Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/5a698d-998a-48ba-8dc5-333f0c99279e/1/kRM1n2VD8eYb6J0z9oQ6YTR6KH0.roa
File:                     kRM1n2VD8eYb6J0z9oQ6YTR6KH0.roa (raw, json)
Hash identifier:          iVrsTRxzGBIn/3SmtBL+2Gv1oa7tIcovSj1JARY/H6o=
Subject key identifier:   91:13:35:9F:65:43:F1:E6:1B:E8:9D:33:F6:84:3A:61:34:7A:28:7D
Certificate issuer:       /CN=66f90e75df98afb43019ce750350e769b99fbc13
Certificate serial:       018CC94C39C7434276F1D5B9A0A73FF75E97
Authority key identifier: 66:F9:0E:75:DF:98:AF:B4:30:19:CE:75:03:50:E7:69:B9:9F:BC:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZvkOdd-Yr7QwGc51A1DnabmfvBM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/5a698d-998a-48ba-8dc5-333f0c99279e/1/kRM1n2VD8eYb6J0z9oQ6YTR6KH0.roa
Signing time:             Tue 02 Jan 2024 08:31:05 +0000
ROA not before:           Tue 02 Jan 2024 08:31:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        46.23.240.0/20 maxlen: 20
                          46.23.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/5a698d-998a-48ba-8dc5-333f0c99279e/1/ZvkOdd-Yr7QwGc51A1DnabmfvBM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/5a698d-998a-48ba-8dc5-333f0c99279e/1/ZvkOdd-Yr7QwGc51A1DnabmfvBM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZvkOdd-Yr7QwGc51A1DnabmfvBM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 11:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:39:c7:43:42:76:f1:d5:b9:a0:a7:3f:f7:5e:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66f90e75df98afb43019ce750350e769b99fbc13
        Validity
            Not Before: Jan  2 08:31:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9113359f6543f1e61be89d33f6843a61347a287d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:9b:2f:6f:0e:46:6e:65:b3:f7:ef:c8:52:cd:
                    67:70:87:30:43:7a:04:5f:6f:03:f4:86:28:3e:92:
                    c2:2c:93:f0:e4:44:2b:7d:7d:be:b5:d2:b1:b5:f1:
                    ab:f5:5d:16:1a:f1:35:54:b9:c8:02:00:d2:f3:71:
                    22:19:0f:93:f8:d1:2a:79:9a:cd:23:9b:88:47:0b:
                    73:4b:c9:a2:df:e6:8f:88:a3:7b:b2:22:bc:62:7b:
                    7a:d4:79:2b:9a:64:80:2c:56:c8:43:47:67:d6:e5:
                    55:ea:c3:73:87:e7:6d:3a:9d:ff:fe:f1:d1:08:78:
                    66:26:53:d4:e5:0c:d5:16:43:e9:82:f6:75:c1:ae:
                    7e:4d:9c:25:4f:f2:87:bd:2e:d6:69:3f:35:4f:96:
                    b1:11:ea:d9:10:44:30:f5:e6:4d:9f:58:79:81:76:
                    22:e0:fb:2c:ba:13:65:d4:38:94:e4:67:9c:a7:db:
                    a9:28:65:6e:c3:59:45:7d:b9:cf:7f:87:04:f7:cc:
                    ff:73:81:85:ce:11:a0:87:a6:e8:36:61:76:e4:97:
                    00:dd:1d:55:70:3a:5f:17:01:64:7d:ca:c9:93:c6:
                    16:0f:d9:91:30:b1:b5:14:ed:55:82:96:00:dc:5d:
                    3e:b3:4f:48:3b:38:66:42:90:81:56:b6:62:8b:5a:
                    12:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:13:35:9F:65:43:F1:E6:1B:E8:9D:33:F6:84:3A:61:34:7A:28:7D
            X509v3 Authority Key Identifier:
