Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/1fosVa-BMHRgVm5yl5gq5oGpkkQ.roa
File:                     1fosVa-BMHRgVm5yl5gq5oGpkkQ.roa (raw, json)
Hash identifier:          m5ULM2iE7cS35Ht0a0Y0h8WikIer9cm3u8pVj7ODGWg=
Subject key identifier:   D5:FA:2C:55:AF:81:30:74:60:56:6E:72:97:98:2A:E6:81:A9:92:44
Certificate issuer:       /CN=6894e1b8da80cac2ad1a2f3f09bf9db5a12486a4
Certificate serial:       018CC4244CF25E116D3F9E8402FC93456214
Authority key identifier: 68:94:E1:B8:DA:80:CA:C2:AD:1A:2F:3F:09:BF:9D:B5:A1:24:86:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aJThuNqAysKtGi8_Cb-dtaEkhqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/1fosVa-BMHRgVm5yl5gq5oGpkkQ.roa
Signing time:             Mon 01 Jan 2024 08:29:22 +0000
ROA not before:           Mon 01 Jan 2024 08:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206610
IP address blocks:        46.29.176.0/21 maxlen: 24
                          185.28.204.0/22 maxlen: 24
                          2a02:2290::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/aJThuNqAysKtGi8_Cb-dtaEkhqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/aJThuNqAysKtGi8_Cb-dtaEkhqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aJThuNqAysKtGi8_Cb-dtaEkhqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:4c:f2:5e:11:6d:3f:9e:84:02:fc:93:45:62:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6894e1b8da80cac2ad1a2f3f09bf9db5a12486a4
        Validity
            Not Before: Jan  1 08:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d5fa2c55af81307460566e7297982ae681a99244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:59:62:ed:97:40:5d:b3:34:98:c9:bb:f2:b6:
                    93:b4:b9:fd:08:e4:1d:be:f1:4f:9d:e7:d8:91:99:
                    f7:74:8e:d6:dd:8e:2b:9a:92:5f:6e:69:0c:59:d9:
                    7f:d2:30:de:d2:ca:b9:64:71:4f:74:4e:19:7a:59:
                    8d:5f:47:25:68:28:15:ef:7c:e9:cc:93:ce:8f:bc:
                    01:eb:fe:cc:8f:3f:1b:05:13:0b:50:1a:ec:1c:19:
                    76:28:62:89:08:95:47:c5:9e:19:89:91:90:39:d3:
                    f2:a1:08:cb:d0:ab:7d:73:82:54:ec:72:6f:69:b9:
                    43:3f:8b:89:9a:c5:34:ee:5c:57:09:f1:65:a3:ad:
                    55:f6:ca:3e:e2:0a:7c:d8:61:ad:82:96:c7:a2:14:
                    1e:3a:ef:98:31:e4:ec:19:17:50:7b:8b:ae:c7:5e:
                    7b:6d:0f:d7:a4:84:86:38:24:49:31:17:d6:89:6d:
                    1f:3f:a3:71:81:35:8b:e9:ab:23:1b:19:9c:ab:1a:
                    fb:7c:96:b3:fa:ab:ae:dc:ca:d5:bd:56:ca:df:1d:
                    41:df:ca:3c:18:8f:f4:e3:c1:28:84:00:31:96:7b:
                    aa:a1:ce:42:2e:5f:da:09:ba:7a:7b:bf:9f:df:56:
                    b7:88:1f:57:21:62:ae:45:16:1b:7a:60:73:8d:c0:
                    d0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:FA:2C:55:AF:81:30:74:60:56:6E:72:97:98:2A:E6:81:A9:92:44
            X509v3 Authority Key Identifier:
