Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/717555-354f-4b37-8a6a-0940436691bd/1/FHspIQ8XqOe39bJg9wbu1bmgKps.roa
File:                     FHspIQ8XqOe39bJg9wbu1bmgKps.roa (raw, json)
Hash identifier:          6T7L0C47jNOJxeTn/OqdWtJNFcCLMqcAhlYuwVrUwyA=
Subject key identifier:   14:7B:29:21:0F:17:A8:E7:B7:F5:B2:60:F7:06:EE:D5:B9:A0:2A:9B
Certificate issuer:       /CN=7699c189027e25ecc53f98b52ea65ae725d2a730
Certificate serial:       018CC801251D502C36220A57065277AC633D
Authority key identifier: 76:99:C1:89:02:7E:25:EC:C5:3F:98:B5:2E:A6:5A:E7:25:D2:A7:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dpnBiQJ-JezFP5i1LqZa5yXSpzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/717555-354f-4b37-8a6a-0940436691bd/1/FHspIQ8XqOe39bJg9wbu1bmgKps.roa
Signing time:             Tue 02 Jan 2024 02:29:27 +0000
ROA not before:           Tue 02 Jan 2024 02:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        185.46.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/717555-354f-4b37-8a6a-0940436691bd/1/dpnBiQJ-JezFP5i1LqZa5yXSpzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/717555-354f-4b37-8a6a-0940436691bd/1/dpnBiQJ-JezFP5i1LqZa5yXSpzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dpnBiQJ-JezFP5i1LqZa5yXSpzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:02:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:25:1d:50:2c:36:22:0a:57:06:52:77:ac:63:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7699c189027e25ecc53f98b52ea65ae725d2a730
        Validity
            Not Before: Jan  2 02:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=147b29210f17a8e7b7f5b260f706eed5b9a02a9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:3b:d9:a5:ac:c5:2c:da:bb:e0:14:0a:6d:0e:
                    d1:14:ca:40:07:72:b4:ff:55:77:08:fd:d3:7c:1c:
                    93:ec:6a:02:bf:ee:47:47:b8:f0:87:75:0d:86:9f:
                    fb:5c:bd:9f:c9:98:26:a9:96:9a:90:2f:f6:c9:6d:
                    e1:13:7c:27:56:1b:ec:37:2a:45:a7:de:8a:bc:06:
                    61:c9:f5:de:a6:0f:94:e1:40:3c:2f:6e:1b:cc:72:
                    ad:c3:4f:78:23:0b:1a:1a:b4:4a:bf:74:d1:8a:9a:
                    9e:85:b2:b9:90:0c:73:4d:c2:bf:48:90:7f:5c:1c:
                    49:12:f1:b6:39:52:f5:e1:4e:4d:83:45:7f:a9:1e:
                    f8:38:db:cd:69:19:b0:a8:48:c4:03:e2:ff:32:6a:
                    18:ca:2d:85:c3:09:ec:d0:fc:38:69:68:d6:c3:97:
                    f2:1a:f1:13:f4:09:34:bf:5e:ca:8f:4f:18:f0:33:
                    1d:e9:e0:eb:5f:e7:e2:e6:55:64:b2:ad:ec:c9:e2:
                    db:c5:13:3c:33:6c:bd:ab:19:37:11:7d:42:0a:6b:
                    cb:de:00:c4:4a:3a:2b:98:4f:e1:d0:0b:a9:9b:c9:
                    c2:83:c0:8b:8e:2c:43:2f:a7:67:a2:37:0c:d4:b0:
                    da:7d:22:ab:c5:e2:13:9b:de:eb:fc:4a:7b:f7:c7:
                    41:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                14:7B:29:21:0F:17:A8:E7:B7:F5:B2:60:F7:06:EE:D5:B9:A0:2A:9B
            X509v3 Authority Key Identifier:
