Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/4ff06f-e97f-4c5a-9da7-7ee090504fba/1/OgDm7m7A3pvF6CBjzAkwgT1CGEE.roa
File:                     OgDm7m7A3pvF6CBjzAkwgT1CGEE.roa (raw, json)
Hash identifier:          kBy2I6jO/I6EuWrMrjHzmxvhj7pNd9G1QvBCmvxRrq8=
Subject key identifier:   3A:00:E6:EE:6E:C0:DE:9B:C5:E8:20:63:CC:09:30:81:3D:42:18:41
Certificate issuer:       /CN=a7f00d1bffff3a53e94f867d743d031b922db5b1
Certificate serial:       018CC79486350F4F26F3D8BADE8806386A41
Authority key identifier: A7:F0:0D:1B:FF:FF:3A:53:E9:4F:86:7D:74:3D:03:1B:92:2D:B5:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p_ANG___OlPpT4Z9dD0DG5IttbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/4ff06f-e97f-4c5a-9da7-7ee090504fba/1/OgDm7m7A3pvF6CBjzAkwgT1CGEE.roa
Signing time:             Tue 02 Jan 2024 00:30:48 +0000
ROA not before:           Tue 02 Jan 2024 00:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6663
IP address blocks:        46.29.4.0/22 maxlen: 22
                          46.29.0.0/22 maxlen: 22
                          2a03:6e0:8000::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/4ff06f-e97f-4c5a-9da7-7ee090504fba/1/p_ANG___OlPpT4Z9dD0DG5IttbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/4ff06f-e97f-4c5a-9da7-7ee090504fba/1/p_ANG___OlPpT4Z9dD0DG5IttbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p_ANG___OlPpT4Z9dD0DG5IttbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:86:35:0f:4f:26:f3:d8:ba:de:88:06:38:6a:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7f00d1bffff3a53e94f867d743d031b922db5b1
        Validity
            Not Before: Jan  2 00:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a00e6ee6ec0de9bc5e82063cc0930813d421841
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:78:94:14:67:9b:5a:ac:d6:a3:f1:3d:6f:dc:
                    3f:f5:29:8f:71:02:2f:53:a4:f0:35:5f:d0:84:cd:
                    04:a0:a3:4d:00:52:5c:4f:fc:f1:35:b5:f4:22:72:
                    87:b8:92:4f:43:db:b7:68:c2:d5:c0:70:7f:9d:ad:
                    85:2d:cc:47:a2:9b:9f:2f:e7:19:cf:2b:92:ad:c9:
                    23:a8:4e:0e:f8:ae:21:d0:c7:00:61:a5:5f:ee:bf:
                    ce:49:90:59:52:6d:31:7d:df:64:db:87:85:b5:b8:
                    73:63:cc:e9:8a:26:9f:4b:e8:1d:f3:54:a4:93:5a:
                    52:3f:7d:1d:33:b5:32:ee:2f:a6:d4:3f:18:4a:a0:
                    ca:78:20:4a:b9:d6:88:9e:53:40:45:0d:e4:c7:15:
                    46:10:4f:91:f2:ed:a6:a9:0f:db:f9:38:f1:2b:e9:
                    6f:2a:7b:dd:30:8a:d1:39:37:23:8c:e2:7b:7c:08:
                    17:f2:2b:e8:61:a7:44:50:2d:8e:5d:bb:82:f5:4d:
                    58:54:0d:71:ff:e9:05:b3:ff:7f:66:57:bd:45:55:
                    d0:08:53:20:60:2a:ee:31:35:31:94:d5:69:a9:c7:
                    70:7a:74:1c:10:4a:fd:f0:ba:4e:a8:a8:ba:d5:4b:
                    6c:8a:cc:e4:52:8c:03:7a:86:63:fb:c3:54:4f:a0:
                    90:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:00:E6:EE:6E:C0:DE:9B:C5:E8:20:63:CC:09:30:81:3D:42:18:41
            X509v3 Authority Key Identifier:
