Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/cbc4bb-999c-4988-a1e1-cd2dcb355655/1/RQw6_t1n5qCmw8MdzAcx5Qgbk5o.roa
File:                     RQw6_t1n5qCmw8MdzAcx5Qgbk5o.roa (raw, json)
Hash identifier:          v0ZMJD284Kc7xj717Txs350Ui70x2/pqbCgbZlM1p/w=
Subject key identifier:   45:0C:3A:FE:DD:67:E6:A0:A6:C3:C3:1D:CC:07:31:E5:08:1B:93:9A
Certificate issuer:       /CN=f676887f22ecda8d074815a0bcf91faf81942abd
Certificate serial:       018CFD13C6C69CEBAB94668E78A51CF602D0
Authority key identifier: F6:76:88:7F:22:EC:DA:8D:07:48:15:A0:BC:F9:1F:AF:81:94:2A:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9naIfyLs2o0HSBWgvPkfr4GUKr0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/cbc4bb-999c-4988-a1e1-cd2dcb355655/1/RQw6_t1n5qCmw8MdzAcx5Qgbk5o.roa
Signing time:             Fri 12 Jan 2024 09:49:40 +0000
ROA not before:           Fri 12 Jan 2024 09:49:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44694
IP address blocks:        46.16.38.0/24 maxlen: 24
                          2a14:6480::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/cbc4bb-999c-4988-a1e1-cd2dcb355655/1/9naIfyLs2o0HSBWgvPkfr4GUKr0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/cbc4bb-999c-4988-a1e1-cd2dcb355655/1/9naIfyLs2o0HSBWgvPkfr4GUKr0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9naIfyLs2o0HSBWgvPkfr4GUKr0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 20:19:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:fd:13:c6:c6:9c:eb:ab:94:66:8e:78:a5:1c:f6:02:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f676887f22ecda8d074815a0bcf91faf81942abd
        Validity
            Not Before: Jan 12 09:49:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=450c3afedd67e6a0a6c3c31dcc0731e5081b939a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:ed:d3:ef:1e:28:06:79:b8:67:50:f5:0f:b3:
                    29:47:18:b0:9b:d8:08:17:2b:71:e3:72:99:c8:2b:
                    1e:d0:20:87:93:87:ec:cd:56:31:ce:27:f9:77:d0:
                    25:90:e4:3d:37:e2:dc:cb:50:2c:6a:ec:2f:fb:88:
                    a2:63:ae:ad:4f:31:d8:f2:f8:e7:c1:9d:e5:2b:be:
                    1e:01:ba:8e:fb:a4:5a:fa:d9:5b:30:bc:8b:e2:52:
                    9b:1a:ca:4b:e4:c4:ff:91:1e:f0:1d:42:87:fb:85:
                    5d:80:e8:f7:48:8e:64:81:b3:0d:4f:00:a0:1c:11:
                    8d:e3:2e:11:9c:27:d0:f4:2c:8e:d8:e7:8b:15:71:
                    f9:cb:29:a3:a1:28:bc:33:f8:ef:1a:f1:ab:c5:f5:
                    68:e7:f5:56:6c:0a:1d:57:16:36:9b:f8:b0:31:9e:
                    0e:c7:75:6e:15:43:62:20:1f:7a:45:c9:2a:40:67:
                    0d:b4:f4:bb:fd:5a:15:ff:61:ce:5d:2f:24:96:72:
                    09:e3:61:7e:ad:3d:a2:56:7b:b3:ad:9e:3e:76:ce:
                    6f:b4:11:a4:0b:07:e9:5c:00:9b:1c:35:45:13:f7:
                    c4:31:04:2e:bb:88:3a:60:65:17:c6:61:b8:4e:1a:
                    34:9b:e4:eb:be:74:af:5c:9a:6a:82:ae:52:bf:54:
                    92:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:0C:3A:FE:DD:67:E6:A0:A6:C3:C3:1D:CC:07:31:E5:08:1B:93:9A
            X509v3 Authority Key Identifier:
                keyid:F6:76:88:7F:22:EC:DA:8D:07:48:15:A0:BC:F9:1F:AF:81:94:2A:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9naIfyLs2o0HSBWgvPkfr4GUKr0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/cbc4bb-999c-4988-a1e1-cd2dcb355655/1/RQw6_t1n5qCmw8MdzAcx5Qgbk5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/cbc4bb-999c-4988-a1e1-cd2dcb355655/1/9naIfyLs2o0HSBWgvPkfr4GUKr0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.16.38.0/24
                IPv6:
                  2a14:6480::/33

    Signature Algorithm: sha256WithRSAEncryption
         94:79:5e:13:d5:47:e2:f5:71:c1:f9:e2:99:3b:32:51:01:19:
         dd:0f:9c:a3:b6:e1:34:e7:71:ae:c1:e9:89:3e:17:7a:c8:a6:
         ed:4c:9f:a4:16:e7:c6:f7:59:8b:a5:31:d8:2c:0c:c4:f9:db:
         0b:4e:5f:c4:ed:91:cb:af:b3:30:89:2d:19:27:45:ea:ec:46:
         3c:ff:00:a1:f8:08:bc:4e:9e:3e:52:86:e0:28:aa:52:fa:bc:
         d6:8d:9e:90:a6:c1:e0:11:10:3f:44:93:34:38:64:41:d3:9b:
         6a:a3:9d:22:c6:fe:b7:52:45:a6:27:a4:8e:15:c1:21:94:63:
         19:62:25:77:ee:3e:7e:32:cb:bf:c2:d1:7b:9f:6a:57:ef:7a:
         50:a1:5b:d3:12:38:80:e1:7a:b8:22:7b:cc:8c:87:88:68:38:
         e1:e2:1d:6d:4e:33:0a:fd:7a:e0:d6:dc:04:96:28:3a:d0:80:
         fc:ec:4f:a4:9c:27:48:3d:fb:ae:3b:0f:78:37:10:fd:93:f6:
         48:85:4c:4d:ee:40:83:83:d1:21:6e:d2:e1:53:18:a8:24:51:
         92:6b:d4:c9:70:ab:5a:e8:00:74:17:02:04:4f:c5:0d:58:41:
         d9:12:98:00:93:54:42:8e:3d:b6:50:7a:fd:ee:50:dd:5a:be:
         2c:c6:40:f1
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYz9E8bGnOurlGaOeKUc9gLQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2NzY4ODdmMjJlY2RhOGQwNzQ4MTVhMGJjZjkxZmFmODE5
NDJhYmQwHhcNMjQwMTEyMDk0OTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTBjM2FmZWRkNjdlNmEwYTZjM2MzMWRjYzA3MzFlNTA4MWI5MzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg+3T7x4oBnm4Z1D1D7MpRxiwm9gI
Fytx43KZyCse0CCHk4fszVYxzif5d9AlkOQ9N+Lcy1Asauwv+4iiY66tTzHY8vjn
wZ3lK74eAbqO+6Ra+tlbMLyL4lKbGspL5MT/kR7wHUKH+4VdgOj3SI5kgbMNTwCg
HBGN4y4RnCfQ9CyO2OeLFXH5yymjoSi8M/jvGvGrxfVo5/VWbAodVxY2m/iwMZ4O
x3VuFUNiIB96RckqQGcNtPS7/VoV/2HOXS8klnIJ42F+rT2iVnuzrZ4+ds5vtBGk
CwfpXACbHDVFE/fEMQQuu4g6YGUXxmG4Tho0m+TrvnSvXJpqgq5Sv1SSjQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFEUMOv7dZ+agpsPDHcwHMeUIG5OaMB8GA1UdIwQY
MBaAFPZ2iH8i7NqNB0gVoLz5H6+BlCq9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOW5hSWZ5THMybzBIU0JXZ3ZQa2ZyNEdVS3IwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9jYmM0YmItOTk5Yy00OTg4LWExZTEt
Y2QyZGNiMzU1NjU1LzEvUlF3Nl90MW41cUNtdzhNZHpBY3g1UWdiazVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9jYmM0YmItOTk5Yy00OTg4LWExZTEtY2QyZGNiMzU1NjU1
LzEvOW5hSWZ5THMybzBIU0JXZ3ZQa2ZyNEdVS3IwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQALhAmMA4E
AgACMAgDBgcqFGSAADANBgkqhkiG9w0BAQsFAAOCAQEAlHleE9VH4vVxwfnimTsy
UQEZ3Q+co7bhNOdxrsHpiT4Xesim7UyfpBbnxvdZi6Ux2CwMxPnbC05fxO2Ry6+z
MIktGSdF6uxGPP8AofgIvE6ePlKG4CiqUvq81o2ekKbB4BEQP0STNDhkQdObaqOd
Isb+t1JFpiekjhXBIZRjGWIld+4+fjLLv8LRe59qV+96UKFb0xI4gOF6uCJ7zIyH
iGg44eIdbU4zCv164NbcBJYoOtCA/OxPpJwnSD37rjsPeDcQ/ZP2SIVMTe5Ag4PR
IW7S4VMYqCRRkmvUyXCrWugAdBcCBE/FDVhB2RKYAJNUQo49tlB6/e5Q3Vq+LMZA
8Q==
-----END CERTIFICATE-----