Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/40c548-5cc6-47c3-9e8f-bddb29f85fb8/1/xkqKhQTJvliTYKm1irpbDs1DdRk.roa
File:                     xkqKhQTJvliTYKm1irpbDs1DdRk.roa (raw, json)
Hash identifier:          k8/BtWF9ShjrNgUsTBho4Go8rADrHXdYSFOCs5o0LFk=
Subject key identifier:   C6:4A:8A:85:04:C9:BE:58:93:60:A9:B5:8A:BA:5B:0E:CD:43:75:19
Certificate issuer:       /CN=903ec4c502a42c5bbfdb70ea9f440ca1500acc50
Certificate serial:       018F19747335CF2949459B48122E5CF9172A
Authority key identifier: 90:3E:C4:C5:02:A4:2C:5B:BF:DB:70:EA:9F:44:0C:A1:50:0A:CC:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kD7ExQKkLFu_23Dqn0QMoVAKzFA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/40c548-5cc6-47c3-9e8f-bddb29f85fb8/1/xkqKhQTJvliTYKm1irpbDs1DdRk.roa
Signing time:             Fri 26 Apr 2024 08:10:13 +0000
ROA not before:           Fri 26 Apr 2024 08:10:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44078
IP address blocks:        46.37.192.0/19 maxlen: 19
                          79.135.192.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/40c548-5cc6-47c3-9e8f-bddb29f85fb8/1/kD7ExQKkLFu_23Dqn0QMoVAKzFA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/40c548-5cc6-47c3-9e8f-bddb29f85fb8/1/kD7ExQKkLFu_23Dqn0QMoVAKzFA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kD7ExQKkLFu_23Dqn0QMoVAKzFA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:19:74:73:35:cf:29:49:45:9b:48:12:2e:5c:f9:17:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=903ec4c502a42c5bbfdb70ea9f440ca1500acc50
        Validity
            Not Before: Apr 26 08:10:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c64a8a8504c9be589360a9b58aba5b0ecd437519
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:66:bb:78:84:68:cf:8f:75:09:9b:d6:c8:af:
                    af:77:e6:d0:e2:c9:c2:ce:42:32:8d:48:4f:37:65:
                    a0:0f:d2:ec:c0:c6:15:cd:25:6f:91:8b:54:59:dc:
                    2a:f0:38:15:6c:ea:e8:c5:66:2b:a5:87:74:38:98:
                    4d:f7:f0:39:f4:aa:67:17:d1:3e:ec:30:94:6e:c9:
                    b2:8b:4f:e6:cc:c2:a0:fd:70:4b:3c:71:cb:c3:0c:
                    f9:d6:88:78:dc:6a:80:f3:d8:18:2d:8a:6b:61:8b:
                    8b:a6:0f:eb:67:de:09:4d:bf:15:43:a9:65:bd:df:
                    cf:5b:41:17:b6:79:55:5b:59:7e:56:ff:f7:f4:eb:
                    f2:6d:e1:b8:80:7d:37:3a:ce:47:09:1a:ee:12:b6:
                    1b:62:3e:a8:15:89:14:4f:26:f4:d8:0c:94:dd:db:
                    7c:0d:51:c5:6b:86:34:e2:df:d6:ce:91:56:23:53:
                    73:1c:2b:25:8e:b1:0b:48:ee:c7:80:fc:09:a4:37:
                    2e:9f:17:26:80:8f:59:eb:de:26:0a:1b:4c:2d:3d:
                    7a:81:f5:9f:f2:6c:97:4b:6a:4c:8d:c7:29:aa:bb:
                    ec:c8:80:72:a3:e8:c9:57:b0:c6:06:81:57:2f:50:
                    1f:2c:83:43:d0:e4:aa:21:6c:ea:db:6a:ee:1a:02:
                    42:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:4A:8A:85:04:C9:BE:58:93:60:A9:B5:8A:BA:5B:0E:CD:43:75:19
            X509v3 Authority Key Identifier:
