Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/x3RHIPw7p7eomHky_OgVyy80DtQ.roa
File:                     x3RHIPw7p7eomHky_OgVyy80DtQ.roa (raw, json)
Hash identifier:          +9UzGBfhu6AE9c4W0IcdyN9ao9EdVIXgabTanbeJWeE=
Subject key identifier:   C7:74:47:20:FC:3B:A7:B7:A8:98:79:32:FC:E8:15:CB:2F:34:0E:D4
Certificate issuer:       /CN=ed6da9e41686d21c12799c8e84b274aa8241508c
Certificate serial:       018CC6B7842F7E61D7DB3AEA5882E415FD67
Authority key identifier: ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/x3RHIPw7p7eomHky_OgVyy80DtQ.roa
Signing time:             Mon 01 Jan 2024 20:29:24 +0000
ROA not before:           Mon 01 Jan 2024 20:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61962
IP address blocks:        46.143.244.0/23 maxlen: 23
                          46.143.244.0/24 maxlen: 24
                          46.143.245.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:84:2f:7e:61:d7:db:3a:ea:58:82:e4:15:fd:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed6da9e41686d21c12799c8e84b274aa8241508c
        Validity
            Not Before: Jan  1 20:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7744720fc3ba7b7a8987932fce815cb2f340ed4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:26:18:5a:64:11:82:43:62:93:01:8f:a0:2d:
                    a8:46:fa:17:16:74:99:a8:c2:23:ea:d8:f5:33:8f:
                    f5:10:4f:b0:13:4c:30:3a:73:37:6d:2d:5b:da:b1:
                    5d:92:fe:9f:29:8b:f3:81:4a:8d:59:bc:4b:1f:13:
                    0d:41:5d:28:2a:18:75:25:e6:4e:fe:5c:7e:5b:fa:
                    1c:04:a0:47:54:3c:1b:75:b7:90:b0:6a:3f:33:bb:
                    6a:64:aa:60:cf:05:b8:a0:2e:78:9a:35:2c:9f:f8:
                    f6:60:37:c6:8f:28:55:70:8c:e6:89:3c:72:61:14:
                    5f:1d:20:c4:1f:b3:a1:27:e4:16:c0:88:e2:be:4a:
                    e7:17:99:f5:e9:46:22:e8:ab:71:8c:b9:c5:9c:d0:
                    48:98:7a:03:2b:c7:39:d6:25:98:a2:7b:5a:28:82:
                    85:4a:d5:81:58:af:3e:a9:e2:45:91:79:e5:3a:53:
                    33:12:95:f6:d1:ba:d5:bb:9e:30:54:18:b4:02:cd:
                    ab:d7:99:a1:0c:9e:d3:f4:82:73:75:45:fc:84:06:
                    ab:7b:69:48:62:17:dd:7b:ce:df:58:5e:0c:7b:bb:
                    63:d6:a8:46:b2:42:89:9a:ca:95:ea:22:b8:1a:56:
                    52:6f:20:57:ef:eb:42:35:0b:55:25:98:fe:b9:75:
                    69:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:74:47:20:FC:3B:A7:B7:A8:98:79:32:FC:E8:15:CB:2F:34:0E:D4
            X509v3 Authority Key Identifier:
