Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/45e632-b0fd-4d81-9cf7-8fd22105806b/1/OC7VYmFzXkrnroW464py0VMNK7Q.roa
File:                     OC7VYmFzXkrnroW464py0VMNK7Q.roa (raw, json)
Hash identifier:          iXRVt60CTBatjyHUI46pQNS15ALABWCu9KNSjt3FZcg=
Subject key identifier:   38:2E:D5:62:61:73:5E:4A:E7:AE:85:B8:EB:8A:72:D1:53:0D:2B:B4
Certificate issuer:       /CN=70811ce0ce7353f03ede9cb7ca5116255fbfb7bd
Certificate serial:       018CC87146EF95AEF7F0B6BEE206C5E81551
Authority key identifier: 70:81:1C:E0:CE:73:53:F0:3E:DE:9C:B7:CA:51:16:25:5F:BF:B7:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cIEc4M5zU_A-3py3ylEWJV-_t70.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/45e632-b0fd-4d81-9cf7-8fd22105806b/1/OC7VYmFzXkrnroW464py0VMNK7Q.roa
Signing time:             Tue 02 Jan 2024 04:31:56 +0000
ROA not before:           Tue 02 Jan 2024 04:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52058
IP address blocks:        46.174.56.0/21 maxlen: 24
                          91.221.212.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/45e632-b0fd-4d81-9cf7-8fd22105806b/1/cIEc4M5zU_A-3py3ylEWJV-_t70.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/45e632-b0fd-4d81-9cf7-8fd22105806b/1/cIEc4M5zU_A-3py3ylEWJV-_t70.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cIEc4M5zU_A-3py3ylEWJV-_t70.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:46:ef:95:ae:f7:f0:b6:be:e2:06:c5:e8:15:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70811ce0ce7353f03ede9cb7ca5116255fbfb7bd
        Validity
            Not Before: Jan  2 04:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=382ed56261735e4ae7ae85b8eb8a72d1530d2bb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d0:aa:88:09:c6:36:9a:2e:23:3d:0d:e5:3f:
                    16:59:fc:ce:d7:ae:14:c4:c6:9e:9b:de:84:ac:70:
                    32:1b:cc:8c:b1:f3:1d:9f:a7:85:e1:b8:ae:4f:47:
                    9e:87:4c:10:e4:08:96:14:0a:87:81:b3:eb:3e:91:
                    bd:b3:c3:b6:a4:62:86:70:80:05:70:87:fe:55:20:
                    1e:3e:c5:f5:e9:19:07:33:96:8f:fd:46:ae:1d:50:
                    da:41:eb:75:3c:71:3d:2e:67:f7:c8:eb:fb:03:d6:
                    b1:5d:e8:94:ae:c2:ba:be:ed:0c:bf:c8:da:9c:71:
                    45:6c:5f:6e:75:2e:74:7a:4b:68:a6:60:bf:40:1b:
                    ec:ac:f0:f1:4a:77:04:3e:1b:64:40:cd:dc:58:eb:
                    47:ae:3a:4c:cc:f6:e7:d0:e8:17:7d:35:96:2d:ea:
                    ee:13:bf:80:9c:d2:cb:98:74:86:54:0a:1c:6f:de:
                    44:6f:19:52:0e:d6:91:e0:40:93:ed:f7:ea:e5:ff:
                    7b:34:6e:66:46:d3:94:3e:d9:ae:d2:29:fa:42:44:
                    29:49:38:c1:e4:13:af:bd:7e:ca:62:24:52:83:8e:
                    c0:80:84:5a:c6:86:bd:3b:03:5b:64:93:80:95:5c:
                    35:11:99:4d:13:9c:0d:1f:47:8f:4a:56:8a:68:2b:
                    c9:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:2E:D5:62:61:73:5E:4A:E7:AE:85:B8:EB:8A:72:D1:53:0D:2B:B4
            X509v3 Authority Key Identifier:
