Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/149cf6-611d-4e03-a660-dce1127ab223/1/0cl2QkqqLhQv38_2rucCAGI1LWs.roa
File:                     0cl2QkqqLhQv38_2rucCAGI1LWs.roa (raw, json)
Hash identifier:          vQ/AJi+hjruP39HkTO84CKqRf+0jYEewJU1H0o3XYD4=
Subject key identifier:   D1:C9:76:42:4A:AA:2E:14:2F:DF:CF:F6:AE:E7:02:00:62:35:2D:6B
Certificate issuer:       /CN=70cbeb388f5902c16160bbed0962cb622b2bb832
Certificate serial:       018CC6B80353399148F47894368690A03C92
Authority key identifier: 70:CB:EB:38:8F:59:02:C1:61:60:BB:ED:09:62:CB:62:2B:2B:B8:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvrOI9ZAsFhYLvtCWLLYisruDI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/149cf6-611d-4e03-a660-dce1127ab223/1/0cl2QkqqLhQv38_2rucCAGI1LWs.roa
Signing time:             Mon 01 Jan 2024 20:29:57 +0000
ROA not before:           Mon 01 Jan 2024 20:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34702
IP address blocks:        185.46.20.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/149cf6-611d-4e03-a660-dce1127ab223/1/cMvrOI9ZAsFhYLvtCWLLYisruDI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/149cf6-611d-4e03-a660-dce1127ab223/1/cMvrOI9ZAsFhYLvtCWLLYisruDI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvrOI9ZAsFhYLvtCWLLYisruDI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:03:53:39:91:48:f4:78:94:36:86:90:a0:3c:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbeb388f5902c16160bbed0962cb622b2bb832
        Validity
            Not Before: Jan  1 20:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1c976424aaa2e142fdfcff6aee7020062352d6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:43:2f:77:d1:fa:25:92:33:ff:3a:4f:fd:4c:
                    0b:21:c9:64:9b:a1:61:73:8c:cc:16:81:23:9d:0f:
                    56:7e:e9:62:e8:36:a1:8c:dc:9e:7e:83:5e:68:1a:
                    37:9f:46:82:ea:af:12:6a:39:7f:b2:aa:bb:27:34:
                    6d:cf:6e:2c:db:91:69:3c:50:2d:12:a4:36:44:5c:
                    3c:2e:3a:bc:f9:b0:0d:4b:f7:13:c4:80:41:99:fa:
                    7a:3f:c7:39:81:eb:31:8a:6d:9e:46:59:3e:9a:ca:
                    66:d6:1b:f8:e7:5e:74:fb:47:b4:bd:12:e1:d8:66:
                    b7:e8:f7:ba:95:b6:1b:37:d0:96:76:bd:1e:8c:79:
                    16:9e:17:2d:f5:62:de:0f:cd:ca:00:70:b2:ca:e2:
                    8d:58:92:25:af:a2:5b:37:10:0a:73:75:69:f9:ef:
                    c8:2f:62:85:98:b9:df:23:5f:f2:63:e5:da:2c:e2:
                    80:6d:6c:e8:52:cf:88:1c:7c:98:ce:83:f0:f7:7f:
                    12:cd:36:26:85:be:19:7b:ca:09:55:a8:e5:fa:bf:
                    da:2a:57:f6:29:ab:39:e1:e7:1d:98:1c:78:3b:b5:
                    f3:b6:c4:77:24:e1:07:b4:a3:47:b9:1d:08:5f:50:
                    f8:b7:90:70:ab:82:40:7f:79:00:fb:c4:d7:7f:5c:
                    9a:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:C9:76:42:4A:AA:2E:14:2F:DF:CF:F6:AE:E7:02:00:62:35:2D:6B
            X509v3 Authority Key Identifier:
