Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/3aabe0-9e5f-498d-b550-030acd3ae336/1/rZhAWgHe-aq6MlntV38aYTKCGTU.roa
File:                     rZhAWgHe-aq6MlntV38aYTKCGTU.roa (raw, json)
Hash identifier:          RAVJl8ej3hgoqq51zi96I6X65p3VrjebH63tUOWAo7w=
Subject key identifier:   AD:98:40:5A:01:DE:F9:AA:BA:32:59:ED:57:7F:1A:61:32:82:19:35
Certificate issuer:       /CN=eed5b3af0064981e96bb5e27d8f04d86e6306cfa
Certificate serial:       018CC94E450D2B44CD1BC0901A0B528BB05B
Authority key identifier: EE:D5:B3:AF:00:64:98:1E:96:BB:5E:27:D8:F0:4D:86:E6:30:6C:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7tWzrwBkmB6Wu14n2PBNhuYwbPo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/3aabe0-9e5f-498d-b550-030acd3ae336/1/rZhAWgHe-aq6MlntV38aYTKCGTU.roa
Signing time:             Tue 02 Jan 2024 08:33:19 +0000
ROA not before:           Tue 02 Jan 2024 08:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198089
IP address blocks:        46.31.8.0/22 maxlen: 22
                          46.31.8.0/21 maxlen: 21
                          46.31.12.0/22 maxlen: 22
                          2a02:4980::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/3aabe0-9e5f-498d-b550-030acd3ae336/1/7tWzrwBkmB6Wu14n2PBNhuYwbPo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/3aabe0-9e5f-498d-b550-030acd3ae336/1/7tWzrwBkmB6Wu14n2PBNhuYwbPo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7tWzrwBkmB6Wu14n2PBNhuYwbPo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:45:0d:2b:44:cd:1b:c0:90:1a:0b:52:8b:b0:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eed5b3af0064981e96bb5e27d8f04d86e6306cfa
        Validity
            Not Before: Jan  2 08:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ad98405a01def9aaba3259ed577f1a6132821935
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ff:52:83:1a:16:cc:36:9d:54:46:70:ec:d0:1a:
                    da:a3:dd:5c:ed:40:d2:04:dd:db:a2:da:8a:fb:27:
                    2b:40:19:e7:e6:a6:48:6c:9e:bb:11:78:a2:77:4c:
                    47:2c:54:b4:f0:9e:77:8c:8e:00:af:b6:16:84:9a:
                    6f:02:45:b8:eb:ff:c5:5d:95:07:6e:2e:12:a8:d2:
                    94:45:79:93:6c:60:c5:5d:1b:83:aa:cc:fc:91:c2:
                    c2:77:d6:ad:8e:59:e4:85:d8:c3:76:80:ee:bd:21:
                    af:d4:2c:63:09:98:99:72:c0:ce:7f:7b:a1:53:3c:
                    c9:bc:fc:e7:81:92:14:a6:f2:19:06:c5:28:ec:b4:
                    64:ff:e0:74:35:f9:d4:2b:3b:42:3f:6f:8c:f1:b8:
                    d6:5a:a1:fe:60:f8:d9:50:51:c3:9a:bd:09:8f:9b:
                    03:60:ed:66:72:42:ba:18:db:3d:43:05:eb:13:af:
                    8f:13:58:58:3c:bf:a2:9e:ec:2a:6d:c5:66:b5:4f:
                    62:69:ba:fe:99:c5:2d:e2:b7:5b:11:1a:92:8b:8e:
                    e3:15:50:66:3f:f0:53:7d:80:e6:0b:7e:ed:4c:81:
                    ae:8f:43:a7:04:db:50:4e:b9:7e:98:da:5f:fe:61:
                    bb:b2:2d:68:c1:7d:ba:f7:dd:b1:7e:3d:b1:c8:f2:
                    5d:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:98:40:5A:01:DE:F9:AA:BA:32:59:ED:57:7F:1A:61:32:82:19:35
            X509v3 Authority Key Identifier:
                keyid:EE:D5:B3:AF:00:64:98:1E:96:BB:5E:27:D8:F0:4D:86:E6:30:6C:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7tWzrwBkmB6Wu14n2PBNhuYwbPo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/3aabe0-9e5f-498d-b550-030acd3ae336/1/rZhAWgHe-aq6MlntV38aYTKCGTU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/3aabe0-9e5f-498d-b550-030acd3ae336/1/7tWzrwBkmB6Wu14n2PBNhuYwbPo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.8.0/21
                IPv6:
                  2a02:4980::/32

    Signature Algorithm: sha256WithRSAEncryption
         c4:0a:be:92:97:a5:e7:6f:d5:c5:53:cd:8c:7c:75:d2:9b:30:
         eb:ae:de:89:85:7a:3b:d2:b0:04:c0:f3:ce:2e:67:70:dd:7f:
         5e:f3:89:d9:ae:16:9a:d8:e6:70:d1:f3:6c:f8:96:02:43:26:
         35:dd:73:53:66:78:d2:c1:85:21:38:c0:0a:cb:e6:ac:7c:8a:
         34:3e:0e:48:2e:1e:f3:d9:69:73:b5:f0:83:b0:8d:60:95:92:
         29:25:70:ca:26:31:8e:a3:0b:64:ed:48:aa:86:75:15:33:80:
         06:f7:78:9d:e0:2f:e0:3a:07:fc:bd:0b:d6:34:f3:6a:77:4f:
         92:e5:de:4d:25:43:d7:e4:75:b4:51:9f:67:5a:e4:62:e0:24:
         25:3d:50:33:2e:5c:3f:c3:35:d0:29:5a:c9:21:42:1e:46:5c:
         56:9d:0a:99:71:10:09:af:e4:9e:2e:d4:ce:89:b5:58:60:80:
         97:07:27:b0:a7:a7:cb:d9:d9:54:dd:37:09:c3:4f:0e:7d:ab:
         de:fe:42:15:7e:27:46:e8:cd:21:a0:91:f8:40:71:57:63:89:
         96:97:8f:cd:78:61:d3:be:b7:8e:92:a2:05:e0:90:97:d4:95:
         d3:09:96:be:33:66:6b:fe:44:41:f4:69:16:3c:2a:4e:65:60:
         e4:e9:fa:48
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTkUNK0TNG8CQGgtSi7BbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZDViM2FmMDA2NDk4MWU5NmJiNWUyN2Q4ZjA0ZDg2ZTYz
MDZjZmEwHhcNMjQwMTAyMDgzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDk4NDA1YTAxZGVmOWFhYmEzMjU5ZWQ1NzdmMWE2MTMyODIxOTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/1KDGhbMNp1URnDs0Brao91c7UDS
BN3botqK+ycrQBnn5qZIbJ67EXiid0xHLFS08J53jI4Ar7YWhJpvAkW46//FXZUH
bi4SqNKURXmTbGDFXRuDqsz8kcLCd9atjlnkhdjDdoDuvSGv1CxjCZiZcsDOf3uh
UzzJvPzngZIUpvIZBsUo7LRk/+B0NfnUKztCP2+M8bjWWqH+YPjZUFHDmr0Jj5sD
YO1mckK6GNs9QwXrE6+PE1hYPL+inuwqbcVmtU9iabr+mcUt4rdbERqSi47jFVBm
P/BTfYDmC37tTIGuj0OnBNtQTrl+mNpf/mG7si1owX26992xfj2xyPJd3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFK2YQFoB3vmqujJZ7Vd/GmEyghk1MB8GA1UdIwQY
MBaAFO7Vs68AZJgelrteJ9jwTYbmMGz6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3RXenJ3QmttQjZXdTE0bjJQQk5odVl3YlBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS8zYWFiZTAtOWU1Zi00OThkLWI1NTAt
MDMwYWNkM2FlMzM2LzEvclpoQVdnSGUtYXE2TWxudFYzOGFZVEtDR1RVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS8zYWFiZTAtOWU1Zi00OThkLWI1NTAtMDMwYWNkM2FlMzM2
LzEvN3RXenJ3QmttQjZXdTE0bjJQQk5odVl3YlBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDLh8IMA0E
AgACMAcDBQAqAkmAMA0GCSqGSIb3DQEBCwUAA4IBAQDECr6Sl6Xnb9XFU82MfHXS
mzDrrt6JhXo70rAEwPPOLmdw3X9e84nZrhaa2OZw0fNs+JYCQyY13XNTZnjSwYUh
OMAKy+asfIo0Pg5ILh7z2WlztfCDsI1glZIpJXDKJjGOowtk7UiqhnUVM4AG93id
4C/gOgf8vQvWNPNqd0+S5d5NJUPX5HW0UZ9nWuRi4CQlPVAzLlw/wzXQKVrJIUIe
RlxWnQqZcRAJr+SeLtTOibVYYICXByewp6fL2dlU3TcJw08Ofave/kIVfidG6M0h
oJH4QHFXY4mWl4/NeGHTvreOkqIF4JCX1JXTCZa+M2Zr/kRB9GkWPCpOZWDk6fpI
-----END CERTIFICATE-----