Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/DiZiWIbD3a6rFyzlqmRm1EM9u3I.roa
File:                     DiZiWIbD3a6rFyzlqmRm1EM9u3I.roa (raw, json)
Hash identifier:          L4iADwi1doSYOhJFWC+AZ0IJS6kCgrDTg04yobUoB/M=
Subject key identifier:   0E:26:62:58:86:C3:DD:AE:AB:17:2C:E5:AA:64:66:D4:43:3D:BB:72
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018D7E0CF7F19F4154D7A2D9870082901E61
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/DiZiWIbD3a6rFyzlqmRm1EM9u3I.roa
Signing time:             Tue 06 Feb 2024 10:53:15 +0000
ROA not before:           Tue 06 Feb 2024 10:53:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48558
IP address blocks:        46.161.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 10:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:7e:0c:f7:f1:9f:41:54:d7:a2:d9:87:00:82:90:1e:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Feb  6 10:53:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0e26625886c3ddaeab172ce5aa6466d4433dbb72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:1f:bd:c0:ad:d1:0c:74:63:35:d4:e8:75:9a:
                    20:cf:25:a7:2a:84:c5:0f:74:18:81:e8:5b:a1:f8:
                    62:1d:ce:5d:c8:20:9b:9d:5f:69:32:3e:2b:4f:ba:
                    c7:42:c3:c6:7c:e2:97:de:8b:ad:03:57:9b:2d:ac:
                    3b:33:43:6f:9c:e1:5f:ed:b9:00:bf:f0:71:99:38:
                    f7:87:d2:10:81:a6:3e:74:a0:a9:3f:2e:a9:15:b6:
                    1a:6d:f0:68:bf:11:d1:90:58:8b:9a:59:bc:88:ef:
                    1a:8d:8e:0d:ec:0e:ce:f6:e9:dd:2e:7f:cc:1e:9b:
                    00:b9:ad:88:b2:d9:10:9b:04:8a:ef:c0:2e:7a:d3:
                    fd:c3:c4:ad:69:0b:1e:ee:c8:a1:0d:8d:a7:e4:24:
                    84:3a:b0:c5:37:b3:f1:fc:47:17:76:b5:6d:79:11:
                    9b:2a:48:c7:38:12:21:6d:33:47:5a:49:03:cf:2e:
                    f5:d4:7e:28:8b:7a:c7:f7:72:a2:0e:a0:8a:5c:b7:
                    cb:31:78:e5:c1:2f:b9:85:0e:0d:16:2e:85:8f:a7:
                    d0:3f:2f:99:be:f3:f6:91:df:c7:32:bb:25:85:17:
                    e4:6a:b8:c1:c8:fe:52:75:15:e9:f4:b4:95:a9:7e:
                    cb:50:3a:05:31:64:1a:e1:78:d9:f1:4f:6b:16:b7:
                    ad:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:26:62:58:86:C3:DD:AE:AB:17:2C:E5:AA:64:66:D4:43:3D:BB:72
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/DiZiWIbD3a6rFyzlqmRm1EM9u3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.161.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:f1:45:ec:38:1e:1f:c1:4d:58:41:66:3a:fa:92:a4:9e:b1:
         0c:99:ee:c1:fa:bf:15:b2:11:d2:fa:72:3f:a7:56:21:e6:1f:
         cc:e5:f6:83:93:ca:79:75:99:2a:bc:bb:75:77:9b:12:47:3e:
         d5:54:44:29:3b:75:82:e7:5b:60:e5:f1:b7:09:f6:4e:14:6b:
         e4:b8:ab:66:91:99:77:ba:79:bb:aa:7d:fe:5b:ce:f4:0e:63:
         a2:2f:8e:46:25:91:b2:a5:7e:f5:dc:e6:5d:e6:67:d5:41:5d:
         11:40:0c:bf:c6:bb:f7:8a:ef:fa:3f:d9:de:00:5b:a2:7f:b1:
         4e:62:f2:51:dd:5c:6e:6f:6c:37:b6:5a:a1:b5:d4:4f:33:1f:
         4f:6f:f4:7c:ce:cd:ae:37:3a:b2:54:31:1f:c8:59:4e:6d:e6:
         b8:b0:b1:be:b4:54:e1:99:7a:40:a2:0f:1a:c9:b1:e5:72:91:
         20:10:ee:52:66:99:f2:9a:02:34:3f:22:7b:3e:c4:e5:1e:43:
         25:91:33:5d:c4:3a:10:13:70:e9:68:60:e6:e3:52:0b:f8:b5:
         10:e4:3d:cc:d0:01:41:47:70:ed:ff:08:13:0e:a3:8a:93:2e:
         76:fc:e3:c8:bb:4e:b6:5d:ec:16:1b:ec:e4:68:85:a0:7e:94:
         f3:f2:4f:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1+DPfxn0FU16LZhwCCkB5hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMjA2MTA1MzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTI2NjI1ODg2YzNkZGFlYWIxNzJjZTVhYTY0NjZkNDQzM2RiYjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmx+9wK3RDHRjNdTodZogzyWnKoTF
D3QYgehbofhiHc5dyCCbnV9pMj4rT7rHQsPGfOKX3outA1ebLaw7M0NvnOFf7bkA
v/BxmTj3h9IQgaY+dKCpPy6pFbYabfBovxHRkFiLmlm8iO8ajY4N7A7O9undLn/M
HpsAua2IstkQmwSK78AuetP9w8StaQse7sihDY2n5CSEOrDFN7Px/EcXdrVteRGb
KkjHOBIhbTNHWkkDzy711H4oi3rH93KiDqCKXLfLMXjlwS+5hQ4NFi6Fj6fQPy+Z
vvP2kd/HMrslhRfkarjByP5SdRXp9LSVqX7LUDoFMWQa4XjZ8U9rFretYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4mYliGw92uqxcs5apkZtRDPbtyMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvRGlaaVdJYkQzYTZyRnl6bHFtUm0xRU05dTNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALqEBMA0G
CSqGSIb3DQEBCwUAA4IBAQB98UXsOB4fwU1YQWY6+pKknrEMme7B+r8VshHS+nI/
p1Yh5h/M5faDk8p5dZkqvLt1d5sSRz7VVEQpO3WC51tg5fG3CfZOFGvkuKtmkZl3
unm7qn3+W870DmOiL45GJZGypX713OZd5mfVQV0RQAy/xrv3iu/6P9neAFuif7FO
YvJR3Vxub2w3tlqhtdRPMx9Pb/R8zs2uNzqyVDEfyFlObea4sLG+tFThmXpAog8a
ybHlcpEgEO5SZpnymgI0PyJ7PsTlHkMlkTNdxDoQE3DpaGDm41IL+LUQ5D3M0AFB
R3Dt/wgTDqOKky52/OPIu062XewWG+zkaIWgfpTz8k/r
-----END CERTIFICATE-----