                keyid:70:81:1C:E0:CE:73:53:F0:3E:DE:9C:B7:CA:51:16:25:5F:BF:B7:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cIEc4M5zU_A-3py3ylEWJV-_t70.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/45e632-b0fd-4d81-9cf7-8fd22105806b/1/OC7VYmFzXkrnroW464py0VMNK7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/45e632-b0fd-4d81-9cf7-8fd22105806b/1/cIEc4M5zU_A-3py3ylEWJV-_t70.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.174.56.0/21
                  91.221.212.0/23

    Signature Algorithm: sha256WithRSAEncryption
         38:fd:d9:13:c0:3b:59:cc:b4:69:4b:5e:2a:c6:ad:b1:22:4b:
         5c:a4:b3:67:6c:d9:98:aa:13:2a:2b:d1:b1:9b:0e:e5:29:7f:
         06:9f:37:2d:6f:a2:aa:77:29:fc:c4:69:02:77:c1:69:7e:04:
         25:87:32:54:b0:b5:8c:12:0c:4a:57:df:9f:1b:af:ba:c9:25:
         27:06:b2:c0:cd:08:3b:37:fa:bc:52:e3:ae:9b:0d:1a:8b:2b:
         a8:73:54:5b:2d:2b:5c:41:c3:9a:e1:ba:4f:e9:3a:6b:bd:cc:
         d2:48:d2:77:83:97:b1:ad:39:44:08:0c:4b:b5:03:34:70:28:
         d3:67:fa:0c:09:f0:05:99:ac:d0:da:21:6f:8b:1d:ab:46:a2:
         bc:17:ca:6a:dd:bf:70:de:fa:5a:3d:db:19:1e:59:40:ab:b7:
         1f:d8:97:ff:26:0c:6e:c1:62:16:37:90:9b:06:51:a4:0d:34:
         83:f9:ae:89:f9:53:6b:64:91:1f:3b:94:fe:94:53:16:8c:21:
         eb:fa:63:3c:c5:3f:6c:a5:c7:4e:1e:2a:53:4c:34:9c:f6:bc:
         ba:67:60:b5:eb:05:53:7a:43:8c:0a:cb:a9:1b:67:d7:47:41:
         dc:a7:d8:fd:82:d9:2f:4a:3a:95:4f:59:da:c7:ac:1b:8d:de:
         f3:2d:0e:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIcUbvla738La+4gbF6BVRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwODExY2UwY2U3MzUzZjAzZWRlOWNiN2NhNTExNjI1NWZi
ZmI3YmQwHhcNMjQwMTAyMDQzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODJlZDU2MjYxNzM1ZTRhZTdhZTg1YjhlYjhhNzJkMTUzMGQyYmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdCqiAnGNpouIz0N5T8WWfzO164U
xMaem96ErHAyG8yMsfMdn6eF4biuT0eeh0wQ5AiWFAqHgbPrPpG9s8O2pGKGcIAF
cIf+VSAePsX16RkHM5aP/UauHVDaQet1PHE9Lmf3yOv7A9axXeiUrsK6vu0Mv8ja
nHFFbF9udS50ektopmC/QBvsrPDxSncEPhtkQM3cWOtHrjpMzPbn0OgXfTWWLeru
E7+AnNLLmHSGVAocb95EbxlSDtaR4ECT7ffq5f97NG5mRtOUPtmu0in6QkQpSTjB
5BOvvX7KYiRSg47AgIRaxoa9OwNbZJOAlVw1EZlNE5wNH0ePSlaKaCvJ2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDgu1WJhc15K566FuOuKctFTDSu0MB8GA1UdIwQY
MBaAFHCBHODOc1PwPt6ct8pRFiVfv7e9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0lFYzRNNXpVX0EtM3B5M3lsRVdKVi1fdDcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My80NWU2MzItYjBmZC00ZDgxLTljZjct
OGZkMjIxMDU4MDZiLzEvT0M3VlltRnpYa3Jucm9XNDY0cHkwVk1OSzdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My80NWU2MzItYjBmZC00ZDgxLTljZjctOGZkMjIxMDU4MDZi
LzEvY0lFYzRNNXpVX0EtM3B5M3lsRVdKVi1fdDcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLq44AwQB
W93UMA0GCSqGSIb3DQEBCwUAA4IBAQA4/dkTwDtZzLRpS14qxq2xIktcpLNnbNmY
qhMqK9Gxmw7lKX8Gnzctb6Kqdyn8xGkCd8FpfgQlhzJUsLWMEgxKV9+fG6+6ySUn
BrLAzQg7N/q8UuOumw0aiyuoc1RbLStcQcOa4bpP6TprvczSSNJ3g5exrTlECAxL
tQM0cCjTZ/oMCfAFmazQ2iFvix2rRqK8F8pq3b9w3vpaPdsZHllAq7cf2Jf/Jgxu
wWIWN5CbBlGkDTSD+a6J+VNrZJEfO5T+lFMWjCHr+mM8xT9spcdOHipTTDSc9ry6
Z2C16wVTekOMCsupG2fXR0Hcp9j9gtkvSjqVT1nax6wbjd7zLQ4v
-----END CERTIFICATE-----