Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/RrvQPUSvl-viJZWaJS_-JByQI2Y.roa
File:                     RrvQPUSvl-viJZWaJS_-JByQI2Y.roa (raw, json)
Hash identifier:          lQ/BWj+b1cU08vFV0SXVIWVkUBCblXZ0aR3czTZHBhk=
Subject key identifier:   46:BB:D0:3D:44:AF:97:EB:E2:25:95:9A:25:2F:FE:24:1C:90:23:66
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0193131EBC7FA20242682BA8B5DE921F3FF9
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/RrvQPUSvl-viJZWaJS_-JByQI2Y.roa
Signing time:             Sat 09 Nov 2024 22:50:01 +0000
ROA not before:           Sat 09 Nov 2024 22:50:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213893
IP address blocks:        147.45.198.0/24 maxlen: 24
                          147.45.199.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:13:1e:bc:7f:a2:02:42:68:2b:a8:b5:de:92:1f:3f:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Nov  9 22:50:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46bbd03d44af97ebe225959a252ffe241c902366
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:34:a2:a9:77:d8:bb:00:e1:04:05:ff:5f:85:
                    a9:3d:88:5c:cb:74:c3:76:ad:44:70:f4:36:20:29:
                    84:39:83:8b:f3:d7:a5:e3:dc:e2:2c:e6:39:a9:59:
                    6e:41:1a:d2:68:d6:36:01:83:65:27:59:5d:70:2f:
                    fd:17:a7:19:c1:76:2a:87:eb:9a:5e:c5:04:10:4b:
                    30:34:5e:fa:15:a4:b4:98:07:f7:56:8f:aa:06:34:
                    87:3b:d4:92:39:dc:9d:d6:17:bf:2d:5b:57:82:c2:
                    53:1b:0e:90:ff:42:40:4a:75:23:d8:6e:ee:aa:c5:
                    fa:7c:7c:49:7e:a6:6f:eb:2e:e8:45:84:40:52:53:
                    f6:83:49:d6:3d:e6:ca:48:ff:94:c2:1c:52:02:b5:
                    ad:3f:80:8a:21:53:9d:06:d1:95:e9:85:2d:4c:a7:
                    da:49:93:78:8f:ba:04:cd:93:94:71:0c:7d:0a:8c:
                    f6:11:07:61:df:21:f0:65:98:64:e0:67:bd:e6:67:
                    4f:7d:3d:1d:ae:3c:eb:fb:50:01:22:da:3c:6a:67:
                    c5:d8:bb:05:2e:d9:64:1c:01:e8:6b:29:ce:5b:96:
                    94:5d:fa:21:69:16:65:e5:ed:11:e4:06:2e:30:e1:
                    51:fe:69:75:b2:bc:c7:20:7d:fd:cb:72:d3:c0:6a:
                    9c:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:BB:D0:3D:44:AF:97:EB:E2:25:95:9A:25:2F:FE:24:1C:90:23:66
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/RrvQPUSvl-viJZWaJS_-JByQI2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.198.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:93:d7:38:ac:cc:ae:c7:8e:88:23:20:ba:dd:27:2d:8a:dc:
         9b:b7:5e:3e:a2:45:ad:2f:f0:e0:79:fe:b3:0c:81:f4:55:a0:
         0d:66:a2:f0:b7:7d:56:39:a8:e2:af:09:f2:86:df:d1:6a:ae:
         e4:72:b6:10:d8:89:74:32:3a:66:28:b8:fe:34:8c:65:88:d8:
         5a:58:ca:ed:19:a6:dc:bf:1c:76:09:08:68:0b:a8:d3:0d:e4:
         01:b5:97:9e:36:f8:eb:4d:4e:ab:0a:d6:3d:9d:01:3e:fc:99:
         a8:52:b7:97:03:7e:43:ca:5d:c6:21:4f:0c:d3:31:8e:21:00:
         3f:24:fc:c8:20:63:ad:97:3e:48:aa:c6:f3:2d:70:ac:98:fe:
         56:d1:66:5f:74:2e:50:0e:c2:30:47:94:d7:0d:73:0c:02:67:
         25:85:f9:09:61:1b:ce:42:c4:80:af:e1:3a:e5:75:f6:32:ac:
         83:46:81:75:87:c4:dd:dd:f8:39:53:1a:b0:86:84:c3:8c:21:
         11:eb:18:77:12:fe:c7:f8:82:bf:b1:4f:43:fe:a4:b5:31:c4:
         e1:8a:b3:72:b1:c6:6a:bd:65:e1:8a:b5:5e:aa:b0:ec:98:7e:
         14:0d:74:57:ad:66:c5:21:f6:ae:2d:83:31:6f:e9:59:ec:c3:
         a1:e6:6a:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMTHrx/ogJCaCuotd6SHz/5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQxMTA5MjI1MDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmJiZDAzZDQ0YWY5N2ViZTIyNTk1OWEyNTJmZmUyNDFjOTAyMzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApjSiqXfYuwDhBAX/X4WpPYhcy3TD
dq1EcPQ2ICmEOYOL89el49ziLOY5qVluQRrSaNY2AYNlJ1ldcC/9F6cZwXYqh+ua
XsUEEEswNF76FaS0mAf3Vo+qBjSHO9SSOdyd1he/LVtXgsJTGw6Q/0JASnUj2G7u
qsX6fHxJfqZv6y7oRYRAUlP2g0nWPebKSP+UwhxSArWtP4CKIVOdBtGV6YUtTKfa
SZN4j7oEzZOUcQx9Coz2EQdh3yHwZZhk4Ge95mdPfT0drjzr+1ABIto8amfF2LsF
LtlkHAHoaynOW5aUXfohaRZl5e0R5AYuMOFR/ml1srzHIH39y3LTwGqcFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEa70D1Er5fr4iWVmiUv/iQckCNmMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvUnJ2UVBVU3ZsLXZpSlpXYUpTXy1KQnlRSTJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBky3GMA0G
CSqGSIb3DQEBCwUAA4IBAQCBk9c4rMyux46IIyC63Sctitybt14+okWtL/Dgef6z
DIH0VaANZqLwt31WOajirwnyht/Raq7kcrYQ2Il0MjpmKLj+NIxliNhaWMrtGabc
vxx2CQhoC6jTDeQBtZeeNvjrTU6rCtY9nQE+/JmoUreXA35Dyl3GIU8M0zGOIQA/
JPzIIGOtlz5IqsbzLXCsmP5W0WZfdC5QDsIwR5TXDXMMAmclhfkJYRvOQsSAr+E6
5XX2MqyDRoF1h8Td3fg5UxqwhoTDjCER6xh3Ev7H+IK/sU9D/qS1McThirNyscZq
vWXhirVeqrDsmH4UDXRXrWbFIfauLYMxb+lZ7MOh5mpm
-----END CERTIFICATE-----