                keyid:76:99:C1:89:02:7E:25:EC:C5:3F:98:B5:2E:A6:5A:E7:25:D2:A7:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dpnBiQJ-JezFP5i1LqZa5yXSpzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/717555-354f-4b37-8a6a-0940436691bd/1/FHspIQ8XqOe39bJg9wbu1bmgKps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/717555-354f-4b37-8a6a-0940436691bd/1/dpnBiQJ-JezFP5i1LqZa5yXSpzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:6e:75:24:48:e3:6b:5e:bc:28:1c:c6:be:6a:85:03:3e:03:
         79:38:8b:f5:29:c5:31:27:ae:5e:1a:81:c4:0a:45:3a:24:fc:
         a6:31:9f:33:bd:f3:fc:92:a2:00:7c:43:28:cf:3e:62:c0:4c:
         bd:95:fa:c9:69:4b:59:25:c0:62:06:a9:dc:b0:0b:88:30:05:
         de:e6:a6:48:52:20:d5:0d:1e:be:92:ed:f1:03:40:d3:76:69:
         aa:80:34:d9:e1:c6:3c:d3:6f:22:02:cb:5a:1a:13:05:dd:1e:
         dc:17:9c:4a:78:9c:3e:d7:92:bd:da:d9:64:04:a7:31:08:75:
         b3:e6:7e:89:76:3b:2f:00:d8:28:cb:7b:93:c2:f3:30:3b:b5:
         73:32:a1:ad:77:d3:19:a7:e3:29:ec:04:63:3b:63:a4:e6:53:
         72:dc:47:a4:e5:a4:d5:d5:a3:d6:35:b2:58:c7:0b:ff:c8:c6:
         01:2e:dd:ea:a3:1e:e3:d3:79:d3:1f:8e:ad:ca:5f:42:63:82:
         dc:93:e1:6d:6f:20:41:21:40:d2:1a:d9:82:33:5f:59:a8:d5:
         8a:26:89:1e:19:9a:14:f4:b6:69:10:97:08:2e:ac:45:05:19:
         12:23:22:54:ca:f1:26:79:6c:0d:9e:38:4a:c1:b6:0b:63:c9:
         b4:cc:42:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIASUdUCw2IgpXBlJ3rGM9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2OTljMTg5MDI3ZTI1ZWNjNTNmOThiNTJlYTY1YWU3MjVk
MmE3MzAwHhcNMjQwMTAyMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDdiMjkyMTBmMTdhOGU3YjdmNWIyNjBmNzA2ZWVkNWI5YTAyYTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2DvZpazFLNq74BQKbQ7RFMpAB3K0
/1V3CP3TfByT7GoCv+5HR7jwh3UNhp/7XL2fyZgmqZaakC/2yW3hE3wnVhvsNypF
p96KvAZhyfXepg+U4UA8L24bzHKtw094IwsaGrRKv3TRipqehbK5kAxzTcK/SJB/
XBxJEvG2OVL14U5Ng0V/qR74ONvNaRmwqEjEA+L/MmoYyi2Fwwns0Pw4aWjWw5fy
GvET9Ak0v17Kj08Y8DMd6eDrX+fi5lVksq3syeLbxRM8M2y9qxk3EX1CCmvL3gDE
SjormE/h0Aupm8nCg8CLjixDL6dnojcM1LDafSKrxeITm97r/Ep798dBwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBR7KSEPF6jnt/WyYPcG7tW5oCqbMB8GA1UdIwQY
MBaAFHaZwYkCfiXsxT+YtS6mWucl0qcwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHBuQmlRSi1KZXpGUDVpMUxxWmE1eVhTcHpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS83MTc1NTUtMzU0Zi00YjM3LThhNmEt
MDk0MDQzNjY5MWJkLzEvRkhzcElROFhxT2UzOWJKZzl3YnUxYm1nS3BzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS83MTc1NTUtMzU0Zi00YjM3LThhNmEtMDk0MDQzNjY5MWJk
LzEvZHBuQmlRSi1KZXpGUDVpMUxxWmE1eVhTcHpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS7pMA0G
CSqGSIb3DQEBCwUAA4IBAQBxbnUkSONrXrwoHMa+aoUDPgN5OIv1KcUxJ65eGoHE
CkU6JPymMZ8zvfP8kqIAfEMozz5iwEy9lfrJaUtZJcBiBqncsAuIMAXe5qZIUiDV
DR6+ku3xA0DTdmmqgDTZ4cY8028iAstaGhMF3R7cF5xKeJw+15K92tlkBKcxCHWz
5n6JdjsvANgoy3uTwvMwO7VzMqGtd9MZp+Mp7ARjO2Ok5lNy3Eek5aTV1aPWNbJY
xwv/yMYBLt3qox7j03nTH46tyl9CY4Lck+FtbyBBIUDSGtmCM19ZqNWKJokeGZoU
9LZpEJcILqxFBRkSIyJUyvEmeWwNnjhKwbYLY8m0zEKT
-----END CERTIFICATE-----