Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/bq9CqvnrnmLj-nXKhmfPIEjqEiI.roa
File:                     bq9CqvnrnmLj-nXKhmfPIEjqEiI.roa (raw, json)
Hash identifier:          zEveyUVxjKvk59RxfTsEnCz9v++3bm7NlZK7a0s2pmo=
Subject key identifier:   6E:AF:42:AA:F9:EB:9E:62:E3:FA:75:CA:86:67:CF:20:48:EA:12:22
Certificate issuer:       /CN=a2f6bc8f163af49c03d9ad69e716b42c5b96ee79
Certificate serial:       018CC349598B9D83DD0CCFEF216EA10E1F1F
Authority key identifier: A2:F6:BC:8F:16:3A:F4:9C:03:D9:AD:69:E7:16:B4:2C:5B:96:EE:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ova8jxY69JwD2a1p5xa0LFuW7nk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/bq9CqvnrnmLj-nXKhmfPIEjqEiI.roa
Signing time:             Mon 01 Jan 2024 04:30:13 +0000
ROA not before:           Mon 01 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        46.19.169.0/24 maxlen: 24
                          46.19.168.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/ova8jxY69JwD2a1p5xa0LFuW7nk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/ova8jxY69JwD2a1p5xa0LFuW7nk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ova8jxY69JwD2a1p5xa0LFuW7nk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:59:8b:9d:83:dd:0c:cf:ef:21:6e:a1:0e:1f:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2f6bc8f163af49c03d9ad69e716b42c5b96ee79
        Validity
            Not Before: Jan  1 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6eaf42aaf9eb9e62e3fa75ca8667cf2048ea1222
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:be:94:c0:c1:9d:f1:2b:1f:1c:87:9d:fb:cf:
                    ad:5a:15:b8:21:c6:c0:fe:01:c6:1e:f4:66:4e:e9:
                    4c:19:b5:28:a3:27:61:4f:e1:2d:8a:6f:be:19:69:
                    67:ee:b4:db:6d:5e:e1:e0:b4:2e:73:56:23:e4:c0:
                    87:11:0d:0f:30:68:a7:4f:e4:3e:c0:70:4a:b9:b9:
                    49:3f:94:65:a6:c0:6e:88:8d:7f:0a:7e:15:d0:0f:
                    82:1e:61:9d:d2:6a:f8:dc:b1:3e:1c:d1:2e:df:f5:
                    de:ff:0d:54:05:63:ad:0d:31:92:5f:e8:c1:65:ff:
                    03:ea:e2:ce:4a:18:7f:bb:5a:e8:84:96:cd:66:14:
                    2a:bf:5b:25:f4:2c:93:c0:0e:6a:4c:78:5e:4f:98:
                    8d:aa:d6:49:5e:27:ac:d7:79:9c:fd:bb:a4:48:8c:
                    67:a1:cc:09:d7:37:5c:72:b1:7c:58:fc:c1:68:1b:
                    aa:bf:96:a5:b3:aa:68:50:e5:95:29:f1:96:c7:38:
                    a6:87:5e:7f:16:30:4a:70:f0:86:0e:73:c5:50:ad:
                    d3:e0:13:0a:f8:af:24:c7:5a:79:a6:ac:ee:d7:fd:
                    9f:3d:81:f2:11:72:87:94:7a:4d:10:e9:75:a2:f5:
                    23:c7:a2:87:a4:59:10:db:cd:71:f3:1d:55:ca:28:
                    11:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:AF:42:AA:F9:EB:9E:62:E3:FA:75:CA:86:67:CF:20:48:EA:12:22
            X509v3 Authority Key Identifier:
