Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/99153d-4702-4375-8e44-f2e54ddea3b3/1/U7GUOGhgPGBAOmT1VU18V3rUV-0.roa
File:                     U7GUOGhgPGBAOmT1VU18V3rUV-0.roa (raw, json)
Hash identifier:          XwstNEXzkzcmI2WrrGV+xdW2ZaCqeIIIwgy10/ghYBY=
Subject key identifier:   53:B1:94:38:68:60:3C:60:40:3A:64:F5:55:4D:7C:57:7A:D4:57:ED
Certificate issuer:       /CN=d22e95c4519de9208e3d22332aabec6b1a2ea756
Certificate serial:       018CC64B058F71D341308D2C8283C70630F2
Authority key identifier: D2:2E:95:C4:51:9D:E9:20:8E:3D:22:33:2A:AB:EC:6B:1A:2E:A7:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0i6VxFGd6SCOPSIzKqvsaxoup1Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/99153d-4702-4375-8e44-f2e54ddea3b3/1/U7GUOGhgPGBAOmT1VU18V3rUV-0.roa
Signing time:             Mon 01 Jan 2024 18:30:54 +0000
ROA not before:           Mon 01 Jan 2024 18:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16019
IP address blocks:        46.183.64.0/21 maxlen: 21
                          2a0b:c180::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/99153d-4702-4375-8e44-f2e54ddea3b3/1/0i6VxFGd6SCOPSIzKqvsaxoup1Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/99153d-4702-4375-8e44-f2e54ddea3b3/1/0i6VxFGd6SCOPSIzKqvsaxoup1Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0i6VxFGd6SCOPSIzKqvsaxoup1Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:05:8f:71:d3:41:30:8d:2c:82:83:c7:06:30:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d22e95c4519de9208e3d22332aabec6b1a2ea756
        Validity
            Not Before: Jan  1 18:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=53b1943868603c60403a64f5554d7c577ad457ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:b3:4e:d5:36:57:7c:7e:65:25:49:f3:05:1f:
                    57:0b:10:32:2b:ec:da:cd:42:2a:b0:81:62:3f:3e:
                    ae:54:d0:e6:a2:aa:ac:c8:35:f4:6f:99:f1:d3:f9:
                    2e:ea:73:24:ca:66:89:87:10:a5:e9:ce:ab:7e:d0:
                    b6:2a:cf:8f:d9:47:16:81:26:97:76:c3:3a:62:b5:
                    ca:fd:55:ad:24:37:6b:03:66:1b:12:18:15:4a:0e:
                    f3:f6:86:ad:9e:09:61:3f:74:8a:b7:f6:a0:c1:08:
                    70:5a:a8:45:e2:a0:12:b0:89:d7:d4:5e:d6:b0:42:
                    d2:0c:58:c1:ad:e5:4a:62:ee:d2:15:ef:25:29:da:
                    be:92:94:e4:4f:ee:78:97:cb:83:7f:fc:9d:20:ba:
                    ef:80:fa:c0:7e:37:64:d9:25:7c:37:1e:98:56:cb:
                    c8:80:18:66:3d:ad:65:af:33:6b:c2:c4:6b:40:40:
                    a1:ab:24:a2:57:bf:53:89:61:78:b4:73:de:e4:6e:
                    70:ae:de:a3:c7:b9:a4:72:3c:fe:bb:23:fa:2d:ca:
                    9d:b7:ca:e3:66:60:d2:fb:ab:7c:9a:a6:7d:de:15:
                    fb:88:da:0d:8e:cf:9a:4b:27:65:8d:a5:84:41:1e:
                    d7:3d:b6:13:ca:75:21:7e:d1:8d:6f:df:11:90:83:
                    b7:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:B1:94:38:68:60:3C:60:40:3A:64:F5:55:4D:7C:57:7A:D4:57:ED
            X509v3 Authority Key Identifier:
