Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/Rl8YhxulkjbDp7JhYiTxhwUmA6I.roa
File:                     Rl8YhxulkjbDp7JhYiTxhwUmA6I.roa (raw, json)
Hash identifier:          U6tWE+pXmQOF0u8mQlwq6IZGoIcojg4+tqcJPT0czoU=
Subject key identifier:   46:5F:18:87:1B:A5:92:36:C3:A7:B2:61:62:24:F1:87:05:26:03:A2
Certificate issuer:       /CN=9cce3b1197d0cf9511540572a58fd372dcc07489
Certificate serial:       018CC86F1226D5FB0E6378A12A31A75D4722
Authority key identifier: 9C:CE:3B:11:97:D0:CF:95:11:54:05:72:A5:8F:D3:72:DC:C0:74:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nM47EZfQz5URVAVypY_TctzAdIk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/Rl8YhxulkjbDp7JhYiTxhwUmA6I.roa
Signing time:             Tue 02 Jan 2024 04:29:31 +0000
ROA not before:           Tue 02 Jan 2024 04:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201942
IP address blocks:        217.67.164.0/22 maxlen: 22
                          217.67.172.0/22 maxlen: 24
                          217.67.168.0/21 maxlen: 21
                          185.159.40.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/nM47EZfQz5URVAVypY_TctzAdIk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/nM47EZfQz5URVAVypY_TctzAdIk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nM47EZfQz5URVAVypY_TctzAdIk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:12:26:d5:fb:0e:63:78:a1:2a:31:a7:5d:47:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cce3b1197d0cf9511540572a58fd372dcc07489
        Validity
            Not Before: Jan  2 04:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=465f18871ba59236c3a7b2616224f187052603a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:e1:04:53:c4:5e:18:18:a0:3e:fc:cb:90:7d:
                    1c:48:4e:22:04:f3:3f:22:26:c4:25:21:2e:1a:aa:
                    9b:67:9e:fd:ec:10:2d:b6:94:10:d6:60:5a:89:a2:
                    c9:7d:71:03:42:ea:61:a1:88:96:53:af:12:bf:45:
                    05:02:c5:e5:ab:aa:51:11:4a:ec:04:e6:34:47:a2:
                    75:90:3b:79:cc:f3:d9:99:b4:2e:56:bc:72:24:1d:
                    5e:f8:75:0d:22:8b:80:78:66:de:65:a0:07:b2:e3:
                    97:4d:81:e0:2c:39:3b:80:f0:8e:fa:cb:5a:0b:f3:
                    e2:9f:e4:24:d6:9d:19:12:a0:63:23:52:e2:e9:db:
                    d6:55:36:31:e7:b1:dc:ae:61:23:14:d6:c2:4b:f1:
                    1f:20:be:61:f4:9b:3f:d2:10:c5:09:be:ee:5b:b6:
                    fa:87:3c:ca:f8:93:62:d9:28:c6:c4:e2:e5:89:a1:
                    9f:69:23:12:28:c3:d0:eb:b2:ed:8f:a1:ad:4f:61:
                    68:e5:fe:63:f4:d9:a8:90:30:87:96:5c:81:9e:a3:
                    96:fc:2e:1e:9d:f2:47:0d:20:bb:b8:70:91:3e:73:
                    79:18:7a:8d:77:74:1b:b9:53:fb:e5:34:3c:ab:a5:
                    69:4e:a0:8a:06:91:61:93:0d:e8:d1:a8:59:f9:e5:
                    1c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:5F:18:87:1B:A5:92:36:C3:A7:B2:61:62:24:F1:87:05:26:03:A2
            X509v3 Authority Key Identifier:
                keyid:9C:CE:3B:11:97:D0:CF:95:11:54:05:72:A5:8F:D3:72:DC:C0:74:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nM47EZfQz5URVAVypY_TctzAdIk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/Rl8YhxulkjbDp7JhYiTxhwUmA6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/4f2367-73f3-4816-bea8-a045ff8e2ac0/1/nM47EZfQz5URVAVypY_TctzAdIk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.40.0/22
                  217.67.164.0-217.67.175.255

    Signature Algorithm: sha256WithRSAEncryption
         7d:4f:34:8e:46:e5:61:7b:8f:47:62:bc:ff:c1:4f:03:db:ae:
         d2:8c:91:c3:a8:09:7b:32:5b:5b:c4:a3:fb:a0:aa:f8:e1:74:
         5f:e9:a2:c3:60:d8:ec:ab:22:79:1e:83:ae:0b:eb:d1:15:4b:
         a7:f9:de:61:64:f6:9b:9e:a5:c7:f9:c7:dc:13:8a:b5:7c:9b:
         77:f7:03:e5:a2:08:cc:11:cd:7f:f0:94:4f:30:c2:7a:20:58:
         45:de:34:92:03:63:4e:8d:cb:46:a1:e0:32:30:63:12:5a:78:
         a5:06:20:e4:2a:d8:41:f2:68:23:61:a0:60:97:f0:e0:fb:34:
         9f:3a:6c:b3:c8:a6:f3:63:a5:49:ce:0e:7d:eb:7d:89:43:2f:
         cb:63:d3:c2:b1:b5:fc:ef:8b:e2:bc:85:f0:fa:31:99:f6:39:
         8b:3c:02:22:a8:f2:52:86:09:fd:70:b7:70:c5:4c:9d:7a:93:
         c9:44:f4:b0:15:59:57:ff:e8:a7:02:23:fb:7e:90:26:52:c1:
         18:e2:c8:a6:ad:3e:ac:b5:e3:75:c6:96:7a:4d:c0:c3:8a:53:
         24:58:50:2f:62:70:f4:c4:7d:00:24:03:7c:29:28:73:1d:3f:
         21:8d:fb:5f:a3:27:5e:6a:0f:b5:29:c4:86:81:24:8e:8a:54:
         a3:d6:ac:3c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYzIbxIm1fsOY3ihKjGnXUciMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljY2UzYjExOTdkMGNmOTUxMTU0MDU3MmE1OGZkMzcyZGNj
MDc0ODkwHhcNMjQwMTAyMDQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjVmMTg4NzFiYTU5MjM2YzNhN2IyNjE2MjI0ZjE4NzA1MjYwM2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAseEEU8ReGBigPvzLkH0cSE4iBPM/
IibEJSEuGqqbZ5797BAttpQQ1mBaiaLJfXEDQuphoYiWU68Sv0UFAsXlq6pREUrs
BOY0R6J1kDt5zPPZmbQuVrxyJB1e+HUNIouAeGbeZaAHsuOXTYHgLDk7gPCO+sta
C/Pin+Qk1p0ZEqBjI1Li6dvWVTYx57HcrmEjFNbCS/EfIL5h9Js/0hDFCb7uW7b6
hzzK+JNi2SjGxOLliaGfaSMSKMPQ67Ltj6GtT2Fo5f5j9NmokDCHllyBnqOW/C4e
nfJHDSC7uHCRPnN5GHqNd3QbuVP75TQ8q6VpTqCKBpFhkw3o0ahZ+eUc2QIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFEZfGIcbpZI2w6eyYWIk8YcFJgOiMB8GA1UdIwQY
MBaAFJzOOxGX0M+VEVQFcqWP03LcwHSJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbk00N0VaZlF6NVVSVkFWeXBZX1RjdHpBZElrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC80ZjIzNjctNzNmMy00ODE2LWJlYTgt
YTA0NWZmOGUyYWMwLzEvUmw4WWh4dWxramJEcDdKaFlpVHhod1VtQTZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC80ZjIzNjctNzNmMy00ODE2LWJlYTgtYTA0NWZmOGUyYWMw
LzEvbk00N0VaZlF6NVVSVkFWeXBZX1RjdHpBZElrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQCuZ8oMAwD
BALZQ6QDBATZQ6AwDQYJKoZIhvcNAQELBQADggEBAH1PNI5G5WF7j0divP/BTwPb
rtKMkcOoCXsyW1vEo/ugqvjhdF/posNg2OyrInkeg64L69EVS6f53mFk9puepcf5
x9wTirV8m3f3A+WiCMwRzX/wlE8wwnogWEXeNJIDY06Ny0ah4DIwYxJaeKUGIOQq
2EHyaCNhoGCX8OD7NJ86bLPIpvNjpUnODn3rfYlDL8tj08Kxtfzvi+K8hfD6MZn2
OYs8AiKo8lKGCf1wt3DFTJ16k8lE9LAVWVf/6KcCI/t+kCZSwRjiyKatPqy143XG
lnpNwMOKUyRYUC9icPTEfQAkA3wpKHMdPyGN+1+jJ15qD7UpxIaBJI6KVKPWrDw=
-----END CERTIFICATE-----