Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/d9FOsz2KRc7d68YZbza7zfiXh38.roa
File:                     d9FOsz2KRc7d68YZbza7zfiXh38.roa (raw, json)
Hash identifier:          tyFbduQtDOvr4/99DzRAzaG0i1IuK+A13i/IRpDW/vc=
Subject key identifier:   77:D1:4E:B3:3D:8A:45:CE:DD:EB:C6:19:6F:36:BB:CD:F8:97:87:7F
Certificate issuer:       /CN=2e0a9333f93cca544fdabe2ea7a6738a54af759e
Certificate serial:       018F866088FCC645CDCD1BDA97F10EDA5F18
Authority key identifier: 2E:0A:93:33:F9:3C:CA:54:4F:DA:BE:2E:A7:A6:73:8A:54:AF:75:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LgqTM_k8ylRP2r4up6ZzilSvdZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/d9FOsz2KRc7d68YZbza7zfiXh38.roa
Signing time:             Fri 17 May 2024 11:47:04 +0000
ROA not before:           Fri 17 May 2024 11:47:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215625
IP address blocks:        46.235.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/LgqTM_k8ylRP2r4up6ZzilSvdZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/LgqTM_k8ylRP2r4up6ZzilSvdZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LgqTM_k8ylRP2r4up6ZzilSvdZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:86:60:88:fc:c6:45:cd:cd:1b:da:97:f1:0e:da:5f:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e0a9333f93cca544fdabe2ea7a6738a54af759e
        Validity
            Not Before: May 17 11:47:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=77d14eb33d8a45ceddebc6196f36bbcdf897877f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:5b:3e:44:1f:1d:43:01:6e:ba:c7:f1:a0:29:
                    17:28:4a:54:84:db:3a:c3:1d:51:9e:13:ff:69:26:
                    4c:cb:2f:bc:39:a5:27:75:b6:4a:30:65:ff:a3:b4:
                    69:51:0e:e1:c5:89:fa:f3:22:5d:ab:54:4f:37:4b:
                    bc:f9:7e:47:2d:2b:07:f4:95:b8:ac:e5:bb:ab:d1:
                    a5:7e:d9:05:ac:e5:d3:a9:32:e8:14:ad:ae:e6:53:
                    36:6b:bd:af:7b:59:cd:9b:22:11:6c:b5:32:f1:93:
                    0d:b9:aa:97:4c:29:94:e7:86:11:ba:c0:25:6f:95:
                    d3:2a:dd:50:bb:d1:ee:4c:2d:3b:07:59:88:4e:bb:
                    45:a4:78:02:a4:93:41:48:6f:12:2b:0c:a9:ad:6c:
                    88:b4:bd:d8:c3:9b:ed:2e:db:fb:57:7d:9e:29:94:
                    ef:d1:1f:26:1a:59:b0:59:73:8b:b6:22:46:03:5d:
                    69:93:e4:8c:3a:f1:fc:ce:9a:1a:dc:82:e0:d1:14:
                    28:62:58:34:74:39:cb:48:58:dc:4f:c7:dc:18:5f:
                    91:0e:d0:5c:bc:b2:36:a4:77:33:75:4f:a7:a8:66:
                    ca:01:b5:a2:66:cc:5f:bc:62:62:30:a7:51:f5:80:
                    f5:11:4e:90:70:02:d3:10:15:11:31:7c:16:b3:76:
                    b4:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:D1:4E:B3:3D:8A:45:CE:DD:EB:C6:19:6F:36:BB:CD:F8:97:87:7F
            X509v3 Authority Key Identifier:
