Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/1bf2e1-3392-4b6e-9597-21f3f26484d9/1/jOCOcoGkTUYW77c58hqTME0O32I.roa
File:                     jOCOcoGkTUYW77c58hqTME0O32I.roa (raw, json)
Hash identifier:          QCmxBRx8GnlawldZghd0dvJZJmj4kbgBuf4K3pFf6Ko=
Subject key identifier:   8C:E0:8E:72:81:A4:4D:46:16:EF:B7:39:F2:1A:93:30:4D:0E:DF:62
Certificate issuer:       /CN=8e350dd6d842ebd4ddd08cad41d8ff816bfdfff8
Certificate serial:       018CC94D13326097AB4BCE6CB17A461BD648
Authority key identifier: 8E:35:0D:D6:D8:42:EB:D4:DD:D0:8C:AD:41:D8:FF:81:6B:FD:FF:F8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jjUN1thC69Td0IytQdj_gWv9__g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/1bf2e1-3392-4b6e-9597-21f3f26484d9/1/jOCOcoGkTUYW77c58hqTME0O32I.roa
Signing time:             Tue 02 Jan 2024 08:32:00 +0000
ROA not before:           Tue 02 Jan 2024 08:32:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209386
IP address blocks:        46.231.52.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/1bf2e1-3392-4b6e-9597-21f3f26484d9/1/jjUN1thC69Td0IytQdj_gWv9__g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/1bf2e1-3392-4b6e-9597-21f3f26484d9/1/jjUN1thC69Td0IytQdj_gWv9__g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jjUN1thC69Td0IytQdj_gWv9__g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:13:32:60:97:ab:4b:ce:6c:b1:7a:46:1b:d6:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e350dd6d842ebd4ddd08cad41d8ff816bfdfff8
        Validity
            Not Before: Jan  2 08:32:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ce08e7281a44d4616efb739f21a93304d0edf62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ab:71:c1:90:30:e4:ef:47:05:43:9b:ff:16:
                    e2:83:62:07:7f:26:5a:1f:02:74:79:9b:33:12:f6:
                    2b:e8:6a:44:20:37:87:c5:87:17:e0:a9:65:e7:70:
                    4f:81:58:a5:ce:ff:20:18:7f:1d:79:82:9f:a8:93:
                    94:ad:cf:21:ed:fc:c6:3a:ad:25:e1:f8:68:3b:7c:
                    c1:a6:22:0d:be:9c:d2:ba:bb:6b:bc:f5:88:8f:93:
                    3b:3e:3f:e5:9b:b2:fe:34:56:4e:8f:5a:b6:04:cf:
                    ab:73:56:a5:b7:26:a7:f0:07:e7:e1:22:0c:04:9b:
                    aa:59:aa:f0:76:39:9d:fa:99:1b:4f:3d:fa:1a:65:
                    64:f7:ee:c2:e2:94:a0:d3:d5:31:d4:60:d0:1e:88:
                    61:aa:4c:66:cc:97:a2:fd:ed:67:e5:27:0c:aa:bf:
                    94:d5:14:97:19:72:b7:e5:8f:f5:76:67:d0:b3:5f:
                    7f:01:e0:2c:69:d6:8b:9e:55:dc:56:4a:e6:09:13:
                    e5:5f:71:d4:52:23:f0:60:3e:68:d5:23:f1:5d:ce:
                    45:b0:c5:ed:35:f1:62:8b:da:b1:95:3f:ab:de:d7:
                    68:2f:b6:ce:61:21:0b:b8:d8:59:3e:be:a6:4e:12:
                    a6:49:dc:d0:de:7c:72:fd:6b:a2:c3:e0:92:0c:fe:
