Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/FgvDO0Ub92Ax_sJNrr-byACYq-s.roa
File:                     FgvDO0Ub92Ax_sJNrr-byACYq-s.roa (raw, json)
Hash identifier:          sTJWpbfKKWzVN80tYYX49Uujkno9b6p88sRCqv/GsM0=
Subject key identifier:   16:0B:C3:3B:45:1B:F7:60:31:FE:C2:4D:AE:BF:9B:C8:00:98:AB:EB
Certificate issuer:       /CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
Certificate serial:       018F29D20E8A924AC613A1D7CF5AED59FF73
Authority key identifier: 81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/FgvDO0Ub92Ax_sJNrr-byACYq-s.roa
Signing time:             Mon 29 Apr 2024 12:26:23 +0000
ROA not before:           Mon 29 Apr 2024 12:26:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198341
IP address blocks:        46.209.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:29:d2:0e:8a:92:4a:c6:13:a1:d7:cf:5a:ed:59:ff:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81cca9f15e1921953a628c8ad2ac4be977b6c303
        Validity
            Not Before: Apr 29 12:26:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=160bc33b451bf76031fec24daebf9bc80098abeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:01:e2:55:8f:55:0f:03:70:b1:fe:a6:df:3d:
                    de:08:d4:1c:77:35:57:29:ad:01:35:6c:9a:9f:03:
                    c8:46:0d:64:1e:f2:db:0c:a6:6a:c1:e6:b0:7a:5f:
                    e2:00:58:32:95:1d:9e:6c:9c:5d:1e:f2:11:2b:47:
                    7f:04:fe:b2:d0:13:09:e5:bc:aa:98:fe:57:18:4a:
                    31:6d:63:c0:74:12:11:cb:e7:08:53:8a:4a:37:64:
                    b3:1f:33:94:a6:e2:fb:55:17:79:e2:8c:72:45:d5:
                    0a:3f:d4:4e:af:92:e7:be:de:a2:81:9b:27:76:4b:
                    e6:c4:58:a4:4d:80:fd:8b:8e:85:57:e4:17:24:14:
                    e2:4f:d0:d7:22:35:7a:57:b0:01:1d:cd:27:f5:3b:
                    04:a4:10:70:f9:ca:aa:c8:31:ab:e4:d7:7b:30:b3:
                    3a:2f:3b:1b:ee:a0:25:f2:0a:bf:14:24:5a:a3:0b:
                    a3:a9:10:7b:a5:9f:ab:a3:3f:a4:10:d6:1c:27:f1:
                    91:03:b2:65:f0:06:cc:34:2b:1b:2f:be:74:3a:ff:
                    2c:0d:d5:44:fc:55:19:c9:fe:55:83:46:b3:10:0b:
                    cf:42:da:55:d2:ac:7a:5f:03:fc:b0:67:53:e5:64:
                    88:73:4a:9c:34:60:9b:1b:e0:2c:6b:5f:2f:e0:07:
                    fa:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:0B:C3:3B:45:1B:F7:60:31:FE:C2:4D:AE:BF:9B:C8:00:98:AB:EB
            X509v3 Authority Key Identifier:
