Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/s46QjwzwEqhKZO7ldTmRhay_13Y.roa
File:                     s46QjwzwEqhKZO7ldTmRhay_13Y.roa (raw, json)
Hash identifier:          /EnhaA5l+0ixAVOoZ75bfCwPB4NX9iOIcY50OHBAYQM=
Subject key identifier:   B3:8E:90:8F:0C:F0:12:A8:4A:64:EE:E5:75:39:91:85:AC:BF:D7:76
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       018D9CB04A8E9FDBC4A0BAE0572F851EF71A
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/s46QjwzwEqhKZO7ldTmRhay_13Y.roa
Signing time:             Mon 12 Feb 2024 09:40:15 +0000
ROA not before:           Mon 12 Feb 2024 09:40:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6713
IP address blocks:        80.15.243.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9c:b0:4a:8e:9f:db:c4:a0:ba:e0:57:2f:85:1e:f7:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Feb 12 09:40:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b38e908f0cf012a84a64eee575399185acbfd776
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:bf:c9:10:7c:9f:4b:4e:4b:96:e1:f7:77:e4:
                    93:7d:54:c6:fc:b4:e1:97:d9:70:6e:5f:15:5d:5b:
                    1a:8c:e6:02:74:e9:9e:9a:f2:3c:82:ea:68:db:03:
                    a6:67:bb:cb:7d:4c:f9:37:8f:ba:54:21:6b:70:7d:
                    05:3d:d5:fa:7c:ee:1f:eb:51:27:0c:b9:a4:bf:24:
                    ae:96:94:1b:d5:99:b3:28:f6:28:c0:18:56:88:51:
                    ad:86:2c:93:b7:93:4b:60:6e:b8:61:f0:6a:c1:0e:
                    76:b8:ae:0d:15:a4:77:af:3e:38:e4:a8:17:a2:f5:
                    a7:28:b3:25:0e:2d:85:f1:70:b9:bd:65:be:02:06:
                    68:2a:3c:1a:2d:24:d9:ca:2a:04:94:af:e0:24:8e:
                    37:87:a8:22:04:e7:1e:c1:72:d8:7c:03:9e:1e:18:
                    d5:35:cb:02:89:1f:7c:47:09:2b:37:77:e4:5b:0c:
                    80:86:cb:a0:e3:84:d4:8d:dd:be:6e:35:91:47:ff:
                    86:70:03:ad:b5:62:a4:0f:ee:94:3f:f7:1a:52:be:
                    a3:8d:1c:f0:49:7a:ca:91:19:8d:a7:de:c5:de:85:
                    fe:2e:d7:c7:a7:18:c9:23:22:e7:1a:0a:d2:f4:fc:
                    21:59:35:f8:be:ae:84:14:40:de:9d:c0:a8:e3:e3:
                    8a:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:8E:90:8F:0C:F0:12:A8:4A:64:EE:E5:75:39:91:85:AC:BF:D7:76
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/s46QjwzwEqhKZO7ldTmRhay_13Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.15.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:d5:6d:aa:b9:ce:4b:24:99:3d:5e:a4:18:ad:95:26:2c:91:
         c9:46:02:60:e6:b0:47:6e:c1:7a:04:47:12:7c:0b:34:24:3f:
         79:fe:d0:cd:8f:66:d2:40:08:68:a2:d3:0f:0f:9d:5e:34:f6:
         fe:86:94:b5:aa:db:96:4d:92:3b:f0:57:5a:44:f4:cf:63:c2:
         a9:cc:b0:ee:64:b2:ad:13:45:b5:f3:ff:6e:4a:05:45:8c:e8:
         51:b1:78:4f:23:06:3a:6f:ec:82:9d:b1:b0:77:fd:96:5f:7b:
         35:d0:34:bd:4f:6c:35:42:f4:e0:d3:f5:d9:4e:fc:f7:03:9a:
         59:a5:4b:0b:69:59:c7:9b:fc:16:7c:5f:7f:4b:18:ec:e6:12:
         fe:fe:bc:00:4f:6f:3d:51:86:88:25:b0:de:34:64:c4:9f:2d:
         cf:de:f5:77:69:53:c9:bd:26:7e:bf:de:b2:81:33:72:2b:b4:
         75:69:75:cb:95:66:f7:cb:1a:4a:ca:79:12:45:78:b9:a7:02:
         b2:86:e0:6e:ce:6e:22:4e:a4:8c:93:0b:fe:cf:90:9b:ea:7f:
         9a:ee:99:e1:70:a9:db:8e:d6:62:2e:a5:5e:d4:ee:aa:db:28:
         ed:f1:97:1b:ab:a2:ef:ea:5a:75:41:76:14:81:9c:2f:bc:e1:
         0c:63:18:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY2csEqOn9vEoLrgVy+FHvcaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjQwMjEyMDk0MDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzhlOTA4ZjBjZjAxMmE4NGE2NGVlZTU3NTM5OTE4NWFjYmZkNzc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwr/JEHyfS05LluH3d+STfVTG/LTh
l9lwbl8VXVsajOYCdOmemvI8gupo2wOmZ7vLfUz5N4+6VCFrcH0FPdX6fO4f61En
DLmkvySulpQb1ZmzKPYowBhWiFGthiyTt5NLYG64YfBqwQ52uK4NFaR3rz445KgX
ovWnKLMlDi2F8XC5vWW+AgZoKjwaLSTZyioElK/gJI43h6giBOcewXLYfAOeHhjV
NcsCiR98RwkrN3fkWwyAhsug44TUjd2+bjWRR/+GcAOttWKkD+6UP/caUr6jjRzw
SXrKkRmNp97F3oX+LtfHpxjJIyLnGgrS9PwhWTX4vq6EFEDencCo4+OKywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLOOkI8M8BKoSmTu5XU5kYWsv9d2MB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvczQ2UWp3endFcWhLWk83bGRUbVJoYXlfMTNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUA/zMA0G
CSqGSIb3DQEBCwUAA4IBAQBu1W2quc5LJJk9XqQYrZUmLJHJRgJg5rBHbsF6BEcS
fAs0JD95/tDNj2bSQAhootMPD51eNPb+hpS1qtuWTZI78FdaRPTPY8KpzLDuZLKt
E0W18/9uSgVFjOhRsXhPIwY6b+yCnbGwd/2WX3s10DS9T2w1QvTg0/XZTvz3A5pZ
pUsLaVnHm/wWfF9/Sxjs5hL+/rwAT289UYaIJbDeNGTEny3P3vV3aVPJvSZ+v96y
gTNyK7R1aXXLlWb3yxpKynkSRXi5pwKyhuBuzm4iTqSMkwv+z5Cb6n+a7pnhcKnb
jtZiLqVe1O6q2yjt8Zcbq6Lv6lp1QXYUgZwvvOEMYxgo
-----END CERTIFICATE-----