                keyid:90:3E:C4:C5:02:A4:2C:5B:BF:DB:70:EA:9F:44:0C:A1:50:0A:CC:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kD7ExQKkLFu_23Dqn0QMoVAKzFA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/40c548-5cc6-47c3-9e8f-bddb29f85fb8/1/xkqKhQTJvliTYKm1irpbDs1DdRk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/40c548-5cc6-47c3-9e8f-bddb29f85fb8/1/kD7ExQKkLFu_23Dqn0QMoVAKzFA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.37.192.0/19
                  79.135.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         53:ba:6f:58:88:3b:c8:96:9a:db:66:34:2d:4e:7f:07:c4:94:
         06:cd:1f:dc:da:3c:cb:4d:07:c6:38:67:6f:58:f6:5c:a8:43:
         80:c4:41:ce:d8:5d:dd:d9:9d:7c:e7:36:6d:6f:ee:ab:b0:31:
         f1:fe:80:55:1f:0f:fd:e8:d3:e0:3b:7f:06:e8:d1:f6:1a:ce:
         55:df:7e:c7:81:a5:b5:f4:90:b5:a7:5a:80:bb:b9:fc:c5:be:
         1d:6e:d1:19:80:9b:85:45:a3:64:19:74:9a:af:a2:c6:80:db:
         c5:b8:2a:2a:68:78:bc:89:94:4f:82:42:66:21:c2:0b:0d:d2:
         01:5d:7d:a0:5e:a1:26:46:29:13:e8:60:dd:f0:61:b5:1a:5a:
         b5:6e:d8:a5:d1:b3:f1:29:ae:7f:ca:de:df:f3:78:56:4b:a1:
         0d:88:b1:50:d0:44:fc:1e:d9:8e:f2:5f:d3:c0:07:2d:72:62:
         d7:b3:cf:9a:28:9f:c1:33:76:77:66:af:65:b5:b3:00:95:4a:
         c8:5b:bc:cd:eb:b4:ad:0f:16:3e:bd:d0:64:e4:2b:d8:f4:5c:
         07:28:57:ca:6e:93:0c:18:08:1d:d1:b7:7e:de:09:46:05:e5:
         2c:e9:3d:f2:b8:47:bd:bb:17:05:57:23:ff:8c:dc:da:79:6c:
         cc:2e:d2:07
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8ZdHM1zylJRZtIEi5c+RcqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwM2VjNGM1MDJhNDJjNWJiZmRiNzBlYTlmNDQwY2ExNTAw
YWNjNTAwHhcNMjQwNDI2MDgxMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjRhOGE4NTA0YzliZTU4OTM2MGE5YjU4YWJhNWIwZWNkNDM3NTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA22a7eIRoz491CZvWyK+vd+bQ4snC
zkIyjUhPN2WgD9LswMYVzSVvkYtUWdwq8DgVbOroxWYrpYd0OJhN9/A59KpnF9E+
7DCUbsmyi0/mzMKg/XBLPHHLwwz51oh43GqA89gYLYprYYuLpg/rZ94JTb8VQ6ll
vd/PW0EXtnlVW1l+Vv/39OvybeG4gH03Os5HCRruErYbYj6oFYkUTyb02AyU3dt8
DVHFa4Y04t/WzpFWI1NzHCsljrELSO7HgPwJpDcunxcmgI9Z694mChtMLT16gfWf
8myXS2pMjccpqrvsyIByo+jJV7DGBoFXL1AfLIND0OSqIWzq22ruGgJCuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMZKioUEyb5Yk2CptYq6Ww7NQ3UZMB8GA1UdIwQY
MBaAFJA+xMUCpCxbv9tw6p9EDKFQCsxQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0Q3RXhRS2tMRnVfMjNEcW4wUU1vVkFLekZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC80MGM1NDgtNWNjNi00N2MzLTllOGYt
YmRkYjI5Zjg1ZmI4LzEveGtxS2hRVEp2bGlUWUttMWlycGJEczFEZFJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC80MGM1NDgtNWNjNi00N2MzLTllOGYtYmRkYjI5Zjg1ZmI4
LzEva0Q3RXhRS2tMRnVfMjNEcW4wUU1vVkFLekZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQFLiXAAwQF
T4fAMA0GCSqGSIb3DQEBCwUAA4IBAQBTum9YiDvIlprbZjQtTn8HxJQGzR/c2jzL
TQfGOGdvWPZcqEOAxEHO2F3d2Z185zZtb+6rsDHx/oBVHw/96NPgO38G6NH2Gs5V
337HgaW19JC1p1qAu7n8xb4dbtEZgJuFRaNkGXSar6LGgNvFuCoqaHi8iZRPgkJm
IcILDdIBXX2gXqEmRikT6GDd8GG1Glq1btil0bPxKa5/yt7f83hWS6ENiLFQ0ET8
HtmO8l/TwActcmLXs8+aKJ/BM3Z3Zq9ltbMAlUrIW7zN67StDxY+vdBk5CvY9FwH
KFfKbpMMGAgd0bd+3glGBeUs6T3yuEe9uxcFVyP/jNzaeWzMLtIH
-----END CERTIFICATE-----