Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/qI4Kq1aO50ZazGMOae1JgXpFUTw.roa
File:                     qI4Kq1aO50ZazGMOae1JgXpFUTw.roa (raw, json)
Hash identifier:          u8vWdWhM48oyfdbcHVvawTGl8rojr+00F9WF0dOmQXI=
Subject key identifier:   A8:8E:0A:AB:56:8E:E7:46:5A:CC:63:0E:69:ED:49:81:7A:45:51:3C
Certificate issuer:       /CN=ed6da9e41686d21c12799c8e84b274aa8241508c
Certificate serial:       018CC6B781E77F030EBC8B1BFBA7A49472A3
Authority key identifier: ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/qI4Kq1aO50ZazGMOae1JgXpFUTw.roa
Signing time:             Mon 01 Jan 2024 20:29:24 +0000
ROA not before:           Mon 01 Jan 2024 20:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51788
IP address blocks:        46.143.252.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 22:26:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:81:e7:7f:03:0e:bc:8b:1b:fb:a7:a4:94:72:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed6da9e41686d21c12799c8e84b274aa8241508c
        Validity
            Not Before: Jan  1 20:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a88e0aab568ee7465acc630e69ed49817a45513c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:4a:b5:22:48:5b:12:62:cb:8c:77:a1:9b:f2:
                    e1:88:d5:76:06:d2:c7:dd:8f:a4:13:61:70:3b:42:
                    8f:d8:93:02:b6:8f:0d:fe:78:9a:9a:e3:f5:04:ac:
                    bb:91:93:cc:cc:84:70:67:54:23:d2:c3:0d:f9:5b:
                    cd:30:4e:ac:9f:79:0b:df:95:23:3a:84:0d:95:47:
                    66:db:1e:61:5c:16:38:9c:db:b7:8e:5c:5c:c7:e9:
                    fd:0d:6d:13:af:28:3f:5e:a3:18:82:0e:aa:f5:17:
                    27:62:a9:47:67:c8:bb:3b:88:b0:c5:d3:15:f6:58:
                    5d:d2:74:ea:40:b8:02:c9:04:07:a9:5b:c9:7e:1b:
                    65:c2:74:be:8f:b6:ea:1b:4a:81:f0:07:e5:54:58:
                    8a:ab:57:87:8e:7a:39:27:3a:91:9f:ea:f8:a6:97:
                    b5:83:67:38:e9:77:25:a7:98:13:aa:62:c3:b6:f6:
                    9e:f5:b2:4e:0d:cd:f3:35:00:9b:10:76:27:07:1e:
                    c4:2c:af:79:b7:ab:f1:64:fe:72:65:9e:ae:b6:e6:
                    76:f0:ce:ac:8b:2a:6a:39:74:d0:30:c3:ba:09:11:
                    55:f9:6c:bb:0b:45:b2:08:26:f4:94:02:3b:f1:c2:
                    2a:47:b8:3e:09:aa:5c:12:ad:d5:3f:77:b9:e9:1b:
                    91:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:8E:0A:AB:56:8E:E7:46:5A:CC:63:0E:69:ED:49:81:7A:45:51:3C
            X509v3 Authority Key Identifier:
                keyid:ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/qI4Kq1aO50ZazGMOae1JgXpFUTw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.143.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:8c:5c:63:1b:f1:5a:41:07:ba:f9:01:b5:0d:e1:b9:25:1e:
         a4:91:f3:de:3e:53:a0:f5:56:ce:dc:14:c1:5e:16:27:c4:29:
         4b:28:92:ac:99:95:0f:08:3c:a3:96:27:11:27:9e:3c:5a:e7:
         a3:b3:70:d6:06:75:02:0c:a6:09:bc:e7:ee:0e:c1:b8:ae:12:
         b4:7e:24:2d:83:f2:0b:22:b8:01:3e:f2:1f:c9:a2:59:80:3f:
         bc:37:44:f4:02:7b:43:19:d8:a0:86:4b:2e:45:20:56:30:89:
         ca:ed:bc:c5:09:36:37:79:c2:7c:2a:62:54:0a:c2:f2:1a:c8:
         ce:e4:34:d6:5f:4b:a6:0e:ae:16:41:90:75:18:7e:d5:fe:fe:
         20:5c:cf:52:fc:61:a0:64:f5:33:0f:43:be:df:80:de:73:d2:
         e7:4b:81:03:84:1c:2b:e4:e9:13:0f:0e:fa:e4:ae:c6:da:c8:
         1d:f1:30:af:4b:8b:74:3e:81:e6:3b:b7:fb:d1:33:28:b0:3c:
         06:e0:53:8e:a5:ef:85:dc:49:b4:5d:c4:6d:3d:b8:d9:c5:a9:
         53:db:7b:f1:6a:6a:31:4d:41:bf:0e:de:b8:e9:de:39:72:6c:
         4e:eb:c1:c7:f6:a8:79:89:07:a7:b6:c6:ae:f6:4a:86:4c:07:
         fc:b5:5e:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt4HnfwMOvIsb+6eklHKjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNmRhOWU0MTY4NmQyMWMxMjc5OWM4ZTg0YjI3NGFhODI0
MTUwOGMwHhcNMjQwMTAxMjAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODhlMGFhYjU2OGVlNzQ2NWFjYzYzMGU2OWVkNDk4MTdhNDU1MTNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArEq1IkhbEmLLjHehm/LhiNV2BtLH
3Y+kE2FwO0KP2JMCto8N/niamuP1BKy7kZPMzIRwZ1Qj0sMN+VvNME6sn3kL35Uj
OoQNlUdm2x5hXBY4nNu3jlxcx+n9DW0Tryg/XqMYgg6q9RcnYqlHZ8i7O4iwxdMV
9lhd0nTqQLgCyQQHqVvJfhtlwnS+j7bqG0qB8AflVFiKq1eHjno5JzqRn+r4ppe1
g2c46Xclp5gTqmLDtvae9bJODc3zNQCbEHYnBx7ELK95t6vxZP5yZZ6utuZ28M6s
iypqOXTQMMO6CRFV+Wy7C0WyCCb0lAI78cIqR7g+CapcEq3VP3e56RuR3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKiOCqtWjudGWsxjDmntSYF6RVE8MB8GA1UdIwQY
MBaAFO1tqeQWhtIcEnmcjoSydKqCQVCMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYt
MjlmMWJlYjJmMjgyLzEvcUk0S3ExYU81MFphekdNT2FlMUpnWHBGVVR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYtMjlmMWJlYjJmMjgy
LzEvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLo/8MA0G
CSqGSIb3DQEBCwUAA4IBAQBhjFxjG/FaQQe6+QG1DeG5JR6kkfPePlOg9VbO3BTB
XhYnxClLKJKsmZUPCDyjlicRJ548Wuejs3DWBnUCDKYJvOfuDsG4rhK0fiQtg/IL
IrgBPvIfyaJZgD+8N0T0AntDGdighksuRSBWMInK7bzFCTY3ecJ8KmJUCsLyGsjO
5DTWX0umDq4WQZB1GH7V/v4gXM9S/GGgZPUzD0O+34Dec9LnS4EDhBwr5OkTDw76
5K7G2sgd8TCvS4t0PoHmO7f70TMosDwG4FOOpe+F3Em0XcRtPbjZxalT23vxamox
TUG/Dt646d45cmxO68HH9qh5iQentsau9kqGTAf8tV5Q
-----END CERTIFICATE-----