Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/Gwbru8yU9kzziokWhCCzl1GBn9A.roa
File:                     Gwbru8yU9kzziokWhCCzl1GBn9A.roa (raw, json)
Hash identifier:          /3Jqu0WxT4zHo+cqR5LmzhezLAHHhShpOHSHkqJ56YY=
Subject key identifier:   1B:06:EB:BB:CC:94:F6:4C:F3:8A:89:16:84:20:B3:97:51:81:9F:D0
Certificate issuer:       /CN=d4375814344df0bf6d017733acdc488f002631b2
Certificate serial:       018CC3B6D4443DD34BC187E34DB73474A939
Authority key identifier: D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/Gwbru8yU9kzziokWhCCzl1GBn9A.roa
Signing time:             Mon 01 Jan 2024 06:29:48 +0000
ROA not before:           Mon 01 Jan 2024 06:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9318
IP address blocks:        46.8.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 15:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d4:44:3d:d3:4b:c1:87:e3:4d:b7:34:74:a9:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4375814344df0bf6d017733acdc488f002631b2
        Validity
            Not Before: Jan  1 06:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1b06ebbbcc94f64cf38a89168420b39751819fd0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:08:5e:f0:7d:8f:38:0a:d1:94:53:a5:72:93:
                    b1:c0:6b:58:fc:ae:e4:71:4f:34:ad:9f:4b:72:09:
                    a5:a2:db:77:7d:0b:f5:dc:8e:5d:90:d9:be:83:9e:
                    58:69:3a:09:03:58:bc:4b:ae:af:38:eb:86:ab:e9:
                    00:c2:9a:61:6c:c6:32:f2:e8:5a:28:09:e2:b9:18:
                    44:f0:df:ab:33:2f:b4:aa:7e:18:b7:83:bb:1f:b3:
                    63:0c:2b:fc:8d:0e:bf:60:21:d3:09:b9:1e:4b:35:
                    15:a9:a7:0d:ef:04:cb:c0:2a:9a:6c:be:2e:58:b9:
                    bc:57:73:45:7d:4e:ad:42:3c:1b:6c:00:37:1a:78:
                    e0:51:e4:1f:1d:59:74:39:6f:f1:3f:7e:71:b6:ae:
                    26:e9:ea:64:c9:d0:c0:5e:bc:98:3d:ec:b9:18:6d:
                    2d:3b:f7:10:d2:23:93:83:6a:99:bd:e1:fd:13:ae:
                    89:79:75:53:a8:d2:54:b8:66:3b:81:7f:47:bc:cc:
                    04:67:4a:f5:b2:7d:23:de:a1:4f:0b:44:31:c0:6e:
                    6d:10:40:4a:a2:11:90:e9:e1:e7:9f:20:30:4d:90:
                    b0:01:27:2a:1c:78:18:21:27:20:e1:08:2c:6b:04:
                    ab:54:f2:dc:56:cf:d0:e2:6d:75:95:c0:bd:ab:d4:
                    30:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:06:EB:BB:CC:94:F6:4C:F3:8A:89:16:84:20:B3:97:51:81:9F:D0
            X509v3 Authority Key Identifier:
                keyid:D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/Gwbru8yU9kzziokWhCCzl1GBn9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:42:dd:52:3f:38:da:d2:3f:c3:53:67:da:a1:bc:47:7d:23:
         5c:7b:ba:83:3c:31:63:7e:92:cd:3c:02:d1:57:b6:32:d1:c6:
         38:08:b5:52:3b:21:33:55:cd:cc:fb:be:23:77:42:47:f8:38:
         31:1e:97:84:08:ac:90:ed:85:7c:6d:86:e0:b8:05:c4:ba:31:
         9a:ad:93:41:9a:0d:e1:9a:8b:7a:f1:8c:62:03:23:1e:64:10:
         3c:08:86:b0:79:b5:2d:72:5a:90:98:5c:ce:2a:fc:8f:ec:c4:
         e8:88:94:b2:07:d0:b9:2f:47:f2:26:bf:6a:b0:71:4a:9a:87:
         a7:d4:2a:fd:a6:e4:12:29:21:c6:fe:ad:08:46:38:ee:0e:a2:
         c1:32:d0:ab:70:f2:f7:8d:7d:74:54:c7:f6:62:54:21:6b:1e:
         2c:a3:d0:e0:86:f1:29:dd:d2:eb:68:3f:a2:03:37:4e:7f:b8:
         86:f2:19:59:64:5d:1f:0a:84:60:ce:44:52:60:00:37:d7:fe:
         d1:31:1d:9b:48:0d:c7:bc:3a:e2:76:b3:49:b5:35:a1:60:f1:
         3b:a3:fa:27:10:b1:85:87:2c:90:7d:a4:9f:c6:44:ee:44:c4:
         ce:f7:6e:52:ac:b0:d8:e9:3d:d4:6b:a6:97:74:cc:bf:ed:42:
         6c:c7:36:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttREPdNLwYfjTbc0dKk5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Mzc1ODE0MzQ0ZGYwYmY2ZDAxNzczM2FjZGM0ODhmMDAy
NjMxYjIwHhcNMjQwMTAxMDYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjA2ZWJiYmNjOTRmNjRjZjM4YTg5MTY4NDIwYjM5NzUxODE5ZmQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiQhe8H2POArRlFOlcpOxwGtY/K7k
cU80rZ9Lcgmlott3fQv13I5dkNm+g55YaToJA1i8S66vOOuGq+kAwpphbMYy8uha
KAniuRhE8N+rMy+0qn4Yt4O7H7NjDCv8jQ6/YCHTCbkeSzUVqacN7wTLwCqabL4u
WLm8V3NFfU6tQjwbbAA3GnjgUeQfHVl0OW/xP35xtq4m6epkydDAXryYPey5GG0t
O/cQ0iOTg2qZveH9E66JeXVTqNJUuGY7gX9HvMwEZ0r1sn0j3qFPC0QxwG5tEEBK
ohGQ6eHnnyAwTZCwAScqHHgYIScg4QgsawSrVPLcVs/Q4m11lcC9q9QwUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBsG67vMlPZM84qJFoQgs5dRgZ/QMB8GA1UdIwQY
MBaAFNQ3WBQ0TfC/bQF3M6zcSI8AJjGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2Yt
MzY3MWQ2N2ViOWY4LzEvR3dicnU4eVU5a3p6aW9rV2hDQ3psMUdCbjlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2YtMzY3MWQ2N2ViOWY4
LzEvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALghjMA0G
CSqGSIb3DQEBCwUAA4IBAQBlQt1SPzja0j/DU2faobxHfSNce7qDPDFjfpLNPALR
V7Yy0cY4CLVSOyEzVc3M+74jd0JH+DgxHpeECKyQ7YV8bYbguAXEujGarZNBmg3h
mot68YxiAyMeZBA8CIawebUtclqQmFzOKvyP7MToiJSyB9C5L0fyJr9qsHFKmoen
1Cr9puQSKSHG/q0IRjjuDqLBMtCrcPL3jX10VMf2YlQhax4so9DghvEp3dLraD+i
AzdOf7iG8hlZZF0fCoRgzkRSYAA31/7RMR2bSA3HvDridrNJtTWhYPE7o/onELGF
hyyQfaSfxkTuRMTO925SrLDY6T3Ua6aXdMy/7UJsxza4
-----END CERTIFICATE-----