Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/a99x1hjPepf9-zgAGO0iM1GVgbA.roa
File:                     a99x1hjPepf9-zgAGO0iM1GVgbA.roa (raw, json)
Hash identifier:          l9zHu/UNl65mqZVZogHYtrsioie9JHrAZtYEJOsg2eM=
Subject key identifier:   6B:DF:71:D6:18:CF:7A:97:FD:FB:38:00:18:ED:22:33:51:95:81:B0
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       018E6FFF971C6A00BE53CAD7284E468A8EF5
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/a99x1hjPepf9-zgAGO0iM1GVgbA.roa
Signing time:             Sun 24 Mar 2024 10:26:45 +0000
ROA not before:           Sun 24 Mar 2024 10:26:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62163
IP address blocks:        46.161.217.0/24 maxlen: 24
                          46.161.218.0/24 maxlen: 24
                          46.161.219.0/24 maxlen: 24
                          193.56.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:6f:ff:97:1c:6a:00:be:53:ca:d7:28:4e:46:8a:8e:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Mar 24 10:26:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6bdf71d618cf7a97fdfb380018ed2233519581b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:c0:5a:13:b4:24:49:62:c7:f1:81:c7:f4:5f:
                    5a:8a:48:dd:eb:c6:b7:ec:6d:c2:e6:a9:b8:e9:b0:
                    1d:00:ad:d1:9e:89:51:6f:94:54:80:e0:68:df:d6:
                    1f:b3:3a:1f:d2:58:a4:99:b0:f2:4f:5d:96:26:16:
                    ea:65:df:e5:cb:48:3e:0a:3c:61:09:2d:5f:10:24:
                    9f:eb:55:95:db:a9:d5:07:6d:ef:4f:7c:9e:ed:e9:
                    cd:f9:39:59:78:06:e4:02:c1:40:67:bd:ce:2f:f9:
                    9f:1b:4d:6e:86:a0:4f:e6:05:c1:dc:56:60:52:6b:
                    cc:7e:53:ff:1e:f7:2b:96:4e:f5:cf:2f:3f:7f:36:
                    31:cb:f8:aa:f7:53:80:05:96:02:58:08:13:05:a4:
                    e9:13:da:a6:55:2a:48:06:02:cc:ca:aa:12:54:59:
                    5a:af:29:93:fd:47:9f:c2:65:f7:ed:b3:de:66:ac:
                    e0:e8:0e:d0:e0:e6:9b:1c:c3:df:0b:c1:76:07:27:
                    a3:a2:f6:b4:28:2b:77:e4:eb:96:42:d4:dc:6b:8f:
                    68:b4:9e:a6:54:23:bc:c6:9a:01:c2:87:aa:c3:1d:
                    12:f7:fb:f8:51:94:fe:26:af:13:a3:3c:e9:70:b3:
                    03:6f:34:71:7f:20:78:27:4a:b4:49:ea:28:5e:f0:
                    4a:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:DF:71:D6:18:CF:7A:97:FD:FB:38:00:18:ED:22:33:51:95:81:B0
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/a99x1hjPepf9-zgAGO0iM1GVgbA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.161.217.0-46.161.219.255
                  193.56.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:70:1c:62:c2:68:4d:db:41:22:bd:b4:6e:9f:18:3b:9e:fe:
         14:44:1a:d8:a0:e1:af:ff:a7:1e:0a:29:6a:18:b5:4d:14:49:
         15:f6:dd:12:a6:9f:fe:50:42:db:43:54:71:59:ae:3e:20:78:
         bf:bc:b5:19:3d:a9:fe:ee:25:cd:23:a8:32:b7:03:a1:ac:08:
         2b:46:53:5f:6d:6a:29:25:23:9a:a2:b0:75:7f:53:8d:dc:76:
         8e:2b:1f:84:77:d9:6f:bd:1e:af:10:f6:e9:79:28:37:08:07:
         a9:29:ee:52:a5:c5:90:f8:c3:8b:76:39:eb:21:cb:86:78:d7:
         c7:80:a6:c0:e0:9f:3a:82:c7:40:b8:3c:5c:e7:0a:dd:28:f1:
         7a:a4:ac:47:d4:ce:a9:51:8d:78:9c:6f:bb:f5:e6:96:10:ee:
         af:7f:23:48:3f:d5:55:f4:f2:93:69:0e:85:c6:30:72:84:46:
         53:df:a5:bf:1a:2d:fe:1c:46:51:dd:3e:3f:e2:8c:ce:41:15:
         b0:64:b7:33:ba:25:eb:87:3b:54:59:f9:d5:40:9f:54:07:33:
         87:cb:92:69:ed:91:df:13:59:01:9f:fe:c2:f8:2b:69:cd:8a:
         32:97:88:b2:64:70:87:70:eb:73:ac:2c:fa:bd:4f:22:b3:d2:
         74:69:be:71
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY5v/5ccagC+U8rXKE5Gio71MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwMzI0MTAyNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmRmNzFkNjE4Y2Y3YTk3ZmRmYjM4MDAxOGVkMjIzMzUxOTU4MWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu8BaE7QkSWLH8YHH9F9aikjd68a3
7G3C5qm46bAdAK3RnolRb5RUgOBo39Yfszof0likmbDyT12WJhbqZd/ly0g+Cjxh
CS1fECSf61WV26nVB23vT3ye7enN+TlZeAbkAsFAZ73OL/mfG01uhqBP5gXB3FZg
UmvMflP/Hvcrlk71zy8/fzYxy/iq91OABZYCWAgTBaTpE9qmVSpIBgLMyqoSVFla
rymT/UefwmX37bPeZqzg6A7Q4OabHMPfC8F2Byejova0KCt35OuWQtTca49otJ6m
VCO8xpoBwoeqwx0S9/v4UZT+Jq8TozzpcLMDbzRxfyB4J0q0SeooXvBK4QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGvfcdYYz3qX/fs4ABjtIjNRlYGwMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvYTk5eDFoalBlcGY5LXpnQUdPMGlNMUdWZ2JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAuodkD
BAIuodgDBADBOO8wDQYJKoZIhvcNAQELBQADggEBAJNwHGLCaE3bQSK9tG6fGDue
/hREGtig4a//px4KKWoYtU0USRX23RKmn/5QQttDVHFZrj4geL+8tRk9qf7uJc0j
qDK3A6GsCCtGU19taiklI5qisHV/U43cdo4rH4R32W+9Hq8Q9ul5KDcIB6kp7lKl
xZD4w4t2Oeshy4Z418eApsDgnzqCx0C4PFznCt0o8XqkrEfUzqlRjXicb7v15pYQ
7q9/I0g/1VX08pNpDoXGMHKERlPfpb8aLf4cRlHdPj/ijM5BFbBktzO6JeuHO1RZ
+dVAn1QHM4fLkmntkd8TWQGf/sL4K2nNijKXiLJkcIdw63OsLPq9TyKz0nRpvnE=
-----END CERTIFICATE-----