Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/4mnyKmSV8kyoZDf4KGc8BcVkFEY.roa
File:                     4mnyKmSV8kyoZDf4KGc8BcVkFEY.roa (raw, json)
Hash identifier:          Tb0E1fByUgUuWFMK+84pznYsjJ2c2rg/Sp3Y9PBr31I=
Subject key identifier:   E2:69:F2:2A:64:95:F2:4C:A8:64:37:F8:28:67:3C:05:C5:64:14:46
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492DECD957C15401F2A456D554E278A
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/4mnyKmSV8kyoZDf4KGc8BcVkFEY.roa
Signing time:             Mon 01 Jan 2024 10:30:08 +0000
ROA not before:           Mon 01 Jan 2024 10:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59962
IP address blocks:        46.209.32.0/21 maxlen: 24
                          46.209.168.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:de:cd:95:7c:15:40:1f:2a:45:6d:55:4e:27:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e269f22a6495f24ca86437f828673c05c5641446
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:1a:76:19:24:2c:b5:40:d0:d5:5c:af:34:36:
                    3c:ca:47:ae:78:ec:86:fc:3e:79:13:58:bd:b8:33:
                    a7:c5:95:c5:2c:b2:cb:bb:05:f7:88:d9:3f:6f:28:
                    5f:4f:77:86:cf:18:fc:85:a3:b7:28:80:03:33:7a:
                    14:e9:2f:1a:d6:6d:3f:4c:1f:3f:e0:d3:21:a0:91:
                    64:0e:97:dd:d6:f4:75:47:17:fa:cd:c4:96:59:f0:
                    1f:38:29:e1:be:47:cf:5b:f3:51:2f:62:20:d2:f4:
                    b1:ec:aa:46:41:0f:09:02:0d:96:da:7b:56:64:54:
                    3e:ef:7e:14:56:1a:6d:31:f2:b9:f1:fe:02:b2:cc:
                    60:30:de:e5:1d:03:ac:56:7b:2f:f0:8b:02:1c:14:
                    e5:a7:49:74:d5:b2:8d:a6:4a:2e:ee:a6:3f:a1:cf:
                    ff:2b:9b:e9:a1:03:ed:6b:2e:5c:a4:1e:4c:52:28:
                    5c:39:cd:e2:e4:c2:5c:8c:a3:cf:5f:ea:ca:12:ad:
                    21:ed:62:6e:9e:84:0f:33:b2:3c:37:b4:be:61:61:
                    4d:1c:75:46:a2:91:5a:04:05:a0:a1:89:6c:49:59:
                    73:66:22:58:82:46:50:63:25:56:ec:4d:1d:a0:69:
                    c4:c9:d8:bb:4f:ed:5f:67:0f:9e:2b:63:70:21:22:
                    19:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:69:F2:2A:64:95:F2:4C:A8:64:37:F8:28:67:3C:05:C5:64:14:46
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/4mnyKmSV8kyoZDf4KGc8BcVkFEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.209.32.0/21
                  46.209.168.0/21

    Signature Algorithm: sha256WithRSAEncryption
         11:e3:2f:28:1c:1c:b1:fb:ed:95:2b:a0:73:ea:c3:6b:62:40:
         4e:e2:ed:c6:e9:d9:23:c0:40:08:ef:95:06:55:ac:f9:6d:cb:
         dd:85:5e:f0:a0:c3:3a:b2:7e:9f:f1:e0:fb:d3:13:29:f0:90:
         21:63:0c:1f:76:1b:15:5c:81:f3:b5:0a:33:8e:20:0c:d4:d6:
         e4:c7:e8:ac:fa:1d:19:bd:75:ec:ab:06:09:47:e8:57:e6:fc:
         88:86:8f:67:24:03:6a:c4:2d:2f:5d:05:46:90:9b:bc:bf:8e:
         eb:2e:83:ee:77:6b:80:a4:36:36:1b:df:5d:d0:f9:1e:d5:d7:
         c9:86:5b:75:a0:f0:53:5a:dc:bd:a1:36:b9:77:7a:f4:dd:cd:
         33:f9:19:cc:2f:8d:3b:b7:8c:29:aa:dc:c0:eb:34:65:72:f7:
         36:73:3b:d8:aa:48:ad:1b:54:29:73:ac:41:93:aa:e9:9e:98:
         d0:fd:e4:2c:d4:7b:1d:61:58:1c:c7:96:70:0a:11:56:53:a4:
         7d:4a:71:3d:78:48:c3:57:51:b6:5c:7c:7d:44:70:59:e3:8e:
         d6:42:18:5f:f0:f2:f2:b6:94:58:84:3e:58:ea:af:26:6d:55:
         13:e8:f0:a0:09:4e:ca:2d:24:0a:9a:56:c9:58:ba:c0:60:f1:
         ac:bb:f3:73
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEkt7NlXwVQB8qRW1VTieKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjY5ZjIyYTY0OTVmMjRjYTg2NDM3ZjgyODY3M2MwNWM1NjQxNDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxp2GSQstUDQ1VyvNDY8ykeueOyG
/D55E1i9uDOnxZXFLLLLuwX3iNk/byhfT3eGzxj8haO3KIADM3oU6S8a1m0/TB8/
4NMhoJFkDpfd1vR1Rxf6zcSWWfAfOCnhvkfPW/NRL2Ig0vSx7KpGQQ8JAg2W2ntW
ZFQ+734UVhptMfK58f4CssxgMN7lHQOsVnsv8IsCHBTlp0l01bKNpkou7qY/oc//
K5vpoQPtay5cpB5MUihcOc3i5MJcjKPPX+rKEq0h7WJunoQPM7I8N7S+YWFNHHVG
opFaBAWgoYlsSVlzZiJYgkZQYyVW7E0doGnEydi7T+1fZw+eK2NwISIZ9QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOJp8ipklfJMqGQ3+ChnPAXFZBRGMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvNG1ueUttU1Y4a3lvWkRmNEtHYzhCY1ZrRkVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLtEgAwQD
LtGoMA0GCSqGSIb3DQEBCwUAA4IBAQAR4y8oHByx++2VK6Bz6sNrYkBO4u3G6dkj
wEAI75UGVaz5bcvdhV7woMM6sn6f8eD70xMp8JAhYwwfdhsVXIHztQozjiAM1Nbk
x+is+h0ZvXXsqwYJR+hX5vyIho9nJANqxC0vXQVGkJu8v47rLoPud2uApDY2G99d
0Pke1dfJhlt1oPBTWty9oTa5d3r03c0z+RnML407t4wpqtzA6zRlcvc2czvYqkit
G1Qpc6xBk6rpnpjQ/eQs1HsdYVgcx5ZwChFWU6R9SnE9eEjDV1G2XHx9RHBZ447W
Qhhf8PLytpRYhD5Y6q8mbVUT6PCgCU7KLSQKmlbJWLrAYPGsu/Nz
-----END CERTIFICATE-----