Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/aLaiV6mXhmyKCRkeyxf1ZnUNYe0.roa
File:                     aLaiV6mXhmyKCRkeyxf1ZnUNYe0.roa (raw, json)
Hash identifier:          UPnIIURQla7GQTIgzw8y5aMLmeaNNaxHFIL1SF9RSnA=
Subject key identifier:   68:B6:A2:57:A9:97:86:6C:8A:09:19:1E:CB:17:F5:66:75:0D:61:ED
Certificate issuer:       /CN=aa44eb091b3a33a87beb8e004ab15ef178fbaa00
Certificate serial:       018CC5DBE4ED8C7B3905B51A0A0E69BFED99
Authority key identifier: AA:44:EB:09:1B:3A:33:A8:7B:EB:8E:00:4A:B1:5E:F1:78:FB:AA:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qkTrCRs6M6h7644ASrFe8Xj7qgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/aLaiV6mXhmyKCRkeyxf1ZnUNYe0.roa
Signing time:             Mon 01 Jan 2024 16:29:31 +0000
ROA not before:           Mon 01 Jan 2024 16:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209283
IP address blocks:        46.243.183.0/24 maxlen: 24
                          46.243.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/qkTrCRs6M6h7644ASrFe8Xj7qgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/qkTrCRs6M6h7644ASrFe8Xj7qgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qkTrCRs6M6h7644ASrFe8Xj7qgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:db:e4:ed:8c:7b:39:05:b5:1a:0a:0e:69:bf:ed:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aa44eb091b3a33a87beb8e004ab15ef178fbaa00
        Validity
            Not Before: Jan  1 16:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=68b6a257a997866c8a09191ecb17f566750d61ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:82:e1:2c:5c:49:bc:f2:f1:77:c0:9d:05:a1:
                    94:d4:7b:eb:cb:fe:e3:b2:bb:8d:11:9b:14:b3:61:
                    d9:3e:d4:62:8d:b0:53:60:cb:81:b4:d6:92:61:5a:
                    1c:21:e6:98:87:c0:5c:3a:5c:db:61:ec:36:1c:d7:
                    47:2d:1f:a3:98:2c:1b:6a:bf:5f:8f:00:7a:4b:cb:
                    5c:88:ec:6d:a3:af:73:07:ed:08:6d:9f:23:7b:13:
                    0a:f0:22:c2:3c:3b:63:80:36:a4:f1:ed:6b:08:70:
                    55:ac:9c:19:01:3e:c0:b2:b7:ef:85:1b:ac:86:2b:
                    2b:8d:b7:e2:8f:35:ff:c8:49:67:41:80:16:63:45:
                    2f:42:00:f2:92:b9:a1:6b:5e:a4:94:d6:9f:6f:6e:
                    11:eb:4e:0a:8d:89:bf:9e:fd:62:13:cf:bd:de:98:
                    ce:3f:d8:89:e8:ac:0a:b8:4d:dc:8d:01:b8:35:7d:
                    07:b2:c5:7c:af:ea:f0:d6:6d:35:27:3c:27:6b:15:
                    93:40:15:39:01:19:74:1a:1d:bb:48:ce:17:6e:ce:
                    73:ee:fe:79:32:78:6b:2f:d1:ec:d1:af:c1:47:1c:
                    9a:af:d8:b8:d2:43:f3:dd:ce:41:e5:d9:f3:b2:d8:
                    02:00:17:f2:60:2d:95:3f:3b:49:c3:61:65:61:4c:
                    c6:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:B6:A2:57:A9:97:86:6C:8A:09:19:1E:CB:17:F5:66:75:0D:61:ED
            X509v3 Authority Key Identifier:
                keyid:AA:44:EB:09:1B:3A:33:A8:7B:EB:8E:00:4A:B1:5E:F1:78:FB:AA:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qkTrCRs6M6h7644ASrFe8Xj7qgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/aLaiV6mXhmyKCRkeyxf1ZnUNYe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/fb7a7d-0655-4587-8af9-7700e25ff769/1/qkTrCRs6M6h7644ASrFe8Xj7qgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.243.183.0/24
                  46.243.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:30:72:3d:eb:40:81:ac:56:7d:b7:cb:97:ed:21:ac:8e:14:
         1f:10:bd:90:38:bc:71:4a:ad:26:c8:d5:a1:19:ef:8b:94:f6:
         7d:5c:9d:de:1b:6a:4b:6d:99:fc:10:04:4a:96:0b:41:08:9c:
         9c:02:4e:e7:34:ac:5d:4e:d2:7f:9e:5b:83:50:4a:52:78:33:
         fe:9d:af:a9:84:8d:7b:9e:a4:c8:82:4a:a7:ed:b3:70:13:1a:
         24:99:c1:96:d3:9e:93:fb:6a:42:2c:e8:d8:86:0c:b6:28:f0:
         7c:49:cd:ea:52:95:9a:f4:24:53:4e:f2:a6:13:09:79:f5:59:
         4b:a7:a8:94:16:1d:da:5d:86:73:c0:42:7f:3f:24:5b:df:f7:
         8e:66:3c:51:a1:94:94:ce:9f:85:bb:b9:eb:3e:22:be:93:bf:
         40:ae:69:18:97:e1:b7:ac:9f:92:06:66:3a:cb:df:7a:d1:9c:
         f1:85:d3:d6:d5:d4:df:2a:5b:dd:ee:5d:76:55:49:f6:f3:d8:
         dd:fb:0a:5e:cf:fe:72:2e:6c:58:7c:d9:4d:be:9a:67:7b:f1:
         ea:6b:26:db:b7:c5:5b:e9:63:f4:10:d1:57:0e:00:ed:22:df:
         fc:47:cc:5d:55:88:fa:1f:f2:a3:87:f4:57:c9:4a:80:d4:be:
         6e:1e:92:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzF2+TtjHs5BbUaCg5pv+2ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhNDRlYjA5MWIzYTMzYTg3YmViOGUwMDRhYjE1ZWYxNzhm
YmFhMDAwHhcNMjQwMTAxMTYyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGI2YTI1N2E5OTc4NjZjOGEwOTE5MWVjYjE3ZjU2Njc1MGQ2MWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwoLhLFxJvPLxd8CdBaGU1Hvry/7j
sruNEZsUs2HZPtRijbBTYMuBtNaSYVocIeaYh8BcOlzbYew2HNdHLR+jmCwbar9f
jwB6S8tciOxto69zB+0IbZ8jexMK8CLCPDtjgDak8e1rCHBVrJwZAT7AsrfvhRus
hisrjbfijzX/yElnQYAWY0UvQgDykrmha16klNafb24R604KjYm/nv1iE8+93pjO
P9iJ6KwKuE3cjQG4NX0HssV8r+rw1m01JzwnaxWTQBU5ARl0Gh27SM4Xbs5z7v55
MnhrL9Hs0a/BRxyar9i40kPz3c5B5dnzstgCABfyYC2VPztJw2FlYUzGXwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGi2olepl4ZsigkZHssX9WZ1DWHtMB8GA1UdIwQY
MBaAFKpE6wkbOjOoe+uOAEqxXvF4+6oAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcWtUckNSczZNNmg3NjQ0QVNyRmU4WGo3cWdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny9mYjdhN2QtMDY1NS00NTg3LThhZjkt
NzcwMGUyNWZmNzY5LzEvYUxhaVY2bVhobXlLQ1JrZXl4ZjFablVOWWUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny9mYjdhN2QtMDY1NS00NTg3LThhZjktNzcwMGUyNWZmNzY5
LzEvcWtUckNSczZNNmg3NjQ0QVNyRmU4WGo3cWdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALvO3AwQA
LvO6MA0GCSqGSIb3DQEBCwUAA4IBAQB6MHI960CBrFZ9t8uX7SGsjhQfEL2QOLxx
Sq0myNWhGe+LlPZ9XJ3eG2pLbZn8EARKlgtBCJycAk7nNKxdTtJ/nluDUEpSeDP+
na+phI17nqTIgkqn7bNwExokmcGW056T+2pCLOjYhgy2KPB8Sc3qUpWa9CRTTvKm
Ewl59VlLp6iUFh3aXYZzwEJ/PyRb3/eOZjxRoZSUzp+Fu7nrPiK+k79ArmkYl+G3
rJ+SBmY6y9960ZzxhdPW1dTfKlvd7l12VUn289jd+wpez/5yLmxYfNlNvppne/Hq
aybbt8Vb6WP0ENFXDgDtIt/8R8xdVYj6H/Kjh/RXyUqA1L5uHpLG
-----END CERTIFICATE-----