Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/7f997c-07cf-44c2-bdf0-66a329b6afad/1/T7F0hGxTvkOGfq586kTtLLEtblc.roa
File:                     T7F0hGxTvkOGfq586kTtLLEtblc.roa (raw, json)
Hash identifier:          zIQlsZ/NKNKWDaUfT5MBioURWdalTx6UPEfd0bHwKbI=
Subject key identifier:   4F:B1:74:84:6C:53:BE:43:86:7E:AE:7C:EA:44:ED:2C:B1:2D:6E:57
Certificate issuer:       /CN=6d7701d5850491f50299ef93f2d7409b78cd6c96
Certificate serial:       018CC8DE9DA523BBE7AEC6A100C0CFF0A99E
Authority key identifier: 6D:77:01:D5:85:04:91:F5:02:99:EF:93:F2:D7:40:9B:78:CD:6C:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXcB1YUEkfUCme-T8tdAm3jNbJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/7f997c-07cf-44c2-bdf0-66a329b6afad/1/T7F0hGxTvkOGfq586kTtLLEtblc.roa
Signing time:             Tue 02 Jan 2024 06:31:21 +0000
ROA not before:           Tue 02 Jan 2024 06:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59643
IP address blocks:        46.175.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/7f997c-07cf-44c2-bdf0-66a329b6afad/1/bXcB1YUEkfUCme-T8tdAm3jNbJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/7f997c-07cf-44c2-bdf0-66a329b6afad/1/bXcB1YUEkfUCme-T8tdAm3jNbJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXcB1YUEkfUCme-T8tdAm3jNbJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:9d:a5:23:bb:e7:ae:c6:a1:00:c0:cf:f0:a9:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d7701d5850491f50299ef93f2d7409b78cd6c96
        Validity
            Not Before: Jan  2 06:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fb174846c53be43867eae7cea44ed2cb12d6e57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ee:3f:da:15:5d:96:e1:53:29:b9:d1:77:b8:
                    49:64:e6:16:3a:10:2b:15:a2:92:49:b0:dc:da:a1:
                    2b:d0:9a:e0:76:af:e0:0d:14:e1:4e:31:54:3e:79:
                    6a:05:7e:fc:20:4e:41:dc:1c:a9:6d:e3:aa:32:05:
                    dd:04:7e:bd:f2:94:cc:4c:2e:d3:d4:a5:9c:49:ed:
                    56:ec:1b:e3:88:f1:7c:36:ec:c7:c5:fd:24:6e:3a:
                    85:57:eb:7b:08:c5:0d:1f:13:ee:a4:be:b3:ef:16:
                    00:a8:c6:e1:d4:1e:62:4b:01:6b:2b:83:21:02:e5:
                    f2:b7:14:c5:b4:af:f8:8b:14:0b:c1:ad:5f:69:09:
                    2c:97:13:fd:c2:8e:00:69:49:81:49:24:a9:8c:b4:
                    c1:38:de:28:bd:ad:59:f6:59:5d:53:95:7d:83:e0:
                    47:1e:d7:12:55:14:1c:e0:0f:1f:29:66:e2:6d:b8:
                    b0:cf:9b:d6:3c:93:ca:36:2f:0c:68:1b:71:8d:4c:
                    fe:7a:52:56:f5:d4:3b:77:8e:41:f2:6b:6a:0a:de:
                    00:cb:04:df:24:3d:f1:26:df:4d:e8:a9:b6:b2:33:
                    86:c4:07:70:0d:65:64:e4:83:d8:2a:b2:62:1f:c1:
                    41:3a:37:7a:87:b3:8e:b5:9e:91:d3:d9:9f:5f:4b:
                    f4:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:B1:74:84:6C:53:BE:43:86:7E:AE:7C:EA:44:ED:2C:B1:2D:6E:57
            X509v3 Authority Key Identifier:
