Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/9B2QILwos3ibzSuIwuk8feubiZk.roa
File:                     9B2QILwos3ibzSuIwuk8feubiZk.roa (raw, json)
Hash identifier:          K8y+rkx+uMOVJRUX8oph7jx4ol+MY4JEUfetHVDT7Js=
Subject key identifier:   F4:1D:90:20:BC:28:B3:78:9B:CD:2B:88:C2:E9:3C:7D:EB:9B:89:99
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018CCA2A69C9DEEF313331AF8BBA3E9524AF
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/9B2QILwos3ibzSuIwuk8feubiZk.roa
Signing time:             Tue 02 Jan 2024 12:33:46 +0000
ROA not before:           Tue 02 Jan 2024 12:33:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25198
IP address blocks:        46.249.110.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:69:c9:de:ef:31:33:31:af:8b:ba:3e:95:24:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 12:33:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f41d9020bc28b3789bcd2b88c2e93c7deb9b8999
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:d3:90:52:7e:8c:5f:ba:ee:57:f7:d7:9e:69:
                    c8:26:17:3a:ed:0f:e5:a2:fb:8e:95:f9:91:d5:59:
                    5c:2c:45:48:89:1a:b5:06:95:f6:71:ca:a1:a1:3e:
                    a2:35:ae:ca:d5:92:cf:ef:2e:2e:62:8e:f4:d6:3d:
                    ef:44:3f:fd:75:e0:9e:84:82:f4:58:f9:65:cc:f3:
                    45:24:a6:c5:a5:fe:51:ad:73:fb:12:fd:6a:14:c3:
                    50:7b:a4:90:04:ee:5c:84:9d:ba:2b:71:3e:99:57:
                    f3:7c:6b:69:bd:ca:f7:09:fa:3c:ff:42:01:3b:ed:
                    d3:90:db:f2:f6:6e:70:72:68:3b:5f:b1:a9:3f:8a:
                    7c:2b:75:92:34:42:f2:a6:6a:02:ac:b6:de:c3:9d:
                    9f:d1:53:ed:ab:82:e9:b0:d2:ff:e0:98:9a:bf:e5:
                    f8:06:3b:8d:83:c1:5e:4c:5b:7d:29:0d:eb:cf:cd:
                    0b:4e:d4:27:d3:ee:89:14:7a:ef:3c:41:a8:e8:66:
                    68:23:ea:2b:3f:42:d2:cb:c2:4c:1c:14:c5:5f:11:
                    45:62:6a:e2:d0:75:d4:0e:e8:4c:2f:e5:1a:07:08:
                    1c:dd:67:8d:3e:44:ae:e4:47:62:c2:0b:6c:37:8f:
                    01:ef:72:a4:5f:73:30:51:f9:98:54:7a:e2:57:f3:
                    62:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:1D:90:20:BC:28:B3:78:9B:CD:2B:88:C2:E9:3C:7D:EB:9B:89:99
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/9B2QILwos3ibzSuIwuk8feubiZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.249.110.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:55:78:bb:9d:d0:90:35:be:49:2c:6b:c7:e3:a2:45:d1:96:
         c3:41:85:d0:9b:31:78:23:00:34:6e:e0:bc:4a:81:79:48:a2:
         d5:d9:42:20:74:9f:58:b1:d0:21:91:06:94:9e:c4:bc:28:12:
         5d:0c:48:1f:95:c6:a2:36:e5:94:ef:b3:a6:3f:00:44:cf:ab:
         d8:04:ac:4f:d6:e0:b3:33:78:af:5d:c6:bc:5d:74:25:51:9f:
         64:18:cd:53:99:83:59:eb:ad:68:0c:9e:4a:4f:d3:04:66:ae:
         96:76:a1:6f:76:e0:eb:ce:33:0a:fb:19:63:5b:7d:28:0f:0d:
         8c:4b:b4:44:27:50:06:65:4a:c4:0f:d6:ff:f9:44:01:2a:72:
         60:37:43:11:8b:83:eb:55:5a:ef:94:68:96:87:21:e7:e2:46:
         23:4d:ae:a0:59:13:4c:94:0d:16:19:6d:94:86:48:65:9f:94:
         d3:a2:14:b7:21:03:e1:8d:d9:96:05:50:12:50:40:39:46:4a:
         4e:ab:0b:5d:45:4d:07:63:b7:14:d7:c1:8d:ac:9a:ca:35:4c:
         de:89:6f:f4:05:f1:fd:d9:2c:7b:1d:88:18:74:d5:3b:01:99:
         75:47:f5:fc:6e:c9:c2:35:24:4e:c0:be:b8:c8:86:a1:24:cc:
         24:ea:a0:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKmnJ3u8xMzGvi7o+lSSvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMTAyMTIzMzQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDFkOTAyMGJjMjhiMzc4OWJjZDJiODhjMmU5M2M3ZGViOWI4OTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtOQUn6MX7ruV/fXnmnIJhc67Q/l
ovuOlfmR1VlcLEVIiRq1BpX2ccqhoT6iNa7K1ZLP7y4uYo701j3vRD/9deCehIL0
WPllzPNFJKbFpf5RrXP7Ev1qFMNQe6SQBO5chJ26K3E+mVfzfGtpvcr3Cfo8/0IB
O+3TkNvy9m5wcmg7X7GpP4p8K3WSNELypmoCrLbew52f0VPtq4LpsNL/4Jiav+X4
BjuNg8FeTFt9KQ3rz80LTtQn0+6JFHrvPEGo6GZoI+orP0LSy8JMHBTFXxFFYmri
0HXUDuhML+UaBwgc3WeNPkSu5EdiwgtsN48B73KkX3MwUfmYVHriV/NiXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPQdkCC8KLN4m80riMLpPH3rm4mZMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvOUIyUUlMd29zM2lielN1SXd1azhmZXViaVprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvluMA0G
CSqGSIb3DQEBCwUAA4IBAQCJVXi7ndCQNb5JLGvH46JF0ZbDQYXQmzF4IwA0buC8
SoF5SKLV2UIgdJ9YsdAhkQaUnsS8KBJdDEgflcaiNuWU77OmPwBEz6vYBKxP1uCz
M3ivXca8XXQlUZ9kGM1TmYNZ661oDJ5KT9MEZq6WdqFvduDrzjMK+xljW30oDw2M
S7REJ1AGZUrED9b/+UQBKnJgN0MRi4PrVVrvlGiWhyHn4kYjTa6gWRNMlA0WGW2U
hkhln5TTohS3IQPhjdmWBVASUEA5RkpOqwtdRU0HY7cU18GNrJrKNUzeiW/0BfH9
2Sx7HYgYdNU7AZl1R/X8bsnCNSROwL64yIahJMwk6qDB
-----END CERTIFICATE-----