Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/e413d8-d389-473e-b63a-204d76eee661/1/aG4o6CFaDCQ7FzNeUT6EJVg6wiE.roa
File:                     aG4o6CFaDCQ7FzNeUT6EJVg6wiE.roa (raw, json)
Hash identifier:          l1hl91IdIo2wLxh7Q+gzn3RkNDhxuu2I88MDmAneXm0=
Subject key identifier:   68:6E:28:E8:21:5A:0C:24:3B:17:33:5E:51:3E:84:25:58:3A:C2:21
Certificate issuer:       /CN=8095e0cc6e4a8de8acd3b07cce5ea0c040c47ff1
Certificate serial:       018CC26D7AE7B09BA9EDF428895056091426
Authority key identifier: 80:95:E0:CC:6E:4A:8D:E8:AC:D3:B0:7C:CE:5E:A0:C0:40:C4:7F:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gJXgzG5Kjeis07B8zl6gwEDEf_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/e413d8-d389-473e-b63a-204d76eee661/1/aG4o6CFaDCQ7FzNeUT6EJVg6wiE.roa
Signing time:             Mon 01 Jan 2024 00:30:03 +0000
ROA not before:           Mon 01 Jan 2024 00:30:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211600
IP address blocks:        46.243.74.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/e413d8-d389-473e-b63a-204d76eee661/1/gJXgzG5Kjeis07B8zl6gwEDEf_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/e413d8-d389-473e-b63a-204d76eee661/1/gJXgzG5Kjeis07B8zl6gwEDEf_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gJXgzG5Kjeis07B8zl6gwEDEf_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 17:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:7a:e7:b0:9b:a9:ed:f4:28:89:50:56:09:14:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8095e0cc6e4a8de8acd3b07cce5ea0c040c47ff1
        Validity
            Not Before: Jan  1 00:30:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=686e28e8215a0c243b17335e513e8425583ac221
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:01:0b:13:60:9f:ea:b6:19:1f:ee:c1:9a:22:
                    2e:a7:a6:f2:cf:7f:ea:28:0e:5f:22:1c:41:63:06:
                    88:48:3b:f3:3c:b0:de:2c:9d:1c:e1:f3:64:11:48:
                    24:c3:63:10:58:91:fa:0e:76:76:37:28:48:9e:cc:
                    57:1c:ea:d8:e6:67:98:20:e5:fd:2e:e4:25:87:17:
                    9e:b1:63:33:df:29:3f:b5:57:6b:53:9b:c1:ea:77:
                    e9:bf:ce:1b:e1:73:1d:ba:dc:71:72:4c:a3:2e:1b:
                    e3:bb:35:29:06:86:25:b3:50:29:30:d7:c8:ec:8e:
                    16:5b:95:79:26:4c:a4:8f:79:41:3c:80:57:53:77:
                    5f:ee:f7:fc:a0:f5:fd:f5:58:a7:2a:ca:c4:f1:f6:
                    66:55:f1:ca:cb:b9:aa:19:bd:04:ed:ed:b0:3e:b1:
                    4f:d3:ea:29:08:52:e9:2c:e1:61:72:d7:84:1b:f0:
                    b4:ee:c0:d4:c0:3c:90:2b:b6:5f:1d:a1:82:7e:7f:
                    0a:3b:66:4d:f3:ac:d2:f8:5d:ac:ba:79:3f:96:dc:
                    8d:27:8f:37:f6:b0:b2:a9:1e:e3:83:bd:0c:89:96:
                    d8:8d:a5:54:77:be:60:c7:c0:d5:17:ce:15:c5:53:
                    88:10:86:bd:4f:9e:39:8b:fe:42:ab:e8:d3:23:11:
                    44:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:6E:28:E8:21:5A:0C:24:3B:17:33:5E:51:3E:84:25:58:3A:C2:21
            X509v3 Authority Key Identifier:
                keyid:80:95:E0:CC:6E:4A:8D:E8:AC:D3:B0:7C:CE:5E:A0:C0:40:C4:7F:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gJXgzG5Kjeis07B8zl6gwEDEf_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/e413d8-d389-473e-b63a-204d76eee661/1/aG4o6CFaDCQ7FzNeUT6EJVg6wiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/e413d8-d389-473e-b63a-204d76eee661/1/gJXgzG5Kjeis07B8zl6gwEDEf_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8a:9d:24:05:ff:cc:d4:98:22:e0:2a:32:67:0c:30:a6:85:52:
         77:cc:fb:28:4e:5b:de:94:09:86:c3:e9:7e:01:23:ee:f7:cd:
         bf:68:88:b3:b2:84:7e:49:06:27:5b:d5:5c:8d:80:09:05:97:
         29:84:7f:7d:7a:4d:0e:b2:47:74:69:13:82:ff:00:ac:f9:37:
         89:d4:66:0e:8b:82:83:7a:03:13:75:21:38:c9:c1:6b:d2:cc:
         c8:cc:a1:20:6f:2a:b1:62:e7:c8:0c:17:e5:3e:b9:3d:bb:2c:
         50:63:8b:39:f3:c1:5a:3a:34:d1:35:12:a4:e6:dc:0f:3b:a4:
         44:5d:33:66:30:d4:b6:0c:f3:2e:40:c1:88:b9:80:50:9b:15:
         1a:9e:7c:df:94:cb:15:43:5b:89:36:2d:39:57:fb:25:f2:98:
         20:2a:6c:19:9d:0c:9c:8e:f7:36:dd:0c:8c:34:1b:86:72:30:
         5d:6e:5e:b4:ba:14:5b:0f:d7:6e:07:d6:1b:45:6b:d1:e9:2d:
         ea:ce:b8:d8:30:8d:87:26:b8:8b:a0:92:e6:8a:eb:2d:6a:1d:
         47:84:97:7d:21:9a:ca:bc:77:11:d1:29:aa:a7:bd:77:a6:42:
         bf:b3:36:e8:4d:00:70:4e:71:dc:ee:31:f8:a8:c5:d9:2a:0e:
         b2:15:98:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbXrnsJup7fQoiVBWCRQmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwOTVlMGNjNmU0YThkZThhY2QzYjA3Y2NlNWVhMGMwNDBj
NDdmZjEwHhcNMjQwMTAxMDAzMDAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODZlMjhlODIxNWEwYzI0M2IxNzMzNWU1MTNlODQyNTU4M2FjMjIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2QELE2Cf6rYZH+7BmiIup6byz3/q
KA5fIhxBYwaISDvzPLDeLJ0c4fNkEUgkw2MQWJH6DnZ2NyhInsxXHOrY5meYIOX9
LuQlhxeesWMz3yk/tVdrU5vB6nfpv84b4XMdutxxckyjLhvjuzUpBoYls1ApMNfI
7I4WW5V5Jkykj3lBPIBXU3df7vf8oPX99VinKsrE8fZmVfHKy7mqGb0E7e2wPrFP
0+opCFLpLOFhcteEG/C07sDUwDyQK7ZfHaGCfn8KO2ZN86zS+F2sunk/ltyNJ483
9rCyqR7jg70MiZbYjaVUd75gx8DVF84VxVOIEIa9T545i/5Cq+jTIxFEPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhuKOghWgwkOxczXlE+hCVYOsIhMB8GA1UdIwQY
MBaAFICV4MxuSo3orNOwfM5eoMBAxH/xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0pYZ3pHNUtqZWlzMDdCOHpsNmd3RURFZl9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9lNDEzZDgtZDM4OS00NzNlLWI2M2Et
MjA0ZDc2ZWVlNjYxLzEvYUc0bzZDRmFEQ1E3RnpOZVVUNkVKVmc2d2lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9lNDEzZDgtZDM4OS00NzNlLWI2M2EtMjA0ZDc2ZWVlNjYx
LzEvZ0pYZ3pHNUtqZWlzMDdCOHpsNmd3RURFZl9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLvNKMA0G
CSqGSIb3DQEBCwUAA4IBAQCKnSQF/8zUmCLgKjJnDDCmhVJ3zPsoTlvelAmGw+l+
ASPu982/aIizsoR+SQYnW9VcjYAJBZcphH99ek0Oskd0aROC/wCs+TeJ1GYOi4KD
egMTdSE4ycFr0szIzKEgbyqxYufIDBflPrk9uyxQY4s588FaOjTRNRKk5twPO6RE
XTNmMNS2DPMuQMGIuYBQmxUannzflMsVQ1uJNi05V/sl8pggKmwZnQycjvc23QyM
NBuGcjBdbl60uhRbD9duB9YbRWvR6S3qzrjYMI2HJriLoJLmiustah1HhJd9IZrK
vHcR0Smqp713pkK/szboTQBwTnHc7jH4qMXZKg6yFZjk
-----END CERTIFICATE-----