Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/PeDc1lHOrUe0BdrkqKBp6IdXJh8.roa
File:                     PeDc1lHOrUe0BdrkqKBp6IdXJh8.roa (raw, json)
Hash identifier:          h1csIof0DlGoRY1tPMjbgzssq0lcLh8ekfsWATqj3jA=
Subject key identifier:   3D:E0:DC:D6:51:CE:AD:47:B4:05:DA:E4:A8:A0:69:E8:87:57:26:1F
Certificate issuer:       /CN=d8284f18cd44604bdd6d08f4d878dc61456c40fd
Certificate serial:       018CC9BBEA02108D551A262569FCF3F5BD5A
Authority key identifier: D8:28:4F:18:CD:44:60:4B:DD:6D:08:F4:D8:78:DC:61:45:6C:40:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/PeDc1lHOrUe0BdrkqKBp6IdXJh8.roa
Signing time:             Tue 02 Jan 2024 10:33:04 +0000
ROA not before:           Tue 02 Jan 2024 10:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211309
IP address blocks:        46.252.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:ea:02:10:8d:55:1a:26:25:69:fc:f3:f5:bd:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8284f18cd44604bdd6d08f4d878dc61456c40fd
        Validity
            Not Before: Jan  2 10:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3de0dcd651cead47b405dae4a8a069e88757261f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:00:79:85:94:cc:f2:79:59:05:8f:77:d2:c5:
                    4d:05:fb:66:dd:7b:36:9d:f8:c9:cc:d4:5a:e1:50:
                    ce:b8:27:cd:91:aa:ff:df:21:61:dc:f5:6b:99:c1:
                    1a:78:42:fe:e1:8e:75:64:1f:1e:e5:91:13:ab:bb:
                    50:1d:2a:08:07:bc:26:6f:4b:28:fe:70:c8:23:ae:
                    07:62:8c:d6:49:d8:1e:98:b6:ca:2a:ef:d2:f3:fa:
                    07:da:28:65:ff:77:ac:93:6a:25:b1:02:cd:38:62:
                    aa:01:ad:4b:62:92:b4:8e:9e:ed:d4:f3:92:d9:48:
                    48:13:42:a7:0a:9e:17:72:a8:26:6a:23:96:e0:a3:
                    a6:f8:fb:9a:fa:e3:69:6b:ab:af:32:66:b5:cc:0d:
                    32:de:55:d5:3d:0b:bb:9b:68:37:0b:c3:74:e9:7d:
                    95:62:f9:ae:0e:7a:cb:9f:f4:b6:8c:8c:30:17:58:
                    d0:5a:a0:0b:66:29:a4:76:5a:73:68:a8:a8:49:90:
                    50:77:09:4b:3a:40:bf:13:13:25:68:ce:9b:8e:df:
                    04:1c:8d:35:a0:61:3e:23:5a:24:2c:c3:8e:a2:60:
                    57:60:9e:17:7f:93:2d:9a:60:e7:49:5d:28:07:0f:
                    0b:ee:56:1a:fa:54:4a:39:86:38:fc:7f:2f:31:18:
                    12:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:E0:DC:D6:51:CE:AD:47:B4:05:DA:E4:A8:A0:69:E8:87:57:26:1F
            X509v3 Authority Key Identifier:
                keyid:D8:28:4F:18:CD:44:60:4B:DD:6D:08:F4:D8:78:DC:61:45:6C:40:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/PeDc1lHOrUe0BdrkqKBp6IdXJh8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.252.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:08:11:c2:95:6b:83:d6:48:3a:a1:68:dd:ec:b8:06:f5:d7:
