Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/SJ7_mEKdLY5ZBya2X8Gpnqf13TA.roa
File:                     SJ7_mEKdLY5ZBya2X8Gpnqf13TA.roa (raw, json)
Hash identifier:          ZUm9M+wmhXJlIFKPXGm+YEiCP4WPjX56K9AxxPcbOhI=
Subject key identifier:   48:9E:FF:98:42:9D:2D:8E:59:07:26:B6:5F:C1:A9:9E:A7:F5:DD:30
Certificate issuer:       /CN=0d2087b0f6716d23c8d23eb3d0392b6bf642ad4b
Certificate serial:       018CC425405B5D8A41038F37EDEA22BCF992
Authority key identifier: 0D:20:87:B0:F6:71:6D:23:C8:D2:3E:B3:D0:39:2B:6B:F6:42:AD:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/SJ7_mEKdLY5ZBya2X8Gpnqf13TA.roa
Signing time:             Mon 01 Jan 2024 08:30:24 +0000
ROA not before:           Mon 01 Jan 2024 08:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34841
IP address blocks:        46.55.208.0/21 maxlen: 24
                          46.55.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:40:5b:5d:8a:41:03:8f:37:ed:ea:22:bc:f9:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2087b0f6716d23c8d23eb3d0392b6bf642ad4b
        Validity
            Not Before: Jan  1 08:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=489eff98429d2d8e590726b65fc1a99ea7f5dd30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c5:78:d3:94:36:04:d5:5c:0a:f2:9f:8f:12:
                    b5:a2:1a:04:03:90:21:81:b8:b5:a5:5a:6a:79:8b:
                    69:c3:80:52:f0:0a:2c:7a:94:4c:5f:38:9d:80:91:
                    2d:9a:d9:3a:08:0e:c6:9e:2a:ae:7a:29:67:5e:7f:
                    17:76:42:92:d6:8f:6f:04:48:63:99:c8:e5:8f:4c:
                    97:5a:82:17:7d:02:cd:8d:15:96:49:fc:83:0b:f0:
                    3b:67:ae:da:58:09:52:d9:e4:f8:b6:8e:7b:c8:5f:
                    7f:c5:2f:12:9c:e0:29:91:96:32:8a:f0:e8:e1:d8:
                    72:96:1a:46:5a:d8:be:84:6c:78:92:51:75:cd:77:
                    78:6c:aa:43:ca:ae:b8:20:cf:af:2a:61:5f:4e:1b:
                    25:56:64:b0:8e:3c:4d:d0:19:58:1f:2b:54:20:41:
                    4c:ef:ae:d4:d6:d3:4a:9c:ae:93:14:a5:3d:c9:58:
                    0e:5d:9b:4f:cf:83:ca:45:96:c5:5d:d5:32:41:f0:
                    bd:d6:21:9f:88:7e:72:c6:96:8c:3b:6e:6d:55:96:
                    2d:07:b7:7e:4a:52:5a:df:19:a7:5a:ea:5c:05:86:
                    8d:7d:87:95:90:31:79:77:ed:bc:f0:6c:14:9c:95:
                    53:df:86:45:ed:e6:eb:46:ba:f0:d7:e5:0f:dc:64:
                    1e:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:9E:FF:98:42:9D:2D:8E:59:07:26:B6:5F:C1:A9:9E:A7:F5:DD:30
            X509v3 Authority Key Identifier:
                keyid:0D:20:87:B0:F6:71:6D:23:C8:D2:3E:B3:D0:39:2B:6B:F6:42:AD:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/SJ7_mEKdLY5ZBya2X8Gpnqf13TA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/fcb729-c288-4e15-9384-a20d2d751eb5/1/DSCHsPZxbSPI0j6z0Dkra_ZCrUs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.55.208.0/21
