Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/e80575-8c8b-49a4-85de-583bce6fb567/1/e3m47PYjE60ySeSwtu-Y3UwnR3o.roa
File:                     e3m47PYjE60ySeSwtu-Y3UwnR3o.roa (raw, json)
Hash identifier:          MemXFXawwwNRcvoCXzJP6PQri7ttHN0vxrZhEOYjJQE=
Subject key identifier:   7B:79:B8:EC:F6:23:13:AD:32:49:E4:B0:B6:EF:98:DD:4C:27:47:7A
Certificate issuer:       /CN=461258f5e3b6b94e3916dd2b5d16e342fd605966
Certificate serial:       018CC424FC312D361D4B537FD87609B41F03
Authority key identifier: 46:12:58:F5:E3:B6:B9:4E:39:16:DD:2B:5D:16:E3:42:FD:60:59:66
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RhJY9eO2uU45Ft0rXRbjQv1gWWY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/e80575-8c8b-49a4-85de-583bce6fb567/1/e3m47PYjE60ySeSwtu-Y3UwnR3o.roa
Signing time:             Mon 01 Jan 2024 08:30:07 +0000
ROA not before:           Mon 01 Jan 2024 08:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202391
IP address blocks:        194.147.164.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/e80575-8c8b-49a4-85de-583bce6fb567/1/RhJY9eO2uU45Ft0rXRbjQv1gWWY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/e80575-8c8b-49a4-85de-583bce6fb567/1/RhJY9eO2uU45Ft0rXRbjQv1gWWY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RhJY9eO2uU45Ft0rXRbjQv1gWWY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:fc:31:2d:36:1d:4b:53:7f:d8:76:09:b4:1f:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=461258f5e3b6b94e3916dd2b5d16e342fd605966
        Validity
            Not Before: Jan  1 08:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b79b8ecf62313ad3249e4b0b6ef98dd4c27477a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8e:e1:90:6d:f4:4c:4a:5e:c2:77:2f:da:ab:
                    6b:5a:2c:27:5d:19:ae:14:b4:76:76:da:7c:89:f3:
                    e0:7d:43:fc:c8:57:a5:e9:48:cc:2c:5e:a1:74:33:
                    9f:91:bb:4b:27:e5:f3:39:bb:fd:74:93:09:10:80:
                    c2:ec:2b:c8:33:2d:64:e0:b1:8c:cf:4b:ef:41:bd:
                    51:d9:fd:8e:48:8e:ed:e2:b9:ac:4a:a6:75:48:e6:
                    36:0e:99:4d:62:25:19:10:17:c1:16:ec:56:3f:b2:
                    c4:e7:b0:91:2b:7d:dc:f9:ca:b1:8e:ab:99:7c:d3:
                    28:1f:4f:6b:f5:42:aa:cf:90:af:a0:6b:20:b1:05:
                    5a:07:98:01:1e:d2:ac:ae:68:30:48:9b:ba:ca:d3:
                    c0:90:b0:18:97:c6:9b:76:bf:75:aa:3f:42:63:f9:
                    02:9b:b8:6f:02:4f:2a:d8:58:05:ad:35:7a:8f:14:
                    c0:d7:89:84:5c:ff:0d:c0:54:ca:f4:c8:d1:b2:e5:
                    69:dd:a7:b3:81:e3:b7:94:42:f7:03:78:42:62:ea:
                    78:9f:0a:08:f6:4b:df:80:61:2b:7b:19:7d:9d:54:
                    b8:95:dc:11:37:3b:31:93:c6:6d:07:94:5d:e7:f6:
                    a8:72:0f:9d:85:f9:9d:39:e0:ed:13:11:a1:e1:90:
                    52:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:79:B8:EC:F6:23:13:AD:32:49:E4:B0:B6:EF:98:DD:4C:27:47:7A
            X509v3 Authority Key Identifier:
