Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/rEwSxc4_Qsj5oR3HvBVnngSFmuk.roa
File:                     rEwSxc4_Qsj5oR3HvBVnngSFmuk.roa (raw, json)
Hash identifier:          NqcJVGtDROcQfZ7seJyaS3acAiDGZSmL01bk3P5OAyI=
Subject key identifier:   AC:4C:12:C5:CE:3F:42:C8:F9:A1:1D:C7:BC:15:67:9E:04:85:9A:E9
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018DACEAD075722B2C83A8FA19E745661743
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/rEwSxc4_Qsj5oR3HvBVnngSFmuk.roa
Signing time:             Thu 15 Feb 2024 13:18:06 +0000
ROA not before:           Thu 15 Feb 2024 13:18:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59504
IP address blocks:        147.45.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 13:03:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ac:ea:d0:75:72:2b:2c:83:a8:fa:19:e7:45:66:17:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Feb 15 13:18:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac4c12c5ce3f42c8f9a11dc7bc15679e04859ae9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0b:23:86:28:e4:64:65:ee:8f:01:57:5f:65:
                    27:41:cd:64:e9:58:0c:dd:af:ba:69:89:a4:8b:d8:
                    00:51:91:22:8d:ad:4c:f7:4a:7a:dc:cb:6c:46:bf:
                    8f:ae:00:81:3a:83:73:ce:e1:60:bd:4a:57:cb:43:
                    f0:60:81:1a:de:23:f3:fc:21:68:8c:9b:01:39:c6:
                    ff:e8:bf:98:1f:b3:80:73:d9:1a:d8:09:df:41:24:
                    c4:88:79:db:e4:43:94:50:e4:21:4c:48:5e:33:e1:
                    29:74:f8:ff:cf:6a:73:0f:2a:83:d2:e5:4f:0b:5b:
                    04:7b:47:36:c4:df:1d:2d:b5:00:f5:ae:71:d5:92:
                    4f:07:37:f8:66:84:d9:fe:33:ff:07:1f:11:d8:36:
                    98:38:6f:1b:b0:c2:e3:19:f0:47:cc:dc:fc:f5:50:
                    1c:36:80:8a:18:e3:b7:9b:14:ac:48:cf:51:e3:f0:
                    91:2c:69:ba:58:f0:02:0d:31:14:de:bd:0a:19:7d:
                    22:22:67:c4:7c:8a:f3:8e:71:b8:0a:3b:79:5d:4f:
                    0c:30:0e:79:8c:2b:b5:c8:06:38:26:cf:c2:76:b4:
                    b8:58:06:b1:6e:62:88:dd:74:af:30:88:1b:34:cc:
                    c6:9f:04:b9:98:3f:d9:6c:fc:0f:9c:72:be:7c:a1:
                    87:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:4C:12:C5:CE:3F:42:C8:F9:A1:1D:C7:BC:15:67:9E:04:85:9A:E9
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/rEwSxc4_Qsj5oR3HvBVnngSFmuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:10:75:1b:56:03:47:69:48:ef:51:b4:8d:d0:d1:4b:42:11:
         0e:15:b7:48:bd:2c:5a:f4:a5:2c:84:7d:47:13:8d:c6:be:5a:
         36:87:98:fb:8d:7a:cb:cf:73:fa:f2:8a:75:22:0b:f5:27:9b:
         72:1f:35:36:d9:f4:dd:07:4a:75:b9:7a:15:4c:3d:7c:0d:3c:
         d8:ac:3a:a2:ee:ae:a8:c9:fa:f0:74:2f:cd:27:e4:d3:f8:51:
         03:c6:77:89:5a:4a:cb:dd:43:60:7d:ed:36:7f:13:2f:66:88:
         30:46:a0:0c:54:6d:53:26:fe:08:47:08:41:1f:f7:f1:8c:de:
         54:9c:c4:27:bf:c5:15:fe:76:63:21:be:9d:77:4c:1c:0f:8c:
         09:c8:6a:2b:a1:e6:f3:5b:95:04:10:9e:4c:51:13:bb:dc:62:
         b3:b6:37:02:c1:63:11:aa:9f:d7:ee:8f:ac:25:5e:ba:8e:80:
         73:d7:df:85:21:e3:ea:00:d5:06:dd:48:6e:24:59:ff:3a:08:
         bd:da:c8:04:56:d2:96:93:0c:c1:01:86:cf:4c:17:b9:18:07:
         bd:1c:73:f5:4f:02:2c:a7:e5:50:48:58:a6:0a:25:45:a4:c3:
         e6:b5:44:01:87:bd:8e:13:b9:d8:f8:48:f5:9e:29:6b:59:b6:
         74:ba:89:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2s6tB1cissg6j6GedFZhdDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMjE1MTMxODA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzRjMTJjNWNlM2Y0MmM4ZjlhMTFkYzdiYzE1Njc5ZTA0ODU5YWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgsjhijkZGXujwFXX2UnQc1k6VgM
3a+6aYmki9gAUZEija1M90p63MtsRr+PrgCBOoNzzuFgvUpXy0PwYIEa3iPz/CFo
jJsBOcb/6L+YH7OAc9ka2AnfQSTEiHnb5EOUUOQhTEheM+EpdPj/z2pzDyqD0uVP
C1sEe0c2xN8dLbUA9a5x1ZJPBzf4ZoTZ/jP/Bx8R2DaYOG8bsMLjGfBHzNz89VAc
NoCKGOO3mxSsSM9R4/CRLGm6WPACDTEU3r0KGX0iImfEfIrzjnG4Cjt5XU8MMA55
jCu1yAY4Js/CdrS4WAaxbmKI3XSvMIgbNMzGnwS5mD/ZbPwPnHK+fKGHswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxMEsXOP0LI+aEdx7wVZ54EhZrpMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvckV3U3hjNF9Rc2o1b1IzSHZCVm5uZ1NGbXVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAky0uMA0G
CSqGSIb3DQEBCwUAA4IBAQAOEHUbVgNHaUjvUbSN0NFLQhEOFbdIvSxa9KUshH1H
E43Gvlo2h5j7jXrLz3P68op1Igv1J5tyHzU22fTdB0p1uXoVTD18DTzYrDqi7q6o
yfrwdC/NJ+TT+FEDxneJWkrL3UNgfe02fxMvZogwRqAMVG1TJv4IRwhBH/fxjN5U
nMQnv8UV/nZjIb6dd0wcD4wJyGoroebzW5UEEJ5MURO73GKztjcCwWMRqp/X7o+s
JV66joBz19+FIePqANUG3UhuJFn/Ogi92sgEVtKWkwzBAYbPTBe5GAe9HHP1TwIs
p+VQSFimCiVFpMPmtUQBh72OE7nY+Ej1nilrWbZ0uonw
-----END CERTIFICATE-----