Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/4ff06f-e97f-4c5a-9da7-7ee090504fba/1/EcjWgydidhdcKNrWzIbxAiLy23g.roa
File:                     EcjWgydidhdcKNrWzIbxAiLy23g.roa (raw, json)
Hash identifier:          eh5Xhdwbn6nnWxLA+P0v7Dbbag93+TsuH0wfq04/+sE=
Subject key identifier:   11:C8:D6:83:27:62:76:17:5C:28:DA:D6:CC:86:F1:02:22:F2:DB:78
Certificate issuer:       /CN=a7f00d1bffff3a53e94f867d743d031b922db5b1
Certificate serial:       018EC6D8FC8C4AE6C963183EBA6EF6EAF4F9
Authority key identifier: A7:F0:0D:1B:FF:FF:3A:53:E9:4F:86:7D:74:3D:03:1B:92:2D:B5:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_ANG___OlPpT4Z9dD0DG5IttbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/4ff06f-e97f-4c5a-9da7-7ee090504fba/1/EcjWgydidhdcKNrWzIbxAiLy23g.roa
Signing time:             Wed 10 Apr 2024 07:11:32 +0000
ROA not before:           Wed 10 Apr 2024 07:11:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12905
IP address blocks:        46.29.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/4ff06f-e97f-4c5a-9da7-7ee090504fba/1/p_ANG___OlPpT4Z9dD0DG5IttbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/4ff06f-e97f-4c5a-9da7-7ee090504fba/1/p_ANG___OlPpT4Z9dD0DG5IttbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_ANG___OlPpT4Z9dD0DG5IttbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c6:d8:fc:8c:4a:e6:c9:63:18:3e:ba:6e:f6:ea:f4:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7f00d1bffff3a53e94f867d743d031b922db5b1
        Validity
            Not Before: Apr 10 07:11:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11c8d683276276175c28dad6cc86f10222f2db78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:2d:49:07:15:65:e0:6a:02:6b:45:6e:4e:e0:
                    a9:fa:02:ea:67:54:26:e5:a7:04:de:95:1a:72:88:
                    f0:cc:3b:56:08:84:aa:22:d8:00:11:17:f8:b5:dc:
                    e2:8b:68:53:c9:a4:40:ae:ec:ad:82:af:b8:72:be:
                    ef:a8:41:38:8b:d8:03:2b:8f:d6:f6:fc:2e:e8:1f:
                    4d:85:c7:3a:b4:ad:d6:4a:73:cf:77:4f:ef:a4:8d:
                    5d:4f:bb:54:64:2e:b5:a5:3f:68:5c:47:90:17:b4:
                    77:50:eb:9c:be:02:f8:58:ea:e4:cb:51:92:25:8d:
                    0c:16:0d:9b:4e:5f:94:69:b8:0a:9f:70:8b:a4:c7:
                    a6:10:a9:92:2f:14:70:b9:43:0d:e4:bf:9b:65:55:
                    2e:80:32:b9:35:3d:74:df:04:42:6f:cd:eb:d9:c0:
                    74:1e:54:d4:6a:2a:4e:e2:d8:34:57:6b:34:e2:b2:
                    12:70:e8:69:f8:e2:21:2b:2e:20:f6:9d:f3:5d:e5:
                    ab:3e:ff:5d:5c:2d:c4:66:f2:2d:ab:e0:6f:eb:f2:
                    27:5c:0c:56:8e:8e:c7:23:8f:25:c3:b9:33:e0:c2:
                    d1:96:2d:97:79:27:ec:44:14:8c:27:15:80:90:79:
                    9e:45:86:f0:0a:c3:66:95:99:61:da:60:cd:59:cf:
                    8a:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:C8:D6:83:27:62:76:17:5C:28:DA:D6:CC:86:F1:02:22:F2:DB:78
            X509v3 Authority Key Identifier:
