Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/YHsnAG0EdnvN0gD9DJyoep_vJVs.roa
File:                     YHsnAG0EdnvN0gD9DJyoep_vJVs.roa (raw, json)
Hash identifier:          QFghRz7dmgkFjUE/RnwZZEZCq5tdLndI8biFEGtAaDY=
Subject key identifier:   60:7B:27:00:6D:04:76:7B:CD:D2:00:FD:0C:9C:A8:7A:9F:EF:25:5B
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       018CC9BC26380D1E1D5C5CF9902502AB70B9
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/YHsnAG0EdnvN0gD9DJyoep_vJVs.roa
Signing time:             Tue 02 Jan 2024 10:33:20 +0000
ROA not before:           Tue 02 Jan 2024 10:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42410
IP address blocks:        46.233.48.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:26:38:0d:1e:1d:5c:5c:f9:90:25:02:ab:70:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Jan  2 10:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=607b27006d04767bcdd200fd0c9ca87a9fef255b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6b:52:c1:ad:b2:ff:ce:e9:fe:19:14:d0:96:
                    26:80:a8:ee:5b:4c:dd:21:d9:f6:c9:f4:11:fe:b9:
                    43:3e:74:77:56:30:2e:19:9d:e0:7d:21:27:9e:6e:
                    0e:0f:8f:c8:3b:7b:28:42:a1:11:36:39:db:89:47:
                    f1:52:14:0f:d2:fe:69:77:65:ae:a9:55:f3:3b:7c:
                    a4:7f:b7:e9:c6:19:6a:d0:0b:a9:19:c2:6e:87:bf:
                    b5:d9:b4:20:ec:bc:bb:f1:85:94:08:e3:3b:42:93:
                    10:1b:0b:0c:c9:06:d2:3e:99:03:c8:18:f0:a2:7c:
                    c7:d8:26:6e:97:55:d5:be:43:e3:9d:91:55:57:3c:
                    6e:bf:ec:13:ad:06:f9:49:de:dc:33:31:49:6e:d6:
                    a3:d7:9d:55:29:46:54:fe:ad:25:d0:3d:57:6c:3c:
                    4e:83:1a:9c:10:56:57:ab:bc:4c:b0:09:16:58:0a:
                    6f:12:98:e4:ce:3c:e8:bc:f1:ee:5d:f2:c3:48:d3:
                    4a:9d:65:88:a4:99:ea:0d:86:a5:91:ab:81:af:4b:
                    33:37:ef:12:8b:30:50:ba:42:19:79:31:76:a7:0f:
                    12:5b:e3:7b:0b:67:ae:98:29:10:e4:0b:7f:74:fe:
                    8e:14:5b:0f:79:cc:48:ce:11:9d:cf:a5:1b:d4:9d:
                    f4:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:7B:27:00:6D:04:76:7B:CD:D2:00:FD:0C:9C:A8:7A:9F:EF:25:5B
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/YHsnAG0EdnvN0gD9DJyoep_vJVs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         56:a5:e3:9f:a2:63:f3:c7:be:e8:ec:88:e3:3c:54:b7:02:1b:
         0d:fe:81:e3:31:1d:e2:87:fd:29:65:1e:58:46:a7:98:0b:7c:
         64:9f:59:70:99:e6:87:2f:86:c6:46:fd:f3:57:9c:94:c6:8a:
         aa:2c:e8:e8:e6:1f:0e:9e:57:ac:73:73:c7:60:71:73:48:07:
         00:e4:a1:fd:dd:e7:82:ee:68:cf:07:ab:d7:b5:0d:70:1d:d5:
         53:be:d0:99:ac:43:da:71:26:3f:b3:ff:bb:60:b1:4a:0e:d4:
         b3:d9:b8:7d:c8:39:4f:c1:85:dc:72:b1:84:9a:eb:8b:bb:ce:
         4b:73:77:f2:78:ad:b8:ed:c2:3f:98:be:09:cf:64:f6:80:36:
         f1:13:f2:36:44:eb:b3:b0:b2:82:1d:d9:e3:df:b5:35:85:3f:
         18:5f:02:30:20:21:b9:ba:ea:a0:98:f7:cf:1e:59:ed:07:55:
         2b:da:67:bb:f1:78:77:27:49:12:8f:5c:9f:8a:86:d3:cf:75:
         65:e8:49:56:66:6b:3c:5c:0a:62:b4:71:4f:58:b0:9d:ca:5b:
         83:9a:4d:35:ff:c0:d3:b3:5e:00:0a:9c:41:b0:71:48:30:45:
         92:34:44:ac:9d:31:8a:ae:b3:0f:38:af:ec:47:6a:3d:8e:4a:
         4d:2f:9a:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvCY4DR4dXFz5kCUCq3C5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjQwMTAyMTAzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDdiMjcwMDZkMDQ3NjdiY2RkMjAwZmQwYzljYTg3YTlmZWYyNTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGtSwa2y/87p/hkU0JYmgKjuW0zd
Idn2yfQR/rlDPnR3VjAuGZ3gfSEnnm4OD4/IO3soQqERNjnbiUfxUhQP0v5pd2Wu
qVXzO3ykf7fpxhlq0AupGcJuh7+12bQg7Ly78YWUCOM7QpMQGwsMyQbSPpkDyBjw
onzH2CZul1XVvkPjnZFVVzxuv+wTrQb5Sd7cMzFJbtaj151VKUZU/q0l0D1XbDxO
gxqcEFZXq7xMsAkWWApvEpjkzjzovPHuXfLDSNNKnWWIpJnqDYalkauBr0szN+8S
izBQukIZeTF2pw8SW+N7C2eumCkQ5At/dP6OFFsPecxIzhGdz6Ub1J30DwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGB7JwBtBHZ7zdIA/QycqHqf7yVbMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvWUhzbkFHMEVkbnZOMGdEOURKeW9lcF92SlZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLukwMA0G
CSqGSIb3DQEBCwUAA4IBAQBWpeOfomPzx77o7IjjPFS3AhsN/oHjMR3ih/0pZR5Y
RqeYC3xkn1lwmeaHL4bGRv3zV5yUxoqqLOjo5h8Onlesc3PHYHFzSAcA5KH93eeC
7mjPB6vXtQ1wHdVTvtCZrEPacSY/s/+7YLFKDtSz2bh9yDlPwYXccrGEmuuLu85L
c3fyeK247cI/mL4Jz2T2gDbxE/I2ROuzsLKCHdnj37U1hT8YXwIwICG5uuqgmPfP
HlntB1Ur2me78Xh3J0kSj1yfiobTz3Vl6ElWZms8XApitHFPWLCdyluDmk01/8DT
s14ACpxBsHFIMEWSNESsnTGKrrMPOK/sR2o9jkpNL5ol
-----END CERTIFICATE-----