                keyid:81:CC:A9:F1:5E:19:21:95:3A:62:8C:8A:D2:AC:4B:E9:77:B6:C3:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/FgvDO0Ub92Ax_sJNrr-byACYq-s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/1ea2b0-6b9a-44d7-a2e5-2206cc2e691c/1/gcyp8V4ZIZU6YoyK0qxL6Xe2wwM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.209.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:9d:6e:24:5c:f4:c2:de:43:93:9a:8d:9a:71:15:9d:59:2c:
         14:b6:0c:b4:7b:b2:02:b4:da:75:1f:62:8f:34:6f:18:10:12:
         95:f2:bb:f7:a8:9c:6a:98:87:bb:c5:d1:63:78:1d:26:d9:8e:
         9e:22:0e:ed:31:59:89:dc:d6:35:87:b5:93:77:38:1f:60:84:
         43:49:8b:98:8e:74:f5:bb:4d:e0:1e:4c:e2:6c:98:c8:58:e9:
         9d:a1:1b:aa:20:30:75:44:dd:13:0e:02:51:aa:d8:41:54:0e:
         d4:f1:3a:71:0e:3c:12:52:b1:9e:1b:aa:7b:c9:75:3e:33:3b:
         90:ad:f7:bd:c7:56:ea:3a:fa:21:bc:0c:ad:e4:b3:d8:a0:a9:
         3d:56:3d:12:6c:da:1f:83:75:e1:61:92:80:18:0c:9a:e3:83:
         70:f3:ad:b7:89:61:a0:0e:d0:46:6b:0b:23:9d:44:a4:88:37:
         7a:11:b3:07:b2:4c:f9:e1:06:39:24:3e:bd:e9:62:38:57:23:
         9b:4c:71:36:6f:06:3f:15:29:08:d3:d3:a6:c8:8d:e5:59:98:
         bb:9e:6d:fd:41:a2:09:94:f2:9f:06:7a:0e:07:97:e5:a8:8e:
         0d:8e:72:71:47:48:54:fb:1c:a1:d7:75:3c:af:ac:94:e6:17:
         b9:d3:a3:d0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8p0g6KkkrGE6HXz1rtWf9zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxY2NhOWYxNWUxOTIxOTUzYTYyOGM4YWQyYWM0YmU5Nzdi
NmMzMDMwHhcNMjQwNDI5MTIyNjIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjBiYzMzYjQ1MWJmNzYwMzFmZWMyNGRhZWJmOWJjODAwOThhYmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQHiVY9VDwNwsf6m3z3eCNQcdzVX
Ka0BNWyanwPIRg1kHvLbDKZqweawel/iAFgylR2ebJxdHvIRK0d/BP6y0BMJ5byq
mP5XGEoxbWPAdBIRy+cIU4pKN2SzHzOUpuL7VRd54oxyRdUKP9ROr5Lnvt6igZsn
dkvmxFikTYD9i46FV+QXJBTiT9DXIjV6V7ABHc0n9TsEpBBw+cqqyDGr5Nd7MLM6
Lzsb7qAl8gq/FCRaowujqRB7pZ+roz+kENYcJ/GRA7Jl8AbMNCsbL750Ov8sDdVE
/FUZyf5Vg0azEAvPQtpV0qx6XwP8sGdT5WSIc0qcNGCbG+Asa18v4Af6bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBYLwztFG/dgMf7CTa6/m8gAmKvrMB8GA1UdIwQY
MBaAFIHMqfFeGSGVOmKMitKsS+l3tsMDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUt
MjIwNmNjMmU2OTFjLzEvRmd2RE8wVWI5MkF4X3NKTnJyLWJ5QUNZcS1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC8xZWEyYjAtNmI5YS00NGQ3LWEyZTUtMjIwNmNjMmU2OTFj
LzEvZ2N5cDhWNFpJWlU2WW95SzBxeEw2WGUyd3dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALtFlMA0G
CSqGSIb3DQEBCwUAA4IBAQAsnW4kXPTC3kOTmo2acRWdWSwUtgy0e7ICtNp1H2KP
NG8YEBKV8rv3qJxqmIe7xdFjeB0m2Y6eIg7tMVmJ3NY1h7WTdzgfYIRDSYuYjnT1
u03gHkzibJjIWOmdoRuqIDB1RN0TDgJRqthBVA7U8TpxDjwSUrGeG6p7yXU+MzuQ
rfe9x1bqOvohvAyt5LPYoKk9Vj0SbNofg3XhYZKAGAya44Nw8623iWGgDtBGawsj
nUSkiDd6EbMHskz54QY5JD696WI4VyObTHE2bwY/FSkI09OmyI3lWZi7nm39QaIJ
lPKfBnoOB5flqI4NjnJxR0hU+xyh13U8r6yU5he506PQ
-----END CERTIFICATE-----