Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/a8aaff-12a1-4641-8b9d-24d272ce11e3/1/b_m9zZPukWU3nxRyS1fTJliQhN8.roa
File:                     b_m9zZPukWU3nxRyS1fTJliQhN8.roa (raw, json)
Hash identifier:          I6eJlnuSLUHMr8STy0Ufi4WiqQwQieCRudOds8B8sdc=
Subject key identifier:   6F:F9:BD:CD:93:EE:91:65:37:9F:14:72:4B:57:D3:26:58:90:84:DF
Certificate issuer:       /CN=a3f1b22b2054502bfd3889138291103d83b6a50e
Certificate serial:       018E3286993969C0DD04143897FF9C884FE3
Authority key identifier: A3:F1:B2:2B:20:54:50:2B:FD:38:89:13:82:91:10:3D:83:B6:A5:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o_GyKyBUUCv9OIkTgpEQPYO2pQ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/a8aaff-12a1-4641-8b9d-24d272ce11e3/1/b_m9zZPukWU3nxRyS1fTJliQhN8.roa
Signing time:             Tue 12 Mar 2024 11:57:45 +0000
ROA not before:           Tue 12 Mar 2024 11:57:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56582
IP address blocks:        46.235.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/a8aaff-12a1-4641-8b9d-24d272ce11e3/1/o_GyKyBUUCv9OIkTgpEQPYO2pQ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/a8aaff-12a1-4641-8b9d-24d272ce11e3/1/o_GyKyBUUCv9OIkTgpEQPYO2pQ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o_GyKyBUUCv9OIkTgpEQPYO2pQ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 04:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:86:99:39:69:c0:dd:04:14:38:97:ff:9c:88:4f:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a3f1b22b2054502bfd3889138291103d83b6a50e
        Validity
            Not Before: Mar 12 11:57:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6ff9bdcd93ee9165379f14724b57d326589084df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f9:2e:0f:d7:2e:bd:0d:da:50:d3:5e:10:43:
                    ce:78:36:6a:ab:7c:17:32:66:a3:c7:65:82:c5:2c:
                    39:ff:ef:28:93:44:fc:99:31:34:f9:f2:23:9f:94:
                    64:78:ee:fb:44:94:e6:dd:a5:c7:d9:91:e1:87:2d:
                    7f:b0:74:5f:2d:3b:e7:58:59:10:c1:03:6d:34:b0:
                    bf:b1:41:18:a2:11:79:c2:1e:93:1f:dd:6b:2c:bc:
                    22:43:2d:99:2f:28:96:26:eb:4d:05:ba:d0:4b:6b:
                    e0:f5:d8:70:12:b3:52:4b:ab:d0:c8:3c:bd:35:85:
                    3b:19:69:64:41:ab:53:1e:6c:cf:b5:e3:21:c5:ee:
                    ef:7a:d6:90:84:4c:04:84:41:c8:bf:40:d8:cf:5c:
                    90:94:08:87:db:5f:d4:f7:dd:a0:41:28:29:be:cd:
                    72:6e:a6:e7:05:10:fd:9b:61:eb:57:e1:fd:f2:df:
                    d1:42:b3:70:0c:76:72:63:24:c0:58:7f:68:fa:c1:
                    27:c6:f2:c7:07:78:73:ba:f3:ad:c1:58:e3:0f:f6:
                    17:4b:09:81:4a:eb:d1:c1:34:a8:d9:83:eb:93:0a:
                    fa:56:e6:70:ea:b3:67:49:be:72:68:53:ad:5b:17:
                    00:70:be:2e:c2:14:44:36:e7:3d:f9:07:94:0b:71:
                    e2:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:F9:BD:CD:93:EE:91:65:37:9F:14:72:4B:57:D3:26:58:90:84:DF
            X509v3 Authority Key Identifier:
                keyid:A3:F1:B2:2B:20:54:50:2B:FD:38:89:13:82:91:10:3D:83:B6:A5:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o_GyKyBUUCv9OIkTgpEQPYO2pQ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/a8aaff-12a1-4641-8b9d-24d272ce11e3/1/b_m9zZPukWU3nxRyS1fTJliQhN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/a8aaff-12a1-4641-8b9d-24d272ce11e3/1/o_GyKyBUUCv9OIkTgpEQPYO2pQ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.235.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:92:5d:2a:fe:d6:91:88:6f:ce:74:33:51:93:79:e5:56:00:
         58:c2:04:c0:a2:c3:da:03:ba:c6:e7:ed:ff:b7:65:95:49:a3:
         3b:4b:8b:0b:f0:09:16:4c:9a:55:c2:78:8a:ea:76:da:6a:d8:
         d0:98:83:c1:4c:80:3e:86:07:28:8a:ed:eb:26:a6:74:cd:91:
         2b:61:ef:c1:da:d6:cb:4c:c0:b5:13:74:cc:e0:5a:a8:69:13:
         7d:14:8a:6d:8f:d8:6f:bd:65:06:ce:e8:c8:e6:1b:fc:f4:14:
         c7:cf:06:9a:03:77:81:82:9b:2d:aa:12:e5:ec:ee:36:1c:b7:
         0e:69:96:f6:0a:3e:43:54:5c:14:42:3f:cb:b5:0a:46:22:58:
         5d:16:dc:4b:3f:60:4d:c1:60:39:28:de:4a:f2:50:83:2c:a1:
         36:47:c7:5b:f4:8f:5b:c3:ed:58:f4:55:b5:14:b6:4a:18:d7:
         9c:21:9f:67:fa:b3:b4:d8:cd:07:60:b4:5e:e7:a1:a3:96:14:
         8f:2a:81:28:ba:23:90:c6:64:e8:f3:70:88:ea:ed:7c:3b:90:
         41:bb:33:f0:8c:32:01:89:52:ef:2c:a9:c8:d2:e7:6d:a9:62:
         f1:17:b9:b9:b0:11:84:83:b4:fa:33:8d:0c:52:eb:34:db:55:
         e4:ee:9c:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4yhpk5acDdBBQ4l/+ciE/jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzZjFiMjJiMjA1NDUwMmJmZDM4ODkxMzgyOTExMDNkODNi
NmE1MGUwHhcNMjQwMzEyMTE1NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmY5YmRjZDkzZWU5MTY1Mzc5ZjE0NzI0YjU3ZDMyNjU4OTA4NGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPkuD9cuvQ3aUNNeEEPOeDZqq3wX
Mmajx2WCxSw5/+8ok0T8mTE0+fIjn5RkeO77RJTm3aXH2ZHhhy1/sHRfLTvnWFkQ
wQNtNLC/sUEYohF5wh6TH91rLLwiQy2ZLyiWJutNBbrQS2vg9dhwErNSS6vQyDy9
NYU7GWlkQatTHmzPteMhxe7vetaQhEwEhEHIv0DYz1yQlAiH21/U992gQSgpvs1y
bqbnBRD9m2HrV+H98t/RQrNwDHZyYyTAWH9o+sEnxvLHB3hzuvOtwVjjD/YXSwmB
SuvRwTSo2YPrkwr6VuZw6rNnSb5yaFOtWxcAcL4uwhRENuc9+QeUC3HiNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/5vc2T7pFlN58UcktX0yZYkITfMB8GA1UdIwQY
MBaAFKPxsisgVFAr/TiJE4KRED2DtqUOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb19HeUt5QlVVQ3Y5T0lrVGdwRVFQWU8ycFE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9hOGFhZmYtMTJhMS00NjQxLThiOWQt
MjRkMjcyY2UxMWUzLzEvYl9tOXpaUHVrV1UzbnhSeVMxZlRKbGlRaE44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9hOGFhZmYtMTJhMS00NjQxLThiOWQtMjRkMjcyY2UxMWUz
LzEvb19HeUt5QlVVQ3Y5T0lrVGdwRVFQWU8ycFE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALusOMA0G
CSqGSIb3DQEBCwUAA4IBAQAlkl0q/taRiG/OdDNRk3nlVgBYwgTAosPaA7rG5+3/
t2WVSaM7S4sL8AkWTJpVwniK6nbaatjQmIPBTIA+hgcoiu3rJqZ0zZErYe/B2tbL
TMC1E3TM4FqoaRN9FIptj9hvvWUGzujI5hv89BTHzwaaA3eBgpstqhLl7O42HLcO
aZb2Cj5DVFwUQj/LtQpGIlhdFtxLP2BNwWA5KN5K8lCDLKE2R8db9I9bw+1Y9FW1
FLZKGNecIZ9n+rO02M0HYLRe56GjlhSPKoEouiOQxmTo83CI6u18O5BBuzPwjDIB
iVLvLKnI0udtqWLxF7m5sBGEg7T6M40MUus021Xk7pyb
-----END CERTIFICATE-----