Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/eESvGgxD2gdyKlZq5QiJCi1mP6w.roa
File:                     eESvGgxD2gdyKlZq5QiJCi1mP6w.roa (raw, json)
Hash identifier:          F9X6GXskhhq1C4QI6GWWPnXNMGuFZLyDCnxRY6kUX70=
Subject key identifier:   78:44:AF:1A:0C:43:DA:07:72:2A:56:6A:E5:08:89:0A:2D:66:3F:AC
Certificate issuer:       /CN=f7aa039b886b226578bdb6a42781bf59044bb138
Certificate serial:       018CC6B87F2E6703250D12AEB1A5A93538AF
Authority key identifier: F7:AA:03:9B:88:6B:22:65:78:BD:B6:A4:27:81:BF:59:04:4B:B1:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/96oDm4hrImV4vbakJ4G_WQRLsTg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/eESvGgxD2gdyKlZq5QiJCi1mP6w.roa
Signing time:             Mon 01 Jan 2024 20:30:29 +0000
ROA not before:           Mon 01 Jan 2024 20:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48225
IP address blocks:        46.252.251.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/96oDm4hrImV4vbakJ4G_WQRLsTg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/96oDm4hrImV4vbakJ4G_WQRLsTg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/96oDm4hrImV4vbakJ4G_WQRLsTg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:7f:2e:67:03:25:0d:12:ae:b1:a5:a9:35:38:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7aa039b886b226578bdb6a42781bf59044bb138
        Validity
            Not Before: Jan  1 20:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7844af1a0c43da07722a566ae508890a2d663fac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:fd:07:7b:6f:f1:db:da:51:32:df:f2:7a:4f:
                    e0:d6:d2:d1:37:df:b3:13:05:6c:f5:c7:46:9f:7a:
                    f3:ab:8d:9a:6e:7f:7e:4d:1b:ad:4a:d0:a3:0a:cb:
                    7a:28:c4:40:99:d1:fc:e6:70:92:58:c2:75:5a:37:
                    75:51:fd:fc:43:01:f9:dc:97:7b:63:da:26:c1:63:
                    0d:34:54:c2:03:df:68:1c:56:35:01:02:94:6e:37:
                    61:c1:07:58:87:21:5a:95:14:93:46:43:65:8d:d6:
                    38:77:93:ef:f5:e1:ca:9f:f3:f4:75:de:d4:e4:67:
                    ca:36:20:36:c3:e1:8a:ec:67:47:b5:58:99:df:c7:
                    9a:de:ae:57:14:59:84:d9:7d:25:c4:80:91:11:92:
                    58:79:07:3c:1f:25:13:45:6a:f5:61:f1:ac:ac:0c:
                    76:16:57:5d:b0:3b:47:2d:33:2c:be:67:9e:ef:54:
                    46:b3:3e:b0:04:b5:56:7d:f2:63:6b:1b:ee:04:07:
                    5d:7f:97:ee:b6:20:8c:fd:f5:1e:79:7c:63:a9:9b:
                    eb:80:4d:c7:bb:4a:e4:1f:7a:a4:e4:e8:34:2b:2d:
                    1c:31:f5:32:d2:ea:91:b8:c4:fa:b5:b5:0d:80:bd:
                    d6:ec:20:de:19:be:e9:da:5a:54:7c:33:65:eb:91:
                    c6:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:44:AF:1A:0C:43:DA:07:72:2A:56:6A:E5:08:89:0A:2D:66:3F:AC
            X509v3 Authority Key Identifier:
                keyid:F7:AA:03:9B:88:6B:22:65:78:BD:B6:A4:27:81:BF:59:04:4B:B1:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/96oDm4hrImV4vbakJ4G_WQRLsTg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/eESvGgxD2gdyKlZq5QiJCi1mP6w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/4bbd6c-91ef-4461-821b-6f621d736aff/1/96oDm4hrImV4vbakJ4G_WQRLsTg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.252.251.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:1c:11:3b:3a:e1:89:84:fc:03:1c:20:90:b9:5c:a6:bf:93:
         23:52:c7:8e:94:b5:24:23:ff:e6:31:45:17:eb:ef:8f:5c:a5:
         1f:ac:ce:c8:bb:5e:1f:13:8a:f6:2c:42:f6:33:62:0f:61:79:
         69:38:ea:86:81:02:7f:8e:a1:d7:13:3c:a3:a1:0d:55:26:cb:
         1f:0e:b6:57:57:69:9b:9f:63:39:14:b9:1d:00:5e:f6:b2:c1:
         e7:cf:4e:2e:1e:b1:36:66:33:df:f3:6b:de:e4:07:af:4c:fc:
         21:17:e3:88:13:e1:71:ab:10:71:79:68:ae:de:46:39:1b:f3:
         4b:0b:63:30:ef:90:61:ac:d0:2f:03:a9:f4:7a:1d:9b:9b:51:
         1f:e1:b0:0c:7f:6b:37:d1:1b:84:5a:3d:4a:21:8d:f8:32:9d:
         98:0a:e9:fd:f7:f9:b2:d2:8a:a7:91:4f:69:aa:21:13:1d:a4:
         c2:a1:aa:4b:d0:91:b0:1d:f4:c2:93:5d:5a:59:0c:2e:1c:96:
         63:70:29:d5:ae:46:8c:eb:ed:3d:97:8b:58:79:41:8a:d7:67:
         94:9e:a9:2f:9f:64:fe:b0:24:43:39:e2:5c:fb:fd:72:01:fa:
         d0:ff:17:e6:f7:72:07:5f:c2:55:7e:62:ff:bd:71:96:e2:0e:
         36:01:5e:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuH8uZwMlDRKusaWpNTivMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3YWEwMzliODg2YjIyNjU3OGJkYjZhNDI3ODFiZjU5MDQ0
YmIxMzgwHhcNMjQwMTAxMjAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODQ0YWYxYTBjNDNkYTA3NzIyYTU2NmFlNTA4ODkwYTJkNjYzZmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnv0He2/x29pRMt/yek/g1tLRN9+z
EwVs9cdGn3rzq42abn9+TRutStCjCst6KMRAmdH85nCSWMJ1Wjd1Uf38QwH53Jd7
Y9omwWMNNFTCA99oHFY1AQKUbjdhwQdYhyFalRSTRkNljdY4d5Pv9eHKn/P0dd7U
5GfKNiA2w+GK7GdHtViZ38ea3q5XFFmE2X0lxICREZJYeQc8HyUTRWr1YfGsrAx2
FlddsDtHLTMsvmee71RGsz6wBLVWffJjaxvuBAddf5futiCM/fUeeXxjqZvrgE3H
u0rkH3qk5Og0Ky0cMfUy0uqRuMT6tbUNgL3W7CDeGb7p2lpUfDNl65HGdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhErxoMQ9oHcipWauUIiQotZj+sMB8GA1UdIwQY
MBaAFPeqA5uIayJleL22pCeBv1kES7E4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTZvRG00aHJJbVY0dmJha0o0R19XUVJMc1RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS80YmJkNmMtOTFlZi00NDYxLTgyMWIt
NmY2MjFkNzM2YWZmLzEvZUVTdkdneEQyZ2R5S2xacTVRaUpDaTFtUDZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS80YmJkNmMtOTFlZi00NDYxLTgyMWItNmY2MjFkNzM2YWZm
LzEvOTZvRG00aHJJbVY0dmJha0o0R19XUVJMc1RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvz7MA0G
CSqGSIb3DQEBCwUAA4IBAQBVHBE7OuGJhPwDHCCQuVymv5MjUseOlLUkI//mMUUX
6++PXKUfrM7Iu14fE4r2LEL2M2IPYXlpOOqGgQJ/jqHXEzyjoQ1VJssfDrZXV2mb
n2M5FLkdAF72ssHnz04uHrE2ZjPf82ve5AevTPwhF+OIE+FxqxBxeWiu3kY5G/NL
C2Mw75BhrNAvA6n0eh2bm1Ef4bAMf2s30RuEWj1KIY34Mp2YCun99/my0oqnkU9p
qiETHaTCoapL0JGwHfTCk11aWQwuHJZjcCnVrkaM6+09l4tYeUGK12eUnqkvn2T+
sCRDOeJc+/1yAfrQ/xfm93IHX8JVfmL/vXGW4g42AV6b
-----END CERTIFICATE-----