Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/XwRj9Wx-qcqFTfZXJpcfHb3fVT0.roa
File:                     XwRj9Wx-qcqFTfZXJpcfHb3fVT0.roa (raw, json)
Hash identifier:          IFQKAOBkC9Hb+q27xTGrg1VN6Bx2tGMvBWLizShhT5w=
Subject key identifier:   5F:04:63:F5:6C:7E:A9:CA:85:4D:F6:57:26:97:1F:1D:BD:DF:55:3D
Certificate issuer:       /CN=d4375814344df0bf6d017733acdc488f002631b2
Certificate serial:       018CC3B6D6384076CF259773CD05A648A56E
Authority key identifier: D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/XwRj9Wx-qcqFTfZXJpcfHb3fVT0.roa
Signing time:             Mon 01 Jan 2024 06:29:48 +0000
ROA not before:           Mon 01 Jan 2024 06:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        46.8.202.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 15:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d6:38:40:76:cf:25:97:73:cd:05:a6:48:a5:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4375814344df0bf6d017733acdc488f002631b2
        Validity
            Not Before: Jan  1 06:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5f0463f56c7ea9ca854df65726971f1dbddf553d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:51:e9:35:58:fe:54:b4:7e:35:4a:8d:0d:0c:
                    1b:9a:75:79:7d:4a:0b:ce:d2:a4:cd:2a:b6:12:2b:
                    6e:6c:4e:16:5d:1c:4a:c8:1f:39:af:a2:04:cb:b0:
                    30:df:5a:85:81:1b:4c:40:e1:c4:32:a8:d1:ca:27:
                    ed:2e:84:10:f4:c8:3c:b7:f2:05:b4:d7:94:86:11:
                    82:5c:3e:31:f8:f8:f6:4c:b2:56:67:36:f1:e4:ad:
                    c2:53:f1:02:ab:aa:0a:c7:13:9f:98:32:ec:d1:be:
                    84:45:2e:8b:59:6f:0e:ff:16:c2:e7:33:a3:82:f9:
                    71:ca:1d:e1:ec:3e:9a:9f:fb:4e:bf:7d:a0:cd:47:
                    8f:77:ab:a7:48:6b:eb:ac:ff:af:a7:94:da:df:3b:
                    86:24:70:8b:95:b6:61:46:04:9f:26:ea:df:a0:59:
                    11:7e:2f:48:cb:f0:cf:15:a2:a4:ca:3d:f8:ad:eb:
                    a2:2e:f1:ae:16:e9:a0:84:4b:0d:1a:02:f1:e9:0e:
                    92:fa:e3:5e:fb:9c:5e:56:76:e9:e5:88:bb:1f:f4:
                    2b:66:e4:cb:af:c0:67:08:53:d3:99:7b:f0:c0:b4:
                    85:51:2f:5e:84:91:d2:29:ba:03:70:f4:22:f7:af:
                    04:a3:fe:48:65:be:de:e1:90:74:92:d6:52:8c:3a:
                    87:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5F:04:63:F5:6C:7E:A9:CA:85:4D:F6:57:26:97:1F:1D:BD:DF:55:3D
            X509v3 Authority Key Identifier:
                keyid:D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/XwRj9Wx-qcqFTfZXJpcfHb3fVT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.202.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:ca:a6:89:22:17:a1:82:ed:23:6e:d3:ff:46:28:13:71:fb:
         d5:e7:30:e2:a7:b5:26:17:6a:48:0c:c6:8c:a0:6f:77:c4:71:
         19:cf:07:fd:11:54:46:f6:bd:8d:31:af:fc:f3:ef:37:8d:46:
         97:c3:2b:94:8d:da:f7:1d:eb:b4:b5:3d:76:c6:5c:59:97:d7:
         80:95:b5:70:25:45:d5:5c:7f:52:51:d6:d0:7c:3d:de:1d:f5:
         a9:a7:9f:00:d5:92:44:65:c5:5b:64:7f:35:2d:c7:37:60:27:
         25:5d:4a:12:86:e8:3a:52:52:31:a1:57:57:4f:a3:c5:31:d5:
         0e:df:e0:d7:84:04:1d:79:48:90:8a:2f:3c:b6:c0:66:e2:ef:
         1e:24:ce:b1:42:bc:90:61:60:ee:20:6b:b0:3b:6a:26:d3:4a:
         ef:24:46:38:86:43:48:7f:a2:f7:4f:bb:16:0e:57:ff:c6:d6:
         11:92:62:1b:90:a1:03:c2:6c:f7:60:df:3d:de:d6:9f:6a:db:
         fc:21:ca:ee:b8:a7:32:21:73:0c:30:3c:4b:99:60:a0:f1:d2:
         ae:bf:3a:09:be:64:3a:df:0b:da:5e:fe:b1:06:cf:12:8a:5c:
         97:0e:87:94:4e:eb:da:ca:e7:38:f5:d3:7c:76:a2:7e:74:c9:
         da:57:57:04
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttY4QHbPJZdzzQWmSKVuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Mzc1ODE0MzQ0ZGYwYmY2ZDAxNzczM2FjZGM0ODhmMDAy
NjMxYjIwHhcNMjQwMTAxMDYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjA0NjNmNTZjN2VhOWNhODU0ZGY2NTcyNjk3MWYxZGJkZGY1NTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzVHpNVj+VLR+NUqNDQwbmnV5fUoL
ztKkzSq2EitubE4WXRxKyB85r6IEy7Aw31qFgRtMQOHEMqjRyiftLoQQ9Mg8t/IF
tNeUhhGCXD4x+Pj2TLJWZzbx5K3CU/ECq6oKxxOfmDLs0b6ERS6LWW8O/xbC5zOj
gvlxyh3h7D6an/tOv32gzUePd6unSGvrrP+vp5Ta3zuGJHCLlbZhRgSfJurfoFkR
fi9Iy/DPFaKkyj34reuiLvGuFumghEsNGgLx6Q6S+uNe+5xeVnbp5Yi7H/QrZuTL
r8BnCFPTmXvwwLSFUS9ehJHSKboDcPQi968Eo/5IZb7e4ZB0ktZSjDqH0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF8EY/VsfqnKhU32VyaXHx2931U9MB8GA1UdIwQY
MBaAFNQ3WBQ0TfC/bQF3M6zcSI8AJjGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2Yt
MzY3MWQ2N2ViOWY4LzEvWHdSajlXeC1xY3FGVGZaWEpwY2ZIYjNmVlQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2YtMzY3MWQ2N2ViOWY4
LzEvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALgjKMA0G
CSqGSIb3DQEBCwUAA4IBAQAYyqaJIhehgu0jbtP/RigTcfvV5zDip7UmF2pIDMaM
oG93xHEZzwf9EVRG9r2NMa/88+83jUaXwyuUjdr3Heu0tT12xlxZl9eAlbVwJUXV
XH9SUdbQfD3eHfWpp58A1ZJEZcVbZH81Lcc3YCclXUoShug6UlIxoVdXT6PFMdUO
3+DXhAQdeUiQii88tsBm4u8eJM6xQryQYWDuIGuwO2om00rvJEY4hkNIf6L3T7sW
Dlf/xtYRkmIbkKEDwmz3YN893tafatv8IcruuKcyIXMMMDxLmWCg8dKuvzoJvmQ6
3wvaXv6xBs8SilyXDoeUTuvayuc49dN8dqJ+dMnaV1cE
-----END CERTIFICATE-----