Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/G46JV-pY6MnpUDHmHiFjZ0GLg64.roa
File:                     G46JV-pY6MnpUDHmHiFjZ0GLg64.roa (raw, json)
Hash identifier:          3MBpEuWi2CXDjkDFH1kiyPrevjoU+ph8jgod7mAMGM8=
Subject key identifier:   1B:8E:89:57:EA:58:E8:C9:E9:50:31:E6:1E:21:63:67:41:8B:83:AE
Certificate issuer:       /CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
Certificate serial:       018CCA2A3C578F6FB382C86B038E578862D3
Authority key identifier: 74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/G46JV-pY6MnpUDHmHiFjZ0GLg64.roa
Signing time:             Tue 02 Jan 2024 12:33:34 +0000
ROA not before:           Tue 02 Jan 2024 12:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202353
IP address blocks:        31.148.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Jun 2024 06:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:3c:57:8f:6f:b3:82:c8:6b:03:8e:57:88:62:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=749122c35438a4eb26233fdc6e4bb1df2daaef42
        Validity
            Not Before: Jan  2 12:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b8e8957ea58e8c9e95031e61e216367418b83ae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:86:fe:61:57:74:ae:79:6d:b8:8d:d2:de:4c:
                    72:99:81:bd:92:d1:82:e7:c1:c3:b6:fa:81:65:bf:
                    61:55:bf:bb:e2:6e:a0:c0:ba:f4:ab:f2:82:93:50:
                    02:2f:58:f5:60:21:77:38:e4:55:e8:e2:96:d1:d4:
                    a2:22:9f:84:24:4b:77:5f:db:f5:72:38:49:4b:a5:
                    11:08:75:68:f0:1b:fc:c8:31:f7:14:61:1e:e1:3b:
                    82:00:65:7a:bc:34:2f:7b:41:42:0b:2a:c4:1d:61:
                    cc:30:15:33:69:cf:fd:52:a0:d9:8b:47:69:07:45:
                    16:f5:19:20:ba:d9:85:02:d2:0f:0a:ba:cb:54:a8:
                    ca:b1:dc:b9:a0:4e:81:aa:b5:74:c3:f0:ce:9f:c5:
                    b6:5c:15:c5:97:88:35:6b:b3:95:fe:52:cb:f9:77:
                    82:54:cd:4c:a2:49:ca:12:8c:b3:f5:d6:fa:fa:d8:
                    88:d3:d9:69:8a:30:20:a0:e4:c1:53:57:0b:7c:9e:
                    07:72:6c:b3:fa:7a:43:d3:c8:b2:c1:4f:21:d3:f3:
                    b6:32:5c:09:15:8f:dd:a1:9e:c1:3b:bd:46:28:e3:
                    b1:ea:b5:af:0d:84:87:0e:e2:c4:a7:5d:26:66:72:
                    1b:2d:54:39:cf:40:7c:c9:6e:b0:44:30:45:f5:b9:
                    33:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:8E:89:57:EA:58:E8:C9:E9:50:31:E6:1E:21:63:67:41:8B:83:AE
            X509v3 Authority Key Identifier:
                keyid:74:91:22:C3:54:38:A4:EB:26:23:3F:DC:6E:4B:B1:DF:2D:AA:EF:42

