Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/apj4E20D9IcqO5JjniKhr9NxfN0.roa
File:                     apj4E20D9IcqO5JjniKhr9NxfN0.roa (raw, json)
Hash identifier:          bVjvvInvl3sosB1FQ7VUvce9gZg1ebj1EvGaAxYXwNA=
Subject key identifier:   6A:98:F8:13:6D:03:F4:87:2A:3B:92:63:9E:22:A1:AF:D3:71:7C:DD
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018D691BA66238E00822FB680BF9DBC91C0F
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/apj4E20D9IcqO5JjniKhr9NxfN0.roa
Signing time:             Fri 02 Feb 2024 09:17:16 +0000
ROA not before:           Fri 02 Feb 2024 09:17:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204848
IP address blocks:        46.8.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:1b:a6:62:38:e0:08:22:fb:68:0b:f9:db:c9:1c:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Feb  2 09:17:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6a98f8136d03f4872a3b92639e22a1afd3717cdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:6f:bd:fc:f5:e8:28:c8:cd:3a:a9:2f:bd:98:
                    3c:fa:7a:69:3c:3f:c3:8b:d9:c4:a6:0f:5e:6a:bb:
                    bb:4f:3d:37:eb:90:c6:30:fb:55:d7:e1:82:66:6c:
                    44:91:62:24:13:41:ae:5b:56:fd:23:63:92:48:25:
                    81:85:ce:f9:ba:9b:2d:f7:61:e7:29:5c:85:84:ce:
                    8f:b4:21:54:84:f3:4c:5e:a5:d9:d8:6f:12:a0:b5:
                    b3:52:f0:da:7c:0b:5f:6c:09:b5:ce:45:c7:cb:b5:
                    de:cb:2e:e3:21:92:94:3a:29:57:2d:15:c8:22:2f:
                    7e:e7:d6:3b:82:26:ba:8e:50:e8:8c:dc:42:bd:a0:
                    25:65:78:b7:5b:72:7a:ad:66:83:e1:fa:e8:32:2f:
                    49:8c:32:17:27:07:3b:ad:2d:a9:f9:69:32:e0:12:
                    e6:c9:e9:cb:f6:9b:9b:a8:5d:94:42:0a:e2:25:42:
                    15:e7:92:6b:c9:95:ff:06:74:ac:04:8c:92:91:7a:
                    28:1b:5c:39:65:0d:46:bf:92:a7:f0:18:48:d5:1b:
                    dd:0c:9e:29:08:89:d1:36:cc:9b:d9:07:ef:48:f0:
                    e2:47:e7:2f:8f:98:cb:40:b6:a1:3e:ea:66:48:b1:
                    fd:9f:34:eb:56:b5:a6:a6:f1:79:10:5d:8e:80:88:
                    10:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:98:F8:13:6D:03:F4:87:2A:3B:92:63:9E:22:A1:AF:D3:71:7C:DD
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/apj4E20D9IcqO5JjniKhr9NxfN0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:e9:7a:7d:1d:b6:90:f5:8b:e9:c9:73:85:ed:8e:57:c3:5a:
         3f:d7:8f:42:ef:cb:98:ec:05:65:43:36:ca:0b:a7:7d:22:0d:
         14:41:37:23:36:b6:81:8b:2c:f4:fd:ba:17:74:d5:01:98:01:
         d9:60:1c:7c:0a:3a:d5:89:14:93:c5:4a:de:a8:f0:5d:d0:7d:
         94:24:34:da:20:6e:65:66:c9:2b:97:29:e8:3c:40:00:fa:40:
         3c:41:4e:9e:1c:28:a2:22:eb:1c:d3:74:cf:1e:6b:0e:d0:91:
         7f:0e:db:bb:1b:66:b2:49:a0:2d:3e:e1:d7:93:00:19:6f:31:
         f4:a6:54:36:54:6f:2b:f4:b7:fb:95:64:bd:93:9f:f5:d7:d7:
         6e:30:9e:27:7f:c7:8f:ec:ae:e3:40:d7:8c:04:55:51:42:ff:
         76:d0:cc:05:3f:55:c9:e0:38:1f:60:7a:f1:28:6c:9e:22:f8:
         4b:73:bf:42:c2:2c:6c:84:9d:ce:a7:d7:62:ec:81:d4:51:7e:
         80:f0:a0:c8:fd:50:46:64:6d:28:5c:57:f4:a7:96:2d:27:22:
         7a:8f:79:31:64:e9:95:c0:a8:96:1a:99:82:30:e7:c5:bd:ac:
         04:45:18:c8:c2:40:ca:70:bb:6c:5b:e8:a3:9b:21:d5:e1:0e:
         df:1b:e3:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1pG6ZiOOAIIvtoC/nbyRwPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMjAyMDkxNzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTk4ZjgxMzZkMDNmNDg3MmEzYjkyNjM5ZTIyYTFhZmQzNzE3Y2RkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlm+9/PXoKMjNOqkvvZg8+nppPD/D
i9nEpg9earu7Tz0365DGMPtV1+GCZmxEkWIkE0GuW1b9I2OSSCWBhc75upst92Hn
KVyFhM6PtCFUhPNMXqXZ2G8SoLWzUvDafAtfbAm1zkXHy7Xeyy7jIZKUOilXLRXI
Ii9+59Y7gia6jlDojNxCvaAlZXi3W3J6rWaD4froMi9JjDIXJwc7rS2p+Wky4BLm
yenL9pubqF2UQgriJUIV55JryZX/BnSsBIySkXooG1w5ZQ1Gv5Kn8BhI1RvdDJ4p
CInRNsyb2QfvSPDiR+cvj5jLQLahPupmSLH9nzTrVrWmpvF5EF2OgIgQpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGqY+BNtA/SHKjuSY54ioa/TcXzdMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvYXBqNEUyMEQ5SWNxTzVKam5pS2hyOU54Zk4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALghpMA0G
CSqGSIb3DQEBCwUAA4IBAQCy6Xp9HbaQ9YvpyXOF7Y5Xw1o/149C78uY7AVlQzbK
C6d9Ig0UQTcjNraBiyz0/boXdNUBmAHZYBx8CjrViRSTxUreqPBd0H2UJDTaIG5l
ZskrlynoPEAA+kA8QU6eHCiiIusc03TPHmsO0JF/Dtu7G2aySaAtPuHXkwAZbzH0
plQ2VG8r9Lf7lWS9k5/119duMJ4nf8eP7K7jQNeMBFVRQv920MwFP1XJ4DgfYHrx
KGyeIvhLc79CwixshJ3Op9di7IHUUX6A8KDI/VBGZG0oXFf0p5YtJyJ6j3kxZOmV
wKiWGpmCMOfFvawERRjIwkDKcLtsW+ijmyHV4Q7fG+Mi
-----END CERTIFICATE-----