Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/c88a8f-7be0-4e40-9ce6-d252a574ae8d/1/Ra2p5TiZYbNgMqctwYMiOx2K36Q.roa
File:                     Ra2p5TiZYbNgMqctwYMiOx2K36Q.roa (raw, json)
Hash identifier:          irGLHS3bG279bgLc6qB8WSncPV0WIpljPvCHoVihNDw=
Subject key identifier:   45:AD:A9:E5:38:99:61:B3:60:32:A7:2D:C1:83:22:3B:1D:8A:DF:A4
Certificate issuer:       /CN=ec917c0afda449ecc0429c046df50fbc959b4eea
Certificate serial:       018CC34908DBE602DD11655CB43DD80134C9
Authority key identifier: EC:91:7C:0A:FD:A4:49:EC:C0:42:9C:04:6D:F5:0F:BC:95:9B:4E:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7JF8Cv2kSezAQpwEbfUPvJWbTuo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/c88a8f-7be0-4e40-9ce6-d252a574ae8d/1/Ra2p5TiZYbNgMqctwYMiOx2K36Q.roa
Signing time:             Mon 01 Jan 2024 04:29:52 +0000
ROA not before:           Mon 01 Jan 2024 04:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48346
IP address blocks:        46.149.100.0/24 maxlen: 24
                          2a10:1c00::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/c88a8f-7be0-4e40-9ce6-d252a574ae8d/1/7JF8Cv2kSezAQpwEbfUPvJWbTuo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/c88a8f-7be0-4e40-9ce6-d252a574ae8d/1/7JF8Cv2kSezAQpwEbfUPvJWbTuo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7JF8Cv2kSezAQpwEbfUPvJWbTuo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 07:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:08:db:e6:02:dd:11:65:5c:b4:3d:d8:01:34:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ec917c0afda449ecc0429c046df50fbc959b4eea
        Validity
            Not Before: Jan  1 04:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45ada9e5389961b36032a72dc183223b1d8adfa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8c:97:90:4f:d5:b0:8d:7e:00:20:77:d6:f4:
                    43:42:35:dd:23:f8:84:93:80:a9:26:65:d8:bf:5b:
                    56:93:82:f7:6c:11:20:f9:5b:64:52:f9:1e:b9:86:
                    8d:5a:75:ae:6b:f2:48:ef:a1:da:ba:f1:1a:7c:07:
                    06:66:64:de:2b:fd:61:bf:c4:f7:84:b1:3d:c3:3f:
                    f3:33:4c:ff:65:49:91:44:28:df:16:07:aa:5c:34:
                    b8:29:cc:0a:04:de:78:ad:a5:10:09:fe:2e:4c:cc:
                    d4:c3:f0:af:3f:1e:ca:44:5d:59:19:c2:75:24:e8:
                    2c:ce:dd:d5:38:84:6c:ab:07:52:56:07:61:60:52:
                    4c:8c:b2:17:cf:e3:8f:0a:87:d7:41:14:dd:0f:58:
                    0a:f0:83:82:83:ad:f1:87:30:04:01:5c:4a:c1:5a:
                    f7:32:07:10:cc:b3:bd:f7:f0:3a:b2:8e:47:ff:39:
                    36:85:c0:18:88:63:a8:5b:54:4a:f3:cb:9e:59:5b:
                    71:29:e4:58:76:7c:2e:da:46:c2:2f:ee:77:fd:d2:
                    78:8a:dd:3f:16:f1:cf:87:8a:32:b0:28:8f:e3:a7:
                    f2:f9:89:88:fc:7b:4b:37:c5:c0:9b:a4:0e:f1:2a:
                    09:74:3e:63:b8:ac:fc:fd:8e:34:59:87:5d:0e:68:
                    e2:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:AD:A9:E5:38:99:61:B3:60:32:A7:2D:C1:83:22:3B:1D:8A:DF:A4
            X509v3 Authority Key Identifier:
