Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/acee8e-7761-419f-b483-b30162e3ccc0/1/zvl9IsyoMC6hm3-qiNuExhaEoqg.roa
File:                     zvl9IsyoMC6hm3-qiNuExhaEoqg.roa (raw, json)
Hash identifier:          uyPgh39ghhqy44vCvGvrjaxzktY0RWHTgG5FnOKI/YM=
Subject key identifier:   CE:F9:7D:22:CC:A8:30:2E:A1:9B:7F:AA:88:DB:84:C6:16:84:A2:A8
Certificate issuer:       /CN=d3540b518d75fbefd616bfd94cf05fd25ba488b6
Certificate serial:       018CC86FEB42927889F31D4D78AEAB9125D9
Authority key identifier: D3:54:0B:51:8D:75:FB:EF:D6:16:BF:D9:4C:F0:5F:D2:5B:A4:88:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/01QLUY11--_WFr_ZTPBf0lukiLY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/acee8e-7761-419f-b483-b30162e3ccc0/1/zvl9IsyoMC6hm3-qiNuExhaEoqg.roa
Signing time:             Tue 02 Jan 2024 04:30:27 +0000
ROA not before:           Tue 02 Jan 2024 04:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49524
IP address blocks:        46.141.0.0/17 maxlen: 17
                          46.141.128.0/17 maxlen: 17
                          109.237.160.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/acee8e-7761-419f-b483-b30162e3ccc0/1/01QLUY11--_WFr_ZTPBf0lukiLY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/acee8e-7761-419f-b483-b30162e3ccc0/1/01QLUY11--_WFr_ZTPBf0lukiLY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/01QLUY11--_WFr_ZTPBf0lukiLY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:eb:42:92:78:89:f3:1d:4d:78:ae:ab:91:25:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3540b518d75fbefd616bfd94cf05fd25ba488b6
        Validity
            Not Before: Jan  2 04:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cef97d22cca8302ea19b7faa88db84c61684a2a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:0a:55:4c:fd:4d:99:ed:29:89:22:fa:d6:37:
                    7c:90:62:33:f3:3b:c1:28:b1:63:52:30:54:a6:f2:
                    67:3e:04:9a:4e:20:95:1f:41:3c:ee:de:d2:ee:56:
                    92:b4:cd:1c:b8:e1:0b:04:c4:1d:64:c4:cd:b5:f7:
                    69:7e:32:73:e5:f1:c6:41:89:0b:38:9d:4a:8b:1a:
                    41:6b:ae:a1:f2:78:bc:52:d3:7b:20:cc:ad:44:95:
                    7c:da:e6:18:cd:8e:15:f0:6b:e7:e6:84:42:8d:32:
                    69:49:7e:0f:08:bd:c8:8c:1f:29:2a:6f:6b:a4:80:
                    b2:ff:28:d1:42:94:62:c6:d6:c7:9e:cf:55:58:3b:
                    02:58:b4:1b:88:e4:4e:e9:b5:03:6e:44:c5:7a:0d:
                    79:1a:64:79:1e:2c:00:d1:50:df:be:7d:c6:2d:46:
                    68:36:60:7f:b0:dc:24:a6:a6:e1:4b:62:b1:b8:67:
                    12:ea:39:ac:19:05:96:c3:8e:74:61:62:de:f6:4b:
                    9f:bf:01:b0:db:ba:29:f2:59:85:63:bf:b1:ac:72:
                    0c:93:4e:e6:b9:35:35:55:f2:4f:09:46:20:ab:5b:
                    3c:66:4d:9a:4a:50:2e:fc:2b:24:92:01:4a:99:ad:
                    4f:cf:d5:63:56:2a:79:66:24:4c:33:f6:e0:5a:21:
                    fb:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:F9:7D:22:CC:A8:30:2E:A1:9B:7F:AA:88:DB:84:C6:16:84:A2:A8
            X509v3 Authority Key Identifier:
                keyid:D3:54:0B:51:8D:75:FB:EF:D6:16:BF:D9:4C:F0:5F:D2:5B:A4:88:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/01QLUY11--_WFr_ZTPBf0lukiLY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/acee8e-7761-419f-b483-b30162e3ccc0/1/zvl9IsyoMC6hm3-qiNuExhaEoqg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/acee8e-7761-419f-b483-b30162e3ccc0/1/01QLUY11--_WFr_ZTPBf0lukiLY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.141.0.0/16
                  109.237.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         91:fa:25:69:37:24:3a:54:64:b6:13:58:87:af:75:03:9a:2b:
         75:56:fb:e4:98:27:1f:a8:10:14:9e:53:4e:d9:6e:e9:15:fe:
         01:86:27:a6:7b:65:35:37:13:16:68:16:18:81:d6:c6:c6:d3:
         8c:83:ac:fc:db:0c:f1:ea:40:d7:e8:e1:37:ea:8f:e6:ee:56:
         f0:05:a5:da:13:1e:7b:46:08:ca:8a:94:cd:06:4e:86:68:68:
         19:37:9f:28:09:1e:99:7f:a2:72:b7:91:6a:d1:4c:77:03:6f:
         dc:3e:41:00:55:ae:43:b0:5b:14:2a:74:6e:a3:ee:1b:65:23:
         18:db:2b:e4:78:8d:06:27:07:36:3f:ea:05:0d:35:d2:5a:a1:
         6f:be:7c:fb:4c:51:92:d5:da:90:f6:2e:cd:32:ad:49:ad:d3:
         15:24:e1:f5:2f:12:ef:98:de:54:e6:a1:76:a3:98:36:9a:96:
         e5:27:6d:40:3e:23:a7:8f:47:f8:b7:ce:63:26:5f:a9:e1:ca:
         6f:7b:3d:59:15:4d:00:5a:be:08:2c:ab:fe:69:11:23:b0:ed:
         12:f5:be:4c:8f:55:2d:d0:08:33:d0:eb:f0:d6:7c:94:7d:c5:
         8b:94:0e:06:47:09:2c:17:fe:f5:eb:3f:00:16:c6:07:16:6c:
         34:77:1a:25
-----BEGIN CERTIFICATE-----
MIIFAjCCA+qgAwIBAgISAYzIb+tCkniJ8x1NeK6rkSXZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNTQwYjUxOGQ3NWZiZWZkNjE2YmZkOTRjZjA1ZmQyNWJh
NDg4YjYwHhcNMjQwMTAyMDQzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZWY5N2QyMmNjYTgzMDJlYTE5YjdmYWE4OGRiODRjNjE2ODRhMmE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjgpVTP1Nme0piSL61jd8kGIz8zvB
KLFjUjBUpvJnPgSaTiCVH0E87t7S7laStM0cuOELBMQdZMTNtfdpfjJz5fHGQYkL
OJ1KixpBa66h8ni8UtN7IMytRJV82uYYzY4V8Gvn5oRCjTJpSX4PCL3IjB8pKm9r
pICy/yjRQpRixtbHns9VWDsCWLQbiORO6bUDbkTFeg15GmR5HiwA0VDfvn3GLUZo
NmB/sNwkpqbhS2KxuGcS6jmsGQWWw450YWLe9kufvwGw27op8lmFY7+xrHIMk07m
uTU1VfJPCUYgq1s8Zk2aSlAu/CskkgFKma1Pz9VjVip5ZiRMM/bgWiH7JwIDAQAB
o4ICDjCCAgowHQYDVR0OBBYEFM75fSLMqDAuoZt/qojbhMYWhKKoMB8GA1UdIwQY
MBaAFNNUC1GNdfvv1ha/2UzwX9JbpIi2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDFRTFVZMTEtLV9XRnJfWlRQQmYwbHVraUxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9hY2VlOGUtNzc2MS00MTlmLWI0ODMt
YjMwMTYyZTNjY2MwLzEvenZsOUlzeW9NQzZobTMtcWlOdUV4aGFFb3FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9hY2VlOGUtNzc2MS00MTlmLWI0ODMtYjMwMTYyZTNjY2Mw
LzEvMDFRTFVZMTEtLV9XRnJfWlRQQmYwbHVraUxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCQGCCsGAQUFBwEHAQH/BBUwEzARBAIAATALAwMALo0DBARt
7aAwDQYJKoZIhvcNAQELBQADggEBAJH6JWk3JDpUZLYTWIevdQOaK3VW++SYJx+o
EBSeU07ZbukV/gGGJ6Z7ZTU3ExZoFhiB1sbG04yDrPzbDPHqQNfo4Tfqj+buVvAF
pdoTHntGCMqKlM0GToZoaBk3nygJHpl/onK3kWrRTHcDb9w+QQBVrkOwWxQqdG6j
7htlIxjbK+R4jQYnBzY/6gUNNdJaoW++fPtMUZLV2pD2Ls0yrUmt0xUk4fUvEu+Y
3lTmoXajmDaaluUnbUA+I6ePR/i3zmMmX6nhym97PVkVTQBavggsq/5pESOw7RL1
vkyPVS3QCDPQ6/DWfJR9xYuUDgZHCSwX/vXrPwAWxgcWbDR3GiU=
-----END CERTIFICATE-----