                keyid:6D:77:01:D5:85:04:91:F5:02:99:EF:93:F2:D7:40:9B:78:CD:6C:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXcB1YUEkfUCme-T8tdAm3jNbJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/7f997c-07cf-44c2-bdf0-66a329b6afad/1/T7F0hGxTvkOGfq586kTtLLEtblc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/7f997c-07cf-44c2-bdf0-66a329b6afad/1/bXcB1YUEkfUCme-T8tdAm3jNbJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.175.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:6e:1c:b2:99:6b:4f:af:df:48:2e:5c:08:a0:fa:44:1e:4d:
         c6:22:d0:87:48:14:7d:fd:b9:cc:c4:fd:af:f3:b2:bd:4f:67:
         ad:45:cf:7f:8f:53:da:90:ac:1d:a9:d5:c0:09:bf:78:91:b2:
         0b:2e:1a:3f:9f:1a:23:7b:63:d2:67:d5:3d:7e:d6:71:4f:a9:
         b9:17:40:b3:3c:40:d2:14:63:39:0b:89:61:86:48:0c:a7:a9:
         81:3f:bc:1a:3d:97:45:eb:1e:64:f1:cd:67:e2:38:59:04:bc:
         a3:aa:45:c8:46:ab:92:c0:4f:b9:07:b3:99:cc:64:e6:2b:d6:
         18:d7:f1:06:1a:f2:1b:8d:ff:e0:e7:26:03:9f:17:a0:4f:17:
         1d:7f:54:a1:34:4b:5f:1b:15:82:35:85:c8:d4:bf:11:87:d4:
         c7:16:20:e9:00:4b:eb:60:01:40:cd:25:54:bc:10:27:54:ad:
         c2:7f:c1:96:3e:b5:89:a0:34:07:7c:87:0b:3a:c5:80:d6:38:
         69:ca:6b:0b:83:9d:19:a7:ba:18:4d:cf:a8:f2:1e:0b:ac:c9:
         1e:c8:19:00:55:f7:8a:11:9f:39:ab:9a:46:8c:f6:6e:e3:7b:
         85:f7:1a:ef:cf:73:c4:0e:fb:22:02:01:38:7d:c2:01:a3:1c:
         57:78:53:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3p2lI7vnrsahAMDP8KmeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzcwMWQ1ODUwNDkxZjUwMjk5ZWY5M2YyZDc0MDliNzhj
ZDZjOTYwHhcNMjQwMTAyMDYzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmIxNzQ4NDZjNTNiZTQzODY3ZWFlN2NlYTQ0ZWQyY2IxMmQ2ZTU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAne4/2hVdluFTKbnRd7hJZOYWOhAr
FaKSSbDc2qEr0Jrgdq/gDRThTjFUPnlqBX78IE5B3BypbeOqMgXdBH698pTMTC7T
1KWcSe1W7BvjiPF8NuzHxf0kbjqFV+t7CMUNHxPupL6z7xYAqMbh1B5iSwFrK4Mh
AuXytxTFtK/4ixQLwa1faQkslxP9wo4AaUmBSSSpjLTBON4ova1Z9lldU5V9g+BH
HtcSVRQc4A8fKWbibbiwz5vWPJPKNi8MaBtxjUz+elJW9dQ7d45B8mtqCt4AywTf
JD3xJt9N6Km2sjOGxAdwDWVk5IPYKrJiH8FBOjd6h7OOtZ6R09mfX0v0rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE+xdIRsU75Dhn6ufOpE7SyxLW5XMB8GA1UdIwQY
MBaAFG13AdWFBJH1Apnvk/LXQJt4zWyWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhjQjFZVUVrZlVDbWUtVDh0ZEFtM2pOYkpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi83Zjk5N2MtMDdjZi00NGMyLWJkZjAt
NjZhMzI5YjZhZmFkLzEvVDdGMGhHeFR2a09HZnE1ODZrVHRMTEV0YmxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi83Zjk5N2MtMDdjZi00NGMyLWJkZjAtNjZhMzI5YjZhZmFk
LzEvYlhjQjFZVUVrZlVDbWUtVDh0ZEFtM2pOYkpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALq8NMA0G
CSqGSIb3DQEBCwUAA4IBAQCObhyymWtPr99ILlwIoPpEHk3GItCHSBR9/bnMxP2v
87K9T2etRc9/j1PakKwdqdXACb94kbILLho/nxoje2PSZ9U9ftZxT6m5F0CzPEDS
FGM5C4lhhkgMp6mBP7waPZdF6x5k8c1n4jhZBLyjqkXIRquSwE+5B7OZzGTmK9YY
1/EGGvIbjf/g5yYDnxegTxcdf1ShNEtfGxWCNYXI1L8Rh9THFiDpAEvrYAFAzSVU
vBAnVK3Cf8GWPrWJoDQHfIcLOsWA1jhpymsLg50Zp7oYTc+o8h4LrMkeyBkAVfeK
EZ85q5pGjPZu43uF9xrvz3PEDvsiAgE4fcIBoxxXeFOi
-----END CERTIFICATE-----