Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/974c70-e13c-4699-b31b-7ac9e2ce4e33/1/nLT73TQoF3kOWTN2c6Gj5sOaU6w.roa
File:                     nLT73TQoF3kOWTN2c6Gj5sOaU6w.roa (raw, json)
Hash identifier:          Vu8CsBR1L55F4nMiVWr24ZvK9iYYDUaTDhDgqrLjhMY=
Subject key identifier:   9C:B4:FB:DD:34:28:17:79:0E:59:33:76:73:A1:A3:E6:C3:9A:53:AC
Certificate issuer:       /CN=d7c475403fdd90381891e5a0c3266b478dd8ca35
Certificate serial:       018CC9BA625C8E580852392094175E458CD6
Authority key identifier: D7:C4:75:40:3F:DD:90:38:18:91:E5:A0:C3:26:6B:47:8D:D8:CA:35
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/18R1QD_dkDgYkeWgwyZrR43YyjU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/974c70-e13c-4699-b31b-7ac9e2ce4e33/1/nLT73TQoF3kOWTN2c6Gj5sOaU6w.roa
Signing time:             Tue 02 Jan 2024 10:31:24 +0000
ROA not before:           Tue 02 Jan 2024 10:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50590
IP address blocks:        46.175.168.0/21 maxlen: 23
                          46.175.172.0/23 maxlen: 23
                          46.175.174.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/974c70-e13c-4699-b31b-7ac9e2ce4e33/1/18R1QD_dkDgYkeWgwyZrR43YyjU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/974c70-e13c-4699-b31b-7ac9e2ce4e33/1/18R1QD_dkDgYkeWgwyZrR43YyjU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/18R1QD_dkDgYkeWgwyZrR43YyjU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 18 Jun 2024 07:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:62:5c:8e:58:08:52:39:20:94:17:5e:45:8c:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d7c475403fdd90381891e5a0c3266b478dd8ca35
        Validity
            Not Before: Jan  2 10:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9cb4fbdd342817790e59337673a1a3e6c39a53ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c3:a0:f5:c2:2b:95:f7:19:00:13:3f:91:fd:
                    c6:78:02:14:4e:e3:29:c9:5f:47:e2:6c:5a:c4:93:
                    16:1e:cf:27:f0:dd:96:5b:23:41:b0:8e:aa:06:da:
                    94:4e:73:1d:c2:90:84:a3:5b:cb:77:c2:6c:3c:6f:
                    e5:87:86:e3:64:8a:04:8f:a8:b4:90:c1:2e:72:0f:
                    31:58:0d:3a:26:cd:4f:64:20:6d:01:bb:9f:8c:94:
                    cb:9f:8c:d9:a1:f9:71:33:94:b5:e4:b9:4e:87:98:
                    4f:6f:e5:48:8b:d2:3c:4e:a6:28:70:be:2d:cc:ad:
                    fb:e0:53:a5:95:31:1b:0e:d6:16:4d:2d:50:d2:6b:
                    95:e0:63:e0:55:74:15:c2:a4:a1:61:ba:f4:92:06:
                    6e:fb:ab:e5:89:fc:37:93:e6:58:9f:a6:3f:8e:9e:
                    d1:97:1c:24:5f:29:aa:84:ad:ae:ac:9f:0f:ac:93:
                    46:9c:2d:5d:e1:43:0a:f2:38:f5:be:b3:e0:f0:29:
                    52:7e:54:da:d8:d6:7c:7e:c8:1f:28:36:bc:a9:e1:
                    30:34:43:c2:7a:3c:db:f6:37:ce:17:22:93:76:de:
                    d4:4c:50:5e:1c:19:82:15:04:e9:98:cf:bf:46:27:
                    f1:a7:c7:ea:a7:b1:08:8b:10:41:25:05:4d:c6:85:
                    d6:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:B4:FB:DD:34:28:17:79:0E:59:33:76:73:A1:A3:E6:C3:9A:53:AC
