Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/O1tAy8SkaPokk-WgpEqQK1gSo8w.roa
File:                     O1tAy8SkaPokk-WgpEqQK1gSo8w.roa (raw, json)
Hash identifier:          fR8/qgzASMwTKf6rrwt0+lEYXTospE6GDFBbUdzOkUU=
Subject key identifier:   3B:5B:40:CB:C4:A4:68:FA:24:93:E5:A0:A4:4A:90:2B:58:12:A3:CC
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       018CC424F23FA384C824973AEAE13C322B2F
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/O1tAy8SkaPokk-WgpEqQK1gSo8w.roa
Signing time:             Mon 01 Jan 2024 08:30:04 +0000
ROA not before:           Mon 01 Jan 2024 08:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6939
IP address blocks:        46.29.24.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 14:10:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:f2:3f:a3:84:c8:24:97:3a:ea:e1:3c:32:2b:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Jan  1 08:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3b5b40cbc4a468fa2493e5a0a44a902b5812a3cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ad:86:8e:b5:a6:7c:fb:b9:70:a9:33:79:9b:
                    09:e8:32:ba:49:0b:3d:e3:20:46:3b:d0:9c:da:f8:
                    5f:e1:d7:93:8f:f8:d0:3b:15:42:89:88:ab:1b:13:
                    cc:f2:1c:98:ea:2c:9d:c5:6c:2d:43:a9:18:58:80:
                    80:58:98:e1:e0:37:89:0b:0d:dc:d1:0a:d2:6a:bf:
                    7e:ca:93:67:b4:0f:02:e6:0a:11:bb:e3:6e:5d:32:
                    9a:28:d3:e4:7b:ee:60:ed:fe:f5:67:3f:ab:40:bc:
                    99:2c:5d:99:ef:d4:4b:ff:f7:b8:ee:c3:df:2a:ad:
                    e7:b4:65:65:d8:3b:d2:f6:39:14:cd:43:ea:20:e3:
                    32:95:00:30:26:d2:ed:b2:59:72:e3:77:7d:50:b9:
                    e1:3b:ea:a6:bb:56:8b:54:5b:bd:97:08:e0:35:d8:
                    1a:e5:1d:32:e8:5b:e1:fd:4d:87:ed:f3:cc:f1:d9:
                    3a:36:04:19:e2:3e:a4:cc:46:8b:64:ba:f1:d6:22:
                    9f:4a:98:c4:c4:f6:52:b8:b1:c2:89:9f:02:ae:52:
                    7c:52:dc:a8:77:4c:8e:9b:a1:f7:bb:b6:75:07:ee:
                    66:cd:e2:03:e6:c9:86:a4:3d:0e:20:a9:0a:9a:80:
                    e3:8d:f8:70:aa:97:3f:a3:13:a2:08:e4:3d:f7:1e:
                    d0:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:5B:40:CB:C4:A4:68:FA:24:93:E5:A0:A4:4A:90:2B:58:12:A3:CC
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/O1tAy8SkaPokk-WgpEqQK1gSo8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.24.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:3e:c9:e7:36:ef:b3:3e:45:e1:75:37:d8:df:2c:20:75:ea:
         23:8b:f4:61:ff:84:1f:e8:db:bc:fe:40:f1:f8:f6:e8:8f:b7:
         40:b6:6a:1e:d1:15:db:f7:49:ea:e5:30:a7:2e:d4:62:2a:7e:
         96:28:13:9c:68:a3:7e:34:b1:0a:e7:5f:02:a1:7d:14:c5:c3:
         77:b4:3f:f4:ca:a9:bc:7d:df:67:72:0d:e6:60:07:e5:07:a9:
         43:4c:77:00:3d:dd:18:2c:57:8b:a3:e0:8b:3d:c6:56:7e:79:
         59:0f:f1:e5:58:1d:ce:11:91:18:2f:87:17:dd:35:86:d8:8e:
         0c:c0:87:36:f8:02:3b:ff:61:da:1b:d8:81:da:46:60:71:36:
         c7:e4:17:8e:31:53:7c:ea:a8:68:ba:86:f8:7a:84:fd:0e:61:
         a0:52:40:68:78:cc:00:84:0a:d5:19:0a:f0:32:11:c0:7f:cf:
         4e:17:0c:1d:6e:0b:e0:90:1e:e3:eb:43:0d:65:fb:f3:0a:14:
         9f:b6:e3:fc:d1:32:e0:7c:9b:cc:ae:e6:cb:08:fb:3e:05:20:
         b8:76:c5:f4:9a:0d:df:87:01:b5:90:02:c0:a8:4d:93:9d:78:
         d8:09:43:52:cf:2b:5e:0f:db:42:c0:aa:f3:f7:e6:bd:2b:a7:
         97:e6:e2:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJPI/o4TIJJc66uE8MisvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjQwMTAxMDgzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjViNDBjYmM0YTQ2OGZhMjQ5M2U1YTBhNDRhOTAyYjU4MTJhM2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgq2GjrWmfPu5cKkzeZsJ6DK6SQs9
4yBGO9Cc2vhf4deTj/jQOxVCiYirGxPM8hyY6iydxWwtQ6kYWICAWJjh4DeJCw3c
0QrSar9+ypNntA8C5goRu+NuXTKaKNPke+5g7f71Zz+rQLyZLF2Z79RL//e47sPf
Kq3ntGVl2DvS9jkUzUPqIOMylQAwJtLtslly43d9ULnhO+qmu1aLVFu9lwjgNdga
5R0y6Fvh/U2H7fPM8dk6NgQZ4j6kzEaLZLrx1iKfSpjExPZSuLHCiZ8CrlJ8Utyo
d0yOm6H3u7Z1B+5mzeID5smGpD0OIKkKmoDjjfhwqpc/oxOiCOQ99x7QVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDtbQMvEpGj6JJPloKRKkCtYEqPMMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvTzF0QXk4U2thUG9ray1XZ3BFcVFLMWdTbzh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLh0YMA0G
CSqGSIb3DQEBCwUAA4IBAQB7PsnnNu+zPkXhdTfY3ywgdeoji/Rh/4Qf6Nu8/kDx
+Pboj7dAtmoe0RXb90nq5TCnLtRiKn6WKBOcaKN+NLEK518CoX0UxcN3tD/0yqm8
fd9ncg3mYAflB6lDTHcAPd0YLFeLo+CLPcZWfnlZD/HlWB3OEZEYL4cX3TWG2I4M
wIc2+AI7/2HaG9iB2kZgcTbH5BeOMVN86qhouob4eoT9DmGgUkBoeMwAhArVGQrw
MhHAf89OFwwdbgvgkB7j60MNZfvzChSftuP80TLgfJvMrubLCPs+BSC4dsX0mg3f
hwG1kALAqE2TnXjYCUNSzyteD9tCwKrz9+a9K6eX5uIF
-----END CERTIFICATE-----