                keyid:A2:F6:BC:8F:16:3A:F4:9C:03:D9:AD:69:E7:16:B4:2C:5B:96:EE:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ova8jxY69JwD2a1p5xa0LFuW7nk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/bq9CqvnrnmLj-nXKhmfPIEjqEiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/ova8jxY69JwD2a1p5xa0LFuW7nk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.19.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         39:f7:4b:8d:a0:c1:f9:94:6e:fa:13:95:ff:f2:29:92:1c:ba:
         78:84:c1:d6:fc:fa:ea:00:f8:79:79:dc:7e:03:e5:5e:77:f2:
         e5:d8:b9:f2:93:3b:c7:20:ff:d0:ea:25:63:1c:d0:86:34:5d:
         3a:94:92:4d:17:67:45:77:78:28:d6:90:d4:b1:0e:ed:cb:c3:
         99:13:92:f8:c5:40:bd:0b:8a:97:03:a1:8a:c8:75:2e:f2:b0:
         4b:ac:69:9f:90:09:5b:86:da:d1:1d:62:ea:10:b0:b7:b3:9d:
         ad:65:b5:2e:b3:ff:32:96:54:95:1c:22:2d:5e:99:93:ba:d5:
         a6:33:31:d1:d6:d3:eb:84:fd:6b:36:f2:d8:8c:b0:ba:e9:97:
         bb:d7:e2:1e:4c:9f:ff:a3:0d:30:d7:6e:cc:07:5f:fb:e0:b9:
         9a:0d:bf:13:d4:91:22:bb:22:61:1b:76:d1:5c:63:22:b3:4c:
         d6:eb:c4:28:31:df:00:9c:37:3f:a1:ce:0d:a2:94:00:0e:48:
         20:c3:15:55:49:59:64:c0:03:2d:20:1a:7e:08:a9:2e:9b:be:
         ae:ba:e3:ac:a5:c6:87:c4:ed:ed:e2:2d:f9:50:e4:cf:04:66:
         ad:aa:9a:e9:fd:17:a8:e5:7e:ab:97:3f:81:91:dd:45:ed:58:
         05:60:e0:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVmLnYPdDM/vIW6hDh8fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyZjZiYzhmMTYzYWY0OWMwM2Q5YWQ2OWU3MTZiNDJjNWI5
NmVlNzkwHhcNMjQwMTAxMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZWFmNDJhYWY5ZWI5ZTYyZTNmYTc1Y2E4NjY3Y2YyMDQ4ZWExMjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0L6UwMGd8SsfHIed+8+tWhW4IcbA
/gHGHvRmTulMGbUooydhT+Etim++GWln7rTbbV7h4LQuc1Yj5MCHEQ0PMGinT+Q+
wHBKublJP5RlpsBuiI1/Cn4V0A+CHmGd0mr43LE+HNEu3/Xe/w1UBWOtDTGSX+jB
Zf8D6uLOShh/u1rohJbNZhQqv1sl9CyTwA5qTHheT5iNqtZJXies13mc/bukSIxn
ocwJ1zdccrF8WPzBaBuqv5als6poUOWVKfGWxzimh15/FjBKcPCGDnPFUK3T4BMK
+K8kx1p5pqzu1/2fPYHyEXKHlHpNEOl1ovUjx6KHpFkQ281x8x1VyigRVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG6vQqr5655i4/p1yoZnzyBI6hIiMB8GA1UdIwQY
MBaAFKL2vI8WOvScA9mtaecWtCxblu55MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3ZhOGp4WTY5SndEMmExcDV4YTBMRnVXN25rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8yODUxYjYtMmU2NS00ODU5LTljMDUt
NTA2YmI2YzY3OWNlLzEvYnE5Q3F2bnJubUxqLW5YS2htZlBJRWpxRWlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8yODUxYjYtMmU2NS00ODU5LTljMDUtNTA2YmI2YzY3OWNl
LzEvb3ZhOGp4WTY5SndEMmExcDV4YTBMRnVXN25rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLhOoMA0G
CSqGSIb3DQEBCwUAA4IBAQA590uNoMH5lG76E5X/8imSHLp4hMHW/PrqAPh5edx+
A+Ved/Ll2LnykzvHIP/Q6iVjHNCGNF06lJJNF2dFd3go1pDUsQ7ty8OZE5L4xUC9
C4qXA6GKyHUu8rBLrGmfkAlbhtrRHWLqELC3s52tZbUus/8yllSVHCItXpmTutWm
MzHR1tPrhP1rNvLYjLC66Ze71+IeTJ//ow0w127MB1/74LmaDb8T1JEiuyJhG3bR
XGMis0zW68QoMd8AnDc/oc4NopQADkggwxVVSVlkwAMtIBp+CKkum76uuuOspcaH
xO3t4i35UOTPBGatqprp/Reo5X6rlz+Bkd1F7VgFYOCH
-----END CERTIFICATE-----