Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/AuqCoJQ5ubHRKbMsfsBmo2TJuZY.roa
File:                     AuqCoJQ5ubHRKbMsfsBmo2TJuZY.roa (raw, json)
Hash identifier:          ruysbP054VNPHsrCR+fKIvj1LNJllrAl5eTjkjDKHdc=
Subject key identifier:   02:EA:82:A0:94:39:B9:B1:D1:29:B3:2C:7E:C0:66:A3:64:C9:B9:96
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       01915A0939A1D4A92BE98EF99EBA490A3B0C
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/AuqCoJQ5ubHRKbMsfsBmo2TJuZY.roa
Signing time:             Fri 16 Aug 2024 07:13:59 +0000
ROA not before:           Fri 16 Aug 2024 07:13:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5650
IP address blocks:        46.20.216.0/21 maxlen: 24
                          86.104.164.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:5a:09:39:a1:d4:a9:2b:e9:8e:f9:9e:ba:49:0a:3b:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Aug 16 07:13:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=02ea82a09439b9b1d129b32c7ec066a364c9b996
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:ce:a3:59:38:fa:48:1b:95:a5:e4:1f:22:6b:
                    10:56:7c:09:40:e1:84:e6:49:2e:c5:aa:90:f0:88:
                    72:40:94:56:61:9a:cb:1b:7f:75:cd:d3:fe:68:5e:
                    18:22:07:f0:93:a0:59:01:78:e5:ea:52:72:86:d7:
                    89:5e:91:d7:f0:e4:76:05:c8:98:fa:66:a4:87:2b:
                    ac:21:c8:3e:81:12:2e:88:43:0d:9d:99:b6:19:02:
                    bb:fb:6f:dc:d8:d3:5c:05:58:ba:71:1a:4a:16:d7:
                    3a:d7:7a:d9:b9:56:6f:59:34:cb:13:fd:68:ec:cd:
                    e4:d3:ef:59:f9:73:b5:01:25:61:ea:06:25:1c:fe:
                    15:b9:73:89:dc:a9:72:0c:05:48:72:6b:4e:c3:cd:
                    43:65:b8:c2:e2:01:8a:35:cf:38:70:73:38:36:51:
                    63:31:08:72:9c:c8:d1:7d:b4:b0:f3:bf:5f:73:3c:
                    0e:5c:c2:a4:99:4c:c2:b1:9c:60:07:ea:39:a3:28:
                    5d:d8:9f:60:26:8a:bd:b1:26:c2:86:45:f9:cd:75:
                    f5:c2:aa:d6:2a:1e:3a:bf:c2:22:c1:65:73:19:61:
                    fe:53:84:f2:4d:c7:3e:f0:d1:a5:95:79:c6:49:71:
                    4b:b8:6a:3f:15:b6:ba:dd:65:51:de:1c:ba:0c:98:
                    61:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:EA:82:A0:94:39:B9:B1:D1:29:B3:2C:7E:C0:66:A3:64:C9:B9:96
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/AuqCoJQ5ubHRKbMsfsBmo2TJuZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.216.0/21
                  86.104.164.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:70:88:fc:a2:c9:b3:bf:c9:49:cb:19:c0:96:84:da:4a:dc:
         43:7d:5c:13:2a:86:b4:f1:22:0a:76:55:c3:8a:25:a8:dd:54:
         7d:7e:b0:15:6c:eb:9c:bf:45:4f:23:f2:ba:79:69:68:7e:63:
         56:c7:3a:39:b4:dc:6b:db:f0:06:51:80:26:bd:20:dc:54:af:
         56:13:2e:f8:c9:c5:30:d5:82:55:99:44:f0:d8:d1:53:ff:86:
         29:32:ae:b2:bd:c7:70:a8:2b:3a:b2:1a:4d:dd:a8:03:73:cf:
         10:2e:31:89:b4:3e:2b:63:45:c5:ce:d6:80:a4:2c:34:48:59:
         55:09:9d:5e:fb:96:37:f6:56:46:f2:af:b5:ea:5e:9a:28:1d:
         06:e1:59:82:5e:04:e9:d6:0c:bf:ba:21:32:4d:73:b8:f2:03:
         c4:5a:fe:77:29:9c:ab:e6:8e:f9:75:31:5d:b8:47:13:eb:2a:
         b8:ee:cd:df:64:1e:bf:f8:c9:9f:45:ce:85:c8:3b:5a:e5:69:
         59:0e:58:db:a4:a4:18:f8:10:f0:0c:97:ab:f5:82:fa:ea:f0:
         ff:84:63:59:b2:98:b6:d7:3f:77:42:10:d6:77:6f:11:9c:4a:
         c8:12:73:0f:7a:26:86:6b:41:4e:f7:a5:d4:a6:83:d3:84:05:
         19:fd:29:48
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZFaCTmh1Kkr6Y75nrpJCjsMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjQwODE2MDcxMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmVhODJhMDk0MzliOWIxZDEyOWIzMmM3ZWMwNjZhMzY0YzliOTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0s6jWTj6SBuVpeQfImsQVnwJQOGE
5kkuxaqQ8IhyQJRWYZrLG391zdP+aF4YIgfwk6BZAXjl6lJyhteJXpHX8OR2BciY
+makhyusIcg+gRIuiEMNnZm2GQK7+2/c2NNcBVi6cRpKFtc613rZuVZvWTTLE/1o
7M3k0+9Z+XO1ASVh6gYlHP4VuXOJ3KlyDAVIcmtOw81DZbjC4gGKNc84cHM4NlFj
MQhynMjRfbSw879fczwOXMKkmUzCsZxgB+o5oyhd2J9gJoq9sSbChkX5zXX1wqrW
Kh46v8IiwWVzGWH+U4TyTcc+8NGllXnGSXFLuGo/Fba63WVR3hy6DJhhswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFALqgqCUObmx0SmzLH7AZqNkybmWMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvQXVxQ29KUTV1YkhSS2JNc2ZzQm1vMlRKdVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLhTYAwQC
VmikMA0GCSqGSIb3DQEBCwUAA4IBAQACcIj8osmzv8lJyxnAloTaStxDfVwTKoa0
8SIKdlXDiiWo3VR9frAVbOucv0VPI/K6eWlofmNWxzo5tNxr2/AGUYAmvSDcVK9W
Ey74ycUw1YJVmUTw2NFT/4YpMq6yvcdwqCs6shpN3agDc88QLjGJtD4rY0XFztaA
pCw0SFlVCZ1e+5Y39lZG8q+16l6aKB0G4VmCXgTp1gy/uiEyTXO48gPEWv53KZyr
5o75dTFduEcT6yq47s3fZB6/+MmfRc6FyDta5WlZDljbpKQY+BDwDJer9YL66vD/
hGNZspi21z93QhDWd28RnErIEnMPeiaGa0FO96XUpoPThAUZ/SlI
-----END CERTIFICATE-----