Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/aG7r0THwy7cpiTVAbkGnEdeJrF0.roa
File:                     aG7r0THwy7cpiTVAbkGnEdeJrF0.roa (raw, json)
Hash identifier:          IGn0+oYSuQejqTsO0SICiVzVVPQPPdWXi5jh1dD83J4=
Subject key identifier:   68:6E:EB:D1:31:F0:CB:B7:29:89:35:40:6E:41:A7:11:D7:89:AC:5D
Certificate issuer:       /CN=844a1791cb07f1d86123c63dc3adcfd754db101b
Certificate serial:       018CC3B674143C8A27D862006B546EED1670
Authority key identifier: 84:4A:17:91:CB:07:F1:D8:61:23:C6:3D:C3:AD:CF:D7:54:DB:10:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hEoXkcsH8dhhI8Y9w63P11TbEBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/aG7r0THwy7cpiTVAbkGnEdeJrF0.roa
Signing time:             Mon 01 Jan 2024 06:29:23 +0000
ROA not before:           Mon 01 Jan 2024 06:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35624
IP address blocks:        185.46.84.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/hEoXkcsH8dhhI8Y9w63P11TbEBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/hEoXkcsH8dhhI8Y9w63P11TbEBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hEoXkcsH8dhhI8Y9w63P11TbEBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:74:14:3c:8a:27:d8:62:00:6b:54:6e:ed:16:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=844a1791cb07f1d86123c63dc3adcfd754db101b
        Validity
            Not Before: Jan  1 06:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=686eebd131f0cbb7298935406e41a711d789ac5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:86:c6:b6:50:2b:7f:82:80:ba:dc:f9:bf:83:
                    a7:09:5d:c0:05:e0:29:d2:ab:13:0e:52:90:f8:62:
                    8e:95:44:ec:ca:cf:f2:3d:7b:db:31:a7:ca:91:6f:
                    61:09:0d:5b:f4:3d:a4:cd:27:ce:9f:dd:6f:5c:3a:
                    62:7b:67:dc:e2:ea:79:02:72:77:33:ad:25:75:2b:
                    25:15:ec:81:55:4d:97:be:0c:07:93:ed:26:41:22:
                    75:f4:5d:49:8d:5f:7a:e3:1a:a1:88:58:ea:5b:8b:
                    c9:5b:38:96:4e:0b:2b:8d:9a:b0:e9:67:84:1d:bd:
                    56:40:7d:ee:68:07:9c:88:61:fa:8d:3d:3a:c5:4d:
                    9d:f1:a2:f6:e5:65:c1:73:f3:6f:5f:2a:2e:1e:4e:
                    19:e9:c1:e7:46:41:27:8e:88:8b:29:71:8a:e1:4d:
                    f4:2f:7b:92:24:83:81:b6:15:f3:be:48:78:5d:bf:
                    80:27:da:5c:c3:d4:4f:14:6e:d6:b8:9b:1f:7f:0b:
                    a0:a9:82:15:22:da:a9:cc:39:8e:39:2c:45:32:0f:
                    a2:8a:be:66:20:05:c2:d2:78:8d:79:d7:db:27:f3:
                    aa:54:e5:ba:97:97:1a:0d:c2:43:51:08:69:a2:ee:
                    42:35:e5:1c:59:0f:1e:bb:2c:1b:b4:02:f8:10:78:
                    50:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:6E:EB:D1:31:F0:CB:B7:29:89:35:40:6E:41:A7:11:D7:89:AC:5D
            X509v3 Authority Key Identifier:
                keyid:84:4A:17:91:CB:07:F1:D8:61:23:C6:3D:C3:AD:CF:D7:54:DB:10:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEoXkcsH8dhhI8Y9w63P11TbEBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/aG7r0THwy7cpiTVAbkGnEdeJrF0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/hEoXkcsH8dhhI8Y9w63P11TbEBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         98:7a:f3:23:16:3f:a9:01:e5:11:12:44:04:a4:c8:cf:d8:6a:
         ab:c0:46:39:eb:40:1f:1c:c9:84:ea:78:0f:d7:39:28:88:ef:
         69:3c:90:44:55:22:56:59:28:18:d6:dd:4c:0f:ab:6f:af:4a:
         55:04:fb:93:8d:e0:c7:12:ed:f2:64:7b:22:26:14:f4:6b:6b:
         4c:69:80:3b:91:27:dc:ba:39:fa:c3:96:9b:dc:0d:c8:a5:3d:
         73:79:fe:f6:92:70:42:67:f8:02:dd:72:c5:7c:7d:53:1a:68:
         21:c6:83:fb:3f:64:64:99:74:16:3d:bc:13:90:7f:90:8a:2d:
         a8:e1:be:09:ca:f3:87:2c:74:94:7b:7f:56:a0:f6:43:ac:9a:
         48:f1:80:b8:5b:f3:78:4a:38:80:ea:10:4d:27:f3:69:76:c6:
         be:4f:61:2a:d2:8a:8b:db:92:27:0c:eb:37:98:f8:7d:45:15:
         ae:b6:0b:29:64:8f:d6:1c:02:aa:dd:ba:8c:f9:71:f1:da:8a:
         85:70:38:d0:51:32:6b:48:79:3c:6c:cc:37:46:66:51:7b:84:
         2e:2e:ce:b2:14:5c:c6:89:62:98:de:09:9f:82:a5:0c:8e:12:
         aa:6f:96:64:63:47:8c:c9:d2:db:11:97:10:12:5e:f9:e6:e7:
         ee:93:d4:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtnQUPIon2GIAa1Ru7RZwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NGExNzkxY2IwN2YxZDg2MTIzYzYzZGMzYWRjZmQ3NTRk
YjEwMWIwHhcNMjQwMTAxMDYyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODZlZWJkMTMxZjBjYmI3Mjk4OTM1NDA2ZTQxYTcxMWQ3ODlhYzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA24bGtlArf4KAutz5v4OnCV3ABeAp
0qsTDlKQ+GKOlUTsys/yPXvbMafKkW9hCQ1b9D2kzSfOn91vXDpie2fc4up5AnJ3
M60ldSslFeyBVU2XvgwHk+0mQSJ19F1JjV964xqhiFjqW4vJWziWTgsrjZqw6WeE
Hb1WQH3uaAeciGH6jT06xU2d8aL25WXBc/NvXyouHk4Z6cHnRkEnjoiLKXGK4U30
L3uSJIOBthXzvkh4Xb+AJ9pcw9RPFG7WuJsffwugqYIVItqpzDmOOSxFMg+iir5m
IAXC0niNedfbJ/OqVOW6l5caDcJDUQhpou5CNeUcWQ8euywbtAL4EHhQGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGhu69Ex8Mu3KYk1QG5BpxHXiaxdMB8GA1UdIwQY
MBaAFIRKF5HLB/HYYSPGPcOtz9dU2xAbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVvWGtjc0g4ZGhoSThZOXc2M1AxMVRiRUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9mMTM3MGEtNTdjYS00NmEwLThhZjQt
NzhiYTZkYzUwMDg2LzEvYUc3cjBUSHd5N2NwaVRWQWJrR25FZGVKckYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9mMTM3MGEtNTdjYS00NmEwLThhZjQtNzhiYTZkYzUwMDg2
LzEvaEVvWGtjc0g4ZGhoSThZOXc2M1AxMVRiRUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuS5UMA0G
CSqGSIb3DQEBCwUAA4IBAQCYevMjFj+pAeUREkQEpMjP2GqrwEY560AfHMmE6ngP
1zkoiO9pPJBEVSJWWSgY1t1MD6tvr0pVBPuTjeDHEu3yZHsiJhT0a2tMaYA7kSfc
ujn6w5ab3A3IpT1zef72knBCZ/gC3XLFfH1TGmghxoP7P2RkmXQWPbwTkH+Qii2o
4b4JyvOHLHSUe39WoPZDrJpI8YC4W/N4SjiA6hBNJ/Npdsa+T2Eq0oqL25InDOs3
mPh9RRWutgspZI/WHAKq3bqM+XHx2oqFcDjQUTJrSHk8bMw3RmZRe4QuLs6yFFzG
iWKY3gmfgqUMjhKqb5ZkY0eMydLbEZcQEl755ufuk9Qp
-----END CERTIFICATE-----