Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/dcb6fb-0e86-4d34-adc3-d93fd49ae8ef/1/ETTG58pm0F4OKXSYGlKGAEkdrV4.roa
File:                     ETTG58pm0F4OKXSYGlKGAEkdrV4.roa (raw, json)
Hash identifier:          WRb4TdkPpLPdzN/BIs5cGM6OfV+ewY6r5JOv3nOoEkM=
Subject key identifier:   11:34:C6:E7:CA:66:D0:5E:0E:29:74:98:1A:52:86:00:49:1D:AD:5E
Certificate issuer:       /CN=51f866f32b47c69d478ad95354e257e51a236a57
Certificate serial:       018CC94E0CC324EF326C31FE8CA235FAAD81
Authority key identifier: 51:F8:66:F3:2B:47:C6:9D:47:8A:D9:53:54:E2:57:E5:1A:23:6A:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ufhm8ytHxp1HitlTVOJX5Rojalc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/dcb6fb-0e86-4d34-adc3-d93fd49ae8ef/1/ETTG58pm0F4OKXSYGlKGAEkdrV4.roa
Signing time:             Tue 02 Jan 2024 08:33:04 +0000
ROA not before:           Tue 02 Jan 2024 08:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60463
IP address blocks:        46.21.218.0/24 maxlen: 24
                          46.21.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/dcb6fb-0e86-4d34-adc3-d93fd49ae8ef/1/Ufhm8ytHxp1HitlTVOJX5Rojalc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/dcb6fb-0e86-4d34-adc3-d93fd49ae8ef/1/Ufhm8ytHxp1HitlTVOJX5Rojalc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ufhm8ytHxp1HitlTVOJX5Rojalc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:0c:c3:24:ef:32:6c:31:fe:8c:a2:35:fa:ad:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=51f866f32b47c69d478ad95354e257e51a236a57
        Validity
            Not Before: Jan  2 08:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1134c6e7ca66d05e0e2974981a528600491dad5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:3d:5a:34:d4:ad:53:8d:d2:ef:8c:63:36:a8:
                    ee:8e:a7:60:6c:bc:4d:55:50:dd:d5:2d:c5:41:02:
                    f3:11:21:0d:7f:a8:1f:99:c5:63:de:ba:01:b7:8f:
                    f8:d5:6b:c3:d2:2a:10:db:88:02:b1:e0:32:ac:dc:
                    51:17:82:eb:83:5b:bb:11:76:be:49:59:ad:90:5a:
                    40:b7:84:52:91:38:a5:fb:ab:2a:c3:ab:47:8a:6a:
                    fb:96:30:e8:d0:3d:41:a2:c6:0b:26:8d:78:0a:bb:
                    a2:d9:71:e7:90:0f:1d:e4:04:ce:40:57:62:59:50:
                    a3:3b:af:39:52:53:fd:34:68:37:3e:cc:cb:21:f9:
                    5b:75:09:8e:ff:63:ed:e1:d1:fb:a0:08:86:4b:e8:
                    d0:e2:28:c8:5b:89:dd:6e:ce:67:1f:8d:11:e2:92:
                    d5:83:e3:03:09:00:57:c0:b9:2b:88:71:31:0d:49:
                    a5:87:fa:82:65:c6:1a:6b:37:ad:28:04:b6:51:03:
                    95:67:86:af:2b:eb:1c:54:49:fa:a7:31:51:ab:91:
                    ca:ad:3a:4a:ff:5a:ea:60:47:03:83:bb:0b:af:fa:
                    73:70:c7:26:00:ef:d9:c4:31:19:96:c1:d6:99:14:
                    2a:c8:1e:fb:1f:03:98:09:e2:1f:1c:5d:56:f1:c1:
                    66:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:34:C6:E7:CA:66:D0:5E:0E:29:74:98:1A:52:86:00:49:1D:AD:5E
            X509v3 Authority Key Identifier:
