Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/6d7c1c-8ebd-4246-83f9-5f3cc318f180/1/3jL0CS0zeIIOG6OfGUVowEGwEd8.roa
File:                     3jL0CS0zeIIOG6OfGUVowEGwEd8.roa (raw, json)
Hash identifier:          R/d9KWBtQAe3IHn+TDnw2JV5HWvvhbtgtlnciDrVW60=
Subject key identifier:   DE:32:F4:09:2D:33:78:82:0E:1B:A3:9F:19:45:68:C0:41:B0:11:DF
Certificate issuer:       /CN=0c048b5f815235c393fea761e07eb8b8bbf87fd3
Certificate serial:       018CC5DC1BCF19BDBB59508B1E3A4DDB4D5E
Authority key identifier: 0C:04:8B:5F:81:52:35:C3:93:FE:A7:61:E0:7E:B8:B8:BB:F8:7F:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DASLX4FSNcOT_qdh4H64uLv4f9M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/6d7c1c-8ebd-4246-83f9-5f3cc318f180/1/3jL0CS0zeIIOG6OfGUVowEGwEd8.roa
Signing time:             Mon 01 Jan 2024 16:29:45 +0000
ROA not before:           Mon 01 Jan 2024 16:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56588
IP address blocks:        46.226.136.0/21 maxlen: 21
                          2a00:6a00::/29 maxlen: 29
                          2a00:6a07::/32 maxlen: 32
                          2a00:6a00::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/6d7c1c-8ebd-4246-83f9-5f3cc318f180/1/DASLX4FSNcOT_qdh4H64uLv4f9M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/6d7c1c-8ebd-4246-83f9-5f3cc318f180/1/DASLX4FSNcOT_qdh4H64uLv4f9M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DASLX4FSNcOT_qdh4H64uLv4f9M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 13:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:1b:cf:19:bd:bb:59:50:8b:1e:3a:4d:db:4d:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c048b5f815235c393fea761e07eb8b8bbf87fd3
        Validity
            Not Before: Jan  1 16:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de32f4092d3378820e1ba39f194568c041b011df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:70:e9:ad:0f:3d:07:fd:fb:5e:d1:45:09:0f:
                    00:86:88:0f:6d:e8:65:3e:9c:ac:11:7f:f7:22:1e:
                    47:51:af:16:03:b6:a1:72:ae:6d:cb:a1:d6:10:42:
                    5c:99:1b:53:1d:4a:05:d0:e8:d1:d8:a8:3e:60:76:
                    a5:4e:02:6c:c9:64:61:5a:61:00:70:38:c1:ca:ba:
                    d9:cc:b2:bd:81:82:e5:42:9b:63:a4:e9:40:b2:44:
                    37:5c:de:94:b4:47:21:fb:44:42:30:9f:f2:4a:de:
                    56:d6:b6:c6:a7:d0:62:33:a2:73:46:c6:a1:50:b1:
                    61:5f:f0:d8:cc:8c:b6:15:be:98:49:08:72:97:71:
                    47:dc:d0:26:f7:64:d9:c7:54:79:55:59:92:74:17:
                    46:50:35:39:2b:0d:12:32:89:28:e6:c5:9f:aa:75:
                    3e:e4:92:bd:c4:47:49:fe:e5:83:8c:26:e3:df:bc:
                    94:eb:39:07:f8:49:63:98:bb:60:08:5d:34:33:e3:
                    f9:fc:a5:e9:59:ae:12:d7:40:70:30:72:5e:93:3c:
                    85:f5:8c:bc:0c:a7:50:2d:3a:c4:eb:47:94:80:24:
                    ae:0a:32:f3:cb:40:b1:de:9b:ec:ea:70:bb:6c:27:
                    9e:0e:b4:3c:72:3a:70:52:c9:9c:f0:0e:af:30:e2:
                    39:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:32:F4:09:2D:33:78:82:0E:1B:A3:9F:19:45:68:C0:41:B0:11:DF
            X509v3 Authority Key Identifier:
