Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/09da87-a2b2-429b-be96-cd009b300a6c/1/1-fuLLqUcRYWdt4Agwf-5k7hcHgk.roa
File:                     1-fuLLqUcRYWdt4Agwf-5k7hcHgk.roa (raw, json)
Hash identifier:          BfxlANQMy+Ez/58VvOxfARndWi4Mr7KzxOr8FpPsy7o=
Subject key identifier:   F9:FB:8B:2E:A5:1C:45:85:9D:B7:80:20:C1:FF:B9:93:B8:5C:1E:09
Certificate issuer:       /CN=4d98fe502ac16e957cc33ebc2ec1be83bbed7cc4
Certificate serial:       018CC42552324B6C5FD422E760EB4A179D8A
Authority key identifier: 4D:98:FE:50:2A:C1:6E:95:7C:C3:3E:BC:2E:C1:BE:83:BB:ED:7C:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TZj-UCrBbpV8wz68LsG-g7vtfMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/09da87-a2b2-429b-be96-cd009b300a6c/1/1-fuLLqUcRYWdt4Agwf-5k7hcHgk.roa
Signing time:             Mon 01 Jan 2024 08:30:29 +0000
ROA not before:           Mon 01 Jan 2024 08:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211401
IP address blocks:        185.46.40.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/09da87-a2b2-429b-be96-cd009b300a6c/1/TZj-UCrBbpV8wz68LsG-g7vtfMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/09da87-a2b2-429b-be96-cd009b300a6c/1/TZj-UCrBbpV8wz68LsG-g7vtfMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TZj-UCrBbpV8wz68LsG-g7vtfMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:52:32:4b:6c:5f:d4:22:e7:60:eb:4a:17:9d:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d98fe502ac16e957cc33ebc2ec1be83bbed7cc4
        Validity
            Not Before: Jan  1 08:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f9fb8b2ea51c45859db78020c1ffb993b85c1e09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:5c:c9:c8:e1:47:01:4f:d8:0f:e2:91:6f:c2:
                    06:4f:82:7c:73:3a:4e:ed:29:d3:38:74:8b:20:83:
                    1e:e7:b5:13:41:9f:a1:fa:8d:03:d2:39:cc:cf:12:
                    fc:90:12:af:45:c0:e2:9d:8c:17:c6:33:7b:d7:2b:
                    2f:57:45:2c:e6:73:7c:04:fd:70:fc:55:c4:63:8a:
                    c6:c6:0a:04:9a:35:06:40:92:c1:48:5b:4a:ad:51:
                    b9:da:dd:1e:38:a3:ed:7d:08:94:e8:21:6f:95:51:
                    b1:47:7c:df:fd:40:dc:f0:a4:0f:f0:48:2d:2c:4a:
                    d3:42:83:5b:5b:66:00:09:e0:61:8f:41:9e:33:58:
                    5e:92:ec:dd:81:f0:7c:ab:74:e1:c6:87:ce:1a:cc:
                    40:03:f7:5c:62:6b:d3:66:9a:db:1b:9f:8a:ad:ab:
                    55:83:7e:4c:76:d7:67:6d:fb:97:93:e3:58:30:67:
                    84:7f:f8:ba:00:21:29:3c:42:e8:4b:25:b1:2d:f2:
                    d2:4f:fe:f2:40:96:48:78:99:32:bd:ca:0c:f0:6f:
                    f5:a6:b0:b9:20:6c:32:5d:74:ff:d5:c4:ed:9c:be:
                    5f:fc:64:54:cf:83:24:1d:6e:0a:6a:c1:b4:68:94:
                    31:3b:07:38:24:71:ce:cb:e7:38:b6:f1:40:c3:5f:
                    97:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:FB:8B:2E:A5:1C:45:85:9D:B7:80:20:C1:FF:B9:93:B8:5C:1E:09
            X509v3 Authority Key Identifier:
