Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/xK41Ix21zUPN06W9_KMRvsPQA2Y.roa
File:                     xK41Ix21zUPN06W9_KMRvsPQA2Y.roa (raw, json)
Hash identifier:          tw534xzF38TDRJqM4II5Y0cO+zBLyPJBIzLpjfKlvHA=
Subject key identifier:   C4:AE:35:23:1D:B5:CD:43:CD:D3:A5:BD:FC:A3:11:BE:C3:D0:03:66
Certificate issuer:       /CN=c89c2cc489ebe48f490584ac866fe362c4117e75
Certificate serial:       018CCA2A37BA008860C3A37A530982EFDA46
Authority key identifier: C8:9C:2C:C4:89:EB:E4:8F:49:05:84:AC:86:6F:E3:62:C4:11:7E:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yJwsxInr5I9JBYSshm_jYsQRfnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/xK41Ix21zUPN06W9_KMRvsPQA2Y.roa
Signing time:             Tue 02 Jan 2024 12:33:33 +0000
ROA not before:           Tue 02 Jan 2024 12:33:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48551
IP address blocks:        46.148.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/yJwsxInr5I9JBYSshm_jYsQRfnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/yJwsxInr5I9JBYSshm_jYsQRfnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yJwsxInr5I9JBYSshm_jYsQRfnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:37:ba:00:88:60:c3:a3:7a:53:09:82:ef:da:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c89c2cc489ebe48f490584ac866fe362c4117e75
        Validity
            Not Before: Jan  2 12:33:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4ae35231db5cd43cdd3a5bdfca311bec3d00366
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:66:89:c0:79:6b:f1:d4:e2:ea:1b:d4:90:97:
                    fa:23:d1:4d:2f:5b:0b:8d:ba:52:f6:30:1d:8b:bc:
                    90:e8:d9:b5:ee:31:b5:75:f0:da:d7:49:6d:16:55:
                    fc:b6:86:c8:1f:f4:e8:42:41:5e:06:e2:6b:82:0b:
                    c3:78:8e:67:3e:3f:d7:65:d9:d7:fb:d9:ec:38:46:
                    8d:d8:61:a8:e8:b9:6a:1c:6c:08:04:e7:b0:9f:01:
                    03:80:5e:8a:8b:54:f8:e7:8a:c1:2d:91:94:7e:02:
                    30:9b:d5:98:88:64:65:0e:d5:80:cf:bc:5d:b0:d5:
                    93:8d:8a:5b:63:6a:72:3e:24:e3:5f:1d:cb:83:40:
                    fc:ab:37:39:5a:ba:70:5a:09:78:8f:34:db:06:30:
                    e6:fa:61:fa:45:ca:29:fe:27:22:f2:01:22:7e:f0:
                    ac:fb:cf:d0:4b:d1:14:d6:01:51:07:5e:c9:34:fa:
                    37:1a:31:f6:3c:bc:51:85:cd:f0:04:c8:3b:23:41:
                    e8:cc:b4:27:ff:95:69:b9:2a:8d:74:b7:e9:00:ce:
                    20:a2:d1:91:e0:3e:26:52:ea:a2:66:6a:76:9d:58:
                    00:6a:4a:31:dd:5a:91:e9:5f:19:dc:d4:14:42:9f:
                    01:1f:6f:96:fd:e0:ea:84:fd:7b:94:c2:87:94:a4:
                    37:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:AE:35:23:1D:B5:CD:43:CD:D3:A5:BD:FC:A3:11:BE:C3:D0:03:66
            X509v3 Authority Key Identifier:
