Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/jqHDxPLE8nbC2HQFw_raT7qbOWk.roa
File:                     jqHDxPLE8nbC2HQFw_raT7qbOWk.roa (raw, json)
Hash identifier:          tuJ5DPGM5PsdbM6/BEh+1sPESced/+iyD+qq9ORnJjI=
Subject key identifier:   8E:A1:C3:C4:F2:C4:F2:76:C2:D8:74:05:C3:FA:DA:4F:BA:9B:39:69
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC7942417D16D816DB804830731996DFF
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/jqHDxPLE8nbC2HQFw_raT7qbOWk.roa
Signing time:             Tue 02 Jan 2024 00:30:23 +0000
ROA not before:           Tue 02 Jan 2024 00:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208936
IP address blocks:        46.8.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 07:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:24:17:d1:6d:81:6d:b8:04:83:07:31:99:6d:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ea1c3c4f2c4f276c2d87405c3fada4fba9b3969
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:bf:87:3d:e2:a7:5a:da:86:29:61:44:0d:0d:
                    38:f0:be:1d:c1:f5:e4:b7:21:28:a6:e4:40:3e:c7:
                    0e:ae:1a:9f:2e:11:07:66:a9:1d:50:d0:e3:f6:96:
                    75:68:cc:3b:f9:65:bd:1d:69:9a:6e:03:43:39:7c:
                    47:53:1e:6a:cb:43:ac:37:28:61:11:44:e0:c6:e3:
                    a5:f7:0a:2b:90:e4:8e:e5:d6:38:5a:63:f7:79:c3:
                    1a:66:82:db:56:48:e4:7d:fc:09:77:dd:da:91:10:
                    57:f1:36:cd:29:c7:fa:15:56:4d:6a:0d:b4:28:8b:
                    7d:5e:da:cf:aa:38:f4:13:97:66:f3:36:47:74:55:
                    88:1b:64:d5:29:c1:90:9c:4b:f3:14:57:d2:5c:cc:
                    d7:9c:24:76:dd:f5:d9:ac:a6:e8:92:4a:a5:d2:51:
                    d9:85:e5:e4:21:6f:a5:ff:c5:5c:6b:c4:36:9c:b1:
                    18:d2:e7:0e:7f:4b:f5:28:ab:1d:5a:2f:e4:45:52:
                    12:5f:22:ed:a3:55:d2:ab:0c:d2:ab:76:cb:22:a4:
                    00:74:4b:7c:38:1b:d7:4d:86:93:9a:38:80:13:7a:
                    53:7d:f9:0d:5a:9b:a5:3e:80:68:33:8c:84:70:78:
                    71:f0:5d:60:47:21:7b:cf:e4:fa:da:1f:67:aa:ab:
                    67:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:A1:C3:C4:F2:C4:F2:76:C2:D8:74:05:C3:FA:DA:4F:BA:9B:39:69
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/jqHDxPLE8nbC2HQFw_raT7qbOWk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:78:4c:e9:89:ed:de:79:64:cc:2d:c8:34:c4:cd:5f:43:13:
         31:e3:c3:50:fd:ca:81:1d:f3:8c:3e:29:f6:7d:b7:81:f1:b2:
         e2:af:7d:61:96:16:c2:60:69:7c:11:c3:a4:ef:40:cc:2d:0c:
         a4:d5:b4:7e:5b:61:22:bb:dc:2c:e7:c8:ff:f5:4f:e5:27:6b:
         03:d9:9d:dc:38:6d:fc:5e:a2:6b:4a:f0:8c:ac:51:99:97:b6:
         83:a6:c0:77:23:c4:6e:be:23:15:2f:3a:f9:d4:67:f2:1e:88:
         dc:82:5c:6b:76:cf:b7:3a:41:14:5f:5e:4e:f6:0f:99:d8:59:
         0f:6f:da:fc:8b:0b:cd:c9:03:4c:18:e6:2a:33:29:7a:13:bb:
         2c:1f:e2:d9:ce:7d:91:4e:ae:e9:76:4f:7f:58:e2:8b:dd:10:
         0a:ea:7c:f1:5c:52:d1:24:76:ba:f8:55:e2:28:22:9f:44:8b:
         00:20:3a:18:54:d4:f4:f2:77:d1:48:83:25:95:a4:6b:dc:3a:
         0a:61:5a:72:c8:de:2b:ae:48:af:5b:3a:81:68:71:55:a0:ba:
         19:30:be:96:e9:51:2b:a7:15:19:f1:6c:e4:c9:59:2f:8a:be:
         4a:4c:e4:d1:0d:f2:01:ef:84:5e:9a:8a:5c:e4:76:fa:9f:c3:
         9b:84:df:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlCQX0W2BbbgEgwcxmW3/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWExYzNjNGYyYzRmMjc2YzJkODc0MDVjM2ZhZGE0ZmJhOWIzOTY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA67+HPeKnWtqGKWFEDQ048L4dwfXk
tyEopuRAPscOrhqfLhEHZqkdUNDj9pZ1aMw7+WW9HWmabgNDOXxHUx5qy0OsNyhh
EUTgxuOl9workOSO5dY4WmP3ecMaZoLbVkjkffwJd93akRBX8TbNKcf6FVZNag20
KIt9XtrPqjj0E5dm8zZHdFWIG2TVKcGQnEvzFFfSXMzXnCR23fXZrKbokkql0lHZ
heXkIW+l/8Vca8Q2nLEY0ucOf0v1KKsdWi/kRVISXyLto1XSqwzSq3bLIqQAdEt8
OBvXTYaTmjiAE3pTffkNWpulPoBoM4yEcHhx8F1gRyF7z+T62h9nqqtnHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI6hw8TyxPJ2wth0BcP62k+6mzlpMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvanFIRHhQTEU4bmJDMkhRRndfcmFUN3FiT1drLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALgifMA0G
CSqGSIb3DQEBCwUAA4IBAQCaeEzpie3eeWTMLcg0xM1fQxMx48NQ/cqBHfOMPin2
fbeB8bLir31hlhbCYGl8EcOk70DMLQyk1bR+W2Eiu9ws58j/9U/lJ2sD2Z3cOG38
XqJrSvCMrFGZl7aDpsB3I8RuviMVLzr51GfyHojcglxrds+3OkEUX15O9g+Z2FkP
b9r8iwvNyQNMGOYqMyl6E7ssH+LZzn2RTq7pdk9/WOKL3RAK6nzxXFLRJHa6+FXi
KCKfRIsAIDoYVNT08nfRSIMllaRr3DoKYVpyyN4rrkivWzqBaHFVoLoZML6W6VEr
pxUZ8WzkyVkvir5KTOTRDfIB74Remopc5Hb6n8ObhN+l
-----END CERTIFICATE-----