                keyid:4D:98:FE:50:2A:C1:6E:95:7C:C3:3E:BC:2E:C1:BE:83:BB:ED:7C:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TZj-UCrBbpV8wz68LsG-g7vtfMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/09da87-a2b2-429b-be96-cd009b300a6c/1/1-fuLLqUcRYWdt4Agwf-5k7hcHgk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/09da87-a2b2-429b-be96-cd009b300a6c/1/TZj-UCrBbpV8wz68LsG-g7vtfMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:86:8c:0b:a3:98:e4:25:14:dd:8c:07:4c:5c:74:41:d3:08:
         69:b1:86:be:14:bc:08:42:ac:92:67:a1:bb:fa:d1:70:c1:9c:
         da:be:71:7d:50:ca:81:2b:2e:1b:3a:48:e0:98:5b:f1:17:74:
         4d:63:6e:b0:b0:83:47:5a:9e:b8:f1:98:10:9b:1d:02:08:9b:
         e3:0a:b9:4e:a3:b8:ee:d4:f4:44:14:db:5e:33:27:2b:0b:cb:
         08:17:c1:37:19:0c:7a:bd:be:58:57:2b:ee:0e:86:0b:46:e6:
         cf:e8:26:81:6b:0a:00:d1:28:c9:c9:b7:ff:51:73:f4:ac:23:
         a0:a9:2b:ec:02:37:a4:1f:95:16:8a:9a:48:6f:8e:8b:ad:b3:
         1c:5c:d8:85:58:23:0e:e6:97:1e:8c:44:fc:f0:86:91:a1:34:
         97:d9:10:12:cc:44:f4:1a:1f:38:e7:4f:31:d4:5d:9a:33:86:
         11:a7:c9:b2:7e:2a:3b:72:1b:77:a2:fd:c8:00:7e:92:2b:44:
         e9:97:2b:e9:68:a9:e0:99:70:4c:bb:2f:65:5b:3d:36:0f:c1:
         09:f6:6e:fa:94:b1:67:6a:ac:e4:41:e4:a0:78:d6:c7:d8:9e:
         d5:7d:61:9a:ec:8a:21:c3:99:5f:4c:ad:15:31:45:fb:a5:7f:
         98:43:5e:c3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEJVIyS2xf1CLnYOtKF52KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkOThmZTUwMmFjMTZlOTU3Y2MzM2ViYzJlYzFiZTgzYmJl
ZDdjYzQwHhcNMjQwMTAxMDgzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWZiOGIyZWE1MWM0NTg1OWRiNzgwMjBjMWZmYjk5M2I4NWMxZTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1zJyOFHAU/YD+KRb8IGT4J8czpO
7SnTOHSLIIMe57UTQZ+h+o0D0jnMzxL8kBKvRcDinYwXxjN71ysvV0Us5nN8BP1w
/FXEY4rGxgoEmjUGQJLBSFtKrVG52t0eOKPtfQiU6CFvlVGxR3zf/UDc8KQP8Egt
LErTQoNbW2YACeBhj0GeM1hekuzdgfB8q3ThxofOGsxAA/dcYmvTZprbG5+KratV
g35MdtdnbfuXk+NYMGeEf/i6ACEpPELoSyWxLfLST/7yQJZIeJkyvcoM8G/1prC5
IGwyXXT/1cTtnL5f/GRUz4MkHW4KasG0aJQxOwc4JHHOy+c4tvFAw1+X1wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPn7iy6lHEWFnbeAIMH/uZO4XB4JMB8GA1UdIwQY
MBaAFE2Y/lAqwW6VfMM+vC7BvoO77XzEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFpqLVVDckJicFY4d3o2OExzRy1nN3Z0Zk1RLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wOWRhODctYTJiMi00MjliLWJlOTYt
Y2QwMDliMzAwYTZjLzEvMS1mdUxMcVVjUllXZHQ0QWd3Zi01azdoY0hnay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvN2MvMDlkYTg3LWEyYjItNDI5Yi1iZTk2LWNkMDA5YjMwMGE2
Yy8xL1Raai1VQ3JCYnBWOHd6NjhMc0ctZzd2dGZNUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArkuKDAN
BgkqhkiG9w0BAQsFAAOCAQEArYaMC6OY5CUU3YwHTFx0QdMIabGGvhS8CEKskmeh
u/rRcMGc2r5xfVDKgSsuGzpI4Jhb8Rd0TWNusLCDR1qeuPGYEJsdAgib4wq5TqO4
7tT0RBTbXjMnKwvLCBfBNxkMer2+WFcr7g6GC0bmz+gmgWsKANEoycm3/1Fz9Kwj
oKkr7AI3pB+VFoqaSG+Oi62zHFzYhVgjDuaXHoxE/PCGkaE0l9kQEsxE9BofOOdP
MdRdmjOGEafJsn4qO3Ibd6L9yAB+kitE6Zcr6Wip4JlwTLsvZVs9Ng/BCfZu+pSx
Z2qs5EHkoHjWx9ie1X1hmuyKIcOZX0ytFTFF+6V/mENeww==
-----END CERTIFICATE-----