Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/9EqucVlTV-esSl0-aHQ3lc5SF5Y.roa
File:                     9EqucVlTV-esSl0-aHQ3lc5SF5Y.roa (raw, json)
Hash identifier:          L+Z9FDepnUhMBGL6S+ey0pKHGSJHVXUb8YyWjfWWqD4=
Subject key identifier:   F4:4A:AE:71:59:53:57:E7:AC:4A:5D:3E:68:74:37:95:CE:52:17:96
Certificate issuer:       /CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
Certificate serial:       018CC56E2963114F13FE488C9903E96CE879
Authority key identifier: 70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/9EqucVlTV-esSl0-aHQ3lc5SF5Y.roa
Signing time:             Mon 01 Jan 2024 14:29:40 +0000
ROA not before:           Mon 01 Jan 2024 14:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134512
IP address blocks:        46.175.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:29:63:11:4f:13:fe:48:8c:99:03:e9:6c:e8:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=706d3abbb478b74ef2adef9bb7c4336e34111d51
        Validity
            Not Before: Jan  1 14:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f44aae71595357e7ac4a5d3e68743795ce521796
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:d4:b8:61:dd:7e:00:fe:c4:d9:e9:36:98:e9:
                    98:ce:58:f3:5a:e0:e5:6d:2d:8f:54:d7:f7:4c:2e:
                    65:39:35:a5:61:08:5e:d9:0f:3b:89:dc:14:b3:8c:
                    c0:32:34:b0:e9:fb:29:af:84:55:ba:03:69:d7:32:
                    28:aa:85:de:a1:7c:4c:ac:54:db:82:d6:50:d2:38:
                    91:99:d0:73:10:31:d9:cc:e1:1a:44:a3:9e:a1:48:
                    00:94:43:85:fd:45:09:a4:b9:dd:64:d4:57:44:e8:
                    a6:10:74:dd:de:be:9d:0f:af:06:fc:16:77:27:ba:
                    e8:48:ec:9e:f8:24:70:db:f1:82:8a:8c:79:9b:41:
                    2e:01:dc:9b:87:c3:ac:9c:83:7e:00:e1:61:07:1e:
                    1b:e8:0f:15:aa:38:7f:0b:13:56:7e:64:d8:5f:29:
                    ba:93:c1:35:00:39:bd:3b:5f:b7:c7:a3:ac:a4:09:
                    35:ad:4d:f0:83:a8:f7:48:55:eb:b9:f0:af:28:24:
                    99:37:23:8d:d2:0c:ea:d1:98:46:e4:e0:4e:50:42:
                    e0:49:bb:d3:e8:d9:58:87:80:d8:b4:f6:c9:11:67:
                    8f:8c:e6:f7:75:ef:8f:14:e3:05:47:c0:5c:36:22:
                    18:f4:06:a2:d1:35:de:b6:8c:5b:1d:b5:29:66:4f:
                    89:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:4A:AE:71:59:53:57:E7:AC:4A:5D:3E:68:74:37:95:CE:52:17:96
            X509v3 Authority Key Identifier:
                keyid:70:6D:3A:BB:B4:78:B7:4E:F2:AD:EF:9B:B7:C4:33:6E:34:11:1D:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cG06u7R4t07yre-bt8QzbjQRHVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/9EqucVlTV-esSl0-aHQ3lc5SF5Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/0c6f47-4713-4471-b08f-a4213c93f1f7/1/cG06u7R4t07yre-bt8QzbjQRHVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.175.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:cf:a4:6b:67:c9:49:e1:64:98:b2:cd:31:18:ea:9e:d4:2b:
         77:be:ae:9a:89:4c:80:62:7e:26:66:7a:e1:8a:3d:4d:4c:1f:
         7c:40:6f:40:1f:9f:d4:3d:60:3a:53:11:07:f7:f4:c3:9a:26:
         4a:8b:67:8c:c9:1b:1a:b5:7d:1b:10:64:d8:74:42:44:a4:d9:
         17:30:7c:02:0d:11:08:90:e0:21:f8:de:fa:e4:36:67:a9:49:
         69:94:b7:76:d7:20:e0:46:5b:d5:cf:63:94:90:06:b9:51:f9:
         21:aa:08:7e:27:06:dd:36:b8:44:91:40:ee:f6:66:9b:f4:4b:
         f8:87:f4:3f:6d:a6:76:9a:33:2c:f2:9e:b1:ed:7d:cd:ab:58:
         9c:5e:be:a0:bf:36:fa:d3:86:1b:9c:85:3e:6f:16:28:aa:03:
         20:4b:2b:1e:d9:20:86:e7:93:28:a0:d0:20:ad:4b:b3:6a:8d:
         39:d2:cd:99:7e:be:10:9d:35:70:24:e2:7e:72:f1:a6:37:04:
         89:b3:aa:0b:ef:c8:de:35:47:0f:ad:16:09:7e:16:67:7c:13:
         82:86:60:8a:ef:02:91:04:2a:71:bd:61:0d:0e:22:d8:90:e9:
         c6:47:0c:97:25:83:11:3b:e3:aa:64:e6:49:f3:09:da:85:43:
         e5:ce:11:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbiljEU8T/kiMmQPpbOh5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNmQzYWJiYjQ3OGI3NGVmMmFkZWY5YmI3YzQzMzZlMzQx
MTFkNTEwHhcNMjQwMTAxMTQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDRhYWU3MTU5NTM1N2U3YWM0YTVkM2U2ODc0Mzc5NWNlNTIxNzk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9S4Yd1+AP7E2ek2mOmYzljzWuDl
bS2PVNf3TC5lOTWlYQhe2Q87idwUs4zAMjSw6fspr4RVugNp1zIoqoXeoXxMrFTb
gtZQ0jiRmdBzEDHZzOEaRKOeoUgAlEOF/UUJpLndZNRXROimEHTd3r6dD68G/BZ3
J7roSOye+CRw2/GCiox5m0EuAdybh8OsnIN+AOFhBx4b6A8Vqjh/CxNWfmTYXym6
k8E1ADm9O1+3x6OspAk1rU3wg6j3SFXrufCvKCSZNyON0gzq0ZhG5OBOUELgSbvT
6NlYh4DYtPbJEWePjOb3de+PFOMFR8BcNiIY9Aai0TXetoxbHbUpZk+J7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRKrnFZU1fnrEpdPmh0N5XOUheWMB8GA1UdIwQY
MBaAFHBtOru0eLdO8q3vm7fEM240ER1RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYt
YTQyMTNjOTNmMWY3LzEvOUVxdWNWbFRWLWVzU2wwLWFIUTNsYzVTRjVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wYzZmNDctNDcxMy00NDcxLWIwOGYtYTQyMTNjOTNmMWY3
LzEvY0cwNnU3UjR0MDd5cmUtYnQ4UXpialFSSFZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALq+BMA0G
CSqGSIb3DQEBCwUAA4IBAQA4z6RrZ8lJ4WSYss0xGOqe1Ct3vq6aiUyAYn4mZnrh
ij1NTB98QG9AH5/UPWA6UxEH9/TDmiZKi2eMyRsatX0bEGTYdEJEpNkXMHwCDREI
kOAh+N765DZnqUlplLd21yDgRlvVz2OUkAa5Ufkhqgh+JwbdNrhEkUDu9mab9Ev4
h/Q/baZ2mjMs8p6x7X3Nq1icXr6gvzb604YbnIU+bxYoqgMgSyse2SCG55MooNAg
rUuzao050s2Zfr4QnTVwJOJ+cvGmNwSJs6oL78jeNUcPrRYJfhZnfBOChmCK7wKR
BCpxvWENDiLYkOnGRwyXJYMRO+OqZOZJ8wnahUPlzhHc
-----END CERTIFICATE-----