                keyid:2E:0A:93:33:F9:3C:CA:54:4F:DA:BE:2E:A7:A6:73:8A:54:AF:75:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LgqTM_k8ylRP2r4up6ZzilSvdZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/d9FOsz2KRc7d68YZbza7zfiXh38.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/a4d09f-29df-44ea-a7b1-0a0aaeaee4f1/1/LgqTM_k8ylRP2r4up6ZzilSvdZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.235.12.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:c3:1c:ee:9c:86:e2:d7:e3:86:a9:99:9b:b0:1c:61:54:25:
         35:db:55:8c:d5:60:46:4f:56:c2:e0:a9:0b:69:68:90:49:ea:
         3b:bc:4f:f7:e5:b5:5f:3a:d9:ad:f6:0d:f2:b5:2b:dd:40:15:
         b6:ae:08:07:75:3d:11:ba:ae:51:a4:16:5c:62:84:df:c7:5c:
         f0:50:9c:4d:3e:ca:6a:6d:b2:70:d6:00:cf:f1:ba:3d:5f:0d:
         d9:c8:84:33:ac:6d:9c:32:96:e4:6c:78:5a:f3:28:90:ad:aa:
         5c:50:b1:c9:8f:b8:d9:62:4c:fe:10:6c:1d:27:b6:b1:ed:8e:
         86:5a:57:13:e7:88:e5:0a:12:9c:d1:18:d1:0d:b9:0f:64:7b:
         4e:5a:84:49:a8:f8:15:4e:29:96:16:02:22:77:61:af:90:39:
         83:ad:a5:48:ef:3a:da:32:9e:4b:ea:41:e0:e1:45:41:78:ed:
         75:ef:df:25:dd:d5:80:58:9b:23:69:0f:63:23:55:13:f9:2c:
         d6:9a:ae:7e:b0:03:65:9a:25:d7:32:bb:7d:c3:15:95:54:0e:
         c8:dc:e9:65:60:97:20:2c:c4:bd:d3:86:84:66:c4:15:78:d6:
         dc:73:6b:87:9d:8f:86:55:96:90:77:bd:d2:fc:4a:34:b3:5f:
         a4:bd:b3:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+GYIj8xkXNzRval/EO2l8YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMGE5MzMzZjkzY2NhNTQ0ZmRhYmUyZWE3YTY3MzhhNTRh
Zjc1OWUwHhcNMjQwNTE3MTE0NzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2QxNGViMzNkOGE0NWNlZGRlYmM2MTk2ZjM2YmJjZGY4OTc4NzdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1s+RB8dQwFuusfxoCkXKEpUhNs6
wx1RnhP/aSZMyy+8OaUndbZKMGX/o7RpUQ7hxYn68yJdq1RPN0u8+X5HLSsH9JW4
rOW7q9GlftkFrOXTqTLoFK2u5lM2a72ve1nNmyIRbLUy8ZMNuaqXTCmU54YRusAl
b5XTKt1Qu9HuTC07B1mITrtFpHgCpJNBSG8SKwyprWyItL3Yw5vtLtv7V32eKZTv
0R8mGlmwWXOLtiJGA11pk+SMOvH8zpoa3ILg0RQoYlg0dDnLSFjcT8fcGF+RDtBc
vLI2pHczdU+nqGbKAbWiZsxfvGJiMKdR9YD1EU6QcALTEBURMXwWs3a0dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHfRTrM9ikXO3evGGW82u834l4d/MB8GA1UdIwQY
MBaAFC4KkzP5PMpUT9q+Lqemc4pUr3WeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGdxVE1fazh5bFJQMnI0dXA2WnppbFN2ZFo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9hNGQwOWYtMjlkZi00NGVhLWE3YjEt
MGEwYWFlYWVlNGYxLzEvZDlGT3N6MktSYzdkNjhZWmJ6YTd6ZmlYaDM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9hNGQwOWYtMjlkZi00NGVhLWE3YjEtMGEwYWFlYWVlNGYx
LzEvTGdxVE1fazh5bFJQMnI0dXA2WnppbFN2ZFo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALusMMA0G
CSqGSIb3DQEBCwUAA4IBAQDPwxzunIbi1+OGqZmbsBxhVCU121WM1WBGT1bC4KkL
aWiQSeo7vE/35bVfOtmt9g3ytSvdQBW2rggHdT0Ruq5RpBZcYoTfx1zwUJxNPspq
bbJw1gDP8bo9Xw3ZyIQzrG2cMpbkbHha8yiQrapcULHJj7jZYkz+EGwdJ7ax7Y6G
WlcT54jlChKc0RjRDbkPZHtOWoRJqPgVTimWFgIid2GvkDmDraVI7zraMp5L6kHg
4UVBeO11798l3dWAWJsjaQ9jI1UT+SzWmq5+sANlmiXXMrt9wxWVVA7I3OllYJcg
LMS904aEZsQVeNbcc2uHnY+GVZaQd73S/Eo0s1+kvbM9
-----END CERTIFICATE-----