Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/1kXCmZ3T5wjald1xv2BIhebGIi4.roa
File:                     1kXCmZ3T5wjald1xv2BIhebGIi4.roa (raw, json)
Hash identifier:          VW3oWASa2FrcBonnSV/d3f0Nc4c+GA/Hf3gp7KUw2e0=
Subject key identifier:   D6:45:C2:99:9D:D3:E7:08:DA:95:DD:71:BF:60:48:85:E6:C6:22:2E
Certificate issuer:       /CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Certificate serial:       018CC348FCB4B082CCE24E633DF3D7ACBD9C
Authority key identifier: 46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/1kXCmZ3T5wjald1xv2BIhebGIi4.roa
Signing time:             Mon 01 Jan 2024 04:29:49 +0000
ROA not before:           Mon 01 Jan 2024 04:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201513
IP address blocks:        213.184.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:fc:b4:b0:82:cc:e2:4e:63:3d:f3:d7:ac:bd:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
        Validity
            Not Before: Jan  1 04:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d645c2999dd3e708da95dd71bf604885e6c6222e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:c9:06:36:c2:7a:f5:a8:9f:18:9b:80:ae:1b:
                    26:05:77:c1:55:c4:a2:0d:01:ad:f8:f4:d9:43:17:
                    06:c8:3e:e6:a4:77:65:0d:60:86:47:96:aa:13:e9:
                    76:d7:33:b6:2c:cc:fb:cc:35:aa:4c:55:fb:53:5f:
                    1b:4c:c5:ef:1e:d3:78:39:78:31:27:62:a8:47:fe:
                    7d:ae:93:8a:4e:45:7f:81:3a:cc:f7:f7:73:2a:4d:
                    31:53:8e:cb:7e:6e:e3:50:35:fb:d7:70:34:6e:c8:
                    e5:41:19:4e:1b:01:5f:21:51:fa:97:c6:41:5c:3b:
                    16:8c:d0:28:30:38:a9:db:9e:e7:5a:45:2e:d3:80:
                    86:52:85:ec:e3:50:e1:5c:03:ca:72:ce:68:93:46:
                    d9:fd:47:63:31:8d:5c:a0:64:c4:48:0e:3b:e2:f8:
                    bf:af:ea:31:fd:0a:d1:2d:84:26:d3:2d:61:4e:85:
                    ae:6a:2d:33:c8:20:62:30:1a:4a:b5:6d:d2:c1:50:
                    b3:17:aa:ca:cf:79:a1:b4:bb:6d:ca:82:be:24:ed:
                    11:1b:c0:76:a3:d5:92:57:21:70:c7:97:8d:c1:92:
                    5e:d5:b1:b8:2e:57:be:29:5b:3f:22:c8:98:17:41:
                    55:32:ce:96:27:45:e9:10:61:4d:c5:20:b8:a4:e3:
                    0b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:45:C2:99:9D:D3:E7:08:DA:95:DD:71:BF:60:48:85:E6:C6:22:2E
            X509v3 Authority Key Identifier:
                keyid:46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/1kXCmZ3T5wjald1xv2BIhebGIi4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.184.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:e9:e9:a6:d5:fe:7c:3d:28:57:40:53:97:32:8e:c6:b3:2f:
         f8:6f:df:e2:2d:46:7e:57:2d:36:50:bf:e2:87:64:f7:2f:fb:
         46:3f:65:d2:4e:46:c5:61:72:3e:ac:57:1f:84:cc:75:45:07:
         58:d3:46:43:4d:99:b3:36:f9:32:9f:23:bc:e0:18:b2:d2:69:
         75:63:93:0b:2f:ad:e4:d9:e9:79:bd:51:ca:ab:74:08:61:ed:
         51:bc:ac:a1:e9:b2:0b:04:86:3d:74:bb:9d:f4:3a:ad:d2:d0:
         65:ed:2e:c3:a0:d6:f9:3b:62:12:3e:84:e8:9f:36:51:87:36:
         7b:12:47:10:7d:ce:65:ff:42:4b:95:68:82:9e:e9:24:0a:b6:
         c4:6e:db:ff:01:49:17:70:fc:70:64:a3:cc:e1:36:2e:e3:b5:
         68:c8:4a:5e:73:44:80:3d:96:45:a7:49:31:0f:1a:88:4d:39:
         0a:62:06:6a:bb:4b:81:41:eb:ee:a2:96:1b:ac:6e:b8:73:e6:
         f1:bc:50:a0:96:c6:8d:f5:f4:0f:3f:71:d7:0a:ae:b2:39:24:
         e5:05:6c:c0:e0:ac:b2:ee:9c:03:9f:6e:58:36:c6:3e:c7:c2:
         5e:ed:fe:2b:c2:64:53:1c:7f:23:30:b5:27:cf:5a:22:51:7e:
         b0:63:e8:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPy0sILM4k5jPfPXrL2cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YmEzZjgwMDM5YjllNzg0Y2ZiMjRiZjJjN2RkYjI0ZTE5
MDBhNzYwHhcNMjQwMTAxMDQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjQ1YzI5OTlkZDNlNzA4ZGE5NWRkNzFiZjYwNDg4NWU2YzYyMjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm8kGNsJ69aifGJuArhsmBXfBVcSi
DQGt+PTZQxcGyD7mpHdlDWCGR5aqE+l21zO2LMz7zDWqTFX7U18bTMXvHtN4OXgx
J2KoR/59rpOKTkV/gTrM9/dzKk0xU47Lfm7jUDX713A0bsjlQRlOGwFfIVH6l8ZB
XDsWjNAoMDip257nWkUu04CGUoXs41DhXAPKcs5ok0bZ/UdjMY1coGTESA474vi/
r+ox/QrRLYQm0y1hToWuai0zyCBiMBpKtW3SwVCzF6rKz3mhtLttyoK+JO0RG8B2
o9WSVyFwx5eNwZJe1bG4Lle+KVs/IsiYF0FVMs6WJ0XpEGFNxSC4pOMLzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNZFwpmd0+cI2pXdcb9gSIXmxiIuMB8GA1UdIwQY
MBaAFEa6P4ADm554TPskvyx92yThkAp2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWIt
ODlhY2UzODIyMGZiLzEvMWtYQ21aM1Q1d2phbGQxeHYyQkloZWJHSWk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWItODlhY2UzODIyMGZi
LzEvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1biaMA0G
CSqGSIb3DQEBCwUAA4IBAQCO6emm1f58PShXQFOXMo7Gsy/4b9/iLUZ+Vy02UL/i
h2T3L/tGP2XSTkbFYXI+rFcfhMx1RQdY00ZDTZmzNvkynyO84Biy0ml1Y5MLL63k
2el5vVHKq3QIYe1RvKyh6bILBIY9dLud9Dqt0tBl7S7DoNb5O2ISPoTonzZRhzZ7
EkcQfc5l/0JLlWiCnukkCrbEbtv/AUkXcPxwZKPM4TYu47VoyEpec0SAPZZFp0kx
DxqITTkKYgZqu0uBQevuopYbrG64c+bxvFCglsaN9fQPP3HXCq6yOSTlBWzA4Kyy
7pwDn25YNsY+x8Je7f4rwmRTHH8jMLUnz1oiUX6wY+iF
-----END CERTIFICATE-----