Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/SrjsEkhHsdDqzY68vaTXNT66GEk.roa
File:                     SrjsEkhHsdDqzY68vaTXNT66GEk.roa (raw, json)
Hash identifier:          94TpHhHQ0uZ4lVQ0QWECXbRAh45jrbAHaPUHCKfMvs8=
Subject key identifier:   4A:B8:EC:12:48:47:B1:D0:EA:CD:8E:BC:BD:A4:D7:35:3E:BA:18:49
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E1DE9B27832E61273ADEADCCF1B0E
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/SrjsEkhHsdDqzY68vaTXNT66GEk.roa
Signing time:             Mon 01 Jan 2024 14:29:37 +0000
ROA not before:           Mon 01 Jan 2024 14:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     269782
IP address blocks:        46.29.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 04:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1d:e9:b2:78:32:e6:12:73:ad:ea:dc:cf:1b:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4ab8ec124847b1d0eacd8ebcbda4d7353eba1849
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:03:89:fa:a3:fa:d4:fb:d8:2b:87:5d:70:50:
                    66:2c:b9:01:61:f5:f4:ad:6b:98:cd:68:94:8b:71:
                    b1:94:c3:c6:88:46:99:7d:c5:27:ac:53:78:36:36:
                    1f:c6:be:c2:c7:0e:59:b7:08:28:59:46:66:cc:d5:
                    ff:e3:c6:e1:fa:f0:9d:5e:c6:f6:65:48:14:c0:28:
                    78:bb:7a:f9:5b:40:38:a9:f8:0a:4b:13:26:28:70:
                    9e:3d:dc:ed:43:fd:8b:05:37:02:0c:e2:7c:ea:c5:
                    df:70:e2:c4:4f:ea:8c:54:0c:ee:b8:93:05:48:9a:
                    dd:62:d7:5d:cc:63:90:38:f4:93:51:a2:d5:9d:da:
                    42:29:08:5f:06:d4:3f:3d:98:33:70:42:f4:87:f5:
                    40:e6:ca:23:a1:fa:62:99:f7:64:66:f9:c4:7a:b7:
                    bd:dd:7b:ad:0e:ab:0c:56:58:2d:69:10:47:6e:66:
                    30:2b:c0:a4:97:bc:c3:f6:0e:40:08:77:da:56:4a:
                    46:5c:5b:4d:1a:d2:e8:b7:ad:52:07:20:08:67:ce:
                    c8:ad:ac:c5:be:40:92:3f:c9:77:f4:c4:1e:c7:a7:
                    1d:28:32:8f:c8:17:be:22:ed:42:7b:a8:3c:da:94:
                    65:bc:a8:2b:47:85:51:49:cf:c2:e0:65:56:ea:02:
                    b4:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:B8:EC:12:48:47:B1:D0:EA:CD:8E:BC:BD:A4:D7:35:3E:BA:18:49
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/SrjsEkhHsdDqzY68vaTXNT66GEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:f4:ff:99:66:a8:5f:b6:e4:7f:43:b0:f2:8e:53:fd:80:c7:
         6e:71:5d:de:da:c9:01:0c:da:26:98:0f:9c:de:e6:74:06:b2:
         d4:2b:a0:95:1e:95:a8:c8:2a:ca:a0:37:f8:a4:91:a6:cc:fc:
         00:14:81:eb:93:93:7a:00:e8:5b:f8:c9:af:31:fa:ac:d3:91:
         9f:ca:cb:28:b7:30:69:ef:c4:41:6f:b7:db:a8:40:d4:ec:47:
         da:46:99:45:3e:c1:bd:ad:59:1d:2b:4a:c3:ce:88:51:84:13:
         37:28:46:49:dd:f0:c3:58:05:ca:aa:93:82:6f:83:86:ad:dd:
         52:19:91:6f:12:0f:1b:a0:e4:23:09:55:95:d0:fc:a9:94:b2:
         5d:11:7e:5c:23:c2:11:76:f5:6d:1f:12:81:d4:bc:ee:db:7b:
         c5:8e:65:ec:77:80:8d:fe:23:e1:b5:c5:e1:84:77:4d:10:a3:
         6f:8f:38:1d:a1:1d:fa:1c:87:89:a4:5c:f5:4c:a1:d0:37:bb:
         bd:b4:78:5d:17:6e:25:84:6f:1b:f9:a0:fb:bf:15:bc:23:3c:
         2b:05:34:68:07:27:09:70:78:f0:33:34:5a:1d:26:72:c7:06:
         c8:74:01:4a:ea:4b:dc:5c:9e:50:8e:ca:cf:fd:83:ba:af:2f:
         39:e3:04:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbh3psngy5hJzrerczxsOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWI4ZWMxMjQ4NDdiMWQwZWFjZDhlYmNiZGE0ZDczNTNlYmExODQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgOJ+qP61PvYK4ddcFBmLLkBYfX0
rWuYzWiUi3GxlMPGiEaZfcUnrFN4NjYfxr7Cxw5ZtwgoWUZmzNX/48bh+vCdXsb2
ZUgUwCh4u3r5W0A4qfgKSxMmKHCePdztQ/2LBTcCDOJ86sXfcOLET+qMVAzuuJMF
SJrdYtddzGOQOPSTUaLVndpCKQhfBtQ/PZgzcEL0h/VA5sojofpimfdkZvnEere9
3XutDqsMVlgtaRBHbmYwK8Ckl7zD9g5ACHfaVkpGXFtNGtLot61SByAIZ87IrazF
vkCSP8l39MQex6cdKDKPyBe+Iu1Ce6g82pRlvKgrR4VRSc/C4GVW6gK0+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEq47BJIR7HQ6s2OvL2k1zU+uhhJMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvU3Jqc0VraEhzZERxelk2OHZhVFhOVDY2R0VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALh0dMA0G
CSqGSIb3DQEBCwUAA4IBAQAp9P+ZZqhftuR/Q7DyjlP9gMducV3e2skBDNommA+c
3uZ0BrLUK6CVHpWoyCrKoDf4pJGmzPwAFIHrk5N6AOhb+MmvMfqs05GfyssotzBp
78RBb7fbqEDU7EfaRplFPsG9rVkdK0rDzohRhBM3KEZJ3fDDWAXKqpOCb4OGrd1S
GZFvEg8boOQjCVWV0PyplLJdEX5cI8IRdvVtHxKB1Lzu23vFjmXsd4CN/iPhtcXh
hHdNEKNvjzgdoR36HIeJpFz1TKHQN7u9tHhdF24lhG8b+aD7vxW8IzwrBTRoBycJ
cHjwMzRaHSZyxwbIdAFK6kvcXJ5QjsrP/YO6ry854wSb
-----END CERTIFICATE-----