            X509v3 Authority Key Identifier:
                keyid:D7:C4:75:40:3F:DD:90:38:18:91:E5:A0:C3:26:6B:47:8D:D8:CA:35

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/18R1QD_dkDgYkeWgwyZrR43YyjU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/974c70-e13c-4699-b31b-7ac9e2ce4e33/1/nLT73TQoF3kOWTN2c6Gj5sOaU6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/974c70-e13c-4699-b31b-7ac9e2ce4e33/1/18R1QD_dkDgYkeWgwyZrR43YyjU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.175.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9c:7c:d1:45:36:24:5e:cf:84:7c:88:c1:5c:95:06:da:db:0f:
         05:a3:ab:2f:c8:c8:c1:f6:3a:81:74:39:b4:c0:7c:4d:f7:af:
         76:a0:73:61:86:99:b2:27:a3:c7:78:7f:dd:48:13:91:46:f0:
         17:b4:6a:c9:dc:69:38:d3:d7:24:bd:e4:67:05:49:e6:30:8e:
         64:50:e7:c4:d5:a5:9c:df:06:c3:34:2d:30:9c:05:12:2f:56:
         20:65:04:ca:db:cb:e3:03:ef:a7:f4:44:c8:20:86:49:a7:e2:
         9d:dd:d1:20:4e:f4:de:bc:28:94:ed:7d:c1:f4:9f:17:52:cb:
         bc:f6:61:6f:e7:06:9e:a9:5b:7b:88:5a:dc:d7:a2:e8:81:59:
         3a:ad:2f:05:a6:ed:6a:75:bc:13:d0:9c:36:b0:dd:e7:b3:7e:
         dd:c5:b3:a6:25:1a:2f:87:63:c1:84:c1:32:c4:2f:41:92:48:
         53:c3:e0:48:29:d2:7a:a9:da:39:16:8d:00:08:45:2d:7d:a7:
         2a:28:1b:6a:ba:85:fa:56:36:19:2a:fc:58:26:05:9f:ea:39:
         da:71:60:0f:81:ab:d1:53:e4:6c:7f:30:d5:21:01:e4:fe:1b:
         8b:e8:b9:9c:28:c8:b3:03:97:17:3f:e6:31:4f:5a:17:28:fc:
         97:c9:95:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJumJcjlgIUjkglBdeRYzWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3YzQ3NTQwM2ZkZDkwMzgxODkxZTVhMGMzMjY2YjQ3OGRk
OGNhMzUwHhcNMjQwMTAyMTAzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2I0ZmJkZDM0MjgxNzc5MGU1OTMzNzY3M2ExYTNlNmMzOWE1M2FjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsOg9cIrlfcZABM/kf3GeAIUTuMp
yV9H4mxaxJMWHs8n8N2WWyNBsI6qBtqUTnMdwpCEo1vLd8JsPG/lh4bjZIoEj6i0
kMEucg8xWA06Js1PZCBtAbufjJTLn4zZoflxM5S15LlOh5hPb+VIi9I8TqYocL4t
zK374FOllTEbDtYWTS1Q0muV4GPgVXQVwqShYbr0kgZu+6vlifw3k+ZYn6Y/jp7R
lxwkXymqhK2urJ8PrJNGnC1d4UMK8jj1vrPg8ClSflTa2NZ8fsgfKDa8qeEwNEPC
ejzb9jfOFyKTdt7UTFBeHBmCFQTpmM+/Rifxp8fqp7EIixBBJQVNxoXW8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJy0+900KBd5DlkzdnOho+bDmlOsMB8GA1UdIwQY
MBaAFNfEdUA/3ZA4GJHloMMma0eN2Mo1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMThSMVFEX2RrRGdZa2VXZ3d5WnJSNDNZeWpVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi85NzRjNzAtZTEzYy00Njk5LWIzMWIt
N2FjOWUyY2U0ZTMzLzEvbkxUNzNUUW9GM2tPV1ROMmM2R2o1c09hVTZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi85NzRjNzAtZTEzYy00Njk5LWIzMWItN2FjOWUyY2U0ZTMz
LzEvMThSMVFEX2RrRGdZa2VXZ3d5WnJSNDNZeWpVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLq+oMA0G
CSqGSIb3DQEBCwUAA4IBAQCcfNFFNiRez4R8iMFclQba2w8Fo6svyMjB9jqBdDm0
wHxN9692oHNhhpmyJ6PHeH/dSBORRvAXtGrJ3Gk409ckveRnBUnmMI5kUOfE1aWc
3wbDNC0wnAUSL1YgZQTK28vjA++n9ETIIIZJp+Kd3dEgTvTevCiU7X3B9J8XUsu8
9mFv5waeqVt7iFrc16LogVk6rS8Fpu1qdbwT0Jw2sN3ns37dxbOmJRovh2PBhMEy
xC9BkkhTw+BIKdJ6qdo5Fo0ACEUtfacqKBtquoX6VjYZKvxYJgWf6jnacWAPgavR
U+RsfzDVIQHk/huL6LmcKMizA5cXP+YxT1oXKPyXyZU0
-----END CERTIFICATE-----