Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/jA9ALsipx8RNb9zh1NHQ_IzVJuY.roa
File:                     jA9ALsipx8RNb9zh1NHQ_IzVJuY.roa (raw, json)
Hash identifier:          TAuYSqH4o9Bxz1eLDSpjnBtTFqZtrfEgSKRgqxx+cfo=
Subject key identifier:   8C:0F:40:2E:C8:A9:C7:C4:4D:6F:DC:E1:D4:D1:D0:FC:8C:D5:26:E6
Certificate issuer:       /CN=11bfa2961fa0e0b07041293ddc0c3693a9e0a238
Certificate serial:       018CC26D707E979333375E18F1E2E43A8889
Authority key identifier: 11:BF:A2:96:1F:A0:E0:B0:70:41:29:3D:DC:0C:36:93:A9:E0:A2:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eb-ilh-g4LBwQSk93Aw2k6ngojg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/jA9ALsipx8RNb9zh1NHQ_IzVJuY.roa
Signing time:             Mon 01 Jan 2024 00:30:01 +0000
ROA not before:           Mon 01 Jan 2024 00:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61242
IP address blocks:        46.22.161.0/24 maxlen: 24
                          46.22.172.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/Eb-ilh-g4LBwQSk93Aw2k6ngojg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/Eb-ilh-g4LBwQSk93Aw2k6ngojg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eb-ilh-g4LBwQSk93Aw2k6ngojg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 11:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:70:7e:97:93:33:37:5e:18:f1:e2:e4:3a:88:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11bfa2961fa0e0b07041293ddc0c3693a9e0a238
        Validity
            Not Before: Jan  1 00:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c0f402ec8a9c7c44d6fdce1d4d1d0fc8cd526e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:2f:2e:db:eb:b2:0d:a5:8e:5e:de:3a:52:7a:
                    0c:b5:b0:da:2b:f2:2d:71:aa:37:55:36:35:0e:cc:
                    fa:98:05:a0:0d:9e:21:81:a6:a7:d7:81:ec:d0:c5:
                    29:68:a2:2c:f2:98:60:16:82:9d:c3:d4:63:bf:1a:
                    52:73:90:67:34:ca:01:7f:1d:91:31:b6:8f:b6:e3:
                    e7:a4:ab:7c:c6:db:13:aa:76:22:fb:e1:0d:c9:64:
                    e1:d0:f9:eb:6c:e9:80:09:3a:a7:a6:3b:69:31:a2:
                    e8:86:a5:88:e4:b4:fc:0e:ff:a8:b3:b5:bd:44:62:
                    75:fd:e1:fa:72:55:22:5d:f3:ce:eb:80:35:84:65:
                    8d:23:94:4d:dd:06:b0:f1:16:61:ed:36:2c:a1:10:
                    29:4d:48:23:df:ba:0f:e7:92:a7:7b:70:e6:a1:4d:
                    ef:79:3a:e4:3a:d3:ca:09:b7:e8:41:6c:b1:77:61:
                    3d:57:63:09:68:26:b4:40:b2:71:4e:3b:99:bc:ae:
                    91:af:0c:0d:07:c9:54:9e:67:14:ef:4f:d6:b3:b0:
                    60:c4:ee:bb:38:78:d3:2c:92:f8:45:38:ec:74:ba:
                    09:dd:cf:8f:ef:8f:4a:bf:e1:ee:48:28:28:b5:c9:
                    82:ad:76:19:e4:74:5c:40:b4:9a:5b:58:ec:9e:d5:
                    6f:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:0F:40:2E:C8:A9:C7:C4:4D:6F:DC:E1:D4:D1:D0:FC:8C:D5:26:E6
            X509v3 Authority Key Identifier:
                keyid:11:BF:A2:96:1F:A0:E0:B0:70:41:29:3D:DC:0C:36:93:A9:E0:A2:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eb-ilh-g4LBwQSk93Aw2k6ngojg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/jA9ALsipx8RNb9zh1NHQ_IzVJuY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/173173-819f-4bc9-92d8-78791c9356a3/1/Eb-ilh-g4LBwQSk93Aw2k6ngojg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.22.161.0/24
                  46.22.172.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:91:10:5a:db:26:1b:37:d7:0a:8b:93:2a:7a:5d:87:a5:ce:
         3d:a6:c5:f0:df:ef:5d:9f:d4:32:cc:71:0f:6a:a6:cc:26:35:
         11:46:17:ba:25:eb:55:7c:5c:2a:41:e9:fa:cc:ac:0a:74:d6:
         74:6b:1e:27:f5:7c:31:eb:c5:9e:b7:ed:06:24:28:46:9e:ae:
         e6:cf:2d:46:37:5a:76:38:1f:36:dc:8b:89:26:4e:41:ce:48:
         dd:93:c3:d2:c6:f4:97:33:82:2a:67:39:b4:a2:0c:eb:ab:b9:
         19:4e:7c:21:2b:17:8c:4b:8c:d6:f0:a9:f3:43:82:dd:9c:b1:
         78:1c:ea:e1:bc:06:d3:83:6b:c8:3e:27:40:8d:55:85:b7:b7:
         5f:77:6b:a5:07:b5:91:56:a7:b0:7d:90:df:e0:6a:e6:49:4b:
         9e:e5:b9:b9:32:c8:4c:5a:60:73:42:9d:bd:a1:c3:cb:86:09:
         40:4a:e3:0f:0b:ed:7f:4b:3d:b4:4a:63:db:27:be:9a:9b:fd:
         a3:ce:25:52:1e:1f:9f:2b:f4:fb:fd:0e:6d:41:1a:01:a8:49:
         7e:5c:fd:25:ad:ac:0c:10:ef:0e:57:0d:be:ac:89:b9:e2:28:
         3d:52:df:c6:2a:a6:11:11:66:af:03:d3:ad:e1:48:b3:85:dd:
         38:00:a9:d5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzCbXB+l5MzN14Y8eLkOoiJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYmZhMjk2MWZhMGUwYjA3MDQxMjkzZGRjMGMzNjkzYTll
MGEyMzgwHhcNMjQwMTAxMDAzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzBmNDAyZWM4YTljN2M0NGQ2ZmRjZTFkNGQxZDBmYzhjZDUyNmU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoS8u2+uyDaWOXt46UnoMtbDaK/It
cao3VTY1Dsz6mAWgDZ4hgaan14Hs0MUpaKIs8phgFoKdw9RjvxpSc5BnNMoBfx2R
MbaPtuPnpKt8xtsTqnYi++ENyWTh0PnrbOmACTqnpjtpMaLohqWI5LT8Dv+os7W9
RGJ1/eH6clUiXfPO64A1hGWNI5RN3Qaw8RZh7TYsoRApTUgj37oP55Kne3DmoU3v
eTrkOtPKCbfoQWyxd2E9V2MJaCa0QLJxTjuZvK6RrwwNB8lUnmcU70/Ws7BgxO67
OHjTLJL4RTjsdLoJ3c+P749Kv+HuSCgotcmCrXYZ5HRcQLSaW1jsntVv3QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIwPQC7IqcfETW/c4dTR0PyM1SbmMB8GA1UdIwQY
MBaAFBG/opYfoOCwcEEpPdwMNpOp4KI4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWItaWxoLWc0TEJ3UVNrOTNBdzJrNm5nb2pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8xNzMxNzMtODE5Zi00YmM5LTkyZDgt
Nzg3OTFjOTM1NmEzLzEvakE5QUxzaXB4OFJOYjl6aDFOSFFfSXpWSnVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8xNzMxNzMtODE5Zi00YmM5LTkyZDgtNzg3OTFjOTM1NmEz
LzEvRWItaWxoLWc0TEJ3UVNrOTNBdzJrNm5nb2pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALhahAwQA
LhasMA0GCSqGSIb3DQEBCwUAA4IBAQApkRBa2yYbN9cKi5Mqel2Hpc49psXw3+9d
n9QyzHEPaqbMJjURRhe6JetVfFwqQen6zKwKdNZ0ax4n9Xwx68Wet+0GJChGnq7m
zy1GN1p2OB823IuJJk5Bzkjdk8PSxvSXM4IqZzm0ogzrq7kZTnwhKxeMS4zW8Knz
Q4LdnLF4HOrhvAbTg2vIPidAjVWFt7dfd2ulB7WRVqewfZDf4GrmSUue5bm5MshM
WmBzQp29ocPLhglASuMPC+1/Sz20SmPbJ76am/2jziVSHh+fK/T7/Q5tQRoBqEl+
XP0lrawMEO8OVw2+rIm54ig9Ut/GKqYREWavA9Ot4Uizhd04AKnV
-----END CERTIFICATE-----