Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/bwbHk-8u4Z-cy9xC5xRg5pB352U.roa
File:                     bwbHk-8u4Z-cy9xC5xRg5pB352U.roa (raw, json)
Hash identifier:          HvCdsKzxLHB7sezsoh8WYYdbhvmbRrhnrAdLf+GIr0s=
Subject key identifier:   6F:06:C7:93:EF:2E:E1:9F:9C:CB:DC:42:E7:14:60:E6:90:77:E7:65
Certificate issuer:       /CN=ed6da9e41686d21c12799c8e84b274aa8241508c
Certificate serial:       019224678E18A02A5476787C146083D973C9
Authority key identifier: ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/bwbHk-8u4Z-cy9xC5xRg5pB352U.roa
Signing time:             Tue 24 Sep 2024 14:20:19 +0000
ROA not before:           Tue 24 Sep 2024 14:20:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51897
IP address blocks:        46.143.192.0/19 maxlen: 19

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 11:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:24:67:8e:18:a0:2a:54:76:78:7c:14:60:83:d9:73:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed6da9e41686d21c12799c8e84b274aa8241508c
        Validity
            Not Before: Sep 24 14:20:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f06c793ef2ee19f9ccbdc42e71460e69077e765
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:34:f6:4f:bc:53:6b:1b:7c:a2:a0:9f:8b:28:
                    67:77:c1:3b:d6:92:76:6e:cf:d4:d1:de:b2:99:50:
                    13:b6:73:1d:d6:c5:8d:16:7b:95:af:c7:43:a0:61:
                    79:1e:2a:ab:0b:ce:94:3e:97:b8:67:e1:99:c6:de:
                    e1:cd:73:d1:fb:4d:df:b7:75:c7:47:8b:68:9a:a9:
                    e6:9a:3a:e0:3a:09:5d:8e:f0:29:31:e0:60:af:ae:
                    88:d5:5e:ca:e8:11:bd:29:d0:fd:f3:2f:3a:d4:88:
                    eb:b7:16:76:6a:0f:3c:f0:67:58:59:37:b3:1c:09:
                    96:f6:95:46:4d:96:2b:d0:9f:5d:91:05:d7:42:75:
                    2d:65:be:7c:be:23:e6:6c:4d:70:45:8a:c1:0a:ba:
                    bd:5e:76:93:6a:c6:63:a0:0e:48:72:b4:34:67:62:
                    30:ac:d1:97:bb:3b:3c:69:29:0e:9f:53:e7:95:c8:
                    eb:24:0b:fc:ed:a6:3e:8f:b2:0c:6d:45:3f:58:8a:
                    cc:07:91:f3:5e:cf:e0:d9:0e:b2:c4:0e:80:59:a8:
                    3a:ed:d9:58:3f:c5:f8:a4:da:e5:3c:ee:ae:a7:a4:
                    89:e0:dd:9e:bd:2d:bd:43:75:ae:6f:63:b6:27:b1:
                    60:35:ec:ec:9a:08:a0:85:96:30:09:2d:2a:70:4e:
                    d9:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:06:C7:93:EF:2E:E1:9F:9C:CB:DC:42:E7:14:60:E6:90:77:E7:65
            X509v3 Authority Key Identifier:
                keyid:ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/bwbHk-8u4Z-cy9xC5xRg5pB352U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.143.192.0/19

    Signature Algorithm: sha256WithRSAEncryption
         18:41:d5:b4:94:45:be:27:2a:93:96:cd:ba:88:34:1b:5d:25:
         dd:df:65:47:1b:67:cb:fc:d7:5e:e9:9c:f5:f9:34:f6:08:73:
         6b:14:cd:3d:6e:05:51:de:34:32:97:5a:99:e9:1f:54:93:aa:
         fd:77:c6:78:14:79:53:ef:9d:58:2b:07:66:53:46:04:9f:f5:
         3a:2d:ac:27:3b:0d:7b:0d:95:d7:2f:b7:07:ce:50:6f:12:c3:
         b7:cf:5f:d7:35:e7:58:18:ec:ff:d0:49:bb:b6:f5:e1:6b:d7:
         3b:57:aa:11:e9:cf:dd:17:bf:99:13:62:26:8f:d2:2d:41:77:
         45:0f:97:94:5d:3a:3d:24:c7:a8:6c:30:30:c5:1a:f2:c8:9a:
         34:7e:b7:e8:c6:1c:df:59:7c:c6:4d:63:3b:84:b2:a5:41:c0:
         ac:c3:e5:aa:b4:cc:50:d9:fc:5e:79:80:08:b6:86:7f:52:f6:
         42:0d:10:a0:4e:14:18:f7:7d:93:af:24:73:3f:bb:94:28:5c:
         0d:3b:91:e1:2a:8c:35:f1:3a:65:fb:77:47:2c:b0:b7:2f:4d:
         90:bc:d6:56:d2:a3:3f:04:a0:67:b2:15:c7:5b:ac:c4:d2:02:
         a6:a5:29:61:24:ca:6d:b8:43:b8:d5:af:62:25:f5:53:0e:f1:
         df:8c:ce:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIkZ44YoCpUdnh8FGCD2XPJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNmRhOWU0MTY4NmQyMWMxMjc5OWM4ZTg0YjI3NGFhODI0
MTUwOGMwHhcNMjQwOTI0MTQyMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjA2Yzc5M2VmMmVlMTlmOWNjYmRjNDJlNzE0NjBlNjkwNzdlNzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoTT2T7xTaxt8oqCfiyhnd8E71pJ2
bs/U0d6ymVATtnMd1sWNFnuVr8dDoGF5HiqrC86UPpe4Z+GZxt7hzXPR+03ft3XH
R4tomqnmmjrgOgldjvApMeBgr66I1V7K6BG9KdD98y861IjrtxZ2ag888GdYWTez
HAmW9pVGTZYr0J9dkQXXQnUtZb58viPmbE1wRYrBCrq9XnaTasZjoA5IcrQ0Z2Iw
rNGXuzs8aSkOn1PnlcjrJAv87aY+j7IMbUU/WIrMB5HzXs/g2Q6yxA6AWag67dlY
P8X4pNrlPO6up6SJ4N2evS29Q3Wub2O2J7FgNezsmgighZYwCS0qcE7ZDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG8Gx5PvLuGfnMvcQucUYOaQd+dlMB8GA1UdIwQY
MBaAFO1tqeQWhtIcEnmcjoSydKqCQVCMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYt
MjlmMWJlYjJmMjgyLzEvYndiSGstOHU0Wi1jeTl4QzV4Umc1cEIzNTJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYtMjlmMWJlYjJmMjgy
LzEvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQFLo/AMA0G
CSqGSIb3DQEBCwUAA4IBAQAYQdW0lEW+JyqTls26iDQbXSXd32VHG2fL/Nde6Zz1
+TT2CHNrFM09bgVR3jQyl1qZ6R9Uk6r9d8Z4FHlT751YKwdmU0YEn/U6LawnOw17
DZXXL7cHzlBvEsO3z1/XNedYGOz/0Em7tvXha9c7V6oR6c/dF7+ZE2Imj9ItQXdF
D5eUXTo9JMeobDAwxRryyJo0frfoxhzfWXzGTWM7hLKlQcCsw+WqtMxQ2fxeeYAI
toZ/UvZCDRCgThQY932TryRzP7uUKFwNO5HhKow18Tpl+3dHLLC3L02QvNZW0qM/
BKBnshXHW6zE0gKmpSlhJMptuEO41a9iJfVTDvHfjM4x
-----END CERTIFICATE-----