Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/1PRrpX8RkutnnpW8uNhu_jjX6zo.roa
File:                     1PRrpX8RkutnnpW8uNhu_jjX6zo.roa (raw, json)
Hash identifier:          iiOrHUUEtwZnYNoXjzgplWDB+wOVBWHPcSJOzF/HI9k=
Subject key identifier:   D4:F4:6B:A5:7F:11:92:EB:67:9E:95:BC:B8:D8:6E:FE:38:D7:EB:3A
Certificate issuer:       /CN=8e626c909eb4951154bcee8221e43951b4257624
Certificate serial:       018CC9BC3BAF6615D2414816FFF700B48329
Authority key identifier: 8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/1PRrpX8RkutnnpW8uNhu_jjX6zo.roa
Signing time:             Tue 02 Jan 2024 10:33:25 +0000
ROA not before:           Tue 02 Jan 2024 10:33:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54103
IP address blocks:        185.51.48.0/22 maxlen: 22
                          46.244.116.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 01:03:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:3b:af:66:15:d2:41:48:16:ff:f7:00:b4:83:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e626c909eb4951154bcee8221e43951b4257624
        Validity
            Not Before: Jan  2 10:33:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4f46ba57f1192eb679e95bcb8d86efe38d7eb3a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7d:b2:6b:9b:97:7d:22:64:78:4d:f0:58:d5:
                    51:e7:3a:31:d7:53:2f:9e:50:6c:10:66:d4:e8:a2:
                    33:97:6d:34:62:32:b4:0c:f2:29:10:76:98:d9:2f:
                    36:ae:11:cb:49:e1:64:eb:1b:23:04:e8:e5:92:27:
                    cf:9a:a8:69:ea:8f:87:c5:30:ab:12:a2:13:11:f3:
                    58:d6:9b:cf:b2:c1:33:65:bc:1f:27:0d:e1:79:34:
                    f3:f3:73:0c:ae:98:8b:0e:3a:13:b5:cc:65:78:6d:
                    d6:ee:00:92:15:7c:37:90:a2:dd:98:d5:eb:74:5d:
                    67:91:eb:5e:50:67:5c:ba:1d:f5:f5:74:bb:dd:0a:
                    d5:1b:2a:68:5c:c5:54:70:78:5d:fa:2c:8f:ef:b4:
                    59:bf:41:ff:22:1e:85:3d:45:28:5e:6c:ea:d8:ba:
                    d7:6e:ca:c5:c4:00:62:d0:33:89:5e:ff:66:27:6a:
                    54:f9:f4:b6:4f:32:a7:6d:01:dd:bb:08:4e:38:5f:
                    98:e1:a0:4f:e6:48:94:86:0e:f5:11:e9:cc:79:39:
                    63:da:1c:31:35:0f:78:f2:e0:20:4b:79:db:22:e2:
                    d7:0a:c3:59:1c:3e:94:17:c5:31:cd:41:35:8e:18:
                    78:9e:71:08:69:84:a4:00:3f:0b:95:20:90:bd:e6:
                    ab:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:F4:6B:A5:7F:11:92:EB:67:9E:95:BC:B8:D8:6E:FE:38:D7:EB:3A
            X509v3 Authority Key Identifier:
                keyid:8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/1PRrpX8RkutnnpW8uNhu_jjX6zo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.244.116.0/22
                  185.51.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         34:85:27:4f:59:ca:91:5b:ac:17:db:06:a7:7b:cc:e2:24:82:
         c5:a0:62:67:e0:73:f4:fa:fe:1a:64:08:ba:36:b4:5d:a6:02:
         55:f4:87:dc:86:cd:76:1b:ad:58:29:ea:3b:7f:7c:06:4c:a8:
         05:c3:77:f3:d9:ba:e7:3a:24:e8:be:86:a2:92:25:df:10:63:
         3c:10:c0:de:c0:c7:44:64:92:69:d1:39:dd:9f:f9:f9:85:62:
         e3:d9:c5:dc:61:35:15:d0:be:34:36:68:e6:a7:98:0f:9f:ee:
         d9:27:13:d5:fb:a7:22:d8:0d:f7:46:ca:0f:52:9a:b3:40:a2:
         e0:89:3d:47:a3:04:c1:a1:78:77:d6:69:33:54:68:43:81:fd:
         2a:e2:3b:52:09:f6:2c:bf:58:26:02:dd:dc:84:e2:bb:09:71:
         36:e9:d9:d3:dd:ee:b9:99:84:20:51:a7:c1:86:b1:58:9a:b0:
         a6:dc:f6:0b:69:6e:a6:b6:81:ee:03:ff:3f:63:30:13:8f:03:
         a7:42:cd:8e:0f:28:66:ff:ed:53:2f:92:c0:8e:db:52:b3:82:
         82:da:46:41:6a:49:90:70:60:ed:53:98:b1:d6:8f:87:55:4f:
         55:e6:c4:13:8d:55:10:fd:92:63:1d:50:49:0b:12:49:25:48:
         e1:4a:99:d6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvDuvZhXSQUgW//cAtIMpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjI2YzkwOWViNDk1MTE1NGJjZWU4MjIxZTQzOTUxYjQy
NTc2MjQwHhcNMjQwMTAyMTAzMzI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGY0NmJhNTdmMTE5MmViNjc5ZTk1YmNiOGQ4NmVmZTM4ZDdlYjNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsn2ya5uXfSJkeE3wWNVR5zox11Mv
nlBsEGbU6KIzl200YjK0DPIpEHaY2S82rhHLSeFk6xsjBOjlkifPmqhp6o+HxTCr
EqITEfNY1pvPssEzZbwfJw3heTTz83MMrpiLDjoTtcxleG3W7gCSFXw3kKLdmNXr
dF1nketeUGdcuh319XS73QrVGypoXMVUcHhd+iyP77RZv0H/Ih6FPUUoXmzq2LrX
bsrFxABi0DOJXv9mJ2pU+fS2TzKnbQHduwhOOF+Y4aBP5kiUhg71EenMeTlj2hwx
NQ948uAgS3nbIuLXCsNZHD6UF8UxzUE1jhh4nnEIaYSkAD8LlSCQvearFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNT0a6V/EZLrZ56VvLjYbv441+s6MB8GA1UdIwQY
MBaAFI5ibJCetJURVLzugiHkOVG0JXYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAt
ZTk3ZDFkMDIyMGFmLzEvMVBScnBYOFJrdXRubnBXOHVOaHVfampYNnpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAtZTk3ZDFkMDIyMGFm
LzEvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLvR0AwQC
uTMwMA0GCSqGSIb3DQEBCwUAA4IBAQA0hSdPWcqRW6wX2wane8ziJILFoGJn4HP0
+v4aZAi6NrRdpgJV9Ifchs12G61YKeo7f3wGTKgFw3fz2brnOiTovoaikiXfEGM8
EMDewMdEZJJp0Tndn/n5hWLj2cXcYTUV0L40Nmjmp5gPn+7ZJxPV+6ci2A33RsoP
UpqzQKLgiT1HowTBoXh31mkzVGhDgf0q4jtSCfYsv1gmAt3chOK7CXE26dnT3e65
mYQgUafBhrFYmrCm3PYLaW6mtoHuA/8/YzATjwOnQs2ODyhm/+1TL5LAjttSs4KC
2kZBakmQcGDtU5ix1o+HVU9V5sQTjVUQ/ZJjHVBJCxJJJUjhSpnW
-----END CERTIFICATE-----