Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/4tF_jw6nDQOTqWRV9u7O9IwpVtM.roa
File:                     4tF_jw6nDQOTqWRV9u7O9IwpVtM.roa (raw, json)
Hash identifier:          zpK+dX3fumAGKw1c0pwhe4Ywp2i31usZt4QT9qUCtfQ=
Subject key identifier:   E2:D1:7F:8F:0E:A7:0D:03:93:A9:64:55:F6:EE:CE:F4:8C:29:56:D3
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       018CC9BC2A248F6BEF1DFC84518B97CBD039
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/4tF_jw6nDQOTqWRV9u7O9IwpVtM.roa
Signing time:             Tue 02 Jan 2024 10:33:21 +0000
ROA not before:           Tue 02 Jan 2024 10:33:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396998
IP address blocks:        46.233.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:2a:24:8f:6b:ef:1d:fc:84:51:8b:97:cb:d0:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Jan  2 10:33:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e2d17f8f0ea70d0393a96455f6eecef48c2956d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:8d:51:e0:7d:04:88:11:be:64:fc:96:c0:35:
                    14:28:70:7b:9b:9c:f7:40:1a:13:3f:42:1e:b4:01:
                    55:11:c2:af:a6:3c:fa:3c:f1:6a:a3:51:b0:9f:44:
                    d8:1a:5c:aa:72:0c:b3:80:ed:15:ae:61:d0:7d:70:
                    1a:0b:69:b8:dc:4b:7a:f6:36:84:1e:14:56:b8:4b:
                    1c:ae:6d:4b:d5:2f:6e:f5:49:5b:89:43:4a:d0:5f:
                    61:35:83:ea:fa:91:ca:d6:57:8c:6b:ba:b6:46:f7:
                    f8:1e:e3:44:1b:d9:6a:17:6d:27:46:c9:8e:0d:a8:
                    2a:76:9d:19:97:72:6c:91:6e:ad:1f:e4:9e:f2:38:
                    89:ee:09:51:9a:59:d6:d2:17:d0:aa:27:bc:93:61:
                    e7:16:0e:0c:07:dc:9f:c9:71:56:3b:11:be:e1:f4:
                    e6:d4:93:b6:b0:03:e2:db:9a:51:f0:42:d7:f6:61:
                    c1:2b:6a:c9:d0:41:30:16:ad:c1:0e:85:6b:e8:0f:
                    fc:02:b2:a3:69:64:e3:f9:06:c0:ab:5f:ea:ea:9b:
                    22:48:f2:a0:bd:4c:ad:5f:db:1f:2f:c5:9e:19:b9:
                    62:89:5e:a4:dc:5d:64:23:22:b6:5e:74:ee:b6:8c:
                    9a:c4:bf:6e:ba:0d:41:b5:c4:49:4b:69:65:5e:f7:
                    57:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:D1:7F:8F:0E:A7:0D:03:93:A9:64:55:F6:EE:CE:F4:8C:29:56:D3
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/4tF_jw6nDQOTqWRV9u7O9IwpVtM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:4a:b0:ba:f0:e1:f5:00:90:ed:39:a9:75:1a:e0:35:82:16:
         16:1a:29:7b:6f:48:3e:1e:2c:70:39:c9:82:42:03:90:e4:ce:
         d4:72:24:f8:8d:6d:38:91:f4:9d:cc:5b:66:25:c4:c4:86:45:
         b3:b9:67:cb:7a:2d:4c:54:83:ec:48:c5:9b:d2:cf:59:69:94:
         d9:c2:34:b3:86:9e:56:e6:9c:a1:cd:de:31:1d:89:bd:9c:56:
         b3:8c:d0:51:24:3f:b9:40:dc:30:67:28:29:29:c6:fe:79:e8:
         e3:d1:42:7c:3a:4c:27:53:50:e7:d7:54:8f:33:99:ec:37:3d:
         27:ee:db:11:85:c7:08:6d:28:b5:d4:86:3c:37:29:e7:e4:be:
         1a:d9:f5:50:29:ae:b4:71:8b:bd:8e:8f:41:61:3f:22:f8:96:
         88:9b:2b:3a:51:b1:f1:24:2d:5a:72:38:45:7e:17:29:f7:4c:
         ad:fb:7f:23:51:b5:ce:b3:0a:87:fc:27:28:88:77:79:0e:de:
         1e:1a:e2:cd:3f:10:40:15:41:5d:ad:12:17:64:6e:c4:f8:d9:
         76:7d:c6:61:ea:28:28:e5:4c:bc:d0:f0:8a:7a:87:a9:b4:77:
         37:0c:3b:cc:2d:ca:88:3f:9d:ba:66:60:ab:c7:ea:64:fa:d9:
         4f:a9:46:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvCokj2vvHfyEUYuXy9A5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjQwMTAyMTAzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMmQxN2Y4ZjBlYTcwZDAzOTNhOTY0NTVmNmVlY2VmNDhjMjk1NmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh41R4H0EiBG+ZPyWwDUUKHB7m5z3
QBoTP0IetAFVEcKvpjz6PPFqo1Gwn0TYGlyqcgyzgO0VrmHQfXAaC2m43Et69jaE
HhRWuEscrm1L1S9u9UlbiUNK0F9hNYPq+pHK1leMa7q2Rvf4HuNEG9lqF20nRsmO
Dagqdp0Zl3JskW6tH+Se8jiJ7glRmlnW0hfQqie8k2HnFg4MB9yfyXFWOxG+4fTm
1JO2sAPi25pR8ELX9mHBK2rJ0EEwFq3BDoVr6A/8ArKjaWTj+QbAq1/q6psiSPKg
vUytX9sfL8WeGbliiV6k3F1kIyK2XnTutoyaxL9uug1BtcRJS2llXvdXJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOLRf48Opw0Dk6lkVfbuzvSMKVbTMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvNHRGX2p3Nm5EUU9UcVdSVjl1N085SXdwVnRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuknMA0G
CSqGSIb3DQEBCwUAA4IBAQAMSrC68OH1AJDtOal1GuA1ghYWGil7b0g+HixwOcmC
QgOQ5M7UciT4jW04kfSdzFtmJcTEhkWzuWfLei1MVIPsSMWb0s9ZaZTZwjSzhp5W
5pyhzd4xHYm9nFazjNBRJD+5QNwwZygpKcb+eejj0UJ8OkwnU1Dn11SPM5nsNz0n
7tsRhccIbSi11IY8Nynn5L4a2fVQKa60cYu9jo9BYT8i+JaImys6UbHxJC1acjhF
fhcp90yt+38jUbXOswqH/CcoiHd5Dt4eGuLNPxBAFUFdrRIXZG7E+Nl2fcZh6igo
5Uy80PCKeoeptHc3DDvMLcqIP526ZmCrx+pk+tlPqUY/
-----END CERTIFICATE-----