Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/b97849-2af5-4c3e-8f0e-4dd3853a2241/1/uEClDvqyPr1x6Hm-rdGkzJPICbY.roa
File:                     uEClDvqyPr1x6Hm-rdGkzJPICbY.roa (raw, json)
Hash identifier:          44+N1umP7sSdKnKPaFY6nsFi+b9ErSzLRD4FCQlLnTw=
Subject key identifier:   B8:40:A5:0E:FA:B2:3E:BD:71:E8:79:BE:AD:D1:A4:CC:93:C8:09:B6
Certificate issuer:       /CN=77480527d0b35caf95b37502c4c6f9e3e81fd8a3
Certificate serial:       018CC4245BFCC8D9B1C2AFF8383E364AD7E4
Authority key identifier: 77:48:05:27:D0:B3:5C:AF:95:B3:75:02:C4:C6:F9:E3:E8:1F:D8:A3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/d0gFJ9CzXK-Vs3UCxMb54-gf2KM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/b97849-2af5-4c3e-8f0e-4dd3853a2241/1/uEClDvqyPr1x6Hm-rdGkzJPICbY.roa
Signing time:             Mon 01 Jan 2024 08:29:26 +0000
ROA not before:           Mon 01 Jan 2024 08:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205546
IP address blocks:        46.229.246.0/24 maxlen: 24
                          46.229.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/b97849-2af5-4c3e-8f0e-4dd3853a2241/1/d0gFJ9CzXK-Vs3UCxMb54-gf2KM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/b97849-2af5-4c3e-8f0e-4dd3853a2241/1/d0gFJ9CzXK-Vs3UCxMb54-gf2KM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/d0gFJ9CzXK-Vs3UCxMb54-gf2KM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 13:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:5b:fc:c8:d9:b1:c2:af:f8:38:3e:36:4a:d7:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=77480527d0b35caf95b37502c4c6f9e3e81fd8a3
        Validity
            Not Before: Jan  1 08:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b840a50efab23ebd71e879beadd1a4cc93c809b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:27:29:1f:25:b3:0e:aa:81:a4:02:d7:42:e6:
                    40:74:e0:a3:19:90:fa:19:6b:d2:3c:f7:bd:5f:03:
                    c1:4d:1f:23:e3:10:fe:52:c9:07:35:87:19:e5:a0:
                    e0:40:e2:d1:bf:58:2e:82:8f:e4:a1:54:65:25:09:
                    c7:76:78:38:a0:ff:df:aa:12:4f:42:8f:25:43:10:
                    cd:16:ad:59:ac:4b:3c:c9:7a:0d:74:db:b6:bc:2f:
                    47:ab:88:27:bf:31:fc:ec:63:06:e4:be:90:99:0f:
                    50:1b:f6:e7:30:6e:19:0a:b2:4a:63:1f:34:12:06:
                    70:a6:50:3f:01:92:33:72:dc:91:f9:b8:c7:3b:df:
                    7c:0b:a4:89:2d:8b:99:e1:7f:1e:75:1e:bb:a0:c8:
                    a0:0f:38:38:d6:a6:3e:64:c4:67:86:91:a6:5e:52:
                    3b:2c:16:54:4d:40:f8:0a:48:b7:a9:23:1b:6c:83:
                    e8:75:72:53:3d:88:6a:76:cb:d8:76:66:4a:16:7f:
                    1d:b3:af:c3:21:63:2d:b5:24:8c:3e:03:38:b6:39:
                    48:03:1a:4b:8b:ab:1e:d1:c5:03:4d:6b:04:38:d4:
                    44:a7:08:06:e6:2f:40:46:37:1f:1a:fc:af:e3:3f:
                    d5:6b:c5:78:76:49:99:2b:c6:3e:4e:a2:f8:c1:06:
                    0e:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:40:A5:0E:FA:B2:3E:BD:71:E8:79:BE:AD:D1:A4:CC:93:C8:09:B6
            X509v3 Authority Key Identifier:
