Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/m-TTyD5CB-1FMpleTtdZtz2iVLE.roa
File:                     m-TTyD5CB-1FMpleTtdZtz2iVLE.roa (raw, json)
Hash identifier:          BpDAB4ve8dPtxr7l3DGq/VDroQC+BxS2uzBG5MYM3oc=
Subject key identifier:   9B:E4:D3:C8:3E:42:07:ED:45:32:99:5E:4E:D7:59:B7:3D:A2:54:B1
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC79424ABEFB2D21DA7277B94BA8914D2
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/m-TTyD5CB-1FMpleTtdZtz2iVLE.roa
Signing time:             Tue 02 Jan 2024 00:30:23 +0000
ROA not before:           Tue 02 Jan 2024 00:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211399
IP address blocks:        46.8.140.0/24 maxlen: 24
                          46.8.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:24:ab:ef:b2:d2:1d:a7:27:7b:94:ba:89:14:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9be4d3c83e4207ed4532995e4ed759b73da254b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:9d:4c:01:2b:9d:4f:b8:19:0a:1f:37:7f:74:
                    c2:09:e4:5f:52:70:ab:6f:18:c3:c7:a8:57:b3:cd:
                    34:30:c9:ad:46:e8:5d:a4:0c:49:0e:d6:11:89:38:
                    4d:1c:8d:f3:e9:27:20:c4:ff:3f:63:42:ff:cd:96:
                    eb:9d:56:9a:38:a0:f4:2d:80:b7:27:bc:0e:68:4d:
                    1d:3d:d1:3b:dc:92:57:15:c4:bf:94:eb:f2:26:b4:
                    44:ef:f8:93:a3:bd:09:fe:98:f5:19:fb:39:b5:60:
                    79:e1:9e:bf:7e:c1:42:1b:7f:85:f9:e2:67:0d:31:
                    43:a2:03:fb:26:90:8a:3b:37:8f:9a:ca:42:18:19:
                    35:67:90:25:1e:20:a9:6a:5b:5d:71:96:b2:04:ca:
                    d4:16:7b:29:8b:a7:9f:60:c4:11:54:a4:ac:0c:80:
                    93:6f:bb:62:3b:f5:c7:9a:43:01:24:0e:5a:12:d1:
                    39:7d:da:d0:e6:39:e2:70:da:30:c0:8f:bc:c3:15:
                    67:d0:e6:c7:02:58:8c:68:18:39:51:05:dd:b3:6a:
                    e9:9c:67:a1:cd:37:84:db:3a:1d:3a:b2:2b:e0:e0:
                    75:52:b8:ed:09:8e:b1:fa:af:03:77:e4:1d:8b:d9:
                    8a:17:39:4e:2d:5a:d1:67:43:2e:b6:4b:37:46:3f:
                    ea:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:E4:D3:C8:3E:42:07:ED:45:32:99:5E:4E:D7:59:B7:3D:A2:54:B1
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/m-TTyD5CB-1FMpleTtdZtz2iVLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.140.0/24
                  46.8.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:b8:ed:d5:6d:52:56:bb:34:2c:2f:c7:89:31:01:28:c2:b1:
         0f:03:c9:f4:59:de:25:58:f9:f5:13:52:d3:47:82:08:59:17:
         66:a7:81:d6:fa:59:25:5e:77:2a:de:3e:a2:0d:f6:05:b3:af:
         5a:1e:92:3b:0f:cb:b4:35:6c:14:b6:3b:41:b7:6f:70:f0:9a:
         6b:c4:e2:aa:39:28:43:94:41:12:52:1d:4b:6e:6c:04:7b:c9:
         68:62:4c:95:33:c3:cb:80:8a:af:9c:8c:a8:8b:17:40:0b:8f:
         f4:8c:c2:a2:df:48:d6:1c:5f:1b:d6:03:2e:4c:52:44:b7:80:
         b5:fc:df:8d:42:73:d0:58:28:b9:b1:d9:47:f9:b5:ce:36:84:
         09:1d:5f:30:61:c2:3b:89:e8:1c:ff:4b:b9:91:d5:1a:14:72:
         b4:c7:a3:ce:42:64:82:aa:b5:dd:06:2f:53:3d:d8:d9:f2:80:
         00:78:06:94:01:4e:36:40:e9:81:1b:4a:b6:26:a9:f4:1c:57:
         ae:ee:63:7e:8b:8f:f2:d5:97:56:e2:1a:8b:2a:c9:cd:92:d4:
         d3:25:4f:20:70:25:2e:a7:63:25:b9:10:ea:5d:52:37:92:30:
         a5:27:1a:42:e5:37:dd:5a:57:a9:54:20:cb:0f:32:81:c4:22:
         42:cc:44:5c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHlCSr77LSHacne5S6iRTSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmU0ZDNjODNlNDIwN2VkNDUzMjk5NWU0ZWQ3NTliNzNkYTI1NGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkp1MASudT7gZCh83f3TCCeRfUnCr
bxjDx6hXs800MMmtRuhdpAxJDtYRiThNHI3z6ScgxP8/Y0L/zZbrnVaaOKD0LYC3
J7wOaE0dPdE73JJXFcS/lOvyJrRE7/iTo70J/pj1Gfs5tWB54Z6/fsFCG3+F+eJn
DTFDogP7JpCKOzePmspCGBk1Z5AlHiCpaltdcZayBMrUFnspi6efYMQRVKSsDICT
b7tiO/XHmkMBJA5aEtE5fdrQ5jnicNowwI+8wxVn0ObHAliMaBg5UQXds2rpnGeh
zTeE2zodOrIr4OB1UrjtCY6x+q8Dd+Qdi9mKFzlOLVrRZ0Mutks3Rj/qkQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJvk08g+QgftRTKZXk7XWbc9olSxMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvbS1UVHlENUNCLTFGTXBsZVR0ZFp0ejJpVkxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALgiMAwQA
LgiUMA0GCSqGSIb3DQEBCwUAA4IBAQCHuO3VbVJWuzQsL8eJMQEowrEPA8n0Wd4l
WPn1E1LTR4IIWRdmp4HW+lklXncq3j6iDfYFs69aHpI7D8u0NWwUtjtBt29w8Jpr
xOKqOShDlEESUh1LbmwEe8loYkyVM8PLgIqvnIyoixdAC4/0jMKi30jWHF8b1gMu
TFJEt4C1/N+NQnPQWCi5sdlH+bXONoQJHV8wYcI7iegc/0u5kdUaFHK0x6POQmSC
qrXdBi9TPdjZ8oAAeAaUAU42QOmBG0q2Jqn0HFeu7mN+i4/y1ZdW4hqLKsnNktTT
JU8gcCUup2MluRDqXVI3kjClJxpC5TfdWlepVCDLDzKBxCJCzERc
-----END CERTIFICATE-----