Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/dbvqXjvIwlQTx6pzbpAR0p_YZEo.roa
File:                     dbvqXjvIwlQTx6pzbpAR0p_YZEo.roa (raw, json)
Hash identifier:          uDrZIDsvoe1pjPMZW+q5wm9NcpHZfaejTieCaRA1dt0=
Subject key identifier:   75:BB:EA:5E:3B:C8:C2:54:13:C7:AA:73:6E:90:11:D2:9F:D8:64:4A
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       018EC7C9C319B9D665676BF7183EECD471B9
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/dbvqXjvIwlQTx6pzbpAR0p_YZEo.roa
Signing time:             Wed 10 Apr 2024 11:34:32 +0000
ROA not before:           Wed 10 Apr 2024 11:34:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44547
IP address blocks:        46.102.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c7:c9:c3:19:b9:d6:65:67:6b:f7:18:3e:ec:d4:71:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr 10 11:34:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=75bbea5e3bc8c25413c7aa736e9011d29fd8644a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:81:bd:5d:35:b1:0e:ee:a0:4b:97:be:aa:6f:
                    9d:5e:6f:c4:49:ab:4f:ba:20:39:ad:0a:ac:32:09:
                    c8:73:b7:87:46:3c:cf:25:44:94:c3:db:03:6a:05:
                    d4:94:ef:90:46:a3:db:c6:d3:54:03:6c:a0:b4:d6:
                    71:0f:4c:ef:4e:a4:f9:0d:68:24:70:e8:4b:fc:61:
                    85:fa:72:6d:cc:aa:ce:89:5f:04:45:3f:d0:ba:71:
                    f7:c4:4e:e9:9a:c5:2f:8b:a5:9b:7c:1b:de:9c:ee:
                    c7:88:3d:ab:12:bc:ad:2d:58:34:52:e7:95:f1:28:
                    97:70:5d:4b:b9:de:c2:27:70:f1:50:ea:05:bf:9b:
                    90:b6:04:2f:12:f5:7a:e3:1b:2f:33:c9:fb:68:cd:
                    8e:e9:41:8b:d1:61:ba:af:26:55:82:3f:18:dd:6f:
                    49:1a:7f:ee:9c:58:31:8e:ac:64:e0:bf:ff:fb:63:
                    ac:f2:b0:e6:b3:34:57:87:27:cf:60:ce:5e:ca:6c:
                    42:80:dc:59:3b:39:d2:29:78:01:f0:d1:9c:9e:8f:
                    32:00:5d:6f:57:d7:d0:1f:64:d9:c1:81:bd:eb:35:
                    9c:0a:47:08:1a:05:a9:e8:42:6e:c8:72:6b:6a:30:
                    8c:4a:4f:c5:a5:c2:0e:25:a9:47:36:17:81:07:c3:
                    2b:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:BB:EA:5E:3B:C8:C2:54:13:C7:AA:73:6E:90:11:D2:9F:D8:64:4A
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/dbvqXjvIwlQTx6pzbpAR0p_YZEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:69:b1:73:5d:c4:eb:63:3b:86:3e:eb:2d:94:85:84:c4:3f:
         24:15:f2:dc:a7:d9:2c:12:43:20:7c:74:1b:c5:e5:88:8c:aa:
         28:55:ff:e4:d6:c7:f2:57:df:11:be:fd:e4:8f:24:fe:ef:bb:
         fd:6b:62:e9:23:e3:d5:7b:3f:04:b2:63:8e:17:93:d3:00:f2:
         eb:ee:d8:ca:f4:73:a8:68:98:f9:5b:70:90:91:89:2e:dc:92:
         5f:68:82:82:45:10:1d:07:5a:b2:37:65:75:54:07:c0:03:cb:
         e2:42:22:32:7d:a1:db:3b:91:91:d3:4c:a3:80:34:63:10:ae:
         2b:40:80:28:45:a6:6a:26:e6:42:7b:70:90:33:26:38:65:df:
         be:53:f9:3e:d7:c4:73:b2:5a:04:41:fa:40:68:3e:05:4e:a0:
         e2:32:a5:72:bc:1a:f3:a2:9c:ae:07:51:8e:97:39:ec:5a:60:
         97:7c:e5:57:3f:1d:67:0b:bc:83:fc:45:cb:ff:df:60:ff:1f:
         85:14:1b:d3:a0:70:42:c3:22:c1:f7:c6:c7:89:49:3e:50:70:
         8c:b9:f9:67:84:27:7d:9e:2a:e3:35:73:6a:1f:ec:df:a9:bf:
         df:db:bd:b9:66:e2:09:d3:11:ab:00:56:4d:55:04:f7:bc:01:
         ba:f1:9b:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7HycMZudZlZ2v3GD7s1HG5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwNDEwMTEzNDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NWJiZWE1ZTNiYzhjMjU0MTNjN2FhNzM2ZTkwMTFkMjlmZDg2NDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4G9XTWxDu6gS5e+qm+dXm/ESatP
uiA5rQqsMgnIc7eHRjzPJUSUw9sDagXUlO+QRqPbxtNUA2ygtNZxD0zvTqT5DWgk
cOhL/GGF+nJtzKrOiV8ERT/QunH3xE7pmsUvi6WbfBvenO7HiD2rErytLVg0UueV
8SiXcF1Lud7CJ3DxUOoFv5uQtgQvEvV64xsvM8n7aM2O6UGL0WG6ryZVgj8Y3W9J
Gn/unFgxjqxk4L//+2Os8rDmszRXhyfPYM5eymxCgNxZOznSKXgB8NGcno8yAF1v
V9fQH2TZwYG96zWcCkcIGgWp6EJuyHJrajCMSk/FpcIOJalHNheBB8MrQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHW76l47yMJUE8eqc26QEdKf2GRKMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvZGJ2cVhqdkl3bFFUeDZwemJwQVIwcF9ZWkVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALmbtMA0G
CSqGSIb3DQEBCwUAA4IBAQBNabFzXcTrYzuGPustlIWExD8kFfLcp9ksEkMgfHQb
xeWIjKooVf/k1sfyV98Rvv3kjyT+77v9a2LpI+PVez8EsmOOF5PTAPLr7tjK9HOo
aJj5W3CQkYku3JJfaIKCRRAdB1qyN2V1VAfAA8viQiIyfaHbO5GR00yjgDRjEK4r
QIAoRaZqJuZCe3CQMyY4Zd++U/k+18RzsloEQfpAaD4FTqDiMqVyvBrzopyuB1GO
lznsWmCXfOVXPx1nC7yD/EXL/99g/x+FFBvToHBCwyLB98bHiUk+UHCMuflnhCd9
nirjNXNqH+zfqb/f2725ZuIJ0xGrAFZNVQT3vAG68Zun
-----END CERTIFICATE-----