Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Eqmtue-M9THkXshGZ8ImOYtg_uE.roa
File:                     Eqmtue-M9THkXshGZ8ImOYtg_uE.roa (raw, json)
Hash identifier:          k61PL/C2YFzEUsSov0nswKXu2SjpSlYJ9udNp+Qx+eM=
Subject key identifier:   12:A9:AD:B9:EF:8C:F5:31:E4:5E:C8:46:67:C2:26:39:8B:60:FE:E1
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       018DED398DB1C67B21823F955C54822FA73B
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Eqmtue-M9THkXshGZ8ImOYtg_uE.roa
Signing time:             Wed 28 Feb 2024 00:59:48 +0000
ROA not before:           Wed 28 Feb 2024 00:59:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47750
IP address blocks:        46.249.108.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:ed:39:8d:b1:c6:7b:21:82:3f:95:5c:54:82:2f:a7:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Feb 28 00:59:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12a9adb9ef8cf531e45ec84667c226398b60fee1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:cb:45:cf:a9:c7:14:f7:9e:d9:2c:60:e6:df:
                    32:9d:d5:bf:fa:1e:f3:ca:a7:f0:bc:83:5d:bf:f3:
                    01:8d:a4:b8:bc:ca:0b:b6:d8:73:98:5e:db:d1:1f:
                    75:d2:f1:6c:7d:a0:7c:67:7e:d9:da:6e:02:b5:48:
                    1e:19:1a:64:24:9e:e2:ce:32:a5:09:f2:0e:db:61:
                    01:2e:5a:b5:f9:f5:80:8d:0a:39:11:0e:f1:a5:d0:
                    30:6c:39:9d:94:77:5f:3b:b6:47:14:e5:0e:d4:c7:
                    af:5e:24:1d:77:76:27:d3:36:d6:be:5e:96:e4:7b:
                    04:fe:d8:4b:35:88:3c:59:7d:f2:f6:8a:56:4c:65:
                    36:49:b3:be:ce:26:62:cd:f5:95:e9:9c:69:a0:2c:
                    94:95:99:34:eb:4f:53:d8:e7:5b:60:6d:e2:30:c6:
                    13:10:d1:69:30:db:8f:0b:18:00:88:60:21:11:c1:
                    90:d7:1a:9f:1e:ed:7f:7a:75:05:88:b0:3b:56:6b:
                    67:31:4d:d4:97:c2:48:1e:dc:95:3b:d0:a9:05:cd:
                    ee:0a:a2:16:38:26:5b:8c:6b:0c:18:45:9a:0e:99:
                    9a:75:7d:84:16:d4:7f:27:8a:f9:f9:fd:c3:cd:5a:
                    2e:76:0d:01:47:71:70:07:54:cb:9b:01:a6:39:c3:
                    d8:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:A9:AD:B9:EF:8C:F5:31:E4:5E:C8:46:67:C2:26:39:8B:60:FE:E1
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/Eqmtue-M9THkXshGZ8ImOYtg_uE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.249.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         de:65:2f:b5:1a:d6:8e:23:e1:76:53:d6:18:8e:4c:7e:06:12:
         45:3e:9d:21:d5:06:70:37:f1:4c:e2:07:37:02:1c:e4:d7:dc:
         c8:a1:75:6a:65:99:9f:1d:00:e6:36:de:3a:c3:38:9b:bf:17:
         48:3f:b8:25:c7:b5:fc:03:55:3b:fb:d9:5d:7b:da:14:2f:7b:
         4c:8d:09:16:8f:31:2d:9e:3f:43:76:69:77:1e:2f:f2:a3:e0:
         ce:d8:07:f5:d3:28:82:1e:1b:0a:5e:0d:b2:c0:09:9c:8c:e5:
         fc:b3:da:45:58:ba:31:fb:7b:dd:eb:0e:2a:fb:64:4c:4b:7b:
         bc:ce:95:30:b9:3a:82:9c:72:a1:1e:3c:e6:e7:7c:da:c3:92:
         e9:3a:64:6a:e9:bc:62:b6:0d:ee:45:51:2b:7d:b6:78:a4:09:
         7e:87:41:84:52:96:f1:59:6d:26:ea:b8:13:8b:76:2a:56:2f:
         8a:eb:8d:77:eb:2c:c5:15:3d:ff:62:74:89:c6:93:23:b5:78:
         21:d8:4a:82:6e:6d:e3:9e:37:2c:c3:01:92:7f:88:81:f4:5a:
         3c:9a:64:b9:7e:08:21:bb:06:e4:ad:2b:81:e6:4a:52:82:ae:
         79:77:6e:74:dc:e9:bd:bf:44:e0:c3:5a:02:ef:17:01:fe:5d:
         46:89:7a:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3tOY2xxnshgj+VXFSCL6c7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjQwMjI4MDA1OTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmE5YWRiOWVmOGNmNTMxZTQ1ZWM4NDY2N2MyMjYzOThiNjBmZWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjctFz6nHFPee2Sxg5t8yndW/+h7z
yqfwvINdv/MBjaS4vMoLtthzmF7b0R910vFsfaB8Z37Z2m4CtUgeGRpkJJ7izjKl
CfIO22EBLlq1+fWAjQo5EQ7xpdAwbDmdlHdfO7ZHFOUO1MevXiQdd3Yn0zbWvl6W
5HsE/thLNYg8WX3y9opWTGU2SbO+ziZizfWV6ZxpoCyUlZk0609T2OdbYG3iMMYT
ENFpMNuPCxgAiGAhEcGQ1xqfHu1/enUFiLA7VmtnMU3Ul8JIHtyVO9CpBc3uCqIW
OCZbjGsMGEWaDpmadX2EFtR/J4r5+f3DzVoudg0BR3FwB1TLmwGmOcPYMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKprbnvjPUx5F7IRmfCJjmLYP7hMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvRXFtdHVlLU05VEhrWHNoR1o4SW1PWXRnX3VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLvlsMA0G
CSqGSIb3DQEBCwUAA4IBAQDeZS+1GtaOI+F2U9YYjkx+BhJFPp0h1QZwN/FM4gc3
Ahzk19zIoXVqZZmfHQDmNt46wzibvxdIP7glx7X8A1U7+9lde9oUL3tMjQkWjzEt
nj9Ddml3Hi/yo+DO2Af10yiCHhsKXg2ywAmcjOX8s9pFWLox+3vd6w4q+2RMS3u8
zpUwuTqCnHKhHjzm53zaw5LpOmRq6bxitg3uRVErfbZ4pAl+h0GEUpbxWW0m6rgT
i3YqVi+K64136yzFFT3/YnSJxpMjtXgh2EqCbm3jnjcswwGSf4iB9Fo8mmS5fggh
uwbkrSuB5kpSgq55d2503Om9v0Tgw1oC7xcB/l1GiXpV
-----END CERTIFICATE-----