Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/1be8cf-07ec-47cb-8f63-d3a06d1f5b4b/1/j16ddSFth66sjwN_NWZapxaDSQk.roa
File:                     j16ddSFth66sjwN_NWZapxaDSQk.roa (raw, json)
Hash identifier:          AVzYlL/tdNS5TPdAnTXz9BXdvgrgTg6Quxk796pYuzc=
Subject key identifier:   8F:5E:9D:75:21:6D:87:AE:AC:8F:03:7F:35:66:5A:A7:16:83:49:09
Certificate issuer:       /CN=dc849c7369e7e52c7051d21dba7298308be9c428
Certificate serial:       018CC2DAEDA8F24A4E141064250E161B357B
Authority key identifier: DC:84:9C:73:69:E7:E5:2C:70:51:D2:1D:BA:72:98:30:8B:E9:C4:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3IScc2nn5SxwUdIdunKYMIvpxCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/1be8cf-07ec-47cb-8f63-d3a06d1f5b4b/1/j16ddSFth66sjwN_NWZapxaDSQk.roa
Signing time:             Mon 01 Jan 2024 02:29:36 +0000
ROA not before:           Mon 01 Jan 2024 02:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        46.183.47.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/1be8cf-07ec-47cb-8f63-d3a06d1f5b4b/1/3IScc2nn5SxwUdIdunKYMIvpxCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/1be8cf-07ec-47cb-8f63-d3a06d1f5b4b/1/3IScc2nn5SxwUdIdunKYMIvpxCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3IScc2nn5SxwUdIdunKYMIvpxCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 04:02:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ed:a8:f2:4a:4e:14:10:64:25:0e:16:1b:35:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc849c7369e7e52c7051d21dba7298308be9c428
        Validity
            Not Before: Jan  1 02:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8f5e9d75216d87aeac8f037f35665aa716834909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:91:b6:c3:dd:8c:b4:51:b2:f5:34:36:ca:b2:
                    a6:51:20:25:9b:54:7f:57:2b:56:29:11:5c:95:67:
                    0f:14:01:75:61:2a:8a:f0:29:f3:4a:be:42:f5:db:
                    30:17:bc:79:f0:41:31:4d:49:ec:6b:61:0f:d2:ef:
                    7d:67:6d:db:e1:ca:d1:8c:67:f7:c0:f2:52:5f:b5:
                    67:92:b1:a4:23:f6:a8:e0:ef:cc:a4:71:5e:c3:54:
                    bb:f3:d1:e4:6a:b6:56:0e:b1:de:82:41:47:00:24:
                    5d:1b:c8:d9:5c:c2:37:35:a8:a3:0c:57:34:d8:4b:
                    bc:57:91:5b:3d:88:0c:0c:c9:3d:fc:99:02:5d:dc:
                    e4:d4:4a:90:c0:ff:31:55:f3:20:8a:92:40:38:6d:
                    da:9f:1c:b3:79:af:53:8d:c4:02:6a:47:d1:61:18:
                    d9:0d:cb:30:58:d9:67:f8:32:71:99:91:db:60:37:
                    bc:51:76:8f:ce:b9:d8:0e:68:17:7e:63:f5:80:b8:
                    55:4d:d6:c3:ce:9d:5c:55:e1:c9:d3:ef:dd:a3:89:
                    c8:19:c6:85:74:4c:ba:23:a0:d7:aa:0d:8a:d9:43:
                    9a:e4:64:f3:08:8f:12:93:71:c3:1b:1b:37:7d:01:
                    fc:6d:d8:b1:b0:e0:14:55:0d:e7:19:d7:8a:71:bb:
                    89:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:5E:9D:75:21:6D:87:AE:AC:8F:03:7F:35:66:5A:A7:16:83:49:09
            X509v3 Authority Key Identifier:
                keyid:DC:84:9C:73:69:E7:E5:2C:70:51:D2:1D:BA:72:98:30:8B:E9:C4:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3IScc2nn5SxwUdIdunKYMIvpxCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1be8cf-07ec-47cb-8f63-d3a06d1f5b4b/1/j16ddSFth66sjwN_NWZapxaDSQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1be8cf-07ec-47cb-8f63-d3a06d1f5b4b/1/3IScc2nn5SxwUdIdunKYMIvpxCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:59:28:42:d2:e3:85:9c:74:90:57:fd:8c:e0:d4:eb:86:bb:
         74:35:7b:00:b6:60:f7:63:3a:2c:e4:bf:32:a2:a1:81:df:e7:
         f8:6b:61:fd:a0:23:65:fc:4b:8e:19:11:54:42:06:17:dd:e7:
         96:e3:06:df:98:12:58:f7:50:0b:3b:91:e3:45:48:1d:53:05:
         99:ed:b2:80:91:a3:92:ca:b0:7a:20:de:4a:5e:f5:32:63:b9:
         6a:44:57:cd:f9:4a:c0:5c:60:08:5f:f9:6d:4c:08:3b:60:e8:
         87:15:fe:1b:6f:9c:97:33:5d:e1:7d:00:53:35:8a:2d:a9:e6:
         60:c8:f3:67:d8:fe:3c:12:6c:a9:f3:d4:f9:b8:2f:3f:b9:ac:
         d5:67:be:60:9b:df:84:52:1e:2a:65:90:4e:b3:f5:29:e8:08:
         4b:b3:95:25:77:15:e6:aa:dd:f4:50:ee:48:76:62:81:fa:fd:
         00:c9:11:ab:d4:89:1b:c3:a6:52:c2:a5:5e:8e:fa:3e:69:f0:
         07:45:c0:27:a5:fc:53:99:1d:b7:f9:f0:42:f4:7a:6d:d3:06:
         a7:a6:cb:07:20:56:7d:5f:65:a9:c8:91:69:dc:3d:2a:94:e2:
         57:2f:a0:e0:a8:96:b9:94:ef:9d:9c:b8:5f:da:0b:3f:27:e0:
         85:d5:07:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2u2o8kpOFBBkJQ4WGzV7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjODQ5YzczNjllN2U1MmM3MDUxZDIxZGJhNzI5ODMwOGJl
OWM0MjgwHhcNMjQwMTAxMDIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjVlOWQ3NTIxNmQ4N2FlYWM4ZjAzN2YzNTY2NWFhNzE2ODM0OTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpG2w92MtFGy9TQ2yrKmUSAlm1R/
VytWKRFclWcPFAF1YSqK8CnzSr5C9dswF7x58EExTUnsa2EP0u99Z23b4crRjGf3
wPJSX7VnkrGkI/ao4O/MpHFew1S789HkarZWDrHegkFHACRdG8jZXMI3NaijDFc0
2Eu8V5FbPYgMDMk9/JkCXdzk1EqQwP8xVfMgipJAOG3anxyzea9TjcQCakfRYRjZ
DcswWNln+DJxmZHbYDe8UXaPzrnYDmgXfmP1gLhVTdbDzp1cVeHJ0+/do4nIGcaF
dEy6I6DXqg2K2UOa5GTzCI8Sk3HDGxs3fQH8bdixsOAUVQ3nGdeKcbuJEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI9enXUhbYeurI8DfzVmWqcWg0kJMB8GA1UdIwQY
MBaAFNyEnHNp5+UscFHSHbpymDCL6cQoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0lTY2Mybm41U3h3VWRJZHVuS1lNSXZweENnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xYmU4Y2YtMDdlYy00N2NiLThmNjMt
ZDNhMDZkMWY1YjRiLzEvajE2ZGRTRnRoNjZzandOX05XWmFweGFEU1FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xYmU4Y2YtMDdlYy00N2NiLThmNjMtZDNhMDZkMWY1YjRi
LzEvM0lTY2Mybm41U3h3VWRJZHVuS1lNSXZweENnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALrcvMA0G
CSqGSIb3DQEBCwUAA4IBAQB7WShC0uOFnHSQV/2M4NTrhrt0NXsAtmD3Yzos5L8y
oqGB3+f4a2H9oCNl/EuOGRFUQgYX3eeW4wbfmBJY91ALO5HjRUgdUwWZ7bKAkaOS
yrB6IN5KXvUyY7lqRFfN+UrAXGAIX/ltTAg7YOiHFf4bb5yXM13hfQBTNYotqeZg
yPNn2P48Emyp89T5uC8/uazVZ75gm9+EUh4qZZBOs/Up6AhLs5UldxXmqt30UO5I
dmKB+v0AyRGr1Ikbw6ZSwqVejvo+afAHRcAnpfxTmR23+fBC9Hpt0wanpssHIFZ9
X2WpyJFp3D0qlOJXL6DgqJa5lO+dnLhf2gs/J+CF1QdD
-----END CERTIFICATE-----