                keyid:46:12:58:F5:E3:B6:B9:4E:39:16:DD:2B:5D:16:E3:42:FD:60:59:66

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RhJY9eO2uU45Ft0rXRbjQv1gWWY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e80575-8c8b-49a4-85de-583bce6fb567/1/e3m47PYjE60ySeSwtu-Y3UwnR3o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/e80575-8c8b-49a4-85de-583bce6fb567/1/RhJY9eO2uU45Ft0rXRbjQv1gWWY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         39:10:26:0f:ae:ef:62:9b:f9:d0:43:48:14:4c:29:ca:3d:26:
         b7:e1:f2:09:ed:b0:d8:90:ff:40:a7:ad:36:b8:99:fe:76:09:
         d8:db:3b:28:d0:0d:ad:1b:04:c0:88:c5:f8:ed:c7:fb:ea:0c:
         b0:8c:88:3f:b9:74:db:96:10:cf:54:f9:8f:e9:17:ce:0e:82:
         ea:33:d8:54:42:b4:14:e7:2f:2b:78:50:62:e9:80:ec:6d:9b:
         85:68:de:c2:ee:3f:32:9c:7f:a3:46:be:d1:f3:93:10:07:83:
         6f:6a:ff:8d:d7:24:fe:2e:a8:72:58:38:92:fb:10:73:ed:fc:
         13:70:73:ee:0f:99:78:3e:b0:62:7c:63:76:74:c5:ee:33:39:
         6a:65:cd:b3:de:28:bd:a0:54:d5:76:71:cf:1d:c0:bf:ec:ec:
         50:de:b4:38:36:43:88:92:d8:22:c6:d7:d3:bd:1c:3b:89:c2:
         2f:0c:64:95:ef:d5:79:aa:6e:84:ba:b2:51:de:fb:c5:04:55:
         a1:df:a5:71:e2:65:c5:c7:35:90:17:41:39:61:7b:b8:e0:d1:
         a8:f8:ae:f2:95:8f:67:17:ea:a7:d8:ed:36:34:70:17:4a:bf:
         53:6b:5d:9f:d8:e6:a5:0e:cd:af:d1:0a:67:71:17:3e:e7:21:
         65:87:a8:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJPwxLTYdS1N/2HYJtB8DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2MTI1OGY1ZTNiNmI5NGUzOTE2ZGQyYjVkMTZlMzQyZmQ2
MDU5NjYwHhcNMjQwMTAxMDgzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yjc5YjhlY2Y2MjMxM2FkMzI0OWU0YjBiNmVmOThkZDRjMjc0NzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY7hkG30TEpewncv2qtrWiwnXRmu
FLR2dtp8ifPgfUP8yFel6UjMLF6hdDOfkbtLJ+XzObv9dJMJEIDC7CvIMy1k4LGM
z0vvQb1R2f2OSI7t4rmsSqZ1SOY2DplNYiUZEBfBFuxWP7LE57CRK33c+cqxjquZ
fNMoH09r9UKqz5CvoGsgsQVaB5gBHtKsrmgwSJu6ytPAkLAYl8abdr91qj9CY/kC
m7hvAk8q2FgFrTV6jxTA14mEXP8NwFTK9MjRsuVp3aezgeO3lEL3A3hCYup4nwoI
9kvfgGErexl9nVS4ldwRNzsxk8ZtB5Rd5/aocg+dhfmdOeDtExGh4ZBSUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHt5uOz2IxOtMknksLbvmN1MJ0d6MB8GA1UdIwQY
MBaAFEYSWPXjtrlOORbdK10W40L9YFlmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmhKWTllTzJ1VTQ1RnQwclhSYmpRdjFnV1dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC9lODA1NzUtOGM4Yi00OWE0LTg1ZGUt
NTgzYmNlNmZiNTY3LzEvZTNtNDdQWWpFNjB5U2VTd3R1LVkzVXduUjNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC9lODA1NzUtOGM4Yi00OWE0LTg1ZGUtNTgzYmNlNmZiNTY3
LzEvUmhKWTllTzJ1VTQ1RnQwclhSYmpRdjFnV1dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwpOkMA0G
CSqGSIb3DQEBCwUAA4IBAQA5ECYPru9im/nQQ0gUTCnKPSa34fIJ7bDYkP9Ap602
uJn+dgnY2zso0A2tGwTAiMX47cf76gywjIg/uXTblhDPVPmP6RfODoLqM9hUQrQU
5y8reFBi6YDsbZuFaN7C7j8ynH+jRr7R85MQB4Nvav+N1yT+LqhyWDiS+xBz7fwT
cHPuD5l4PrBifGN2dMXuMzlqZc2z3ii9oFTVdnHPHcC/7OxQ3rQ4NkOIktgixtfT
vRw7icIvDGSV79V5qm6EurJR3vvFBFWh36Vx4mXFxzWQF0E5YXu44NGo+K7ylY9n
F+qn2O02NHAXSr9Ta12f2OalDs2v0QpncRc+5yFlh6hR
-----END CERTIFICATE-----