                  46.55.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:18:8c:02:16:8d:01:da:bc:1e:be:29:b2:20:ee:12:c2:aa:
         78:3b:dd:00:48:f8:55:d1:a8:f0:f1:3a:a1:5d:45:f4:75:31:
         34:cb:0d:4d:9e:c4:ab:91:ce:2d:b8:7d:b0:f1:d4:bb:95:db:
         ef:a4:f0:e4:5e:25:89:8d:db:d1:03:b5:8e:8e:1f:66:0e:3f:
         0f:60:e3:a9:cf:4f:05:b4:77:bf:8b:d8:bd:bb:84:72:01:30:
         aa:59:57:b9:d9:0c:25:55:e3:5c:3f:ff:2d:37:68:b6:1a:5a:
         ad:b0:a6:cc:3f:44:3d:20:43:42:40:61:68:f1:d5:a6:d3:96:
         3d:dd:ce:c1:f0:0f:06:ac:fe:fc:4c:96:08:11:27:e0:f5:c7:
         16:24:17:3b:05:7d:28:8f:61:ea:85:53:13:0b:1f:77:a4:ab:
         28:24:9d:1e:df:39:0e:34:cb:a0:15:ba:21:05:75:83:97:54:
         28:d4:cd:5a:07:b9:02:27:80:bd:02:c7:73:6e:04:4c:4e:15:
         ab:94:d6:93:bd:5d:b7:aa:99:04:c6:4b:34:64:56:80:3c:80:
         22:45:f4:21:69:88:f2:d7:6d:c9:58:b6:85:75:f1:a3:e0:ed:
         60:b3:3a:4d:8f:ed:8f:dc:bb:d1:e2:ce:f8:9c:14:31:48:b3:
         01:88:9f:f3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzEJUBbXYpBA4837eoivPmSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjA4N2IwZjY3MTZkMjNjOGQyM2ViM2QwMzkyYjZiZjY0
MmFkNGIwHhcNMjQwMTAxMDgzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODllZmY5ODQyOWQyZDhlNTkwNzI2YjY1ZmMxYTk5ZWE3ZjVkZDMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAncV405Q2BNVcCvKfjxK1ohoEA5Ah
gbi1pVpqeYtpw4BS8AosepRMXzidgJEtmtk6CA7GniqueilnXn8XdkKS1o9vBEhj
mcjlj0yXWoIXfQLNjRWWSfyDC/A7Z67aWAlS2eT4to57yF9/xS8SnOApkZYyivDo
4dhylhpGWti+hGx4klF1zXd4bKpDyq64IM+vKmFfThslVmSwjjxN0BlYHytUIEFM
767U1tNKnK6TFKU9yVgOXZtPz4PKRZbFXdUyQfC91iGfiH5yxpaMO25tVZYtB7d+
SlJa3xmnWupcBYaNfYeVkDF5d+288GwUnJVT34ZF7ebrRrrw1+UP3GQeqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEie/5hCnS2OWQcmtl/BqZ6n9d0wMB8GA1UdIwQY
MBaAFA0gh7D2cW0jyNI+s9A5K2v2Qq1LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNDSHNQWnhiU1BJMGo2ejBEa3JhX1pDclVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy9mY2I3MjktYzI4OC00ZTE1LTkzODQt
YTIwZDJkNzUxZWI1LzEvU0o3X21FS2RMWTVaQnlhMlg4R3BucWYxM1RBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy9mY2I3MjktYzI4OC00ZTE1LTkzODQtYTIwZDJkNzUxZWI1
LzEvRFNDSHNQWnhiU1BJMGo2ejBEa3JhX1pDclVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLjfQAwQA
LjfwMA0GCSqGSIb3DQEBCwUAA4IBAQBNGIwCFo0B2rwevimyIO4Swqp4O90ASPhV
0ajw8TqhXUX0dTE0yw1NnsSrkc4tuH2w8dS7ldvvpPDkXiWJjdvRA7WOjh9mDj8P
YOOpz08FtHe/i9i9u4RyATCqWVe52QwlVeNcP/8tN2i2GlqtsKbMP0Q9IENCQGFo
8dWm05Y93c7B8A8GrP78TJYIESfg9ccWJBc7BX0oj2HqhVMTCx93pKsoJJ0e3zkO
NMugFbohBXWDl1Qo1M1aB7kCJ4C9AsdzbgRMThWrlNaTvV23qpkExks0ZFaAPIAi
RfQhaYjy123JWLaFdfGj4O1gszpNj+2P3LvR4s74nBQxSLMBiJ/z
-----END CERTIFICATE-----