                keyid:ED:6D:A9:E4:16:86:D2:1C:12:79:9C:8E:84:B2:74:AA:82:41:50:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/x3RHIPw7p7eomHky_OgVyy80DtQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/ac017c-ff29-43cf-a3d6-29f1beb2f282/1/7W2p5BaG0hwSeZyOhLJ0qoJBUIw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.143.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:4b:b1:a9:fd:5f:a8:21:f5:f1:fd:79:45:c2:2b:0f:98:21:
         e5:89:3c:90:bb:a0:84:89:3e:88:9c:9b:c0:38:29:88:c8:09:
         9a:fd:fa:32:31:5c:80:d3:29:c0:4c:96:12:f1:23:b0:f2:3f:
         07:cb:20:66:80:16:4a:23:2c:81:2e:4b:3a:10:6f:41:79:87:
         c8:c2:84:04:3e:9b:56:f6:8a:1f:d9:f9:b5:c3:62:ac:e9:d8:
         c5:11:18:20:02:a7:6e:4e:3b:3f:98:08:49:26:43:c5:c4:76:
         1e:1e:80:34:7e:c5:0f:90:28:71:4f:2a:bc:60:16:81:f1:89:
         ec:9b:69:63:56:aa:28:f9:75:fa:01:da:2b:cb:51:f1:d7:32:
         7f:85:9e:93:be:c2:8b:a5:46:8b:8c:77:6c:34:b4:b9:30:8c:
         db:89:a3:8e:82:99:16:b4:1a:a2:d4:e2:71:54:57:28:c2:21:
         90:11:7e:60:a9:b1:9a:fa:e3:43:d9:9b:9d:fa:b8:da:1c:cd:
         e6:33:0e:b6:00:03:5f:19:6e:83:04:f3:3e:e2:74:1b:63:99:
         9e:c3:ca:ac:a1:fb:27:dc:c8:ac:c8:d1:94:e3:a4:d2:1f:0a:
         ae:6c:df:24:c1:86:23:6c:c8:4d:68:e5:24:47:5b:44:18:74:
         84:bb:08:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt4QvfmHX2zrqWILkFf1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkNmRhOWU0MTY4NmQyMWMxMjc5OWM4ZTg0YjI3NGFhODI0
MTUwOGMwHhcNMjQwMTAxMjAyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzc0NDcyMGZjM2JhN2I3YTg5ODc5MzJmY2U4MTVjYjJmMzQwZWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyYYWmQRgkNikwGPoC2oRvoXFnSZ
qMIj6tj1M4/1EE+wE0wwOnM3bS1b2rFdkv6fKYvzgUqNWbxLHxMNQV0oKhh1JeZO
/lx+W/ocBKBHVDwbdbeQsGo/M7tqZKpgzwW4oC54mjUsn/j2YDfGjyhVcIzmiTxy
YRRfHSDEH7OhJ+QWwIjivkrnF5n16UYi6KtxjLnFnNBImHoDK8c51iWYontaKIKF
StWBWK8+qeJFkXnlOlMzEpX20brVu54wVBi0As2r15mhDJ7T9IJzdUX8hAare2lI
Yhfde87fWF4Me7tj1qhGskKJmsqV6iK4GlZSbyBX7+tCNQtVJZj+uXVpMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMd0RyD8O6e3qJh5MvzoFcsvNA7UMB8GA1UdIwQY
MBaAFO1tqeQWhtIcEnmcjoSydKqCQVCMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYt
MjlmMWJlYjJmMjgyLzEveDNSSElQdzdwN2VvbUhreV9PZ1Z5eTgwRHRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9hYzAxN2MtZmYyOS00M2NmLWEzZDYtMjlmMWJlYjJmMjgy
LzEvN1cycDVCYUcwaHdTZVp5T2hMSjBxb0pCVUl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLo/0MA0G
CSqGSIb3DQEBCwUAA4IBAQAWS7Gp/V+oIfXx/XlFwisPmCHliTyQu6CEiT6InJvA
OCmIyAma/foyMVyA0ynATJYS8SOw8j8HyyBmgBZKIyyBLks6EG9BeYfIwoQEPptW
9oof2fm1w2Ks6djFERggAqduTjs/mAhJJkPFxHYeHoA0fsUPkChxTyq8YBaB8Yns
m2ljVqoo+XX6Adory1Hx1zJ/hZ6TvsKLpUaLjHdsNLS5MIzbiaOOgpkWtBqi1OJx
VFcowiGQEX5gqbGa+uND2Zud+rjaHM3mMw62AANfGW6DBPM+4nQbY5mew8qsofsn
3MisyNGU46TSHwqubN8kwYYjbMhNaOUkR1tEGHSEuwgh
-----END CERTIFICATE-----