                keyid:A7:F0:0D:1B:FF:FF:3A:53:E9:4F:86:7D:74:3D:03:1B:92:2D:B5:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p_ANG___OlPpT4Z9dD0DG5IttbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/4ff06f-e97f-4c5a-9da7-7ee090504fba/1/OgDm7m7A3pvF6CBjzAkwgT1CGEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/4ff06f-e97f-4c5a-9da7-7ee090504fba/1/p_ANG___OlPpT4Z9dD0DG5IttbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.0.0/21
                IPv6:
                  2a03:6e0:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         10:7f:11:f6:86:5e:8f:43:12:a2:c7:6d:a0:ac:79:e4:28:83:
         62:45:09:c3:b8:e0:1b:f7:82:e0:54:e8:6d:24:10:47:ea:de:
         dc:ad:1a:09:5e:17:9e:0f:f7:f0:da:e8:40:ad:81:5c:b7:d0:
         13:49:a5:ec:f7:f7:3c:3c:a6:fb:93:90:bf:ee:8f:ca:f6:b9:
         b9:da:cb:28:cd:76:ef:cb:88:64:d2:2a:3b:d2:13:30:99:42:
         cc:b9:90:de:56:e5:97:f2:98:c0:f1:e8:fe:61:52:bc:ea:d9:
         03:86:7e:fc:00:89:c7:8a:cc:a5:ce:d7:72:7c:a4:60:08:79:
         9b:fe:bf:06:a0:4f:fc:45:b8:cc:67:7e:c2:9b:2e:91:b6:ab:
         68:82:b8:8e:a4:0e:b8:03:42:42:e0:69:ec:af:9e:1c:dd:e9:
         36:e9:64:e8:d6:fb:74:87:79:90:37:de:dc:0f:12:0b:4f:33:
         0a:0a:f9:ab:40:55:0f:7c:ff:07:a3:83:9b:6c:ce:13:d5:ff:
         64:cd:0f:39:a5:04:57:b4:62:8c:01:8b:1d:9f:bd:0b:9b:9f:
         cc:08:90:89:9f:83:cc:e6:ee:39:b2:5f:d1:4d:6f:64:ba:a6:
         4f:60:d5:35:0b:60:b2:ef:6d:4d:30:d1:9c:12:01:f6:11:e6:
         68:c4:95:4b
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzHlIY1D08m89i63ogGOGpBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3ZjAwZDFiZmZmZjNhNTNlOTRmODY3ZDc0M2QwMzFiOTIy
ZGI1YjEwHhcNMjQwMTAyMDAzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTAwZTZlZTZlYzBkZTliYzVlODIwNjNjYzA5MzA4MTNkNDIxODQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk3iUFGebWqzWo/E9b9w/9SmPcQIv
U6TwNV/QhM0EoKNNAFJcT/zxNbX0InKHuJJPQ9u3aMLVwHB/na2FLcxHopufL+cZ
zyuSrckjqE4O+K4h0McAYaVf7r/OSZBZUm0xfd9k24eFtbhzY8zpiiafS+gd81Sk
k1pSP30dM7Uy7i+m1D8YSqDKeCBKudaInlNARQ3kxxVGEE+R8u2mqQ/b+TjxK+lv
KnvdMIrROTcjjOJ7fAgX8ivoYadEUC2OXbuC9U1YVA1x/+kFs/9/Zle9RVXQCFMg
YCruMTUxlNVpqcdwenQcEEr98LpOqKi61UtsiszkUowDeoZj+8NUT6CQKQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFDoA5u5uwN6bxeggY8wJMIE9QhhBMB8GA1UdIwQY
MBaAFKfwDRv//zpT6U+GfXQ9AxuSLbWxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcF9BTkdfX19PbFBwVDRaOWREMERHNUl0dGJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi80ZmYwNmYtZTk3Zi00YzVhLTlkYTct
N2VlMDkwNTA0ZmJhLzEvT2dEbTdtN0EzcHZGNkNCanpBa3dnVDFDR0VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi80ZmYwNmYtZTk3Zi00YzVhLTlkYTctN2VlMDkwNTA0ZmJh
LzEvcF9BTkdfX19PbFBwVDRaOWREMERHNUl0dGJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQDLh0AMA4E
AgACMAgDBgcqAwbggDANBgkqhkiG9w0BAQsFAAOCAQEAEH8R9oZej0MSosdtoKx5
5CiDYkUJw7jgG/eC4FTobSQQR+re3K0aCV4Xng/38NroQK2BXLfQE0ml7Pf3PDym
+5OQv+6Pyva5udrLKM1278uIZNIqO9ITMJlCzLmQ3lbll/KYwPHo/mFSvOrZA4Z+
/ACJx4rMpc7XcnykYAh5m/6/BqBP/EW4zGd+wpsukbaraIK4jqQOuANCQuBp7K+e
HN3pNulk6Nb7dId5kDfe3A8SC08zCgr5q0BVD3z/B6ODm2zOE9X/ZM0POaUEV7Ri
jAGLHZ+9C5ufzAiQiZ+DzObuObJf0U1vZLqmT2DVNQtgsu9tTTDRnBIB9hHmaMSV
Sw==
-----END CERTIFICATE-----