Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/x3ZciEXOrYZzVW2FfFAjQ7ygRco.roa
File:                     x3ZciEXOrYZzVW2FfFAjQ7ygRco.roa (raw, json)
Hash identifier:          ZTi8FL2OR+R2BfY7feNdoqjQHHWALf0lt1rWDbPvtO8=
Subject key identifier:   C7:76:5C:88:45:CE:AD:86:73:55:6D:85:7C:50:23:43:BC:A0:45:CA
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC79419AAC668BC7F136429DCED3399BB
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/x3ZciEXOrYZzVW2FfFAjQ7ygRco.roa
Signing time:             Tue 02 Jan 2024 00:30:20 +0000
ROA not before:           Tue 02 Jan 2024 00:30:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49357
IP address blocks:        46.8.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:19:aa:c6:68:bc:7f:13:64:29:dc:ed:33:99:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7765c8845cead8673556d857c502343bca045ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:25:ec:6e:bd:04:6a:84:28:b3:1a:69:61:40:
                    3b:c1:07:20:44:b6:9a:22:09:7f:12:e4:45:3e:78:
                    87:17:85:13:a9:47:1d:28:61:06:5d:16:f9:0f:c9:
                    b6:bd:a4:e1:65:a4:ff:04:d6:60:13:6b:d3:5e:58:
                    71:91:79:7e:ee:0e:f5:dc:24:0e:8a:96:52:c7:b8:
                    db:04:55:db:94:6a:64:93:97:37:86:e5:7a:59:76:
                    e2:6e:1d:56:7e:a0:0e:50:25:02:5a:7e:02:6f:99:
                    a4:bc:ae:9a:79:96:df:ad:34:59:5c:ee:fe:5c:b4:
                    1f:a5:b4:42:b6:50:98:cb:0f:bf:7b:9c:8b:73:af:
                    b3:f3:fc:32:ad:89:39:b1:a3:52:c7:ee:1a:c7:1d:
                    63:2b:ad:f2:6f:76:03:20:ab:a8:de:f7:39:d5:97:
                    7c:8d:2d:aa:95:d6:b8:9c:3f:5b:b1:3f:e1:61:31:
                    04:2f:8c:07:ba:39:8f:d2:5c:dd:fe:5a:f5:3c:4b:
                    7f:41:2e:0a:09:43:0a:db:c3:0c:f8:2d:c4:1d:1e:
                    e3:eb:31:ce:dd:f2:c2:1b:82:bc:6c:38:ce:e5:8b:
                    78:2f:63:67:5b:f0:1d:8c:52:41:e6:39:5a:50:c6:
                    70:67:cb:23:6c:da:fc:70:47:5c:e5:94:00:27:1c:
                    a1:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:76:5C:88:45:CE:AD:86:73:55:6D:85:7C:50:23:43:BC:A0:45:CA
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/x3ZciEXOrYZzVW2FfFAjQ7ygRco.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:59:46:0d:9d:03:41:cd:5f:c2:09:a7:21:af:63:cd:86:17:
         2b:45:9e:fd:f7:6f:db:ab:00:97:2e:fc:a7:48:51:bf:a3:49:
         e2:4c:53:52:2e:bb:e1:3d:b3:13:75:98:51:5d:07:f0:be:e2:
         2f:07:a2:a5:8b:66:71:55:4b:0e:ca:f9:36:f2:7d:75:24:c6:
         62:c5:15:02:50:0b:f8:c5:2f:26:b8:d1:62:94:4e:e2:14:3d:
         2e:a0:74:b5:bf:50:13:6a:0d:07:d8:cb:37:fa:b0:45:1e:96:
         e2:3f:aa:4b:06:87:81:de:fc:89:89:74:b1:99:8f:3a:c3:d0:
         dd:6e:ce:22:e6:3a:4e:06:95:71:82:f5:97:b0:ce:1e:71:73:
         d7:29:e7:70:38:25:e7:d1:85:4e:70:8d:e6:d2:ea:9d:e9:51:
         da:6f:11:80:04:6b:c9:7a:2e:9b:82:47:1a:44:cd:20:cf:57:
         08:1e:f1:ff:4e:83:12:76:3d:82:06:3e:2f:75:71:12:3e:7e:
         4a:ab:5b:9d:cb:32:84:31:67:5b:f2:0c:4a:bd:8e:a4:0c:e2:
         b3:26:1e:f4:a6:b4:10:12:87:0d:a3:c4:5f:2e:af:64:ff:94:
         85:bd:f1:0f:43:37:24:a0:63:f5:e5:a6:fe:6e:42:05:ab:a3:
         48:8f:31:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlBmqxmi8fxNkKdztM5m7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzc2NWM4ODQ1Y2VhZDg2NzM1NTZkODU3YzUwMjM0M2JjYTA0NWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwiXsbr0EaoQosxppYUA7wQcgRLaa
Igl/EuRFPniHF4UTqUcdKGEGXRb5D8m2vaThZaT/BNZgE2vTXlhxkXl+7g713CQO
ipZSx7jbBFXblGpkk5c3huV6WXbibh1WfqAOUCUCWn4Cb5mkvK6aeZbfrTRZXO7+
XLQfpbRCtlCYyw+/e5yLc6+z8/wyrYk5saNSx+4axx1jK63yb3YDIKuo3vc51Zd8
jS2qlda4nD9bsT/hYTEEL4wHujmP0lzd/lr1PEt/QS4KCUMK28MM+C3EHR7j6zHO
3fLCG4K8bDjO5Yt4L2NnW/AdjFJB5jlaUMZwZ8sjbNr8cEdc5ZQAJxyhWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMd2XIhFzq2Gc1VthXxQI0O8oEXKMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEveDNaY2lFWE9yWVp6VlcyRmZGQWpRN3lnUmNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALgifMA0G
CSqGSIb3DQEBCwUAA4IBAQBXWUYNnQNBzV/CCachr2PNhhcrRZ7992/bqwCXLvyn
SFG/o0niTFNSLrvhPbMTdZhRXQfwvuIvB6Kli2ZxVUsOyvk28n11JMZixRUCUAv4
xS8muNFilE7iFD0uoHS1v1ATag0H2Ms3+rBFHpbiP6pLBoeB3vyJiXSxmY86w9Dd
bs4i5jpOBpVxgvWXsM4ecXPXKedwOCXn0YVOcI3m0uqd6VHabxGABGvJei6bgkca
RM0gz1cIHvH/ToMSdj2CBj4vdXESPn5Kq1udyzKEMWdb8gxKvY6kDOKzJh70prQQ
EocNo8RfLq9k/5SFvfEPQzckoGP15ab+bkIFq6NIjzFF
-----END CERTIFICATE-----