Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/DdLeL0MkTIY5THeoe5giuUb_EpE.roa
File:                     DdLeL0MkTIY5THeoe5giuUb_EpE.roa (raw, json)
Hash identifier:          KJtshrgAgGStsp7DVGalKTGLj99CXgcV9xfjVyiEccw=
Subject key identifier:   0D:D2:DE:2F:43:24:4C:86:39:4C:77:A8:7B:98:22:B9:46:FF:12:91
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018CC492E7CD5488532DFB9E81EED7B1666B
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/DdLeL0MkTIY5THeoe5giuUb_EpE.roa
Signing time:             Mon 01 Jan 2024 10:30:11 +0000
ROA not before:           Mon 01 Jan 2024 10:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209544
IP address blocks:        46.209.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:e7:cd:54:88:53:2d:fb:9e:81:ee:d7:b1:66:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Jan  1 10:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0dd2de2f43244c86394c77a87b9822b946ff1291
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:88:f1:41:83:51:fa:5c:68:36:3d:67:20:c0:
                    04:7d:9e:99:f7:ba:3e:33:14:ef:bf:d2:c8:28:3f:
                    7b:3c:32:21:e9:01:4a:5d:84:f5:b6:ff:8a:9c:a0:
                    b5:04:8a:b7:27:4f:8e:67:36:86:a2:60:34:55:f5:
                    20:b3:38:b4:d2:ea:b1:a4:c9:5f:b3:44:92:a6:35:
                    de:61:86:fd:99:56:eb:84:6d:f8:a4:89:2b:46:23:
                    38:8c:de:d1:6e:99:d3:9a:ce:22:e6:db:0f:60:e3:
                    b2:c4:85:56:dd:f3:64:41:f9:e1:c3:82:d9:c7:87:
                    07:91:15:35:f4:1c:84:74:be:bc:a7:6f:a8:4e:12:
                    96:f5:b2:ce:73:47:6e:b2:42:65:ea:cf:9b:22:e6:
                    3f:e9:85:2e:54:d2:ca:35:93:ab:62:f5:dd:4c:4d:
                    62:1c:c9:2f:00:79:da:8f:e1:41:55:8a:d1:35:21:
                    f7:92:9e:e7:f5:a6:4c:0d:ae:c3:9c:b3:1b:63:dc:
                    a0:ba:8b:7e:33:4e:27:e0:56:44:66:1f:ec:1d:f7:
                    db:66:04:32:20:e7:ff:40:5f:14:1e:3f:80:d3:41:
                    f0:cd:17:59:1e:f7:e8:81:f8:ac:52:0a:c3:15:6f:
                    4c:f6:50:a8:9f:11:30:67:45:82:ef:cd:7f:a0:55:
                    d8:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:D2:DE:2F:43:24:4C:86:39:4C:77:A8:7B:98:22:B9:46:FF:12:91
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/DdLeL0MkTIY5THeoe5giuUb_EpE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.209.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:9d:ef:c6:d2:9e:f9:ec:24:fb:d6:34:26:0b:b8:1e:2d:df:
         f9:0f:af:b1:74:28:a2:ea:7c:d2:c5:1b:fe:91:ef:1e:f3:34:
         12:b4:52:43:42:20:a6:83:d1:b4:c3:ce:b1:12:ac:1d:42:83:
         f6:c5:f0:d6:65:5a:3b:fc:4e:19:b3:4d:8b:f8:7a:88:af:15:
         36:23:65:61:1b:b6:53:d1:9b:fc:30:4c:32:17:8c:94:04:46:
         0e:18:c0:e9:5b:ab:f3:24:2f:91:dd:f7:37:84:60:13:86:5c:
         57:9f:8c:ee:52:5d:bc:b6:13:dd:7c:c3:87:9c:30:39:41:a4:
         c5:17:c2:0a:c9:0e:44:04:f0:1d:fa:75:7f:d2:da:13:85:1f:
         3d:03:e0:3e:73:75:89:61:e9:8a:a6:bd:bc:42:46:c3:bb:72:
         eb:b2:9a:85:68:8e:61:1b:9a:10:61:6b:00:b4:60:ac:8c:cf:
         ee:0d:66:49:c2:c9:65:92:85:41:ff:ee:0e:86:84:78:fe:ea:
         28:dd:0b:b7:49:cc:65:0c:01:05:ec:be:27:71:44:04:c4:95:
         c5:94:21:f6:83:cb:87:62:3f:2c:1b:b6:0a:47:b3:e4:7e:81:
         a6:ec:98:f5:49:f3:35:89:b2:5a:c3:15:e0:ec:99:f0:89:f9:
         e5:bf:12:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkufNVIhTLfuege7XsWZrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwMTAxMTAzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZGQyZGUyZjQzMjQ0Yzg2Mzk0Yzc3YTg3Yjk4MjJiOTQ2ZmYxMjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIjxQYNR+lxoNj1nIMAEfZ6Z97o+
MxTvv9LIKD97PDIh6QFKXYT1tv+KnKC1BIq3J0+OZzaGomA0VfUgszi00uqxpMlf
s0SSpjXeYYb9mVbrhG34pIkrRiM4jN7RbpnTms4i5tsPYOOyxIVW3fNkQfnhw4LZ
x4cHkRU19ByEdL68p2+oThKW9bLOc0duskJl6s+bIuY/6YUuVNLKNZOrYvXdTE1i
HMkvAHnaj+FBVYrRNSH3kp7n9aZMDa7DnLMbY9yguot+M04n4FZEZh/sHffbZgQy
IOf/QF8UHj+A00HwzRdZHvfogfisUgrDFW9M9lConxEwZ0WC781/oFXYBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA3S3i9DJEyGOUx3qHuYIrlG/xKRMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvRGRMZUwwTWtUSVk1VEhlb2U1Z2l1VWJfRXBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALtFlMA0G
CSqGSIb3DQEBCwUAA4IBAQCrne/G0p757CT71jQmC7geLd/5D6+xdCii6nzSxRv+
ke8e8zQStFJDQiCmg9G0w86xEqwdQoP2xfDWZVo7/E4Zs02L+HqIrxU2I2VhG7ZT
0Zv8MEwyF4yUBEYOGMDpW6vzJC+R3fc3hGAThlxXn4zuUl28thPdfMOHnDA5QaTF
F8IKyQ5EBPAd+nV/0toThR89A+A+c3WJYemKpr28QkbDu3LrspqFaI5hG5oQYWsA
tGCsjM/uDWZJwsllkoVB/+4OhoR4/uoo3Qu3ScxlDAEF7L4ncUQExJXFlCH2g8uH
Yj8sG7YKR7PkfoGm7Jj1SfM1ibJawxXg7JnwifnlvxJ/
-----END CERTIFICATE-----