Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/1zLZHJEezHH7N6rNOG6oWU5wwWI.roa
File:                     1zLZHJEezHH7N6rNOG6oWU5wwWI.roa (raw, json)
Hash identifier:          DWBbaDTbMXhe529fjUplfw7TUSG/7NGnaxBaUiylBa8=
Subject key identifier:   D7:32:D9:1C:91:1E:CC:71:FB:37:AA:CD:38:6E:A8:59:4E:70:C1:62
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018E3B87E4CDA13600E6D0EB0F97954DCBFE
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/1zLZHJEezHH7N6rNOG6oWU5wwWI.roa
Signing time:             Thu 14 Mar 2024 05:55:45 +0000
ROA not before:           Thu 14 Mar 2024 05:55:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        46.249.112.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 00:09:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:3b:87:e4:cd:a1:36:00:e6:d0:eb:0f:97:95:4d:cb:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Mar 14 05:55:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d732d91c911ecc71fb37aacd386ea8594e70c162
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:e4:5c:44:c6:e9:20:aa:ff:95:9c:5c:d1:4e:
                    79:88:4f:63:0d:51:18:47:88:51:fe:1c:33:36:04:
                    d6:97:c6:93:23:09:e4:5f:99:fc:3b:a3:cd:15:de:
                    72:3a:1f:60:f7:93:02:49:73:7b:fd:79:42:18:78:
                    b0:81:5a:f9:7b:e4:5e:34:5d:33:41:df:85:82:19:
                    14:54:24:a2:53:11:68:65:00:2c:a9:15:b2:d7:ba:
                    f8:35:ec:5d:e3:0f:8b:82:02:43:2b:86:39:2f:f6:
                    ad:29:75:dc:40:f6:e2:f0:8f:5c:8f:4a:c2:3b:17:
                    1e:e8:aa:5c:25:2a:61:7d:ee:92:0b:2e:bd:b4:fa:
                    03:cc:ec:ae:ee:8e:9e:92:9d:b0:0f:6c:b7:2d:bc:
                    43:56:a2:57:7e:d1:fa:59:32:a5:50:20:0d:f4:55:
                    56:12:b0:db:7e:f2:8a:68:3a:19:64:ec:5a:17:f9:
                    78:92:9c:25:3a:41:1b:86:f1:5f:b5:29:1b:f6:f7:
                    c7:58:fc:b0:1a:33:08:c7:a3:14:3c:d3:73:33:d3:
                    7f:dc:cd:1e:78:f3:36:27:bb:dd:ad:7c:2d:56:f7:
                    e5:41:55:f5:23:34:3e:76:bd:b1:f0:87:44:8a:88:
                    7d:ab:8c:a0:ce:5c:cd:57:60:f8:28:ab:90:c7:cd:
                    ee:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:32:D9:1C:91:1E:CC:71:FB:37:AA:CD:38:6E:A8:59:4E:70:C1:62
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/1zLZHJEezHH7N6rNOG6oWU5wwWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.249.112.0/21

    Signature Algorithm: sha256WithRSAEncryption
         bf:2c:94:cf:10:be:66:fc:af:ed:09:9d:53:1d:4e:f6:10:a5:
         b3:d4:63:4b:44:df:8e:72:1a:85:ca:26:db:f8:51:40:ff:e5:
         06:92:b1:e2:dc:80:60:03:b0:98:97:70:60:50:10:fb:42:5e:
         05:d5:fb:63:04:94:02:df:1d:54:8a:1e:24:92:6a:7a:47:dc:
         c9:36:4d:bc:40:12:46:34:fc:9f:20:3b:e8:64:b2:16:6d:52:
         aa:d3:f7:d3:53:5a:71:e2:4f:61:dd:da:9d:85:57:35:d2:4a:
         28:21:ef:bf:ef:00:81:a2:8d:24:3f:d9:02:c1:53:03:9b:de:
         a0:73:e1:0a:b7:96:7c:2e:a5:12:4d:98:e7:fb:5b:c7:58:f2:
         4c:a3:d1:c3:a0:49:ce:5a:d2:e5:3b:e7:13:86:6d:df:c8:cd:
         a0:94:78:3d:33:03:62:99:f0:5e:41:9e:d9:3f:98:b2:62:b1:
         3e:9d:1a:a3:86:8f:8e:51:91:51:15:c2:4f:09:56:5b:c7:7f:
         83:08:1b:de:45:03:f7:f6:ca:54:63:a3:fc:53:28:6e:7e:2e:
         fe:96:42:38:84:27:c1:fa:41:8b:22:f9:48:86:03:df:f7:3e:
         b4:5a:a5:40:0a:cf:22:37:56:fc:08:44:f3:bc:5e:69:ce:5a:
         12:80:1b:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY47h+TNoTYA5tDrD5eVTcv+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMzE0MDU1NTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzMyZDkxYzkxMWVjYzcxZmIzN2FhY2QzODZlYTg1OTRlNzBjMTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeRcRMbpIKr/lZxc0U55iE9jDVEY
R4hR/hwzNgTWl8aTIwnkX5n8O6PNFd5yOh9g95MCSXN7/XlCGHiwgVr5e+ReNF0z
Qd+FghkUVCSiUxFoZQAsqRWy17r4Nexd4w+LggJDK4Y5L/atKXXcQPbi8I9cj0rC
Oxce6KpcJSphfe6SCy69tPoDzOyu7o6ekp2wD2y3LbxDVqJXftH6WTKlUCAN9FVW
ErDbfvKKaDoZZOxaF/l4kpwlOkEbhvFftSkb9vfHWPywGjMIx6MUPNNzM9N/3M0e
ePM2J7vdrXwtVvflQVX1IzQ+dr2x8IdEioh9q4ygzlzNV2D4KKuQx83uXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNcy2RyRHsxx+zeqzThuqFlOcMFiMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvMXpMWkhKRWV6SEg3TjZyTk9HNm9XVTV3d1dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLvlwMA0G
CSqGSIb3DQEBCwUAA4IBAQC/LJTPEL5m/K/tCZ1THU72EKWz1GNLRN+OchqFyibb
+FFA/+UGkrHi3IBgA7CYl3BgUBD7Ql4F1ftjBJQC3x1Uih4kkmp6R9zJNk28QBJG
NPyfIDvoZLIWbVKq0/fTU1px4k9h3dqdhVc10kooIe+/7wCBoo0kP9kCwVMDm96g
c+EKt5Z8LqUSTZjn+1vHWPJMo9HDoEnOWtLlO+cThm3fyM2glHg9MwNimfBeQZ7Z
P5iyYrE+nRqjho+OUZFRFcJPCVZbx3+DCBveRQP39spUY6P8Uyhufi7+lkI4hCfB
+kGLIvlIhgPf9z60WqVACs8iN1b8CETzvF5pzloSgBsh
-----END CERTIFICATE-----