                keyid:66:F9:0E:75:DF:98:AF:B4:30:19:CE:75:03:50:E7:69:B9:9F:BC:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZvkOdd-Yr7QwGc51A1DnabmfvBM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/5a698d-998a-48ba-8dc5-333f0c99279e/1/kRM1n2VD8eYb6J0z9oQ6YTR6KH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/5a698d-998a-48ba-8dc5-333f0c99279e/1/ZvkOdd-Yr7QwGc51A1DnabmfvBM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.23.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         93:a7:3c:06:60:0f:9c:79:e8:43:7c:aa:d9:d5:1f:77:39:8e:
         05:31:94:f0:6f:26:9a:76:d0:22:ef:6f:4a:ac:47:23:76:4b:
         16:fd:4a:39:f4:09:24:a9:a2:9b:25:ca:1e:fa:b1:2c:85:5b:
         af:6b:b1:4f:b5:b1:bc:e5:7a:f7:ce:80:58:48:a7:9b:91:92:
         77:99:71:fa:ae:7b:a6:9d:39:00:d2:47:b3:c9:aa:23:8e:44:
         6f:b2:ef:f7:e8:7a:a5:cd:98:28:12:57:d9:53:db:d1:f0:55:
         63:ce:68:70:71:28:ca:df:8b:58:09:b6:20:a7:80:14:61:7e:
         83:ff:4b:d5:94:df:db:48:92:d9:76:d4:30:32:5c:48:da:49:
         19:08:b1:cb:5c:73:2c:4a:3f:60:f8:67:b7:36:64:df:af:f4:
         bc:7c:a6:02:aa:1d:ae:1d:f7:fa:71:3f:eb:67:59:bf:41:d1:
         2a:dd:4c:18:cf:8e:5b:bd:97:7b:ae:93:45:a5:5d:48:3e:5f:
         cb:5c:0d:be:b2:af:b1:7f:44:68:c4:10:73:1d:1a:2f:e7:33:
         5e:89:a1:57:f9:f7:f8:e7:e3:86:0e:f0:89:f1:8d:b3:59:1d:
         bd:88:40:ec:aa:92:37:5b:82:e8:25:66:5e:b3:18:80:79:ab:
         cd:04:97:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTDnHQ0J28dW5oKc/916XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZjkwZTc1ZGY5OGFmYjQzMDE5Y2U3NTAzNTBlNzY5Yjk5
ZmJjMTMwHhcNMjQwMTAyMDgzMTA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTEzMzU5ZjY1NDNmMWU2MWJlODlkMzNmNjg0M2E2MTM0N2EyODdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw5svbw5GbmWz9+/IUs1ncIcwQ3oE
X28D9IYoPpLCLJPw5EQrfX2+tdKxtfGr9V0WGvE1VLnIAgDS83EiGQ+T+NEqeZrN
I5uIRwtzS8mi3+aPiKN7siK8Ynt61HkrmmSALFbIQ0dn1uVV6sNzh+dtOp3//vHR
CHhmJlPU5QzVFkPpgvZ1wa5+TZwlT/KHvS7WaT81T5axEerZEEQw9eZNn1h5gXYi
4PssuhNl1DiU5Gecp9upKGVuw1lFfbnPf4cE98z/c4GFzhGgh6boNmF25JcA3R1V
cDpfFwFkfcrJk8YWD9mRMLG1FO1VgpYA3F0+s09IOzhmQpCBVrZii1oSzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJETNZ9lQ/HmG+idM/aEOmE0eih9MB8GA1UdIwQY
MBaAFGb5DnXfmK+0MBnOdQNQ52m5n7wTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnZrT2RkLVlyN1F3R2M1MUExRG5hYm1mdkJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS81YTY5OGQtOTk4YS00OGJhLThkYzUt
MzMzZjBjOTkyNzllLzEva1JNMW4yVkQ4ZVliNkowejlvUTZZVFI2S0gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS81YTY5OGQtOTk4YS00OGJhLThkYzUtMzMzZjBjOTkyNzll
LzEvWnZrT2RkLVlyN1F3R2M1MUExRG5hYm1mdkJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQELhfwMA0G
CSqGSIb3DQEBCwUAA4IBAQCTpzwGYA+ceehDfKrZ1R93OY4FMZTwbyaadtAi729K
rEcjdksW/Uo59AkkqaKbJcoe+rEshVuva7FPtbG85Xr3zoBYSKebkZJ3mXH6rnum
nTkA0kezyaojjkRvsu/36HqlzZgoElfZU9vR8FVjzmhwcSjK34tYCbYgp4AUYX6D
/0vVlN/bSJLZdtQwMlxI2kkZCLHLXHMsSj9g+Ge3NmTfr/S8fKYCqh2uHff6cT/r
Z1m/QdEq3UwYz45bvZd7rpNFpV1IPl/LXA2+sq+xf0RoxBBzHRov5zNeiaFX+ff4
5+OGDvCJ8Y2zWR29iEDsqpI3W4LoJWZesxiAeavNBJcX
-----END CERTIFICATE-----