Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/5NTDG_4DonHS7H3yvxy4PxjkwQ0.roa
File:                     5NTDG_4DonHS7H3yvxy4PxjkwQ0.roa (raw, json)
Hash identifier:          ZSFDJk1ZqWOAdRiURj7xQ+/OrW7kArTE55P4V3G1IuM=
Subject key identifier:   E4:D4:C3:1B:FE:03:A2:71:D2:EC:7D:F2:BF:1C:B8:3F:18:E4:C1:0D
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       018F8188E96BBDFD603D9D9429CEFC30ADAC
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/5NTDG_4DonHS7H3yvxy4PxjkwQ0.roa
Signing time:             Thu 16 May 2024 13:13:04 +0000
ROA not before:           Thu 16 May 2024 13:13:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5650
IP address blocks:        46.20.96.0/24 maxlen: 24
                          46.20.98.0/24 maxlen: 24
                          46.20.102.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:81:88:e9:6b:bd:fd:60:3d:9d:94:29:ce:fc:30:ad:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: May 16 13:13:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e4d4c31bfe03a271d2ec7df2bf1cb83f18e4c10d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:02:37:21:7a:2c:c6:5f:44:6a:04:3d:d2:e2:
                    c9:16:82:ca:5c:25:05:90:ed:3c:f2:09:51:75:fc:
                    a6:b5:5b:65:6d:70:48:13:90:61:a5:e5:71:75:04:
                    c7:c3:35:fc:ae:c1:4a:06:d7:46:a9:59:3c:9f:7b:
                    40:f5:f6:73:ac:2d:98:72:61:fb:e5:7e:75:9c:e9:
                    3d:ad:a8:41:52:3e:7b:f0:1e:bc:c2:64:5d:db:b9:
                    13:dd:bb:7b:23:1e:b4:a1:6d:b3:48:f4:cd:e9:f7:
                    f3:ef:7b:41:c5:20:af:e7:b1:99:b0:71:82:e8:7e:
                    72:f6:12:4b:94:d1:91:74:e0:d4:93:96:ef:5b:90:
                    42:9c:5a:af:8e:47:be:41:ea:27:d7:96:c7:c0:6c:
                    b6:6e:b8:e2:ee:0c:ff:c8:7d:6b:c9:99:c9:d4:59:
                    8b:a8:e8:de:8d:55:d1:2c:1e:95:48:76:12:1f:71:
                    1a:c4:75:33:c1:aa:82:cd:71:75:e3:cd:a5:d2:3f:
                    18:52:e2:d2:76:f4:ec:75:5d:18:ea:e4:7a:b4:e8:
                    28:d5:8a:9f:b0:a1:32:ba:71:7f:10:6f:a2:76:cf:
                    03:e3:c6:02:f8:1b:e0:6f:ff:97:33:79:b8:66:16:
                    56:e9:2b:f7:a8:0d:73:fb:a1:e0:5a:86:e7:41:44:
                    0c:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:D4:C3:1B:FE:03:A2:71:D2:EC:7D:F2:BF:1C:B8:3F:18:E4:C1:0D
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/5NTDG_4DonHS7H3yvxy4PxjkwQ0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.96.0/24
                  46.20.98.0/24
                  46.20.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:1d:60:54:f0:d8:e7:c9:d4:ed:ba:99:61:02:5e:04:c0:0a:
         e2:7f:78:8a:7b:d5:35:2c:b2:23:8e:61:00:4c:45:28:e5:e4:
         9f:91:21:2f:4f:7a:b0:d0:d0:a0:5a:8f:1e:d4:b9:91:d4:d6:
         20:b3:5b:bd:68:37:e8:ac:83:c6:79:9b:7d:b8:20:d3:9d:b2:
         a9:cd:b5:c0:11:68:4c:a2:4d:63:49:09:59:e4:5a:8b:03:dc:
         0d:76:5d:3c:da:fe:79:8b:21:13:c0:97:ff:5b:19:5f:72:33:
         64:6e:3f:c8:35:84:a5:ab:f2:ac:76:83:77:20:d2:2a:14:72:
         a4:b4:b6:7a:65:af:d0:46:fc:1b:2e:40:84:e3:5f:5b:4f:e2:
         11:9e:34:3f:06:0b:95:18:c0:72:f5:4d:a5:29:da:c6:a2:d9:
         8b:a4:41:9f:42:cb:32:56:d9:10:32:b6:6c:18:d5:94:8c:9f:
         05:9e:4a:71:41:2b:7d:86:f7:4a:5d:17:ba:da:f6:72:f8:17:
         8c:d7:21:c8:2e:f8:f0:4d:e1:19:d7:8a:32:4d:71:1c:77:9c:
         f8:f9:64:7b:1e:b7:68:46:d0:cd:17:5c:64:7c:33:3d:ed:d1:
         f3:45:a8:c7:23:45:df:83:78:85:9a:05:c1:4f:b9:f7:ba:2f:
         c6:2f:af:47
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY+BiOlrvf1gPZ2UKc78MK2sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjQwNTE2MTMxMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNGQ0YzMxYmZlMDNhMjcxZDJlYzdkZjJiZjFjYjgzZjE4ZTRjMTBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQI3IXosxl9EagQ90uLJFoLKXCUF
kO088glRdfymtVtlbXBIE5BhpeVxdQTHwzX8rsFKBtdGqVk8n3tA9fZzrC2YcmH7
5X51nOk9rahBUj578B68wmRd27kT3bt7Ix60oW2zSPTN6ffz73tBxSCv57GZsHGC
6H5y9hJLlNGRdODUk5bvW5BCnFqvjke+Qeon15bHwGy2brji7gz/yH1ryZnJ1FmL
qOjejVXRLB6VSHYSH3EaxHUzwaqCzXF1482l0j8YUuLSdvTsdV0Y6uR6tOgo1Yqf
sKEyunF/EG+ids8D48YC+Bvgb/+XM3m4ZhZW6Sv3qA1z+6HgWobnQUQMpQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOTUwxv+A6Jx0ux98r8cuD8Y5MENMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvNU5UREdfNERvbkhTN0gzeXZ4eTRQeGprd1EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALhRgAwQA
LhRiAwQALhRmMA0GCSqGSIb3DQEBCwUAA4IBAQAdHWBU8NjnydTtuplhAl4EwAri
f3iKe9U1LLIjjmEATEUo5eSfkSEvT3qw0NCgWo8e1LmR1NYgs1u9aDforIPGeZt9
uCDTnbKpzbXAEWhMok1jSQlZ5FqLA9wNdl082v55iyETwJf/WxlfcjNkbj/INYSl
q/KsdoN3INIqFHKktLZ6Za/QRvwbLkCE419bT+IRnjQ/BguVGMBy9U2lKdrGotmL
pEGfQssyVtkQMrZsGNWUjJ8FnkpxQSt9hvdKXRe62vZy+BeM1yHILvjwTeEZ14oy
TXEcd5z4+WR7HrdoRtDNF1xkfDM97dHzRajHI0Xfg3iFmgXBT7n3ui/GL69H
-----END CERTIFICATE-----