Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Gc4GFjRqJA13brQpyXI8Ft02P7I.roa
File:                     Gc4GFjRqJA13brQpyXI8Ft02P7I.roa (raw, json)
Hash identifier:          U5SsZ3oURLkpSVdEKAm/d3hn7DJtIkISdceFjkeiKhs=
Subject key identifier:   19:CE:06:16:34:6A:24:0D:77:6E:B4:29:C9:72:3C:16:DD:36:3F:B2
Certificate issuer:       /CN=67499595a65aab0b53768def08091e31061e9e65
Certificate serial:       018EE1C1EF1B8857F816764E58317EAB3D2A
Authority key identifier: 67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Gc4GFjRqJA13brQpyXI8Ft02P7I.roa
Signing time:             Mon 15 Apr 2024 12:36:06 +0000
ROA not before:           Mon 15 Apr 2024 12:36:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     147293
IP address blocks:        46.20.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e1:c1:ef:1b:88:57:f8:16:76:4e:58:31:7e:ab:3d:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67499595a65aab0b53768def08091e31061e9e65
        Validity
            Not Before: Apr 15 12:36:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=19ce0616346a240d776eb429c9723c16dd363fb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f7:28:2f:41:d0:f9:27:c4:a0:a9:45:e7:c2:
                    3f:11:30:21:1b:a2:67:02:38:fd:53:78:5b:ab:9e:
                    54:f9:ff:f2:1e:8d:b8:46:18:d9:15:f3:19:85:2e:
                    3c:a1:b4:3c:f7:bf:04:89:80:ef:17:96:07:c3:c8:
                    9a:f5:af:af:9a:d5:c0:cc:42:e3:1b:c3:79:f7:39:
                    f0:25:4e:2d:47:38:59:78:36:b9:3d:a6:01:29:33:
                    bb:17:61:63:28:06:b8:05:fe:1d:7e:8c:30:a7:48:
                    48:05:1c:31:6c:ba:42:43:a1:ad:fa:43:6d:e6:fe:
                    80:a5:e3:8e:2d:86:34:fe:ff:d8:66:81:8e:49:97:
                    5d:43:bc:8a:b5:71:02:f0:f4:17:68:b2:17:0b:9b:
                    0c:4d:1d:08:6d:d9:8e:99:ca:17:5c:81:1a:16:0f:
                    16:9e:e8:d5:f7:0d:bf:9a:65:42:32:19:f0:d7:5c:
                    54:66:09:43:1f:67:da:de:55:4f:0c:2d:3a:3c:f4:
                    64:12:66:8d:93:c5:83:fb:5e:79:9b:07:21:ea:91:
                    5b:30:6b:58:6f:02:6c:8a:c3:09:42:95:88:ab:51:
                    77:8c:82:d4:dc:2d:49:d7:cf:2f:27:f7:bc:bb:03:
                    14:e4:ef:bb:49:76:65:7a:4f:1f:e0:6f:01:27:c9:
                    80:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:CE:06:16:34:6A:24:0D:77:6E:B4:29:C9:72:3C:16:DD:36:3F:B2
            X509v3 Authority Key Identifier:
                keyid:67:49:95:95:A6:5A:AB:0B:53:76:8D:EF:08:09:1E:31:06:1E:9E:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z0mVlaZaqwtTdo3vCAkeMQYenmU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Gc4GFjRqJA13brQpyXI8Ft02P7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b744b8-f39d-495b-b217-35508041652d/1/Z0mVlaZaqwtTdo3vCAkeMQYenmU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:95:bf:f2:20:08:ca:97:72:a4:b4:31:67:24:82:c4:61:bc:
         a9:c2:1e:10:5c:2c:17:71:c8:93:dd:99:77:80:8b:d6:bd:63:
         60:89:4e:86:31:30:51:cd:8f:b6:ff:5b:a2:8a:1a:26:2f:43:
         6f:18:b1:4b:a1:a9:3c:65:51:c4:21:16:b8:b7:7d:96:54:39:
         87:db:71:cb:49:c3:5e:ac:9a:c5:0b:1c:ba:e0:7e:1b:52:0c:
         d7:ad:62:1d:c2:8c:82:f4:5b:6f:7c:b0:7f:a4:71:a4:ff:06:
         ab:50:63:a4:53:8d:c8:41:8c:d0:a9:2e:7f:7d:d0:27:cc:9e:
         01:4e:75:93:1c:f8:14:c7:3a:75:0d:c9:0d:f0:06:88:b6:55:
         b4:ef:55:79:bb:de:93:39:f2:7f:3c:ec:65:e1:c5:9f:22:2a:
         55:54:37:de:bd:75:01:1b:2f:73:35:23:2b:4b:7b:22:d4:06:
         60:98:32:80:62:cd:da:6b:48:2f:b1:f3:41:b1:a9:d1:bf:13:
         50:d2:37:dc:90:d1:bf:f2:b9:7b:71:b9:0a:35:32:ea:38:ac:
         d8:81:7f:62:0f:6f:c2:be:04:c9:46:35:3a:73:8f:65:ac:af:
         d6:87:a1:9d:6d:fa:e1:9d:de:23:bb:f4:ec:57:5b:f5:e6:27:
         34:7f:aa:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7hwe8biFf4FnZOWDF+qz0qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3NDk5NTk1YTY1YWFiMGI1Mzc2OGRlZjA4MDkxZTMxMDYx
ZTllNjUwHhcNMjQwNDE1MTIzNjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOWNlMDYxNjM0NmEyNDBkNzc2ZWI0MjljOTcyM2MxNmRkMzYzZmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/coL0HQ+SfEoKlF58I/ETAhG6Jn
Ajj9U3hbq55U+f/yHo24RhjZFfMZhS48obQ8978EiYDvF5YHw8ia9a+vmtXAzELj
G8N59znwJU4tRzhZeDa5PaYBKTO7F2FjKAa4Bf4dfowwp0hIBRwxbLpCQ6Gt+kNt
5v6ApeOOLYY0/v/YZoGOSZddQ7yKtXEC8PQXaLIXC5sMTR0IbdmOmcoXXIEaFg8W
nujV9w2/mmVCMhnw11xUZglDH2fa3lVPDC06PPRkEmaNk8WD+155mwch6pFbMGtY
bwJsisMJQpWIq1F3jILU3C1J188vJ/e8uwMU5O+7SXZlek8f4G8BJ8mAmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBnOBhY0aiQNd260KclyPBbdNj+yMB8GA1UdIwQY
MBaAFGdJlZWmWqsLU3aN7wgJHjEGHp5lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTct
MzU1MDgwNDE2NTJkLzEvR2M0R0ZqUnFKQTEzYnJRcHlYSThGdDAyUDdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNzQ0YjgtZjM5ZC00OTViLWIyMTctMzU1MDgwNDE2NTJk
LzEvWjBtVmxhWmFxd3RUZG8zdkNBa2VNUVllbm1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhRtMA0G
CSqGSIb3DQEBCwUAA4IBAQCUlb/yIAjKl3KktDFnJILEYbypwh4QXCwXcciT3Zl3
gIvWvWNgiU6GMTBRzY+2/1uiihomL0NvGLFLoak8ZVHEIRa4t32WVDmH23HLScNe
rJrFCxy64H4bUgzXrWIdwoyC9FtvfLB/pHGk/warUGOkU43IQYzQqS5/fdAnzJ4B
TnWTHPgUxzp1DckN8AaItlW071V5u96TOfJ/POxl4cWfIipVVDfevXUBGy9zNSMr
S3si1AZgmDKAYs3aa0gvsfNBsanRvxNQ0jfckNG/8rl7cbkKNTLqOKzYgX9iD2/C
vgTJRjU6c49lrK/Wh6Gdbfrhnd4ju/TsV1v15ic0f6oM
-----END CERTIFICATE-----