                keyid:A7:F0:0D:1B:FF:FF:3A:53:E9:4F:86:7D:74:3D:03:1B:92:2D:B5:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_ANG___OlPpT4Z9dD0DG5IttbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/4ff06f-e97f-4c5a-9da7-7ee090504fba/1/EcjWgydidhdcKNrWzIbxAiLy23g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/4ff06f-e97f-4c5a-9da7-7ee090504fba/1/p_ANG___OlPpT4Z9dD0DG5IttbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:b0:de:2b:b5:d4:db:fb:05:47:71:e9:e8:c9:54:ca:74:26:
         d5:31:1d:35:ec:dc:be:65:00:a4:fb:c8:b1:d4:96:01:44:b1:
         a2:24:15:cb:60:6e:c9:2d:e8:dd:bc:67:68:2d:40:e1:2a:ab:
         62:67:5d:17:3f:06:2b:46:99:b5:41:74:eb:0a:a8:99:f2:37:
         d2:46:1e:34:bf:0a:1b:0a:48:15:ab:32:87:1c:b5:cd:fd:f6:
         11:c6:c9:22:55:ea:19:bd:04:b4:e7:8d:f4:46:03:64:64:6b:
         91:ef:9f:72:78:3c:ac:56:6b:0e:d6:06:d9:6d:94:69:d3:a9:
         a8:76:5a:6d:34:aa:0e:86:d4:8c:f8:f5:f0:b3:65:54:24:d8:
         99:e3:75:9b:8f:7c:b7:74:c3:b7:48:9a:de:8a:b6:fd:58:e2:
         1d:ac:77:b7:cf:8d:b7:ee:ca:b8:68:43:62:de:9c:35:65:86:
         89:9f:f9:a5:de:18:b0:c0:3f:43:8a:62:4c:69:69:59:69:3a:
         78:36:8c:ea:9e:d0:b9:ba:41:91:aa:d4:80:eb:b9:9f:c4:61:
         57:22:72:73:9c:8b:86:cd:9b:fa:53:be:c6:64:e9:f0:9c:3c:
         f2:41:ae:5a:fe:88:73:0a:7a:3d:f3:29:53:a1:67:87:ce:d7:
         ee:cf:30:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7G2PyMSubJYxg+um726vT5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZjAwZDFiZmZmZjNhNTNlOTRmODY3ZDc0M2QwMzFiOTIy
ZGI1YjEwHhcNMjQwNDEwMDcxMTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWM4ZDY4MzI3NjI3NjE3NWMyOGRhZDZjYzg2ZjEwMjIyZjJkYjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkC1JBxVl4GoCa0VuTuCp+gLqZ1Qm
5acE3pUacojwzDtWCISqItgAERf4tdzii2hTyaRAruytgq+4cr7vqEE4i9gDK4/W
9vwu6B9Nhcc6tK3WSnPPd0/vpI1dT7tUZC61pT9oXEeQF7R3UOucvgL4WOrky1GS
JY0MFg2bTl+UabgKn3CLpMemEKmSLxRwuUMN5L+bZVUugDK5NT103wRCb83r2cB0
HlTUaipO4tg0V2s04rIScOhp+OIhKy4g9p3zXeWrPv9dXC3EZvItq+Bv6/InXAxW
jo7HI48lw7kz4MLRli2XeSfsRBSMJxWAkHmeRYbwCsNmlZlh2mDNWc+K2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBHI1oMnYnYXXCja1syG8QIi8tt4MB8GA1UdIwQY
MBaAFKfwDRv//zpT6U+GfXQ9AxuSLbWxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF9BTkdfX19PbFBwVDRaOWREMERHNUl0dGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi80ZmYwNmYtZTk3Zi00YzVhLTlkYTct
N2VlMDkwNTA0ZmJhLzEvRWNqV2d5ZGlkaGRjS05yV3pJYnhBaUx5MjNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi80ZmYwNmYtZTk3Zi00YzVhLTlkYTctN2VlMDkwNTA0ZmJh
LzEvcF9BTkdfX19PbFBwVDRaOWREMERHNUl0dGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALh0BMA0G
CSqGSIb3DQEBCwUAA4IBAQA1sN4rtdTb+wVHcenoyVTKdCbVMR017Ny+ZQCk+8ix
1JYBRLGiJBXLYG7JLejdvGdoLUDhKqtiZ10XPwYrRpm1QXTrCqiZ8jfSRh40vwob
CkgVqzKHHLXN/fYRxskiVeoZvQS05430RgNkZGuR759yeDysVmsO1gbZbZRp06mo
dlptNKoOhtSM+PXws2VUJNiZ43Wbj3y3dMO3SJreirb9WOIdrHe3z4237sq4aENi
3pw1ZYaJn/ml3hiwwD9DimJMaWlZaTp4NozqntC5ukGRqtSA67mfxGFXInJznIuG
zZv6U77GZOnwnDzyQa5a/ohzCno98ylToWeHztfuzzAd
-----END CERTIFICATE-----