Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/7f78e3-0ccd-41fc-9883-69be037bf079/1/hRDfwC80Z6Wptf5U8hSZYBDnyGA.roa
File:                     hRDfwC80Z6Wptf5U8hSZYBDnyGA.roa (raw, json)
Hash identifier:          BHSuOeFeB10b4vEsCGL/R3mFKMCg/eOUExCklGn4/4E=
Subject key identifier:   85:10:DF:C0:2F:34:67:A5:A9:B5:FE:54:F2:14:99:60:10:E7:C8:60
Certificate issuer:       /CN=9e687583810cc0064edb4efe4057f5a61a55e70b
Certificate serial:       018EF77025F1267B351145178CE52F73F8EB
Authority key identifier: 9E:68:75:83:81:0C:C0:06:4E:DB:4E:FE:40:57:F5:A6:1A:55:E7:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nmh1g4EMwAZO207-QFf1phpV5ws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/7f78e3-0ccd-41fc-9883-69be037bf079/1/hRDfwC80Z6Wptf5U8hSZYBDnyGA.roa
Signing time:             Fri 19 Apr 2024 17:38:25 +0000
ROA not before:           Fri 19 Apr 2024 17:38:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197550
IP address blocks:        46.173.192.0/20 maxlen: 20

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/7f78e3-0ccd-41fc-9883-69be037bf079/1/nmh1g4EMwAZO207-QFf1phpV5ws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/7f78e3-0ccd-41fc-9883-69be037bf079/1/nmh1g4EMwAZO207-QFf1phpV5ws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nmh1g4EMwAZO207-QFf1phpV5ws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:f7:70:25:f1:26:7b:35:11:45:17:8c:e5:2f:73:f8:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9e687583810cc0064edb4efe4057f5a61a55e70b
        Validity
            Not Before: Apr 19 17:38:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8510dfc02f3467a5a9b5fe54f214996010e7c860
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:48:fe:c2:24:a1:4b:65:bc:42:fd:5f:44:48:
                    a1:c9:a0:86:0e:82:66:03:87:81:61:2d:b0:ae:19:
                    f8:7f:bd:ce:14:e2:6e:f4:4f:e3:0e:d7:c7:52:17:
                    8b:67:28:57:cc:7c:e1:f9:b1:b4:0b:eb:c8:30:a2:
                    db:94:24:e9:5a:5e:71:c3:7c:21:15:ad:d7:6b:6c:
                    c1:e3:04:45:2c:88:2e:d9:7a:b9:e5:7c:95:5b:2c:
                    1a:5f:e8:1e:21:1a:4f:fa:9f:62:43:d6:13:8d:f6:
                    71:94:b0:3f:74:89:a6:ac:a3:98:05:59:eb:ab:5f:
                    33:d9:85:59:25:40:de:fd:25:3e:bc:f6:5f:96:00:
                    98:0b:54:7a:2b:96:3d:fc:8b:3e:9b:55:30:aa:9c:
                    7d:d3:5b:9d:ee:42:88:17:e6:a9:07:2a:81:17:c0:
                    5b:03:58:4f:2e:6b:aa:e2:f0:42:1d:6d:09:de:be:
                    e4:2f:94:b2:1f:f2:1e:55:c3:76:33:1e:09:35:b7:
                    84:e8:0f:09:dc:b5:15:b7:8d:49:d6:9d:c5:f6:dd:
                    bb:2e:c8:e9:50:b5:65:b8:bd:23:1c:63:75:b7:84:
                    5e:8f:06:07:94:49:2d:17:b5:1c:e6:7d:17:d6:63:
                    a7:b9:5e:66:c3:af:13:59:1d:f9:b2:99:e8:33:c5:
                    04:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:10:DF:C0:2F:34:67:A5:A9:B5:FE:54:F2:14:99:60:10:E7:C8:60
            X509v3 Authority Key Identifier:
                keyid:9E:68:75:83:81:0C:C0:06:4E:DB:4E:FE:40:57:F5:A6:1A:55:E7:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nmh1g4EMwAZO207-QFf1phpV5ws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/7f78e3-0ccd-41fc-9883-69be037bf079/1/hRDfwC80Z6Wptf5U8hSZYBDnyGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/7f78e3-0ccd-41fc-9883-69be037bf079/1/nmh1g4EMwAZO207-QFf1phpV5ws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.173.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         6c:1f:b6:1b:86:45:bd:2d:c3:e6:ca:f5:34:4f:25:b5:9e:e0:
         b7:1c:ef:93:6f:c3:c0:27:e7:46:0c:a1:c2:8b:f1:02:b1:7a:
         96:4a:c1:cf:26:70:a4:2f:42:a7:67:f1:b0:d2:aa:cb:fe:9d:
         3b:bd:dc:a8:55:ae:47:77:ab:b9:a5:3c:37:cd:48:b8:5a:9a:
         6a:ca:ed:74:ae:dd:c2:fb:7d:da:9c:e2:1e:c0:7b:ec:a8:f0:
         ff:12:0c:d3:28:8d:95:05:6d:1e:d4:da:7e:3b:85:b3:0d:ce:
         24:e1:7a:2d:3a:35:3f:0a:ef:b0:9c:44:c6:a4:74:e5:44:b5:
         0f:db:cb:4e:6b:a6:3a:ac:90:d1:e8:9e:3a:ca:a4:15:28:c9:
         4a:32:bb:44:19:32:cf:a4:4b:3c:b1:b8:d1:0b:33:76:6b:68:
         ab:7e:7f:61:9f:3e:9a:9f:26:61:39:f2:e0:4a:e0:19:18:42:
         ba:31:ab:15:48:80:bc:05:8d:64:5f:06:62:7a:77:16:e6:3f:
         fb:2e:83:e6:a5:f6:4e:e6:f3:93:fd:73:f6:b0:43:f8:2d:f6:
         39:32:58:a2:7d:46:35:06:06:9a:5c:3d:46:a4:c9:be:c2:1e:
         8c:d4:df:91:28:86:5f:1d:cb:93:5c:17:6a:53:3c:08:b4:50:
         8d:a2:d0:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY73cCXxJns1EUUXjOUvc/jrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDllNjg3NTgzODEwY2MwMDY0ZWRiNGVmZTQwNTdmNWE2MWE1
NWU3MGIwHhcNMjQwNDE5MTczODI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTEwZGZjMDJmMzQ2N2E1YTliNWZlNTRmMjE0OTk2MDEwZTdjODYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUj+wiShS2W8Qv1fREihyaCGDoJm
A4eBYS2wrhn4f73OFOJu9E/jDtfHUheLZyhXzHzh+bG0C+vIMKLblCTpWl5xw3wh
Fa3Xa2zB4wRFLIgu2Xq55XyVWywaX+geIRpP+p9iQ9YTjfZxlLA/dImmrKOYBVnr
q18z2YVZJUDe/SU+vPZflgCYC1R6K5Y9/Is+m1Uwqpx901ud7kKIF+apByqBF8Bb
A1hPLmuq4vBCHW0J3r7kL5SyH/IeVcN2Mx4JNbeE6A8J3LUVt41J1p3F9t27Lsjp
ULVluL0jHGN1t4RejwYHlEktF7Uc5n0X1mOnuV5mw68TWR35spnoM8UE2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIUQ38AvNGelqbX+VPIUmWAQ58hgMB8GA1UdIwQY
MBaAFJ5odYOBDMAGTttO/kBX9aYaVecLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbm1oMWc0RU13QVpPMjA3LVFGZjFwaHBWNXdzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC83Zjc4ZTMtMGNjZC00MWZjLTk4ODMt
NjliZTAzN2JmMDc5LzEvaFJEZndDODBaNldwdGY1VThoU1pZQkRueUdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC83Zjc4ZTMtMGNjZC00MWZjLTk4ODMtNjliZTAzN2JmMDc5
LzEvbm1oMWc0RU13QVpPMjA3LVFGZjFwaHBWNXdzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQELq3AMA0G
CSqGSIb3DQEBCwUAA4IBAQBsH7YbhkW9LcPmyvU0TyW1nuC3HO+Tb8PAJ+dGDKHC
i/ECsXqWSsHPJnCkL0KnZ/Gw0qrL/p07vdyoVa5Hd6u5pTw3zUi4Wppqyu10rt3C
+33anOIewHvsqPD/EgzTKI2VBW0e1Np+O4WzDc4k4XotOjU/Cu+wnETGpHTlRLUP
28tOa6Y6rJDR6J46yqQVKMlKMrtEGTLPpEs8sbjRCzN2a2irfn9hnz6anyZhOfLg
SuAZGEK6MasVSIC8BY1kXwZiencW5j/7LoPmpfZO5vOT/XP2sEP4LfY5MliifUY1
BgaaXD1GpMm+wh6M1N+RKIZfHcuTXBdqUzwItFCNotBY
-----END CERTIFICATE-----