Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/RPCwftNuHeyXzcabKRJsXI90_m8.roa
File:                     RPCwftNuHeyXzcabKRJsXI90_m8.roa (raw, json)
Hash identifier:          u/jMyZPNh/9pkF9QBPc4asZV4w/a7+iAdvTy5+as3k4=
Subject key identifier:   44:F0:B0:7E:D3:6E:1D:EC:97:CD:C6:9B:29:12:6C:5C:8F:74:FE:6F
Certificate issuer:       /CN=d8284f18cd44604bdd6d08f4d878dc61456c40fd
Certificate serial:       018CC9BBE9B628C0BEDB6C12C645DD6FC678
Authority key identifier: D8:28:4F:18:CD:44:60:4B:DD:6D:08:F4:D8:78:DC:61:45:6C:40:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/RPCwftNuHeyXzcabKRJsXI90_m8.roa
Signing time:             Tue 02 Jan 2024 10:33:04 +0000
ROA not before:           Tue 02 Jan 2024 10:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210805
IP address blocks:        46.252.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:e9:b6:28:c0:be:db:6c:12:c6:45:dd:6f:c6:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8284f18cd44604bdd6d08f4d878dc61456c40fd
        Validity
            Not Before: Jan  2 10:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=44f0b07ed36e1dec97cdc69b29126c5c8f74fe6f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:32:63:6a:19:e8:dc:2e:dc:3d:a1:4e:50:1e:
                    33:5a:83:94:57:b5:a8:21:7f:24:0d:62:df:56:f1:
                    a0:d6:01:8f:82:ae:c0:a4:40:b9:11:24:8d:a4:46:
                    ac:b0:f2:45:14:69:5c:15:12:15:02:d6:57:44:03:
                    39:3a:be:e1:1f:02:32:4d:27:5c:5b:d9:e3:2e:ad:
                    a6:e0:90:d2:c1:90:31:2f:44:8e:77:86:25:e6:1f:
                    88:cc:ce:46:f9:79:2f:60:64:0f:3a:c4:47:7c:0d:
                    5a:03:ae:5b:4b:c1:99:3f:b0:9b:ff:41:02:54:3b:
                    8f:a9:c3:69:e6:70:77:cb:27:9c:90:a6:01:b5:eb:
                    ea:81:08:27:b0:09:c9:8f:bf:e3:72:0c:72:c4:5b:
                    2f:a1:12:b6:a7:af:0b:0a:5a:4e:29:1a:b4:e5:5f:
                    ce:47:ed:db:3b:a8:b7:df:af:65:d8:e7:42:6e:55:
                    a7:06:39:03:71:cc:f1:e0:fc:31:0c:e8:67:2f:7b:
                    a6:f6:6c:81:ed:99:af:a0:da:0a:59:b2:ca:78:60:
                    13:92:41:5f:44:e4:39:7b:6a:b6:ae:27:bb:72:80:
                    40:4d:6c:07:42:a4:05:0f:96:58:cb:9c:78:7a:de:
                    1f:fa:b3:58:19:34:55:12:30:f8:90:e2:6b:c3:b9:
                    f1:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:F0:B0:7E:D3:6E:1D:EC:97:CD:C6:9B:29:12:6C:5C:8F:74:FE:6F
            X509v3 Authority Key Identifier:
                keyid:D8:28:4F:18:CD:44:60:4B:DD:6D:08:F4:D8:78:DC:61:45:6C:40:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/RPCwftNuHeyXzcabKRJsXI90_m8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.252.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:f9:8d:1a:63:dc:52:2c:18:ea:fa:4f:9d:d6:e4:45:e1:7e:
         c1:b3:32:0b:75:fd:85:a3:7e:b3:69:d7:a1:1b:ea:49:4b:7b:
         ab:c7:1b:4e:15:fc:bb:38:cb:d7:55:2a:c1:be:04:06:7c:6b:
         20:9f:9f:f2:29:3b:85:6c:87:a6:e0:d5:b3:29:33:66:d1:9c:
         ab:5a:36:ff:ae:e2:28:0e:ac:3a:d0:c9:09:5a:f2:de:56:38:
         57:b2:dc:4d:9c:11:47:86:2c:7b:d1:66:d3:cd:a4:28:9c:a2:
         1a:e7:22:fb:89:8f:68:7d:1d:23:f3:53:5a:88:a7:6e:02:3a:
         73:01:e8:bd:4e:1e:5f:41:2c:2e:e0:38:af:f1:5d:13:80:84:
         a2:6b:75:1f:86:4e:d0:7b:fc:2b:2a:7f:d7:96:62:75:7f:21:
         cd:a9:b5:a7:5c:0d:b9:e1:7c:0e:f9:c2:31:55:6f:10:ac:1f:
         fc:ed:48:a2:97:1d:a6:de:f7:69:30:b8:db:df:39:54:02:6d:
         b1:10:86:5f:45:82:6f:c8:7f:3a:77:25:9d:66:88:7b:fd:b0:
         55:b9:60:b8:d9:b6:b3:15:9f:f3:b6:15:82:c1:95:d2:a9:0d:
         53:99:d5:21:5b:99:59:3a:89:6e:ce:07:1e:d7:c5:c6:3a:f6:
         a2:cd:f4:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu+m2KMC+22wSxkXdb8Z4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4Mjg0ZjE4Y2Q0NDYwNGJkZDZkMDhmNGQ4NzhkYzYxNDU2
YzQwZmQwHhcNMjQwMTAyMTAzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NGYwYjA3ZWQzNmUxZGVjOTdjZGM2OWIyOTEyNmM1YzhmNzRmZTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjJjahno3C7cPaFOUB4zWoOUV7Wo
IX8kDWLfVvGg1gGPgq7ApEC5ESSNpEassPJFFGlcFRIVAtZXRAM5Or7hHwIyTSdc
W9njLq2m4JDSwZAxL0SOd4Yl5h+IzM5G+XkvYGQPOsRHfA1aA65bS8GZP7Cb/0EC
VDuPqcNp5nB3yyeckKYBtevqgQgnsAnJj7/jcgxyxFsvoRK2p68LClpOKRq05V/O
R+3bO6i3369l2OdCblWnBjkDcczx4PwxDOhnL3um9myB7ZmvoNoKWbLKeGATkkFf
ROQ5e2q2rie7coBATWwHQqQFD5ZYy5x4et4f+rNYGTRVEjD4kOJrw7nxtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFETwsH7Tbh3sl83GmykSbFyPdP5vMB8GA1UdIwQY
MBaAFNgoTxjNRGBL3W0I9Nh43GFFbED9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkNoUEdNMUVZRXZkYlFqMDJIamNZVVZzUVAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8yNjUyY2QtN2VjZi00OWU4LWE0Zjgt
Yzc4NjkxMjg1ODJjLzEvUlBDd2Z0TnVIZXlYemNhYktSSnNYSTkwX204LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8yNjUyY2QtN2VjZi00OWU4LWE0ZjgtYzc4NjkxMjg1ODJj
LzEvMkNoUEdNMUVZRXZkYlFqMDJIamNZVVZzUVAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvwGMA0G
CSqGSIb3DQEBCwUAA4IBAQBR+Y0aY9xSLBjq+k+d1uRF4X7BszILdf2Fo36zadeh
G+pJS3urxxtOFfy7OMvXVSrBvgQGfGsgn5/yKTuFbIem4NWzKTNm0ZyrWjb/ruIo
Dqw60MkJWvLeVjhXstxNnBFHhix70WbTzaQonKIa5yL7iY9ofR0j81NaiKduAjpz
Aei9Th5fQSwu4Div8V0TgISia3Ufhk7Qe/wrKn/XlmJ1fyHNqbWnXA254XwO+cIx
VW8QrB/87Uiilx2m3vdpMLjb3zlUAm2xEIZfRYJvyH86dyWdZoh7/bBVuWC42baz
FZ/zthWCwZXSqQ1TmdUhW5lZOoluzgce18XGOvaizfSZ
-----END CERTIFICATE-----