Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/PNmnEuJXyybIkddxYnIvLx1GKFY.roa
File:                     PNmnEuJXyybIkddxYnIvLx1GKFY.roa (raw, json)
Hash identifier:          G0/o7F0SlAASNWvHOfksGY+oOHc9aIkS3+JMsdalcsA=
Subject key identifier:   3C:D9:A7:12:E2:57:CB:26:C8:91:D7:71:62:72:2F:2F:1D:46:28:56
Certificate issuer:       /CN=6894e1b8da80cac2ad1a2f3f09bf9db5a12486a4
Certificate serial:       018CC4244CC303BCC5FF52C12999E7CF8A54
Authority key identifier: 68:94:E1:B8:DA:80:CA:C2:AD:1A:2F:3F:09:BF:9D:B5:A1:24:86:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aJThuNqAysKtGi8_Cb-dtaEkhqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/PNmnEuJXyybIkddxYnIvLx1GKFY.roa
Signing time:             Mon 01 Jan 2024 08:29:22 +0000
ROA not before:           Mon 01 Jan 2024 08:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51405
IP address blocks:        46.29.176.0/21 maxlen: 24
                          2a02:2290::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/aJThuNqAysKtGi8_Cb-dtaEkhqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/aJThuNqAysKtGi8_Cb-dtaEkhqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aJThuNqAysKtGi8_Cb-dtaEkhqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:4c:c3:03:bc:c5:ff:52:c1:29:99:e7:cf:8a:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6894e1b8da80cac2ad1a2f3f09bf9db5a12486a4
        Validity
            Not Before: Jan  1 08:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3cd9a712e257cb26c891d77162722f2f1d462856
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:9d:7e:b3:52:c1:e2:14:7d:6e:3e:cc:e6:49:
                    01:43:06:d0:3f:56:3c:df:db:34:f7:d1:3a:62:df:
                    07:62:66:6e:e6:57:b2:6f:2e:26:18:dd:ed:19:e2:
                    66:f8:e7:5b:76:4f:04:00:12:b5:2e:18:36:0c:cc:
                    2a:37:8f:f7:8e:8b:69:32:2f:48:41:4c:08:48:80:
                    44:a3:d2:c8:6d:53:c5:5e:da:b9:66:de:89:fc:6e:
                    49:24:ed:f5:6c:16:8e:6e:51:81:6b:9c:61:ea:58:
                    cd:48:ed:3a:ab:06:6e:39:ad:80:0c:bb:ce:52:f5:
                    3d:1d:0d:02:25:8a:eb:a2:1d:99:6d:40:05:ff:55:
                    f3:f1:fb:d3:aa:15:48:44:0e:5b:ff:ce:58:d5:95:
                    32:9d:e7:42:85:4c:70:27:3f:fd:38:68:ea:53:ab:
                    44:0c:62:02:46:e9:33:b0:fb:fd:4f:b3:86:6e:2f:
                    e7:d7:1f:9b:b5:4b:9d:9b:27:da:4d:86:41:52:78:
                    04:0a:bb:5b:43:cc:8c:c9:11:4f:14:e7:de:70:89:
                    6b:c5:d8:19:42:50:9c:d1:fb:aa:c8:57:17:fd:96:
                    88:76:21:cf:63:42:7e:6f:f4:1e:06:4b:bd:e4:89:
                    b0:e4:d7:1e:4e:ef:dd:03:96:94:ea:cd:ee:b1:7c:
                    14:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:D9:A7:12:E2:57:CB:26:C8:91:D7:71:62:72:2F:2F:1D:46:28:56
            X509v3 Authority Key Identifier:
                keyid:68:94:E1:B8:DA:80:CA:C2:AD:1A:2F:3F:09:BF:9D:B5:A1:24:86:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aJThuNqAysKtGi8_Cb-dtaEkhqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/PNmnEuJXyybIkddxYnIvLx1GKFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/2cab1a-df66-4187-b182-703cab4d0598/1/aJThuNqAysKtGi8_Cb-dtaEkhqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.176.0/21
                IPv6:
                  2a02:2290::/29

    Signature Algorithm: sha256WithRSAEncryption
         59:af:31:df:f8:de:99:48:18:0a:19:5b:8d:11:86:95:78:9f:
         91:d2:75:3c:e0:bb:83:59:66:db:e8:24:5e:3a:8c:7f:dd:d3:
         f7:3a:28:0d:1c:e4:4b:30:8b:47:d9:f0:9e:37:7c:49:83:e1:
         c4:09:a2:16:99:85:64:27:94:1e:6f:7d:31:39:76:73:fb:d3:
         c2:c5:03:f7:4e:47:e4:43:bc:85:16:fa:82:ad:83:43:88:72:
         15:2e:d1:60:ff:31:21:5e:56:36:1c:ed:95:fa:bb:6d:1a:23:
         84:fd:77:fe:a3:b2:41:c3:4a:eb:60:80:af:2a:e8:51:62:a1:
         64:ca:24:45:68:ce:46:67:69:78:f5:50:9a:8f:29:25:c1:61:
         50:05:ec:20:49:29:c2:7e:72:4e:0c:05:ce:39:b0:fd:1f:30:
         fb:0b:8d:7b:81:49:24:32:8c:fd:76:28:59:93:87:fb:19:8a:
         a9:6c:50:75:e1:3b:17:b3:1e:a1:95:ec:57:55:23:a5:3e:87:
         3e:37:f9:35:b9:61:b7:d7:93:89:7c:d2:5f:d4:35:38:65:4b:
         48:33:cc:62:bb:81:22:61:07:97:37:c3:fe:e6:48:69:bc:07:
         35:2b:2d:de:8d:be:00:c6:d0:dd:0e:a9:3d:0b:52:1f:67:af:
         99:e7:de:e2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJEzDA7zF/1LBKZnnz4pUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4OTRlMWI4ZGE4MGNhYzJhZDFhMmYzZjA5YmY5ZGI1YTEy
NDg2YTQwHhcNMjQwMTAxMDgyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzY2Q5YTcxMmUyNTdjYjI2Yzg5MWQ3NzE2MjcyMmYyZjFkNDYyODU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZ1+s1LB4hR9bj7M5kkBQwbQP1Y8
39s099E6Yt8HYmZu5leyby4mGN3tGeJm+Odbdk8EABK1Lhg2DMwqN4/3jotpMi9I
QUwISIBEo9LIbVPFXtq5Zt6J/G5JJO31bBaOblGBa5xh6ljNSO06qwZuOa2ADLvO
UvU9HQ0CJYrroh2ZbUAF/1Xz8fvTqhVIRA5b/85Y1ZUynedChUxwJz/9OGjqU6tE
DGICRukzsPv9T7OGbi/n1x+btUudmyfaTYZBUngECrtbQ8yMyRFPFOfecIlrxdgZ
QlCc0fuqyFcX/ZaIdiHPY0J+b/QeBku95Imw5NceTu/dA5aU6s3usXwU3wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDzZpxLiV8smyJHXcWJyLy8dRihWMB8GA1UdIwQY
MBaAFGiU4bjagMrCrRovPwm/nbWhJIakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUpUaHVOcUF5c0t0R2k4X0NiLWR0YUVraHFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8yY2FiMWEtZGY2Ni00MTg3LWIxODIt
NzAzY2FiNGQwNTk4LzEvUE5tbkV1Slh5eWJJa2RkeFluSXZMeDFHS0ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8yY2FiMWEtZGY2Ni00MTg3LWIxODItNzAzY2FiNGQwNTk4
LzEvYUpUaHVOcUF5c0t0R2k4X0NiLWR0YUVraHFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDLh2wMA0E
AgACMAcDBQMqAiKQMA0GCSqGSIb3DQEBCwUAA4IBAQBZrzHf+N6ZSBgKGVuNEYaV
eJ+R0nU84LuDWWbb6CReOox/3dP3OigNHORLMItH2fCeN3xJg+HECaIWmYVkJ5Qe
b30xOXZz+9PCxQP3TkfkQ7yFFvqCrYNDiHIVLtFg/zEhXlY2HO2V+rttGiOE/Xf+
o7JBw0rrYICvKuhRYqFkyiRFaM5GZ2l49VCajyklwWFQBewgSSnCfnJODAXOObD9
HzD7C417gUkkMoz9dihZk4f7GYqpbFB14TsXsx6hlexXVSOlPoc+N/k1uWG315OJ
fNJf1DU4ZUtIM8xiu4EiYQeXN8P+5khpvAc1Ky3ejb4AxtDdDqk9C1IfZ6+Z597i
-----END CERTIFICATE-----