         88:54:6f:b9:60:c2:63:d4:64:56:12:8b:e4:dd:d5:76:6f:0d:
         99:df:3f:aa:45:15:7b:40:8c:24:c3:73:08:3c:57:5d:ff:43:
         41:a9:db:5e:cc:08:aa:98:28:62:2e:31:85:df:bb:a4:89:26:
         2a:9b:fb:65:d7:af:f0:ae:cf:84:0e:ff:09:8c:4a:10:b8:c4:
         6a:ca:15:bd:b3:36:0a:19:1d:18:bf:9a:e9:8f:e9:6d:42:ee:
         e5:55:fb:ca:5b:21:8a:94:0b:be:2c:37:3f:23:a8:00:2a:dd:
         ae:66:fe:c9:67:07:dd:f7:5b:f9:29:d8:6e:a9:1c:a6:1c:5f:
         93:2a:97:61:72:8c:c2:49:71:d2:c9:89:5d:aa:80:db:fc:8a:
         7c:76:de:18:aa:6f:e6:b3:56:5e:3b:f0:c5:61:6b:53:e2:b1:
         36:ec:2e:66:80:e8:a9:a7:b8:0b:0c:46:58:43:ef:0a:50:e8:
         0f:2e:b0:52:5b:d3:c6:97:98:a1:d0:e3:1e:0b:66:af:f7:06:
         18:bc:58:39:44:0c:c2:7b:39:2b:3d:3c:59:83:58:64:8f:67:
         22:1a:c0:92:57:bf:4a:dd:3c:c9:a5:34:70:43:49:8a:74:f3:
         01:0b:63:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu+oCEI1VGiYlafzz9b1aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4Mjg0ZjE4Y2Q0NDYwNGJkZDZkMDhmNGQ4NzhkYzYxNDU2
YzQwZmQwHhcNMjQwMTAyMTAzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGUwZGNkNjUxY2VhZDQ3YjQwNWRhZTRhOGEwNjllODg3NTcyNjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnwB5hZTM8nlZBY930sVNBftm3Xs2
nfjJzNRa4VDOuCfNkar/3yFh3PVrmcEaeEL+4Y51ZB8e5ZETq7tQHSoIB7wmb0so
/nDII64HYozWSdgemLbKKu/S8/oH2ihl/3esk2olsQLNOGKqAa1LYpK0jp7t1POS
2UhIE0KnCp4XcqgmaiOW4KOm+Pua+uNpa6uvMma1zA0y3lXVPQu7m2g3C8N06X2V
YvmuDnrLn/S2jIwwF1jQWqALZimkdlpzaKioSZBQdwlLOkC/ExMlaM6bjt8EHI01
oGE+I1okLMOOomBXYJ4Xf5MtmmDnSV0oBw8L7lYa+lRKOYY4/H8vMRgSIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD3g3NZRzq1HtAXa5KigaeiHVyYfMB8GA1UdIwQY
MBaAFNgoTxjNRGBL3W0I9Nh43GFFbED9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkNoUEdNMUVZRXZkYlFqMDJIamNZVVZzUVAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8yNjUyY2QtN2VjZi00OWU4LWE0Zjgt
Yzc4NjkxMjg1ODJjLzEvUGVEYzFsSE9yVWUwQmRya3FLQnA2SWRYSmg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8yNjUyY2QtN2VjZi00OWU4LWE0ZjgtYzc4NjkxMjg1ODJj
LzEvMkNoUEdNMUVZRXZkYlFqMDJIamNZVVZzUVAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvwHMA0G
CSqGSIb3DQEBCwUAA4IBAQBzCBHClWuD1kg6oWjd7LgG9deIVG+5YMJj1GRWEovk
3dV2bw2Z3z+qRRV7QIwkw3MIPFdd/0NBqdtezAiqmChiLjGF37ukiSYqm/tl16/w
rs+EDv8JjEoQuMRqyhW9szYKGR0Yv5rpj+ltQu7lVfvKWyGKlAu+LDc/I6gAKt2u
Zv7JZwfd91v5KdhuqRymHF+TKpdhcozCSXHSyYldqoDb/Ip8dt4Yqm/ms1ZeO/DF
YWtT4rE27C5mgOipp7gLDEZYQ+8KUOgPLrBSW9PGl5ih0OMeC2av9wYYvFg5RAzC
ezkrPTxZg1hkj2ciGsCSV79K3TzJpTRwQ0mKdPMBC2NB
-----END CERTIFICATE-----