                keyid:0C:04:8B:5F:81:52:35:C3:93:FE:A7:61:E0:7E:B8:B8:BB:F8:7F:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DASLX4FSNcOT_qdh4H64uLv4f9M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/6d7c1c-8ebd-4246-83f9-5f3cc318f180/1/3jL0CS0zeIIOG6OfGUVowEGwEd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/6d7c1c-8ebd-4246-83f9-5f3cc318f180/1/DASLX4FSNcOT_qdh4H64uLv4f9M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.226.136.0/21
                IPv6:
                  2a00:6a00::/29

    Signature Algorithm: sha256WithRSAEncryption
         98:c0:6e:93:ab:58:15:1e:3e:e5:af:c1:25:ed:36:b7:1f:1a:
         84:b1:18:da:68:8e:e2:9a:40:d8:7a:a0:d6:af:2d:86:6b:bb:
         42:11:c1:25:3a:f7:3d:94:d9:af:80:58:14:4b:a5:c5:c5:01:
         92:c7:47:36:8d:c6:85:c8:a4:d9:e7:3c:f6:5c:ad:11:88:d4:
         99:6f:0c:2e:cc:2b:03:5c:53:7b:ed:7e:72:cf:bd:37:24:8f:
         a5:3f:66:c6:08:48:05:b0:0b:fd:73:a7:48:f9:66:6a:ab:94:
         4c:ff:90:71:0d:2a:6e:53:0d:8d:e2:3a:3b:b0:df:de:c3:c3:
         e3:06:17:7f:08:c8:ab:9a:a7:54:94:60:97:f9:5f:8b:a9:25:
         20:e1:8b:73:dc:59:fe:ed:0d:cb:77:b1:ee:1c:ab:64:50:bc:
         59:72:cf:24:69:d3:60:41:66:ff:8b:96:ed:b4:4e:5f:17:b4:
         c2:58:da:3a:fb:6f:52:01:5f:ee:51:e5:ac:a0:91:a9:7d:5f:
         da:aa:14:1c:ff:53:d7:18:b9:20:7a:d6:21:c9:f3:eb:0e:c6:
         02:d9:77:13:05:80:65:eb:fe:d2:16:cb:44:75:32:b9:f8:21:
         31:d6:44:d1:01:59:39:ac:74:ef:ff:b8:0c:ea:60:76:77:45:
         39:6b:27:ff
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3BvPGb27WVCLHjpN201eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjMDQ4YjVmODE1MjM1YzM5M2ZlYTc2MWUwN2ViOGI4YmJm
ODdmZDMwHhcNMjQwMTAxMTYyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTMyZjQwOTJkMzM3ODgyMGUxYmEzOWYxOTQ1NjhjMDQxYjAxMWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAknDprQ89B/37XtFFCQ8AhogPbehl
PpysEX/3Ih5HUa8WA7ahcq5ty6HWEEJcmRtTHUoF0OjR2Kg+YHalTgJsyWRhWmEA
cDjByrrZzLK9gYLlQptjpOlAskQ3XN6UtEch+0RCMJ/ySt5W1rbGp9BiM6JzRsah
ULFhX/DYzIy2Fb6YSQhyl3FH3NAm92TZx1R5VVmSdBdGUDU5Kw0SMoko5sWfqnU+
5JK9xEdJ/uWDjCbj37yU6zkH+EljmLtgCF00M+P5/KXpWa4S10BwMHJekzyF9Yy8
DKdQLTrE60eUgCSuCjLzy0Cx3pvs6nC7bCeeDrQ8cjpwUsmc8A6vMOI5lQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFN4y9AktM3iCDhujnxlFaMBBsBHfMB8GA1UdIwQY
MBaAFAwEi1+BUjXDk/6nYeB+uLi7+H/TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREFTTFg0RlNOY09UX3FkaDRINjR1THY0ZjlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My82ZDdjMWMtOGViZC00MjQ2LTgzZjkt
NWYzY2MzMThmMTgwLzEvM2pMMENTMHplSUlPRzZPZkdVVm93RUd3RWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My82ZDdjMWMtOGViZC00MjQ2LTgzZjktNWYzY2MzMThmMTgw
LzEvREFTTFg0RlNOY09UX3FkaDRINjR1THY0ZjlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDLuKIMA0E
AgACMAcDBQMqAGoAMA0GCSqGSIb3DQEBCwUAA4IBAQCYwG6Tq1gVHj7lr8El7Ta3
HxqEsRjaaI7imkDYeqDWry2Ga7tCEcElOvc9lNmvgFgUS6XFxQGSx0c2jcaFyKTZ
5zz2XK0RiNSZbwwuzCsDXFN77X5yz703JI+lP2bGCEgFsAv9c6dI+WZqq5RM/5Bx
DSpuUw2N4jo7sN/ew8PjBhd/CMirmqdUlGCX+V+LqSUg4Ytz3Fn+7Q3Ld7HuHKtk
ULxZcs8kadNgQWb/i5bttE5fF7TCWNo6+29SAV/uUeWsoJGpfV/aqhQc/1PXGLkg
etYhyfPrDsYC2XcTBYBl6/7SFstEdTK5+CEx1kTRAVk5rHTv/7gM6mB2d0U5ayf/
-----END CERTIFICATE-----