Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/RlgpYJj3OkVQfs46xICidNZqgkU.roa
File:                     RlgpYJj3OkVQfs46xICidNZqgkU.roa (raw, json)
Hash identifier:          XJ+/NHZmf2MnViTp+C1CM6uGW9B5OtA9zpwsYXrrRNM=
Subject key identifier:   46:58:29:60:98:F7:3A:45:50:7E:CE:3A:C4:80:A2:74:D6:6A:82:45
Certificate issuer:       /CN=4c911324e869bc4ca5ec8bad0d3ddff685441979
Certificate serial:       018CC5DC05FD8E93DC66E8D478A31B3F2617
Authority key identifier: 4C:91:13:24:E8:69:BC:4C:A5:EC:8B:AD:0D:3D:DF:F6:85:44:19:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TJETJOhpvEyl7IutDT3f9oVEGXk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/RlgpYJj3OkVQfs46xICidNZqgkU.roa
Signing time:             Mon 01 Jan 2024 16:29:40 +0000
ROA not before:           Mon 01 Jan 2024 16:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20539
IP address blocks:        94.199.160.0/21 maxlen: 24
                          2a02:680:8000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/TJETJOhpvEyl7IutDT3f9oVEGXk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/TJETJOhpvEyl7IutDT3f9oVEGXk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TJETJOhpvEyl7IutDT3f9oVEGXk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:05:fd:8e:93:dc:66:e8:d4:78:a3:1b:3f:26:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4c911324e869bc4ca5ec8bad0d3ddff685441979
        Validity
            Not Before: Jan  1 16:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4658296098f73a45507ece3ac480a274d66a8245
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:84:db:68:14:ab:43:0c:f4:51:3d:98:54:73:
                    14:00:7e:a4:c9:74:be:f0:a0:b0:bb:ad:81:04:7f:
                    22:67:3f:28:89:73:8c:8e:de:14:3e:5b:bc:04:a0:
                    43:43:bb:af:38:82:bc:3a:23:4e:80:5e:ce:bb:28:
                    5a:0c:19:a7:2d:67:1f:cd:68:25:bd:f7:ad:cb:67:
                    84:ab:4f:97:4e:fd:c8:ef:ac:31:95:d8:e1:da:96:
                    e3:1c:0b:b8:ad:9e:ee:14:29:d6:06:6a:43:69:d2:
                    b7:d0:76:31:7a:9d:c0:13:6d:a8:60:81:60:06:67:
                    fd:fe:05:8b:44:4a:ba:28:96:2f:b6:52:c7:63:64:
                    e6:d9:9d:62:05:2f:31:f0:10:5f:3e:f3:c9:6a:95:
                    50:ab:07:80:87:63:9c:94:8a:a8:62:70:76:63:0d:
                    42:9c:14:05:62:32:ed:70:ae:17:c4:fc:d1:4c:44:
                    88:59:eb:f1:05:b0:79:e7:0d:19:6e:53:5d:a2:cd:
                    1d:54:1c:91:84:3a:c4:f8:94:1a:d9:53:ef:f1:92:
                    71:0c:90:dd:d8:63:b8:65:9e:83:49:32:f4:92:83:
                    f2:f4:3f:bf:65:03:38:11:f9:6b:16:7c:f3:eb:0d:
                    cd:98:5c:02:b9:60:a8:ae:5c:4b:d2:a1:14:ec:4f:
                    32:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:58:29:60:98:F7:3A:45:50:7E:CE:3A:C4:80:A2:74:D6:6A:82:45
            X509v3 Authority Key Identifier:
                keyid:4C:91:13:24:E8:69:BC:4C:A5:EC:8B:AD:0D:3D:DF:F6:85:44:19:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TJETJOhpvEyl7IutDT3f9oVEGXk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/RlgpYJj3OkVQfs46xICidNZqgkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/2b38b3-12f1-4242-adae-b7d1cac51e0c/1/TJETJOhpvEyl7IutDT3f9oVEGXk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.199.160.0/21
                IPv6:
                  2a02:680:8000::/36

    Signature Algorithm: sha256WithRSAEncryption
         b3:e7:c8:a8:25:51:77:98:ab:06:52:8f:70:92:b5:92:eb:d2:
         d0:d3:4d:40:60:36:46:da:f3:45:00:e6:49:d5:36:2c:aa:26:
         84:88:af:0b:b0:77:34:5c:db:4f:cb:fe:b4:53:c8:50:41:d9:
         d8:30:ca:95:e4:97:7f:86:cb:8b:19:c4:7c:39:56:7f:b5:bc:
         fa:43:d8:c7:0f:52:b7:ed:cb:3c:dc:eb:d6:67:91:c9:2e:8d:
         2d:aa:7c:d1:60:b8:c8:75:d6:30:0b:35:e8:34:d2:5b:d2:76:
         08:b6:be:a4:df:51:db:59:ee:89:f1:a8:a8:a6:48:bf:43:4b:
         eb:14:29:50:0d:83:5e:2d:67:fa:a4:39:82:50:4d:b2:7c:61:
         6a:4d:98:54:d1:93:c9:f3:66:e1:48:21:2a:cf:0d:d3:a1:0a:
         bb:a7:73:98:40:3a:87:a8:ad:e3:79:71:ae:d9:63:1f:80:22:
         e2:2f:66:bc:30:74:54:ba:13:b7:c9:72:8f:39:f6:d5:ed:17:
         f5:2b:14:f6:ea:ba:df:d7:46:f4:33:9c:43:6c:85:b8:f4:ac:
         f2:b5:3d:e1:21:cf:4f:96:fb:25:85:12:16:c8:f4:63:95:b6:
         0e:68:33:7c:d7:ac:d3:85:7b:40:1e:95:3b:21:62:2f:4e:47:
         d3:fc:88:23
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzF3AX9jpPcZujUeKMbPyYXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjOTExMzI0ZTg2OWJjNGNhNWVjOGJhZDBkM2RkZmY2ODU0
NDE5NzkwHhcNMjQwMTAxMTYyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjU4Mjk2MDk4ZjczYTQ1NTA3ZWNlM2FjNDgwYTI3NGQ2NmE4MjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYTbaBSrQwz0UT2YVHMUAH6kyXS+
8KCwu62BBH8iZz8oiXOMjt4UPlu8BKBDQ7uvOIK8OiNOgF7OuyhaDBmnLWcfzWgl
vfety2eEq0+XTv3I76wxldjh2pbjHAu4rZ7uFCnWBmpDadK30HYxep3AE22oYIFg
Bmf9/gWLREq6KJYvtlLHY2Tm2Z1iBS8x8BBfPvPJapVQqweAh2OclIqoYnB2Yw1C
nBQFYjLtcK4XxPzRTESIWevxBbB55w0ZblNdos0dVByRhDrE+JQa2VPv8ZJxDJDd
2GO4ZZ6DSTL0koPy9D+/ZQM4EflrFnzz6w3NmFwCuWCorlxL0qEU7E8y5QIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFEZYKWCY9zpFUH7OOsSAonTWaoJFMB8GA1UdIwQY
MBaAFEyREyToabxMpeyLrQ093/aFRBl5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVEpFVEpPaHB2RXlsN0l1dERUM2Y5b1ZFR1hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8yYjM4YjMtMTJmMS00MjQyLWFkYWUt
YjdkMWNhYzUxZTBjLzEvUmxncFlKajNPa1ZRZnM0NnhJQ2lkTlpxZ2tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8yYjM4YjMtMTJmMS00MjQyLWFkYWUtYjdkMWNhYzUxZTBj
LzEvVEpFVEpPaHB2RXlsN0l1dERUM2Y5b1ZFR1hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQDXsegMA4E
AgACMAgDBgQqAgaAgDANBgkqhkiG9w0BAQsFAAOCAQEAs+fIqCVRd5irBlKPcJK1
kuvS0NNNQGA2RtrzRQDmSdU2LKomhIivC7B3NFzbT8v+tFPIUEHZ2DDKleSXf4bL
ixnEfDlWf7W8+kPYxw9St+3LPNzr1meRyS6NLap80WC4yHXWMAs16DTSW9J2CLa+
pN9R21nuifGoqKZIv0NL6xQpUA2DXi1n+qQ5glBNsnxhak2YVNGTyfNm4UghKs8N
06EKu6dzmEA6h6it43lxrtljH4Ai4i9mvDB0VLoTt8lyjzn21e0X9SsU9uq639dG
9DOcQ2yFuPSs8rU94SHPT5b7JYUSFsj0Y5W2DmgzfNes04V7QB6VOyFiL05H0/yI
Iw==
-----END CERTIFICATE-----