                keyid:68:94:E1:B8:DA:80:CA:C2:AD:1A:2F:3F:09:BF:9D:B5:A1:24:86:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aJThuNqAysKtGi8_Cb-dtaEkhqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/1fosVa-BMHRgVm5yl5gq5oGpkkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/aJThuNqAysKtGi8_Cb-dtaEkhqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.176.0/21
                  185.28.204.0/22
                IPv6:
                  2a02:2290::/29

    Signature Algorithm: sha256WithRSAEncryption
         42:fa:4f:c6:0c:09:88:66:de:a8:bd:f1:fa:41:3a:fa:b7:72:
         5a:f1:09:73:dc:8e:5e:cb:0b:e7:1f:3d:4c:d2:2f:54:0c:e5:
         bc:1b:11:65:61:ff:bb:ce:5a:13:f6:ae:73:a0:ad:50:04:22:
         22:83:93:e0:35:35:d2:e1:e2:b4:8a:66:8a:be:9d:77:bd:04:
         73:44:de:0e:a8:67:5e:c6:72:75:c8:a6:2e:30:6e:26:75:2d:
         fa:72:ee:0e:17:1e:b1:1c:bc:f7:3b:fa:24:27:27:8e:e9:7e:
         1e:05:ef:87:6e:f0:d5:0b:8c:71:1b:36:8f:37:c8:72:89:88:
         25:b7:02:f5:7e:79:bc:54:2d:a3:bb:ed:4f:03:11:2b:a6:16:
         ec:cb:9d:65:b0:22:ce:e8:19:53:8f:7a:af:16:d7:c9:8d:0d:
         84:89:12:0f:6a:5d:93:ff:e3:7c:90:f1:82:0a:e5:6d:8f:3e:
         13:5f:14:f5:da:59:c8:77:c9:d8:5c:5f:c3:ff:f8:1f:ed:ea:
         50:c6:2b:a5:e7:16:e9:41:f4:ca:88:a5:b2:cd:09:20:47:32:
         1d:d1:54:a9:d3:06:a5:d6:40:5e:24:9b:47:b1:f7:63:a6:56:
         b5:41:da:b2:df:4d:cc:b6:39:a1:7e:6c:f6:2f:73:e4:26:d3:
         65:87:c3:04
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEJEzyXhFtP56EAvyTRWIUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4OTRlMWI4ZGE4MGNhYzJhZDFhMmYzZjA5YmY5ZGI1YTEy
NDg2YTQwHhcNMjQwMTAxMDgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWZhMmM1NWFmODEzMDc0NjA1NjZlNzI5Nzk4MmFlNjgxYTk5MjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFli7ZdAXbM0mMm78raTtLn9COQd
vvFPnefYkZn3dI7W3Y4rmpJfbmkMWdl/0jDe0sq5ZHFPdE4ZelmNX0claCgV73zp
zJPOj7wB6/7Mjz8bBRMLUBrsHBl2KGKJCJVHxZ4ZiZGQOdPyoQjL0Kt9c4JU7HJv
ablDP4uJmsU07lxXCfFlo61V9so+4gp82GGtgpbHohQeOu+YMeTsGRdQe4uux157
bQ/XpISGOCRJMRfWiW0fP6NxgTWL6asjGxmcqxr7fJaz+quu3MrVvVbK3x1B38o8
GI/048EohAAxlnuqoc5CLl/aCbp6e7+f31a3iB9XIWKuRRYbemBzjcDQiQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFNX6LFWvgTB0YFZucpeYKuaBqZJEMB8GA1UdIwQY
MBaAFGiU4bjagMrCrRovPwm/nbWhJIakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUpUaHVOcUF5c0t0R2k4X0NiLWR0YUVraHFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8yY2FiMWEtZGY2Ni00MTg3LWIxODIt
NzAzY2FiNGQwNTk4LzEvMWZvc1ZhLUJNSFJnVm01eWw1Z3E1b0dwa2tRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8yY2FiMWEtZGY2Ni00MTg3LWIxODItNzAzY2FiNGQwNTk4
LzEvYUpUaHVOcUF5c0t0R2k4X0NiLWR0YUVraHFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDLh2wAwQC
uRzMMA0EAgACMAcDBQMqAiKQMA0GCSqGSIb3DQEBCwUAA4IBAQBC+k/GDAmIZt6o
vfH6QTr6t3Ja8Qlz3I5eywvnHz1M0i9UDOW8GxFlYf+7zloT9q5zoK1QBCIig5Pg
NTXS4eK0imaKvp13vQRzRN4OqGdexnJ1yKYuMG4mdS36cu4OFx6xHLz3O/okJyeO
6X4eBe+HbvDVC4xxGzaPN8hyiYgltwL1fnm8VC2ju+1PAxErphbsy51lsCLO6BlT
j3qvFtfJjQ2EiRIPal2T/+N8kPGCCuVtjz4TXxT12lnId8nYXF/D//gf7epQxiul
5xbpQfTKiKWyzQkgRzId0VSp0wal1kBeJJtHsfdjpla1Qdqy303Mtjmhfmz2L3Pk
JtNlh8ME
-----END CERTIFICATE-----