:56:fd:f5:22:bc:84:10:86:2f:27:cc:28:1a:06:
                    0d:eb:89:82:c3:c3:74:ba:a1:fe:14:b1:76:42:8c:
                    b6:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:23:25:9B:8D:6B:6A:DB:91:BC:9C:76:1B:B4:C4:AC:18:67:06:3A
            X509v3 Authority Key Identifier:
                keyid:A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/cCMlm41ratuRvJx2G7TErBhnBjo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.229.54.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:8d:38:f4:65:6d:a5:44:13:6e:e4:66:00:94:fe:91:54:62:
         e2:81:06:ff:88:a0:d4:a4:8c:46:84:9b:68:9f:cb:07:03:c9:
         54:98:91:98:67:85:5a:cc:80:22:eb:8d:c3:40:49:6a:c9:64:
         f4:c5:8c:df:59:7f:8d:d2:b8:54:3b:ca:cc:20:dd:a2:3f:26:
         c3:9e:e3:e6:c3:79:7b:0e:f0:5c:0f:82:5d:6a:4f:c5:12:99:
         23:2d:10:37:9f:51:03:21:35:6f:fb:dd:e4:72:3e:12:b4:0c:
         48:76:f2:6e:6a:e1:91:c6:5b:a5:fe:6d:6f:d7:6f:cf:8c:e0:
         e3:2d:15:43:30:f1:68:fb:08:be:0b:99:28:10:8e:11:85:a2:
         11:b4:85:f3:31:94:4a:1b:01:a9:15:65:2d:e2:d9:94:8f:56:
         8f:e1:34:f8:c3:e6:66:fd:c6:16:74:65:fa:3b:90:55:76:69:
         0a:70:5b:4c:2a:f2:6f:29:70:95:8d:b5:92:5c:aa:c1:97:17:
         c7:47:95:52:b5:fc:bb:95:89:15:11:82:ec:48:f3:61:6c:71:
         df:e8:f6:f7:86:f7:1b:82:56:36:ad:63:09:e7:a8:56:33:ca:
         f9:ae:6d:d8:ae:c7:b1:fe:7d:d2:08:69:04:b8:71:3f:b1:a0:
         2f:fe:71:7b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVVftYLIFyWe26AIqa48MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YmNjMTJhZmE0ZjA1NzM5ZjQ1ZjYwNWUyMjFjNjRjM2Mw
ZDJlZDYwHhcNMjQwMTAxMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDIzMjU5YjhkNmI2YWRiOTFiYzljNzYxYmI0YzRhYzE4NjcwNjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtEImLM8hyXUeyQ84MPxHwCGj2Uhd
0NOPzAw7oA8j/55yS30IucKXSJsYLOqP46r7sUOwgJfLD5KyolJQcyyeHlBHJUh7
RKd3eGXAqyxuWq79owtXvpuFuXz/uAmIcdMmLj2dGLVAMolUPC25PPbQAzt4iQiK
Y+8u3c/0eikUiECbiZ+Us1eFJgrlgSyGfWpccD9vBMDE/0nipHvgorRR0Rh4mfqo
YAFIjgj8W6JG3mloDxQUpprxO4fVLr0O9z7VgGcTk03M7GkkSvJUxk66vDtrhcru
2xsWoccIXvZwzVfYVv31IryEEIYvJ8woGgYN64mCw8N0uqH+FLF2Qoy2TQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHAjJZuNa2rbkbycdhu0xKwYZwY6MB8GA1UdIwQY
MBaAFKS8wSr6TwVzn0X2BeIhxkw8DS7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2Mt
ODhiMDE2YmJkNTgxLzEvY0NNbG00MXJhdHVSdkp4Mkc3VEVyQmhuQmpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2MtODhiMDE2YmJkNTgx
LzEvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuU2MA0G
CSqGSIb3DQEBCwUAA4IBAQAWjTj0ZW2lRBNu5GYAlP6RVGLigQb/iKDUpIxGhJto
n8sHA8lUmJGYZ4VazIAi643DQElqyWT0xYzfWX+N0rhUO8rMIN2iPybDnuPmw3l7
DvBcD4Jdak/FEpkjLRA3n1EDITVv+93kcj4StAxIdvJuauGRxlul/m1v12/PjODj
LRVDMPFo+wi+C5koEI4RhaIRtIXzMZRKGwGpFWUt4tmUj1aP4TT4w+Zm/cYWdGX6
O5BVdmkKcFtMKvJvKXCVjbWSXKrBlxfHR5VStfy7lYkVEYLsSPNhbHHf6Pb3hvcb
glY2rWMJ56hWM8r5rm3Yrsex/n3SCGkEuHE/saAv/nF7
-----END CERTIFICATE-----