                keyid:77:48:05:27:D0:B3:5C:AF:95:B3:75:02:C4:C6:F9:E3:E8:1F:D8:A3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0gFJ9CzXK-Vs3UCxMb54-gf2KM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b97849-2af5-4c3e-8f0e-4dd3853a2241/1/uEClDvqyPr1x6Hm-rdGkzJPICbY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/b97849-2af5-4c3e-8f0e-4dd3853a2241/1/d0gFJ9CzXK-Vs3UCxMb54-gf2KM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.229.246.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3d:52:78:a1:a1:90:db:57:9a:33:a4:ca:d2:de:7c:21:36:ee:
         73:7b:d9:8a:8a:d6:ba:74:19:05:e5:a0:07:3f:e1:f1:81:63:
         51:6a:99:fe:72:5e:f1:f8:8a:c1:4a:34:de:bf:e9:bf:53:fc:
         41:d2:94:f9:7d:5f:63:f3:35:4c:b2:8f:98:6a:9d:e0:af:83:
         89:96:ab:c0:98:f2:7d:9e:ad:da:5d:92:07:cb:4c:f7:04:53:
         29:85:ac:9f:ad:40:2c:51:47:9d:e5:d9:2a:1a:ef:a0:c9:75:
         89:d2:5d:56:b9:87:7a:a6:06:f1:bd:50:62:75:ad:52:3b:f3:
         46:a3:54:0c:aa:b7:44:b6:e1:83:cd:e0:22:53:1f:cc:37:d2:
         b7:55:e5:42:cb:e8:19:6a:ca:e6:92:6d:f6:d1:b2:7f:8f:5d:
         53:62:7a:22:62:22:26:69:ac:d6:cc:64:44:61:fb:6d:b8:f2:
         35:1c:46:e3:1b:da:c2:68:59:a6:af:30:d8:77:11:7a:bb:8a:
         74:4a:a5:f0:0b:fd:70:ad:3a:2c:b5:7a:6f:7f:7d:cc:fc:8b:
         44:f3:76:6f:c8:ea:d0:b4:f1:65:94:9f:e9:6c:1a:40:89:39:
         be:bb:0e:0b:70:ee:44:3e:9b:5f:d4:ec:d5:c4:35:b2:45:82:
         e9:e8:0b:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFv8yNmxwq/4OD42StfkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc3NDgwNTI3ZDBiMzVjYWY5NWIzNzUwMmM0YzZmOWUzZTgx
ZmQ4YTMwHhcNMjQwMTAxMDgyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODQwYTUwZWZhYjIzZWJkNzFlODc5YmVhZGQxYTRjYzkzYzgwOWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArScpHyWzDqqBpALXQuZAdOCjGZD6
GWvSPPe9XwPBTR8j4xD+UskHNYcZ5aDgQOLRv1gugo/koVRlJQnHdng4oP/fqhJP
Qo8lQxDNFq1ZrEs8yXoNdNu2vC9Hq4gnvzH87GMG5L6QmQ9QG/bnMG4ZCrJKYx80
EgZwplA/AZIzctyR+bjHO998C6SJLYuZ4X8edR67oMigDzg41qY+ZMRnhpGmXlI7
LBZUTUD4Cki3qSMbbIPodXJTPYhqdsvYdmZKFn8ds6/DIWMttSSMPgM4tjlIAxpL
i6se0cUDTWsEONREpwgG5i9ARjcfGvyv4z/Va8V4dkmZK8Y+TqL4wQYOqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLhApQ76sj69ceh5vq3RpMyTyAm2MB8GA1UdIwQY
MBaAFHdIBSfQs1yvlbN1AsTG+ePoH9ijMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZDBnRko5Q3pYSy1WczNVQ3hNYjU0LWdmMktNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9iOTc4NDktMmFmNS00YzNlLThmMGUt
NGRkMzg1M2EyMjQxLzEvdUVDbER2cXlQcjF4NkhtLXJkR2t6SlBJQ2JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9iOTc4NDktMmFmNS00YzNlLThmMGUtNGRkMzg1M2EyMjQx
LzEvZDBnRko5Q3pYSy1WczNVQ3hNYjU0LWdmMktNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLuX2MA0G
CSqGSIb3DQEBCwUAA4IBAQA9UnihoZDbV5ozpMrS3nwhNu5ze9mKita6dBkF5aAH
P+HxgWNRapn+cl7x+IrBSjTev+m/U/xB0pT5fV9j8zVMso+Yap3gr4OJlqvAmPJ9
nq3aXZIHy0z3BFMphayfrUAsUUed5dkqGu+gyXWJ0l1WuYd6pgbxvVBida1SO/NG
o1QMqrdEtuGDzeAiUx/MN9K3VeVCy+gZasrmkm320bJ/j11TYnoiYiImaazWzGRE
YfttuPI1HEbjG9rCaFmmrzDYdxF6u4p0SqXwC/1wrTostXpvf33M/ItE83ZvyOrQ
tPFllJ/pbBpAiTm+uw4LcO5EPptf1OzVxDWyRYLp6Asb
-----END CERTIFICATE-----