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dJEiw1Q4pOsmIz_cbkux3y2q70I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/G46JV-pY6MnpUDHmHiFjZ0GLg64.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/18a91c-0e77-45c9-8cc4-062c6933abed/1/dJEiw1Q4pOsmIz_cbkux3y2q70I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.148.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:69:9f:26:9e:1e:1f:d0:0e:f5:14:4d:9f:7d:a1:ea:14:6b:
         94:7d:7a:7d:c2:78:11:23:12:75:68:3b:02:4d:2e:7e:61:5c:
         97:8a:3c:56:b5:bd:3b:c0:72:5d:d7:97:e2:a7:ca:09:95:5c:
         c7:3a:5b:2b:a5:43:9f:b7:9f:d1:05:94:26:f8:a0:74:85:81:
         84:07:6a:a5:f9:f6:d8:79:f6:0a:77:97:51:b6:02:8b:e7:74:
         6a:12:07:3a:f0:7c:ef:ba:f4:5a:a0:3b:11:7b:f4:c9:12:e8:
         90:a2:90:fa:a7:6b:1d:e1:95:8d:8c:0f:36:73:94:9e:bb:16:
         7a:83:f3:37:04:2d:d5:08:6b:89:c9:db:12:45:cb:01:ad:8e:
         f2:f2:e7:07:94:81:f4:e1:51:37:df:51:e2:b6:14:06:47:17:
         e2:b5:79:19:2b:37:fe:5e:83:ba:c7:0d:f8:bc:b9:80:e6:69:
         ab:94:bc:e9:0a:9b:b2:38:a5:0f:15:c2:71:98:3f:f4:26:f2:
         fb:a8:db:36:1d:c4:62:63:60:01:7d:86:7e:24:9f:13:a4:99:
         fa:3d:a8:fa:2b:20:25:7a:c2:9a:b0:b8:f2:a6:c8:3d:5f:cd:
         1c:dc:1c:4c:ee:3e:8b:d9:f5:ea:87:d2:5c:61:99:23:bb:6e:
         d6:69:72:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKjxXj2+zgshrA45XiGLTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0OTEyMmMzNTQzOGE0ZWIyNjIzM2ZkYzZlNGJiMWRmMmRh
YWVmNDIwHhcNMjQwMTAyMTIzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjhlODk1N2VhNThlOGM5ZTk1MDMxZTYxZTIxNjM2NzQxOGI4M2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIb+YVd0rnltuI3S3kxymYG9ktGC
58HDtvqBZb9hVb+74m6gwLr0q/KCk1ACL1j1YCF3OORV6OKW0dSiIp+EJEt3X9v1
cjhJS6URCHVo8Bv8yDH3FGEe4TuCAGV6vDQve0FCCyrEHWHMMBUzac/9UqDZi0dp
B0UW9RkgutmFAtIPCrrLVKjKsdy5oE6BqrV0w/DOn8W2XBXFl4g1a7OV/lLL+XeC
VM1MoknKEoyz9db6+tiI09lpijAgoOTBU1cLfJ4Hcmyz+npD08iywU8h0/O2MlwJ
FY/doZ7BO71GKOOx6rWvDYSHDuLEp10mZnIbLVQ5z0B8yW6wRDBF9bkz+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBuOiVfqWOjJ6VAx5h4hY2dBi4OuMB8GA1UdIwQY
MBaAFHSRIsNUOKTrJiM/3G5Lsd8tqu9CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQt
MDYyYzY5MzNhYmVkLzEvRzQ2SlYtcFk2TW5wVURIbUhpRmpaMEdMZzY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8xOGE5MWMtMGU3Ny00NWM5LThjYzQtMDYyYzY5MzNhYmVk
LzEvZEpFaXcxUTRwT3NtSXpfY2JrdXgzeTJxNzBJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAH5SoMA0G
CSqGSIb3DQEBCwUAA4IBAQCaaZ8mnh4f0A71FE2ffaHqFGuUfXp9wngRIxJ1aDsC
TS5+YVyXijxWtb07wHJd15fip8oJlVzHOlsrpUOft5/RBZQm+KB0hYGEB2ql+fbY
efYKd5dRtgKL53RqEgc68HzvuvRaoDsRe/TJEuiQopD6p2sd4ZWNjA82c5SeuxZ6
g/M3BC3VCGuJydsSRcsBrY7y8ucHlIH04VE331HithQGRxfitXkZKzf+XoO6xw34
vLmA5mmrlLzpCpuyOKUPFcJxmD/0JvL7qNs2HcRiY2ABfYZ+JJ8TpJn6Paj6KyAl
esKasLjypsg9X80c3BxM7j6L2fXqh9JcYZkju27WaXJQ
-----END CERTIFICATE-----