Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/JlyO4IQ9P1fE8GE1BwxqrKFC4xU.roa
File:                     JlyO4IQ9P1fE8GE1BwxqrKFC4xU.roa (raw, json)
Hash identifier:          Wb+02sva3em8QlytKRbMqNYYqp+uyQAujDfuT40IzME=
Subject key identifier:   26:5C:8E:E0:84:3D:3F:57:C4:F0:61:35:07:0C:6A:AC:A1:42:E3:15
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       018CC5DCE53B86AB87D5F8F161437ABBF3A7
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/JlyO4IQ9P1fE8GE1BwxqrKFC4xU.roa
Signing time:             Mon 01 Jan 2024 16:30:37 +0000
ROA not before:           Mon 01 Jan 2024 16:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54339
IP address blocks:        46.20.216.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 03:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:e5:3b:86:ab:87:d5:f8:f1:61:43:7a:bb:f3:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  1 16:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=265c8ee0843d3f57c4f06135070c6aaca142e315
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:03:2c:d7:71:e5:54:4d:00:8d:87:70:44:fa:
                    4f:24:09:bd:1d:09:58:ca:1f:bf:6d:28:97:db:72:
                    11:3f:b6:19:c4:cf:cd:e4:2c:57:3b:fd:fc:fd:54:
                    4f:7f:45:38:03:cd:e1:08:4c:14:ca:f3:fb:9a:c8:
                    c3:cb:60:c0:e1:2f:3c:5c:c9:b3:c1:66:17:ca:66:
                    9d:37:ff:39:50:20:a4:e2:24:23:00:96:f8:2a:a0:
                    40:8f:a7:80:30:ac:e0:c1:5e:a1:3a:f3:8d:48:21:
                    59:09:92:99:cd:21:6c:dd:f5:a9:0e:4f:e5:72:91:
                    ae:41:6c:89:80:f0:1a:59:10:fe:47:71:a4:4a:28:
                    e8:2e:d6:91:f7:8c:67:74:57:b9:8c:b5:45:6e:b1:
                    53:89:12:37:cf:d7:f7:56:6e:33:c2:83:18:9c:6b:
                    29:ed:61:0f:4b:d2:74:ec:d0:5b:a2:20:fb:c8:15:
                    0b:c8:0e:29:93:c8:24:07:b8:b6:e3:0f:45:86:2c:
                    fa:1b:66:43:8f:c6:3a:0c:fa:e7:d7:07:cc:5b:33:
                    21:ee:10:d1:75:ef:f0:f9:e5:aa:ff:89:4c:ea:d7:
                    83:a8:fc:26:fb:83:47:17:40:24:97:bb:bd:85:4f:
                    41:b8:03:9e:a0:2c:0d:fa:05:2b:55:e7:4d:85:db:
                    39:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:5C:8E:E0:84:3D:3F:57:C4:F0:61:35:07:0C:6A:AC:A1:42:E3:15
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/JlyO4IQ9P1fE8GE1BwxqrKFC4xU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.216.0/21

    Signature Algorithm: sha256WithRSAEncryption
         8b:7a:83:4d:56:cf:a2:30:e9:7c:9a:1c:9d:98:5e:2f:08:c2:
         5d:92:6e:14:1a:2b:71:65:dc:21:00:4b:6a:a7:1d:6d:5a:d3:
         e5:e3:73:e0:44:17:b7:d7:fe:1e:c7:7f:1f:4d:f8:c1:19:44:
         a1:55:df:62:26:70:ec:26:01:01:e5:80:cf:92:ad:72:ed:d3:
         17:6d:41:28:39:f9:ee:f7:a9:b6:0f:e6:9c:6a:fb:cd:0d:c1:
         94:40:94:66:01:b2:f8:fa:db:22:ef:5e:84:ce:4b:2c:ae:27:
         37:a0:1d:ba:93:d9:f0:e4:85:0a:74:dd:73:b0:38:07:f4:d1:
         12:00:0b:ab:6a:ce:4d:43:4c:3c:b1:9a:80:5e:00:f1:52:db:
         de:18:99:3f:ed:20:91:94:ab:0b:c8:ed:07:2b:92:03:18:81:
         97:1b:b8:0f:64:18:f6:3f:92:6a:06:ec:83:74:9e:df:68:ff:
         92:d8:c6:8d:46:32:46:30:f3:35:80:78:15:45:b4:e3:4e:ce:
         d1:e9:2b:b8:9c:74:c7:d6:41:88:0d:55:b7:18:79:66:ae:e5:
         83:40:4b:54:77:94:79:d9:2a:f1:23:14:44:94:f6:a4:12:c0:
         6b:40:38:c2:71:d3:b4:1a:e7:3b:62:0f:4b:2e:3f:51:05:11:
         e2:d0:10:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3OU7hquH1fjxYUN6u/OnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQwMTAxMTYzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjVjOGVlMDg0M2QzZjU3YzRmMDYxMzUwNzBjNmFhY2ExNDJlMzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgMs13HlVE0AjYdwRPpPJAm9HQlY
yh+/bSiX23IRP7YZxM/N5CxXO/38/VRPf0U4A83hCEwUyvP7msjDy2DA4S88XMmz
wWYXymadN/85UCCk4iQjAJb4KqBAj6eAMKzgwV6hOvONSCFZCZKZzSFs3fWpDk/l
cpGuQWyJgPAaWRD+R3GkSijoLtaR94xndFe5jLVFbrFTiRI3z9f3Vm4zwoMYnGsp
7WEPS9J07NBboiD7yBULyA4pk8gkB7i24w9Fhiz6G2ZDj8Y6DPrn1wfMWzMh7hDR
de/w+eWq/4lM6teDqPwm+4NHF0Akl7u9hU9BuAOeoCwN+gUrVedNhds56wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCZcjuCEPT9XxPBhNQcMaqyhQuMVMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvSmx5TzRJUTlQMWZFOEdFMUJ3eHFyS0ZDNHhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLhTYMA0G
CSqGSIb3DQEBCwUAA4IBAQCLeoNNVs+iMOl8mhydmF4vCMJdkm4UGitxZdwhAEtq
px1tWtPl43PgRBe31/4ex38fTfjBGUShVd9iJnDsJgEB5YDPkq1y7dMXbUEoOfnu
96m2D+acavvNDcGUQJRmAbL4+tsi716Ezkssric3oB26k9nw5IUKdN1zsDgH9NES
AAuras5NQ0w8sZqAXgDxUtveGJk/7SCRlKsLyO0HK5IDGIGXG7gPZBj2P5JqBuyD
dJ7faP+S2MaNRjJGMPM1gHgVRbTjTs7R6Su4nHTH1kGIDVW3GHlmruWDQEtUd5R5
2SrxIxRElPakEsBrQDjCcdO0Guc7Yg9LLj9RBRHi0BDa
-----END CERTIFICATE-----