                keyid:C8:9C:2C:C4:89:EB:E4:8F:49:05:84:AC:86:6F:E3:62:C4:11:7E:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yJwsxInr5I9JBYSshm_jYsQRfnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/xK41Ix21zUPN06W9_KMRvsPQA2Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/yJwsxInr5I9JBYSshm_jYsQRfnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.148.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ac:36:df:95:81:37:0d:32:20:1a:da:49:cd:6b:1a:fe:fc:18:
         b5:6b:f4:2b:34:cf:79:1b:ea:aa:24:17:f2:f4:39:99:d8:bd:
         d9:cb:3c:dc:8a:12:99:0b:20:be:1a:66:99:34:82:35:ab:51:
         b2:67:e8:ce:e0:ef:da:f1:3a:34:2b:85:dc:8e:2e:5f:7c:34:
         2f:fe:cb:d1:fc:35:26:e2:66:77:e6:43:2a:57:17:66:f4:36:
         7a:6a:7a:50:dc:b1:da:57:25:ea:2c:89:49:d6:84:b1:3c:b4:
         c7:d0:f2:6e:86:d9:1c:3a:4a:94:35:b1:f8:32:61:bc:1a:67:
         2e:a9:14:ee:27:c3:3a:ec:02:c3:9a:96:a8:d7:2e:15:c9:df:
         ac:9c:1f:49:88:6c:8a:ab:0e:63:92:ae:8a:75:5f:f2:34:2a:
         72:28:a4:aa:5f:c1:f9:8e:e4:50:8a:9d:5a:d5:0d:da:ff:2f:
         10:09:e6:3a:1a:45:22:af:ba:5e:23:5c:1f:70:f2:f8:5c:00:
         6e:f5:c3:80:b4:44:14:d2:c3:a1:78:a0:46:25:44:b3:6e:a8:
         e2:0c:8b:95:b2:61:2c:cd:20:7a:35:0a:cd:62:05:80:1f:99:
         59:eb:4b:3b:a2:11:b4:5b:0b:58:b8:b6:18:ef:88:e1:74:8d:
         52:6a:25:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKje6AIhgw6N6UwmC79pGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4OWMyY2M0ODllYmU0OGY0OTA1ODRhYzg2NmZlMzYyYzQx
MTdlNzUwHhcNMjQwMTAyMTIzMzMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGFlMzUyMzFkYjVjZDQzY2RkM2E1YmRmY2EzMTFiZWMzZDAwMzY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAymaJwHlr8dTi6hvUkJf6I9FNL1sL
jbpS9jAdi7yQ6Nm17jG1dfDa10ltFlX8tobIH/ToQkFeBuJrggvDeI5nPj/XZdnX
+9nsOEaN2GGo6LlqHGwIBOewnwEDgF6Ki1T454rBLZGUfgIwm9WYiGRlDtWAz7xd
sNWTjYpbY2pyPiTjXx3Lg0D8qzc5WrpwWgl4jzTbBjDm+mH6Rcop/ici8gEifvCs
+8/QS9EU1gFRB17JNPo3GjH2PLxRhc3wBMg7I0HozLQn/5VpuSqNdLfpAM4gotGR
4D4mUuqiZmp2nVgAakox3VqR6V8Z3NQUQp8BH2+W/eDqhP17lMKHlKQ35QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMSuNSMdtc1DzdOlvfyjEb7D0ANmMB8GA1UdIwQY
MBaAFMicLMSJ6+SPSQWErIZv42LEEX51MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUp3c3hJbnI1STlKQllTc2htX2pZc1FSZm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9hMDBiZTItODc3ZC00MGU3LThhOGEt
YWYyY2ZhNjIyZDE4LzEveEs0MUl4MjF6VVBOMDZXOV9LTVJ2c1BRQTJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9hMDBiZTItODc3ZC00MGU3LThhOGEtYWYyY2ZhNjIyZDE4
LzEveUp3c3hJbnI1STlKQllTc2htX2pZc1FSZm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALpQnMA0G
CSqGSIb3DQEBCwUAA4IBAQCsNt+VgTcNMiAa2knNaxr+/Bi1a/QrNM95G+qqJBfy
9DmZ2L3ZyzzcihKZCyC+GmaZNII1q1GyZ+jO4O/a8To0K4Xcji5ffDQv/svR/DUm
4mZ35kMqVxdm9DZ6anpQ3LHaVyXqLIlJ1oSxPLTH0PJuhtkcOkqUNbH4MmG8Gmcu
qRTuJ8M67ALDmpao1y4Vyd+snB9JiGyKqw5jkq6KdV/yNCpyKKSqX8H5juRQip1a
1Q3a/y8QCeY6GkUir7peI1wfcPL4XABu9cOAtEQU0sOheKBGJUSzbqjiDIuVsmEs
zSB6NQrNYgWAH5lZ60s7ohG0WwtYuLYY74jhdI1SaiXf
-----END CERTIFICATE-----