Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/Zbv8yhed5e7hsc-Zaj0mMDRwlg8.roa
File:                     Zbv8yhed5e7hsc-Zaj0mMDRwlg8.roa (raw, json)
Hash identifier:          IQcaMNpA1ro/+PtoDgI8j6x3uT5FzRioOdgU0o16Jp4=
Subject key identifier:   65:BB:FC:CA:17:9D:E5:EE:E1:B1:CF:99:6A:3D:26:30:34:70:96:0F
Certificate issuer:       /CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
Certificate serial:       018CC3495340D831AB17BBB6B61511BD877F
Authority key identifier: A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/Zbv8yhed5e7hsc-Zaj0mMDRwlg8.roa
Signing time:             Mon 01 Jan 2024 04:30:11 +0000
ROA not before:           Mon 01 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201948
IP address blocks:        46.229.58.0/24 maxlen: 24
                          2a00:1688:7::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:53:40:d8:31:ab:17:bb:b6:b6:15:11:bd:87:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
        Validity
            Not Before: Jan  1 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=65bbfcca179de5eee1b1cf996a3d26303470960f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:b5:4f:19:86:bb:a6:44:d2:f8:db:14:7f:be:
                    7d:45:b8:d0:7c:de:a1:44:34:c9:7a:b2:9c:04:ac:
                    2f:ca:61:58:19:af:0d:d1:2c:8e:58:56:68:f3:39:
                    74:fc:f7:a7:80:dc:0f:89:3c:6c:50:70:d6:7f:a6:
                    d1:74:7a:08:47:31:4e:1b:5a:44:4e:1b:0a:b0:66:
                    72:fc:72:42:21:a1:b5:b9:30:a5:82:c4:70:50:6e:
                    e3:11:df:ba:71:98:38:77:d0:15:6c:3a:47:43:c6:
                    6a:05:d9:11:ea:49:23:2d:ab:9c:cc:d2:7c:9c:dd:
                    c0:65:93:0e:01:41:3e:46:36:6e:c6:68:14:81:36:
                    fa:ee:2e:53:5d:d9:17:c0:af:c2:16:c8:00:5a:78:
                    75:da:a8:b7:eb:ec:ed:92:e8:2d:de:6f:3c:bc:7c:
                    8a:23:19:7a:69:df:58:3a:0d:34:52:56:9b:47:e0:
                    ee:89:2f:cc:74:0a:2a:cf:f5:dc:ff:ea:89:9f:67:
                    93:66:8f:d3:63:55:51:76:cf:a7:e2:9f:d7:7c:72:
                    2a:13:81:19:fd:58:8c:98:af:89:ce:7b:b5:6c:b1:
                    db:67:e1:e8:47:e0:b7:7e:d8:9e:b6:80:5e:b6:02:
                    8e:f5:cb:86:38:44:67:3c:7f:3e:79:18:b7:43:b4:
                    f3:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:BB:FC:CA:17:9D:E5:EE:E1:B1:CF:99:6A:3D:26:30:34:70:96:0F
            X509v3 Authority Key Identifier:
                keyid:A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/Zbv8yhed5e7hsc-Zaj0mMDRwlg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.229.58.0/24
                IPv6:
                  2a00:1688:7::/48

    Signature Algorithm: sha256WithRSAEncryption
         97:cc:da:59:d8:85:b9:59:10:ea:fa:1b:fb:3c:2b:35:e8:0a:
         fc:a1:dc:12:d4:c5:81:c9:90:9a:09:78:0f:db:f5:bd:e6:c3:
         8d:69:47:8e:6b:51:8f:3c:23:05:d5:dd:bd:d5:26:99:d1:fd:
         81:c0:e8:03:6a:a7:73:1b:fe:d4:27:1a:c4:0e:60:4e:92:13:
         c5:cf:52:fc:b1:c4:18:19:dc:55:48:3f:35:7d:5f:5d:31:61:
         df:48:70:e5:d3:da:03:a5:24:70:74:e2:a4:4b:ee:1b:68:93:
         db:1a:57:f0:a8:c0:05:f1:7f:21:17:16:3d:6e:d0:eb:fc:56:
         21:71:f7:bf:bf:84:dd:b3:2e:c7:4b:d6:1b:87:94:4f:81:4d:
         ea:a1:73:3e:a5:0a:6d:b5:06:f9:5f:57:47:34:a1:e7:80:0a:
         f0:fd:f0:1a:f9:ef:7c:b5:ce:1f:ee:1c:cc:88:95:31:9b:05:
         d8:b3:a7:b1:79:4c:47:11:95:45:09:dd:7b:89:f6:3f:f4:c3:
         d5:04:aa:01:3e:07:f1:79:26:d9:48:f1:fa:00:f8:e6:6e:de:
         7c:08:c0:d2:14:70:56:a5:5a:29:94:20:d5:bd:1b:30:91:29:
         0b:8d:0a:83:80:c1:d0:db:1f:95:76:a6:10:c8:68:a8:fb:5c:
         5e:c7:e5:a2
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDSVNA2DGrF7u2thURvYd/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YmNjMTJhZmE0ZjA1NzM5ZjQ1ZjYwNWUyMjFjNjRjM2Mw
ZDJlZDYwHhcNMjQwMTAxMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NWJiZmNjYTE3OWRlNWVlZTFiMWNmOTk2YTNkMjYzMDM0NzA5NjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgrVPGYa7pkTS+NsUf759RbjQfN6h
RDTJerKcBKwvymFYGa8N0SyOWFZo8zl0/PengNwPiTxsUHDWf6bRdHoIRzFOG1pE
ThsKsGZy/HJCIaG1uTClgsRwUG7jEd+6cZg4d9AVbDpHQ8ZqBdkR6kkjLauczNJ8
nN3AZZMOAUE+RjZuxmgUgTb67i5TXdkXwK/CFsgAWnh12qi36+ztkugt3m88vHyK
Ixl6ad9YOg00UlabR+DuiS/MdAoqz/Xc/+qJn2eTZo/TY1VRds+n4p/XfHIqE4EZ
/ViMmK+Jznu1bLHbZ+HoR+C3ftietoBetgKO9cuGOERnPH8+eRi3Q7TzyQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGW7/MoXneXu4bHPmWo9JjA0cJYPMB8GA1UdIwQY
MBaAFKS8wSr6TwVzn0X2BeIhxkw8DS7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2Mt
ODhiMDE2YmJkNTgxLzEvWmJ2OHloZWQ1ZTdoc2MtWmFqMG1NRFJ3bGc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2MtODhiMDE2YmJkNTgx
LzEvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALuU6MA8E
AgACMAkDBwAqABaIAAcwDQYJKoZIhvcNAQELBQADggEBAJfM2lnYhblZEOr6G/s8
KzXoCvyh3BLUxYHJkJoJeA/b9b3mw41pR45rUY88IwXV3b3VJpnR/YHA6ANqp3Mb
/tQnGsQOYE6SE8XPUvyxxBgZ3FVIPzV9X10xYd9IcOXT2gOlJHB04qRL7htok9sa
V/CowAXxfyEXFj1u0Ov8ViFx97+/hN2zLsdL1huHlE+BTeqhcz6lCm21BvlfV0c0
oeeACvD98Br573y1zh/uHMyIlTGbBdizp7F5TEcRlUUJ3XuJ9j/0w9UEqgE+B/F5
JtlI8foA+OZu3nwIwNIUcFalWimUINW9GzCRKQuNCoOAwdDbH5V2phDIaKj7XF7H
5aI=
-----END CERTIFICATE-----