Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/gATvSTd7SYlOzl0RyYPZnXJFguk.roa
File:                     gATvSTd7SYlOzl0RyYPZnXJFguk.roa (raw, json)
Hash identifier:          VNU5oKvRTeH7wisPWkZPlheKHw0W1uU7PeX3y0N/jm0=
Subject key identifier:   80:04:EF:49:37:7B:49:89:4E:CE:5D:11:C9:83:D9:9D:72:45:82:E9
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC794205E177F4DE6209A41A156B92083
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/gATvSTd7SYlOzl0RyYPZnXJFguk.roa
Signing time:             Tue 02 Jan 2024 00:30:22 +0000
ROA not before:           Tue 02 Jan 2024 00:30:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198150
IP address blocks:        46.8.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:20:5e:17:7f:4d:e6:20:9a:41:a1:56:b9:20:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8004ef49377b49894ece5d11c983d99d724582e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:91:13:36:b0:67:81:b0:e0:58:e0:0f:2c:3f:
                    37:c5:94:df:e1:67:a6:f1:d3:13:cd:73:8a:51:5c:
                    93:18:28:75:ad:24:24:b9:7a:19:7f:5a:bc:12:79:
                    80:27:66:8f:8c:13:19:bb:31:5b:96:ad:d7:cf:2f:
                    f5:b6:39:f1:2d:ab:6e:4c:15:57:92:c2:fc:80:fe:
                    2d:e5:f8:0f:fd:2b:dc:50:9f:64:2e:fd:e1:56:60:
                    78:98:78:75:57:51:ff:1e:f8:ca:05:6a:46:7b:95:
                    c6:37:d5:bd:9d:41:38:e8:55:b0:16:5b:6d:9b:c5:
                    15:fd:8c:dd:b8:c2:af:f2:c6:97:b1:26:17:f7:11:
                    a9:a6:28:80:c0:49:53:e0:2c:b6:91:11:1c:71:0c:
                    20:57:e2:00:66:90:4c:18:c5:e8:20:20:d8:73:a2:
                    85:43:8a:11:b6:33:d2:29:b0:34:40:58:22:a6:4d:
                    23:62:11:0d:cc:ae:80:b9:c8:2e:64:ef:eb:b4:62:
                    21:f8:a3:fd:9c:07:b8:4b:ac:65:05:84:c9:46:ee:
                    4a:f4:33:d6:8f:49:a7:93:a9:04:3e:de:27:43:24:
                    6a:1c:2e:05:97:8e:69:83:da:4c:f9:12:8a:e4:a9:
                    8c:27:a2:c9:28:f7:03:41:cc:d0:6d:de:2f:2e:10:
                    38:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:04:EF:49:37:7B:49:89:4E:CE:5D:11:C9:83:D9:9D:72:45:82:E9
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/gATvSTd7SYlOzl0RyYPZnXJFguk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:54:5a:fd:d6:cd:82:22:95:6e:b9:14:31:bd:86:cd:b1:d7:
         c7:30:ed:05:a7:7e:b1:9c:b3:77:6b:0f:42:45:fd:09:61:60:
         ba:4a:58:85:fb:00:c3:42:2e:17:8f:8c:06:e6:ed:61:58:78:
         ab:de:c0:c8:ec:8b:63:be:81:67:8f:6c:37:19:93:22:c3:5d:
         2e:93:68:0b:8e:92:a5:ff:74:24:91:eb:a3:5e:3e:bf:ac:5a:
         10:69:23:44:b3:c3:cd:4b:de:1c:e2:c5:80:16:27:fc:1d:4c:
         7e:85:29:00:f0:b5:5d:93:f7:66:1b:68:01:da:70:a5:10:ee:
         eb:8a:c8:78:9b:08:35:37:f8:f0:b8:ff:5a:60:60:6f:49:42:
         c9:5f:83:e9:d9:bf:4a:2f:4c:ef:94:7a:63:d8:58:73:76:81:
         bd:e2:fb:1c:6e:75:cd:18:29:d7:87:0f:48:7a:ce:56:65:1c:
         b7:92:cd:ec:47:54:f0:56:2a:09:5d:fa:11:94:ce:0c:03:5e:
         f4:0f:1f:b5:76:5e:41:aa:60:3b:75:97:2c:56:f0:db:ca:da:
         89:61:95:2b:30:a4:42:e3:46:4a:00:52:6d:38:b5:31:86:7e:
         4c:0f:9b:29:c3:45:4d:e5:96:f4:96:bc:7f:0d:10:b7:65:1b:
         d5:9c:62:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlCBeF39N5iCaQaFWuSCDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDA0ZWY0OTM3N2I0OTg5NGVjZTVkMTFjOTgzZDk5ZDcyNDU4MmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5ETNrBngbDgWOAPLD83xZTf4Wem
8dMTzXOKUVyTGCh1rSQkuXoZf1q8EnmAJ2aPjBMZuzFblq3Xzy/1tjnxLatuTBVX
ksL8gP4t5fgP/SvcUJ9kLv3hVmB4mHh1V1H/HvjKBWpGe5XGN9W9nUE46FWwFltt
m8UV/YzduMKv8saXsSYX9xGppiiAwElT4Cy2kREccQwgV+IAZpBMGMXoICDYc6KF
Q4oRtjPSKbA0QFgipk0jYhENzK6AucguZO/rtGIh+KP9nAe4S6xlBYTJRu5K9DPW
j0mnk6kEPt4nQyRqHC4Fl45pg9pM+RKK5KmMJ6LJKPcDQczQbd4vLhA4kQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIAE70k3e0mJTs5dEcmD2Z1yRYLpMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvZ0FUdlNUZDdTWWxPemwwUnlZUFpuWEpGZ3VrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALgglMA0G
CSqGSIb3DQEBCwUAA4IBAQAMVFr91s2CIpVuuRQxvYbNsdfHMO0Fp36xnLN3aw9C
Rf0JYWC6SliF+wDDQi4Xj4wG5u1hWHir3sDI7ItjvoFnj2w3GZMiw10uk2gLjpKl
/3QkkeujXj6/rFoQaSNEs8PNS94c4sWAFif8HUx+hSkA8LVdk/dmG2gB2nClEO7r
ish4mwg1N/jwuP9aYGBvSULJX4Pp2b9KL0zvlHpj2FhzdoG94vscbnXNGCnXhw9I
es5WZRy3ks3sR1TwVioJXfoRlM4MA170Dx+1dl5BqmA7dZcsVvDbytqJYZUrMKRC
40ZKAFJtOLUxhn5MD5spw0VN5Zb0lrx/DRC3ZRvVnGII
-----END CERTIFICATE-----