Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/acEh05Q5GXUE3RMwcPYMRhKMkNg.roa
File:                     acEh05Q5GXUE3RMwcPYMRhKMkNg.roa (raw, json)
Hash identifier:          ojoaY0Bg3+E0ZTnar8isv4IBAsdWn9wv0GkRKojxr3w=
Subject key identifier:   69:C1:21:D3:94:39:19:75:04:DD:13:30:70:F6:0C:46:12:8C:90:D8
Certificate issuer:       /CN=f73cdc6751d7c59073e4b706402d3691af09086f
Certificate serial:       018CC3B6EE82E3148BD4D8902DA39AFB2E9D
Authority key identifier: F7:3C:DC:67:51:D7:C5:90:73:E4:B7:06:40:2D:36:91:AF:09:08:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9zzcZ1HXxZBz5LcGQC02ka8JCG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/acEh05Q5GXUE3RMwcPYMRhKMkNg.roa
Signing time:             Mon 01 Jan 2024 06:29:54 +0000
ROA not before:           Mon 01 Jan 2024 06:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52056
IP address blocks:        45.82.16.0/22 maxlen: 22
                          46.23.160.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/9zzcZ1HXxZBz5LcGQC02ka8JCG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/9zzcZ1HXxZBz5LcGQC02ka8JCG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9zzcZ1HXxZBz5LcGQC02ka8JCG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 00:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:ee:82:e3:14:8b:d4:d8:90:2d:a3:9a:fb:2e:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f73cdc6751d7c59073e4b706402d3691af09086f
        Validity
            Not Before: Jan  1 06:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=69c121d39439197504dd133070f60c46128c90d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:ae:9e:84:8d:59:96:ef:29:ad:17:83:01:f7:
                    f2:86:c5:4e:0b:4c:74:0a:b5:cb:5f:0e:bb:31:60:
                    f9:f4:78:f7:03:62:cb:63:e8:4e:0e:a1:d5:3c:a0:
                    14:53:07:3b:bf:f9:b1:c1:40:15:8a:f3:1b:1e:b5:
                    4e:78:20:de:b4:75:15:90:11:ec:fe:47:90:34:e0:
                    6f:19:74:38:0d:56:2b:fb:94:50:d7:58:e2:2e:ce:
                    fe:f8:10:7f:4e:79:cb:f7:f9:d7:3c:34:73:37:6d:
                    e5:3d:3e:2e:a1:05:7b:2b:24:53:66:08:26:6d:d7:
                    dd:37:68:dc:4a:07:b6:a2:3f:cf:f3:93:72:36:50:
                    5c:d2:87:6b:c3:c9:2d:98:7f:ce:1a:77:cd:0c:b6:
                    82:8e:5e:a2:1f:36:3f:be:7f:75:c1:ba:28:a6:ac:
                    58:c3:00:2b:d1:77:38:22:cf:39:8e:69:b0:59:ae:
                    4c:61:23:11:4e:50:eb:9b:5f:6c:eb:c1:11:ef:08:
                    c2:53:44:f5:1c:26:c1:77:a3:30:dc:89:ff:99:00:
                    ff:90:25:42:f4:84:c7:bf:9c:7d:7c:18:74:ad:5d:
                    c4:c5:ac:dd:24:8e:73:59:59:f0:5b:0a:7b:b0:19:
                    4d:1c:85:1b:35:08:87:a6:91:42:14:9d:07:7f:31:
                    87:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:C1:21:D3:94:39:19:75:04:DD:13:30:70:F6:0C:46:12:8C:90:D8
            X509v3 Authority Key Identifier:
                keyid:F7:3C:DC:67:51:D7:C5:90:73:E4:B7:06:40:2D:36:91:AF:09:08:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9zzcZ1HXxZBz5LcGQC02ka8JCG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/acEh05Q5GXUE3RMwcPYMRhKMkNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/855002-d823-41fe-8f9a-718fd195c5eb/1/9zzcZ1HXxZBz5LcGQC02ka8JCG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.16.0/22
                  46.23.160.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3a:16:49:be:9a:09:c3:2e:bb:7b:9a:9b:2e:24:05:a0:e9:ab:
         6b:f2:5b:5f:3f:ca:96:48:94:41:63:c3:dd:2f:be:32:01:2b:
         7e:1e:ae:b7:e3:be:f8:60:e0:c3:b4:71:36:9c:3b:c6:bd:c1:
         4d:7b:86:7b:80:a6:d4:5b:db:1e:2d:77:78:6c:51:7a:33:cc:
         93:c8:4a:d1:dc:c0:be:a2:4d:77:3b:a0:65:44:a4:4a:a6:65:
         d4:bd:bb:2f:d3:db:a3:06:26:4f:68:1b:86:24:c9:34:6c:87:
         e5:c4:e1:71:6e:84:97:e6:2f:09:ca:96:b4:cc:e9:4c:22:07:
         2f:61:3e:2c:e3:7d:8c:f8:bf:1c:f9:06:0f:64:ca:29:91:50:
         5d:fd:3e:ec:5a:73:84:cd:65:88:e9:0a:0a:04:fd:d2:c8:07:
         1c:62:08:8d:94:a5:2f:48:89:4f:26:13:ac:d5:82:42:62:28:
         e9:5f:f2:21:81:2d:08:be:eb:03:06:08:3e:f4:4f:11:7d:0a:
         6d:5e:bd:87:95:5a:e7:ba:47:d4:ba:5a:18:c5:9f:92:51:2a:
         2b:18:6b:1c:62:35:36:f5:25:f7:df:2f:d9:a3:bf:a4:f6:dd:
         f3:7e:8c:84:39:96:47:75:0b:ea:39:ea:df:fb:49:a4:19:f6:
         81:71:e2:5d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtu6C4xSL1NiQLaOa+y6dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3M2NkYzY3NTFkN2M1OTA3M2U0YjcwNjQwMmQzNjkxYWYw
OTA4NmYwHhcNMjQwMTAxMDYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWMxMjFkMzk0MzkxOTc1MDRkZDEzMzA3MGY2MGM0NjEyOGM5MGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp66ehI1Zlu8prReDAffyhsVOC0x0
CrXLXw67MWD59Hj3A2LLY+hODqHVPKAUUwc7v/mxwUAVivMbHrVOeCDetHUVkBHs
/keQNOBvGXQ4DVYr+5RQ11jiLs7++BB/TnnL9/nXPDRzN23lPT4uoQV7KyRTZggm
bdfdN2jcSge2oj/P85NyNlBc0odrw8ktmH/OGnfNDLaCjl6iHzY/vn91wboopqxY
wwAr0Xc4Is85jmmwWa5MYSMRTlDrm19s68ER7wjCU0T1HCbBd6Mw3In/mQD/kCVC
9ITHv5x9fBh0rV3ExazdJI5zWVnwWwp7sBlNHIUbNQiHppFCFJ0HfzGHrQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGnBIdOUORl1BN0TMHD2DEYSjJDYMB8GA1UdIwQY
MBaAFPc83GdR18WQc+S3BkAtNpGvCQhvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXp6Y1oxSFh4WkJ6NUxjR1FDMDJrYThKQ0c4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS84NTUwMDItZDgyMy00MWZlLThmOWEt
NzE4ZmQxOTVjNWViLzEvYWNFaDA1UTVHWFVFM1JNd2NQWU1SaEtNa05nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS84NTUwMDItZDgyMy00MWZlLThmOWEtNzE4ZmQxOTVjNWVi
LzEvOXp6Y1oxSFh4WkJ6NUxjR1FDMDJrYThKQ0c4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVIQAwQE
LhegMA0GCSqGSIb3DQEBCwUAA4IBAQA6Fkm+mgnDLrt7mpsuJAWg6atr8ltfP8qW
SJRBY8PdL74yASt+Hq634774YODDtHE2nDvGvcFNe4Z7gKbUW9seLXd4bFF6M8yT
yErR3MC+ok13O6BlRKRKpmXUvbsv09ujBiZPaBuGJMk0bIflxOFxboSX5i8Jypa0
zOlMIgcvYT4s432M+L8c+QYPZMopkVBd/T7sWnOEzWWI6QoKBP3SyAccYgiNlKUv
SIlPJhOs1YJCYijpX/IhgS0IvusDBgg+9E8RfQptXr2HlVrnukfUuloYxZ+SUSor
GGscYjU29SX33y/Zo7+k9t3zfoyEOZZHdQvqOerf+0mkGfaBceJd
-----END CERTIFICATE-----