                keyid:51:F8:66:F3:2B:47:C6:9D:47:8A:D9:53:54:E2:57:E5:1A:23:6A:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ufhm8ytHxp1HitlTVOJX5Rojalc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/dcb6fb-0e86-4d34-adc3-d93fd49ae8ef/1/ETTG58pm0F4OKXSYGlKGAEkdrV4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/dcb6fb-0e86-4d34-adc3-d93fd49ae8ef/1/Ufhm8ytHxp1HitlTVOJX5Rojalc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.21.217.0-46.21.218.255

    Signature Algorithm: sha256WithRSAEncryption
         17:64:07:3e:b5:a4:09:d3:2e:b7:01:76:f4:87:79:91:7f:9c:
         19:16:61:da:32:07:41:22:80:4e:7a:ba:3e:ee:31:99:63:0e:
         2c:79:45:30:5e:1e:50:88:5c:2d:2a:6f:79:ec:fb:43:5f:f4:
         03:b2:16:27:c9:dd:75:83:ba:8b:9d:5e:97:df:2d:bc:a4:2b:
         fa:d8:f0:40:ca:7b:f4:e1:00:7b:06:11:7b:2d:6a:b4:ef:3d:
         c0:c6:2a:21:2b:b7:bb:d6:40:52:b3:29:be:06:5a:5d:2b:5c:
         7f:aa:ad:d1:3a:08:3a:5d:cf:27:9e:09:06:a0:4b:bb:b1:5c:
         aa:42:a1:e4:a7:f7:4d:61:91:71:d6:fe:2b:cd:38:4d:54:92:
         ec:b1:4c:b4:ca:31:41:02:e4:92:01:1b:ec:44:9b:85:47:3a:
         4e:7b:3e:06:cb:df:ea:83:68:41:a5:6c:b6:88:14:1c:48:d4:
         32:ac:23:a5:24:55:f7:62:72:a3:b5:28:d5:1e:bf:8d:01:0b:
         fc:0b:11:83:d3:ba:0b:e6:32:81:93:c3:d7:26:f8:67:4f:83:
         4b:5d:74:0c:5a:94:bf:4a:6f:c4:db:56:4d:26:2d:a2:6e:5b:
         1c:59:03:7c:ec:5b:f7:38:d6:67:37:77:00:9d:f7:f6:96:83:
         bc:5a:1d:ae
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzJTgzDJO8ybDH+jKI1+q2BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxZjg2NmYzMmI0N2M2OWQ0NzhhZDk1MzU0ZTI1N2U1MWEy
MzZhNTcwHhcNMjQwMTAyMDgzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTM0YzZlN2NhNjZkMDVlMGUyOTc0OTgxYTUyODYwMDQ5MWRhZDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjz1aNNStU43S74xjNqjujqdgbLxN
VVDd1S3FQQLzESENf6gfmcVj3roBt4/41WvD0ioQ24gCseAyrNxRF4Lrg1u7EXa+
SVmtkFpAt4RSkTil+6sqw6tHimr7ljDo0D1BosYLJo14Crui2XHnkA8d5ATOQFdi
WVCjO685UlP9NGg3PszLIflbdQmO/2Pt4dH7oAiGS+jQ4ijIW4ndbs5nH40R4pLV
g+MDCQBXwLkriHExDUmlh/qCZcYaazetKAS2UQOVZ4avK+scVEn6pzFRq5HKrTpK
/1rqYEcDg7sLr/pzcMcmAO/ZxDEZlsHWmRQqyB77HwOYCeIfHF1W8cFmIwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBE0xufKZtBeDil0mBpShgBJHa1eMB8GA1UdIwQY
MBaAFFH4ZvMrR8adR4rZU1TiV+UaI2pXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVWZobTh5dEh4cDFIaXRsVFZPSlg1Um9qYWxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9kY2I2ZmItMGU4Ni00ZDM0LWFkYzMt
ZDkzZmQ0OWFlOGVmLzEvRVRURzU4cG0wRjRPS1hTWUdsS0dBRWtkclY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9kY2I2ZmItMGU4Ni00ZDM0LWFkYzMtZDkzZmQ0OWFlOGVm
LzEvVWZobTh5dEh4cDFIaXRsVFZPSlg1Um9qYWxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAuFdkD
BAAuFdowDQYJKoZIhvcNAQELBQADggEBABdkBz61pAnTLrcBdvSHeZF/nBkWYdoy
B0EigE56uj7uMZljDix5RTBeHlCIXC0qb3ns+0Nf9AOyFifJ3XWDuoudXpffLbyk
K/rY8EDKe/ThAHsGEXstarTvPcDGKiErt7vWQFKzKb4GWl0rXH+qrdE6CDpdzyee
CQagS7uxXKpCoeSn901hkXHW/ivNOE1UkuyxTLTKMUEC5JIBG+xEm4VHOk57PgbL
3+qDaEGlbLaIFBxI1DKsI6UkVfdicqO1KNUev40BC/wLEYPTugvmMoGTw9cm+GdP
g0tddAxalL9Kb8TbVk0mLaJuWxxZA3zsW/c41mc3dwCd9/aWg7xaHa4=
-----END CERTIFICATE-----