                keyid:EC:91:7C:0A:FD:A4:49:EC:C0:42:9C:04:6D:F5:0F:BC:95:9B:4E:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7JF8Cv2kSezAQpwEbfUPvJWbTuo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/c88a8f-7be0-4e40-9ce6-d252a574ae8d/1/Ra2p5TiZYbNgMqctwYMiOx2K36Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/c88a8f-7be0-4e40-9ce6-d252a574ae8d/1/7JF8Cv2kSezAQpwEbfUPvJWbTuo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.149.100.0/24
                IPv6:
                  2a10:1c00::/29

    Signature Algorithm: sha256WithRSAEncryption
         1d:5d:db:28:1b:82:ab:b2:a9:34:74:a9:70:5e:6f:f0:ec:5e:
         eb:99:ea:4f:f5:59:4a:6c:58:52:8b:a1:46:97:d0:41:86:69:
         b4:32:e4:04:8c:1e:a1:5a:4b:f9:37:1e:0c:3f:6c:24:9e:88:
         c4:f6:b0:0f:9d:7c:4e:2f:11:66:ba:91:88:3f:5d:11:2a:52:
         5f:9c:af:4f:d1:eb:26:77:79:24:e8:90:31:c3:1f:47:76:68:
         7e:ed:27:36:55:bb:8b:5d:97:e0:d5:81:61:f7:14:cf:dd:5e:
         44:fe:93:d9:f9:66:ea:a9:93:6a:37:4d:c7:24:af:9b:7f:52:
         7f:a4:83:7e:d6:8b:23:4a:2c:28:7e:5c:50:07:dd:ac:b6:a9:
         70:ef:c4:a8:c5:c1:f0:8b:fd:92:71:d1:bf:7b:ff:74:3d:ee:
         3f:cb:5e:13:97:b6:a8:dd:cc:b2:3b:6a:f8:65:26:7f:fd:aa:
         80:04:dc:1c:86:76:56:a0:63:cb:5e:e8:91:e5:94:4c:6f:61:
         a6:f1:3b:4b:4f:60:85:e2:c3:94:4a:33:55:1f:98:d7:a4:83:
         e3:4b:97:22:af:61:a8:a3:d3:96:cf:bc:42:4d:1d:b1:e5:ac:
         41:0c:f2:cd:1c:55:21:c5:bd:7f:3a:76:98:89:40:71:c1:be:
         f1:3b:47:86
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSQjb5gLdEWVctD3YATTJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjOTE3YzBhZmRhNDQ5ZWNjMDQyOWMwNDZkZjUwZmJjOTU5
YjRlZWEwHhcNMjQwMTAxMDQyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWFkYTllNTM4OTk2MWIzNjAzMmE3MmRjMTgzMjIzYjFkOGFkZmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIyXkE/VsI1+ACB31vRDQjXdI/iE
k4CpJmXYv1tWk4L3bBEg+VtkUvkeuYaNWnWua/JI76HauvEafAcGZmTeK/1hv8T3
hLE9wz/zM0z/ZUmRRCjfFgeqXDS4KcwKBN54raUQCf4uTMzUw/CvPx7KRF1ZGcJ1
JOgszt3VOIRsqwdSVgdhYFJMjLIXz+OPCofXQRTdD1gK8IOCg63xhzAEAVxKwVr3
MgcQzLO99/A6so5H/zk2hcAYiGOoW1RK88ueWVtxKeRYdnwu2kbCL+53/dJ4it0/
FvHPh4oysCiP46fy+YmI/HtLN8XAm6QO8SoJdD5juKz8/Y40WYddDmjiywIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEWtqeU4mWGzYDKnLcGDIjsdit+kMB8GA1UdIwQY
MBaAFOyRfAr9pEnswEKcBG31D7yVm07qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0pGOEN2MmtTZXpBUXB3RWJmVVB2SldiVHVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9jODhhOGYtN2JlMC00ZTQwLTljZTYt
ZDI1MmE1NzRhZThkLzEvUmEycDVUaVpZYk5nTXFjdHdZTWlPeDJLMzZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9jODhhOGYtN2JlMC00ZTQwLTljZTYtZDI1MmE1NzRhZThk
LzEvN0pGOEN2MmtTZXpBUXB3RWJmVVB2SldiVHVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALpVkMA0E
AgACMAcDBQMqEBwAMA0GCSqGSIb3DQEBCwUAA4IBAQAdXdsoG4Krsqk0dKlwXm/w
7F7rmepP9VlKbFhSi6FGl9BBhmm0MuQEjB6hWkv5Nx4MP2wknojE9rAPnXxOLxFm
upGIP10RKlJfnK9P0esmd3kk6JAxwx9Hdmh+7Sc2VbuLXZfg1YFh9xTP3V5E/pPZ
+WbqqZNqN03HJK+bf1J/pIN+1osjSiwoflxQB92stqlw78SoxcHwi/2ScdG/e/90
Pe4/y14Tl7ao3cyyO2r4ZSZ//aqABNwchnZWoGPLXuiR5ZRMb2Gm8TtLT2CF4sOU
SjNVH5jXpIPjS5cir2Goo9OWz7xCTR2x5axBDPLNHFUhxb1/OnaYiUBxwb7xO0eG
-----END CERTIFICATE-----