Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/NqQ8m8-G0S83voqYR2VbwnZRrN8.roa
File:                     NqQ8m8-G0S83voqYR2VbwnZRrN8.roa (raw, json)
Hash identifier:          8RKHEC8PfdgqHtYXjtXSk6e1DZ83O03sH0ceP/NihsY=
Subject key identifier:   36:A4:3C:9B:CF:86:D1:2F:37:BE:8A:98:47:65:5B:C2:76:51:AC:DF
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       018DEE71BF8DF6549FC59AC5343950733811
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/NqQ8m8-G0S83voqYR2VbwnZRrN8.roa
Signing time:             Wed 28 Feb 2024 06:40:48 +0000
ROA not before:           Wed 28 Feb 2024 06:40:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211014
IP address blocks:        46.38.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ee:71:bf:8d:f6:54:9f:c5:9a:c5:34:39:50:73:38:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Feb 28 06:40:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=36a43c9bcf86d12f37be8a9847655bc27651acdf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:7b:8b:e4:2e:b9:6d:8f:44:98:a7:c3:05:7f:
                    b8:39:73:94:8e:9b:b9:6a:cb:81:e6:ee:70:12:4e:
                    a2:f5:66:28:46:b2:9d:d4:6e:6d:b5:6c:0b:1f:74:
                    01:82:7e:49:d4:52:f5:80:71:4e:81:3d:75:38:c0:
                    43:c4:93:61:d3:1f:3d:de:62:6c:ff:1a:63:ec:0a:
                    da:8f:72:22:30:77:06:1b:40:71:8f:38:4a:1c:b6:
                    5f:77:07:3d:cf:c9:a1:f9:69:df:29:b1:e8:3c:82:
                    78:f0:65:a5:57:30:44:06:33:86:8e:03:62:05:ae:
                    88:e0:2f:40:4c:1e:e9:f9:70:a8:7d:f7:7d:e7:d3:
                    f8:21:93:29:0e:4d:c8:5c:e0:ed:8a:f8:7c:c8:c8:
                    54:72:88:ea:2e:62:4d:6b:25:0c:6d:9a:31:43:14:
                    af:71:59:f7:56:f3:a6:39:75:08:7b:5c:42:b2:65:
                    c3:35:8d:a6:26:d6:b3:20:f4:f3:04:c7:f8:c2:64:
                    22:37:4a:62:a6:0c:7e:31:50:40:46:a3:4a:f8:fe:
                    c2:2f:c2:a9:37:e1:a9:2e:63:80:c9:2b:26:d1:b8:
                    ae:4d:ed:10:c4:35:62:6a:8b:c1:a3:53:f3:38:cc:
                    af:80:e1:77:38:3b:06:08:fc:e2:b9:a8:09:51:01:
                    67:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:A4:3C:9B:CF:86:D1:2F:37:BE:8A:98:47:65:5B:C2:76:51:AC:DF
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/NqQ8m8-G0S83voqYR2VbwnZRrN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:d9:ad:a1:fc:7a:7b:15:bd:7b:c9:fa:84:41:a2:fb:8b:0c:
         79:2a:60:7d:07:c8:30:81:42:72:a3:18:89:41:e4:93:0a:e9:
         35:58:fc:ac:72:f3:24:aa:d7:8d:d2:3f:8d:5e:c6:38:19:71:
         32:f3:c1:14:25:77:2b:b0:cc:f0:bd:99:8f:af:50:66:cf:04:
         bb:43:82:de:9c:b1:ce:c1:82:83:aa:55:fa:e6:88:0d:c9:c5:
         43:64:51:c1:82:a9:b6:af:c4:69:89:2f:6c:c2:16:2c:78:73:
         6b:74:12:a6:9e:a6:b7:fb:7c:3b:bc:92:5d:b4:41:c0:81:de:
         f6:1b:0d:c7:93:1a:f4:78:b8:3e:27:4f:f9:13:4b:e8:83:f3:
         c5:6c:4f:78:25:b8:40:2e:aa:1b:38:ee:68:00:c5:81:ed:00:
         7d:0e:cd:5a:e4:aa:d3:6d:77:b1:55:b8:73:5b:de:c0:bf:0f:
         04:fc:a2:e7:1b:93:b3:5e:78:ee:cf:96:c1:3a:18:65:32:f5:
         d0:d8:62:50:f8:5a:d9:4b:5f:a0:e8:11:7c:2b:ce:22:82:e4:
         53:1e:33:f1:43:03:83:27:1b:42:32:e7:d4:ae:b2:5e:ff:a4:
         de:bb:50:10:6d:56:f6:9e:8e:14:e9:f3:c6:77:47:d6:c3:bd:
         18:e0:30:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3ucb+N9lSfxZrFNDlQczgRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQwMjI4MDY0MDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNmE0M2M5YmNmODZkMTJmMzdiZThhOTg0NzY1NWJjMjc2NTFhY2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqnuL5C65bY9EmKfDBX+4OXOUjpu5
asuB5u5wEk6i9WYoRrKd1G5ttWwLH3QBgn5J1FL1gHFOgT11OMBDxJNh0x893mJs
/xpj7Araj3IiMHcGG0BxjzhKHLZfdwc9z8mh+WnfKbHoPIJ48GWlVzBEBjOGjgNi
Ba6I4C9ATB7p+XCoffd959P4IZMpDk3IXODtivh8yMhUcojqLmJNayUMbZoxQxSv
cVn3VvOmOXUIe1xCsmXDNY2mJtazIPTzBMf4wmQiN0pipgx+MVBARqNK+P7CL8Kp
N+GpLmOAySsm0biuTe0QxDViaovBo1PzOMyvgOF3ODsGCPziuagJUQFndwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDakPJvPhtEvN76KmEdlW8J2UazfMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvTnFROG04LUcwUzgzdm9xWVIyVmJ3blpSck44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiabMA0G
CSqGSIb3DQEBCwUAA4IBAQAl2a2h/Hp7Fb17yfqEQaL7iwx5KmB9B8gwgUJyoxiJ
QeSTCuk1WPyscvMkqteN0j+NXsY4GXEy88EUJXcrsMzwvZmPr1BmzwS7Q4LenLHO
wYKDqlX65ogNycVDZFHBgqm2r8RpiS9swhYseHNrdBKmnqa3+3w7vJJdtEHAgd72
Gw3Hkxr0eLg+J0/5E0vog/PFbE94JbhALqobOO5oAMWB7QB9Ds1a5KrTbXexVbhz
W97Avw8E/KLnG5OzXnjuz5bBOhhlMvXQ2GJQ+FrZS1+g6BF8K84iguRTHjPxQwOD
JxtCMufUrrJe/6Teu1AQbVb2no4U6fPGd0fWw70Y4DCK
-----END CERTIFICATE-----