                keyid:70:CB:EB:38:8F:59:02:C1:61:60:BB:ED:09:62:CB:62:2B:2B:B8:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvrOI9ZAsFhYLvtCWLLYisruDI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/149cf6-611d-4e03-a660-dce1127ab223/1/0cl2QkqqLhQv38_2rucCAGI1LWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/149cf6-611d-4e03-a660-dce1127ab223/1/cMvrOI9ZAsFhYLvtCWLLYisruDI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         80:a1:88:e4:f1:0e:22:67:c0:b0:62:c1:66:b5:ce:8d:c7:fa:
         14:da:38:90:6a:87:61:e0:8d:58:42:02:4e:84:e3:40:92:a8:
         9d:45:06:e0:9e:ca:49:29:7b:52:f6:ae:a6:6a:29:34:66:f6:
         70:6d:ae:32:93:8d:b4:2d:93:3c:4d:fb:a2:52:ef:84:f7:19:
         ec:db:8c:5c:7b:c7:b3:66:ff:37:55:d7:cf:f9:3b:be:e8:a0:
         4d:62:3e:20:9b:c6:3e:66:62:b6:34:af:2e:6d:4b:5c:f2:f5:
         49:19:8e:72:e6:67:4c:8b:44:f3:1d:2c:f6:5c:e1:da:db:4b:
         2a:5c:86:0b:de:9d:9b:4b:c6:22:e3:7e:24:99:03:47:cd:c9:
         fe:5c:5e:b1:21:fa:55:f7:8c:b0:7d:40:96:fc:03:93:d0:34:
         e3:96:ed:c8:6f:c6:5e:da:39:7e:3e:c8:f4:3a:40:aa:a3:00:
         69:da:63:45:45:17:8c:1d:79:f2:2e:e0:16:17:7e:39:85:dd:
         b8:3d:5f:ef:94:df:3e:51:d2:78:77:9f:c9:7b:84:04:74:b5:
         d2:d7:e9:39:d3:33:12:a7:7c:85:94:89:70:9d:e5:9c:75:d9:
         72:4f:1e:ce:5a:3d:3b:e6:85:3b:87:97:77:7a:e4:72:f3:18:
         03:2a:76:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuANTOZFI9HiUNoaQoDySMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwY2JlYjM4OGY1OTAyYzE2MTYwYmJlZDA5NjJjYjYyMmIy
YmI4MzIwHhcNMjQwMTAxMjAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWM5NzY0MjRhYWEyZTE0MmZkZmNmZjZhZWU3MDIwMDYyMzUyZDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkMvd9H6JZIz/zpP/UwLIclkm6Fh
c4zMFoEjnQ9Wfuli6DahjNyefoNeaBo3n0aC6q8Sajl/sqq7JzRtz24s25FpPFAt
EqQ2RFw8Ljq8+bANS/cTxIBBmfp6P8c5gesxim2eRlk+mspm1hv45150+0e0vRLh
2Ga36Pe6lbYbN9CWdr0ejHkWnhct9WLeD83KAHCyyuKNWJIlr6JbNxAKc3Vp+e/I
L2KFmLnfI1/yY+XaLOKAbWzoUs+IHHyYzoPw938SzTYmhb4Ze8oJVajl+r/aKlf2
Kas54ecdmBx4O7XztsR3JOEHtKNHuR0IX1D4t5Bwq4JAf3kA+8TXf1yaPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNHJdkJKqi4UL9/P9q7nAgBiNS1rMB8GA1UdIwQY
MBaAFHDL6ziPWQLBYWC77Qliy2IrK7gyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY012ck9JOVpBc0ZoWUx2dENXTExZaXNydURJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8xNDljZjYtNjExZC00ZTAzLWE2NjAt
ZGNlMTEyN2FiMjIzLzEvMGNsMlFrcXFMaFF2MzhfMnJ1Y0NBR0kxTFdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8xNDljZjYtNjExZC00ZTAzLWE2NjAtZGNlMTEyN2FiMjIz
LzEvY012ck9JOVpBc0ZoWUx2dENXTExZaXNydURJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuS4UMA0G
CSqGSIb3DQEBCwUAA4IBAQCAoYjk8Q4iZ8CwYsFmtc6Nx/oU2jiQaodh4I1YQgJO
hONAkqidRQbgnspJKXtS9q6maik0ZvZwba4yk420LZM8TfuiUu+E9xns24xce8ez
Zv83VdfP+Tu+6KBNYj4gm8Y+ZmK2NK8ubUtc8vVJGY5y5mdMi0TzHSz2XOHa20sq
XIYL3p2bS8Yi434kmQNHzcn+XF6xIfpV94ywfUCW/AOT0DTjlu3Ib8Ze2jl+Psj0
OkCqowBp2mNFRReMHXnyLuAWF345hd24PV/vlN8+UdJ4d5/Je4QEdLXS1+k50zMS
p3yFlIlwneWcddlyTx7OWj075oU7h5d3euRy8xgDKnaU
-----END CERTIFICATE-----