                keyid:D2:2E:95:C4:51:9D:E9:20:8E:3D:22:33:2A:AB:EC:6B:1A:2E:A7:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0i6VxFGd6SCOPSIzKqvsaxoup1Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/99153d-4702-4375-8e44-f2e54ddea3b3/1/U7GUOGhgPGBAOmT1VU18V3rUV-0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/99153d-4702-4375-8e44-f2e54ddea3b3/1/0i6VxFGd6SCOPSIzKqvsaxoup1Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.64.0/21
                IPv6:
                  2a0b:c180::/32

    Signature Algorithm: sha256WithRSAEncryption
         6c:3a:9a:e4:8f:96:93:25:30:5f:23:f3:3c:e3:34:ae:38:b2:
         15:97:85:73:01:f8:fc:b0:05:e7:a6:9a:b7:24:a8:0e:b2:a5:
         23:63:b5:95:24:5a:9f:1b:0b:78:85:70:a8:b8:71:22:c6:ff:
         50:6c:e9:18:37:7a:8f:14:3b:ca:33:07:37:65:f8:a9:0c:88:
         f8:7d:cd:2e:e9:c5:5e:80:c3:24:e2:50:9e:db:06:d2:46:b7:
         a5:d8:7d:9d:fe:f0:cc:57:07:3f:be:8f:cc:91:65:d3:f8:a2:
         14:32:2f:52:ae:ba:13:d9:bb:8c:2e:92:1c:89:1f:2d:21:e2:
         ae:71:01:7f:b3:5a:f1:5a:11:05:05:07:dc:29:02:ff:15:12:
         d8:7e:f0:35:35:08:88:32:58:fb:cc:86:33:cd:72:12:a4:8a:
         0c:15:cf:b3:64:e2:9a:8e:d9:83:9c:67:ba:1e:fe:f4:39:ec:
         c7:f8:82:4f:bf:13:db:45:a3:61:bf:47:a6:81:35:70:0a:8e:
         0b:64:c3:67:e4:78:73:86:66:b5:7d:9d:01:a8:54:00:d5:bb:
         58:53:a5:73:dd:63:50:20:07:c0:54:24:82:6f:89:58:f0:41:
         54:55:c6:e9:08:dd:72:9c:08:cb:85:18:95:3a:ad:24:99:79:
         25:93:ca:b3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSwWPcdNBMI0sgoPHBjDyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMmU5NWM0NTE5ZGU5MjA4ZTNkMjIzMzJhYWJlYzZiMWEy
ZWE3NTYwHhcNMjQwMTAxMTgzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2IxOTQzODY4NjAzYzYwNDAzYTY0ZjU1NTRkN2M1NzdhZDQ1N2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7NO1TZXfH5lJUnzBR9XCxAyK+za
zUIqsIFiPz6uVNDmoqqsyDX0b5nx0/ku6nMkymaJhxCl6c6rftC2Ks+P2UcWgSaX
dsM6YrXK/VWtJDdrA2YbEhgVSg7z9oatnglhP3SKt/agwQhwWqhF4qASsInX1F7W
sELSDFjBreVKYu7SFe8lKdq+kpTkT+54l8uDf/ydILrvgPrAfjdk2SV8Nx6YVsvI
gBhmPa1lrzNrwsRrQEChqySiV79TiWF4tHPe5G5wrt6jx7mkcjz+uyP6Lcqdt8rj
ZmDS+6t8mqZ93hX7iNoNjs+aSydljaWEQR7XPbYTynUhftGNb98RkIO3MQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFOxlDhoYDxgQDpk9VVNfFd61FftMB8GA1UdIwQY
MBaAFNIulcRRnekgjj0iMyqr7GsaLqdWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGk2VnhGR2Q2U0NPUFNJektxdnNheG91cDFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC85OTE1M2QtNDcwMi00Mzc1LThlNDQt
ZjJlNTRkZGVhM2IzLzEvVTdHVU9HaGdQR0JBT21UMVZVMThWM3JVVi0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC85OTE1M2QtNDcwMi00Mzc1LThlNDQtZjJlNTRkZGVhM2Iz
LzEvMGk2VnhGR2Q2U0NPUFNJektxdnNheG91cDFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDLrdAMA0E
AgACMAcDBQAqC8GAMA0GCSqGSIb3DQEBCwUAA4IBAQBsOprkj5aTJTBfI/M84zSu
OLIVl4VzAfj8sAXnppq3JKgOsqUjY7WVJFqfGwt4hXCouHEixv9QbOkYN3qPFDvK
Mwc3ZfipDIj4fc0u6cVegMMk4lCe2wbSRrel2H2d/vDMVwc/vo/MkWXT+KIUMi9S
rroT2buMLpIciR8tIeKucQF/s1rxWhEFBQfcKQL/FRLYfvA1NQiIMlj7zIYzzXIS
pIoMFc+zZOKajtmDnGe6Hv70OezH+IJPvxPbRaNhv0emgTVwCo4LZMNn5Hhzhma1
fZ0BqFQA1btYU6Vz3WNQIAfAVCSCb4lY8EFUVcbpCN1ynAjLhRiVOq0kmXklk8qz
-----END CERTIFICATE-----