                    fe:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:E0:8E:72:81:A4:4D:46:16:EF:B7:39:F2:1A:93:30:4D:0E:DF:62
            X509v3 Authority Key Identifier:
                keyid:8E:35:0D:D6:D8:42:EB:D4:DD:D0:8C:AD:41:D8:FF:81:6B:FD:FF:F8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jjUN1thC69Td0IytQdj_gWv9__g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/1bf2e1-3392-4b6e-9597-21f3f26484d9/1/jOCOcoGkTUYW77c58hqTME0O32I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/1bf2e1-3392-4b6e-9597-21f3f26484d9/1/jjUN1thC69Td0IytQdj_gWv9__g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.231.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:66:ab:39:d6:ea:3a:96:0e:46:63:4c:ea:49:7a:05:7e:3a:
         5a:0d:02:b3:6b:2c:3b:48:3c:33:f2:c2:c2:dd:ba:cb:45:b8:
         89:8a:f8:51:db:b8:53:6c:fd:f5:23:96:53:4d:20:dc:1f:f4:
         8c:64:40:a6:7a:23:0c:4b:c7:bd:f1:5d:e8:e7:11:b7:e3:4e:
         76:ab:f4:77:d2:3e:a5:16:f6:60:45:db:b8:a8:37:bd:4c:62:
         4d:8b:02:5b:f9:75:7c:92:5d:53:c8:dd:0b:bf:00:f3:36:08:
         b2:2d:4f:c0:ee:bd:01:bf:a2:84:f4:9b:9d:19:a8:00:74:e7:
         c5:b2:fc:30:26:d5:05:65:5d:09:31:8f:37:24:e1:6e:b1:53:
         f7:e0:f1:7b:80:f8:09:55:73:c2:0b:5e:a0:e3:59:03:b6:e9:
         76:fb:41:35:62:46:c3:32:59:1a:67:8b:df:ed:9d:50:48:86:
         c3:ba:e0:04:24:12:96:c5:f8:76:89:03:70:a0:cd:42:19:e7:
         05:09:f4:67:c2:ee:d8:b0:90:e4:06:0a:56:23:9f:ee:08:e2:
         e5:c9:03:cc:f5:7b:16:8d:47:a0:7b:9f:f6:8f:b6:70:c9:8f:
         c4:d1:23:34:55:09:a1:69:4a:02:5c:6d:25:e5:7e:d6:0d:b3:
         23:16:95:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTRMyYJerS85ssXpGG9ZIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMzUwZGQ2ZDg0MmViZDRkZGQwOGNhZDQxZDhmZjgxNmJm
ZGZmZjgwHhcNMjQwMTAyMDgzMjAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2UwOGU3MjgxYTQ0ZDQ2MTZlZmI3MzlmMjFhOTMzMDRkMGVkZjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6txwZAw5O9HBUOb/xbig2IHfyZa
HwJ0eZszEvYr6GpEIDeHxYcX4Kll53BPgVilzv8gGH8deYKfqJOUrc8h7fzGOq0l
4fhoO3zBpiINvpzSurtrvPWIj5M7Pj/lm7L+NFZOj1q2BM+rc1altyan8Afn4SIM
BJuqWarwdjmd+pkbTz36GmVk9+7C4pSg09Ux1GDQHohhqkxmzJei/e1n5ScMqr+U
1RSXGXK35Y/1dmfQs19/AeAsadaLnlXcVkrmCRPlX3HUUiPwYD5o1SPxXc5FsMXt
NfFii9qxlT+r3tdoL7bOYSELuNhZPr6mThKmSdzQ3nxy/Wuiw+CSDP7+dQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIzgjnKBpE1GFu+3OfIakzBNDt9iMB8GA1UdIwQY
MBaAFI41DdbYQuvU3dCMrUHY/4Fr/f/4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvampVTjF0aEM2OVRkMEl5dFFkal9nV3Y5X19nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS8xYmYyZTEtMzM5Mi00YjZlLTk1OTct
MjFmM2YyNjQ4NGQ5LzEvak9DT2NvR2tUVVlXNzdjNThocVRNRTBPMzJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS8xYmYyZTEtMzM5Mi00YjZlLTk1OTctMjFmM2YyNjQ4NGQ5
LzEvampVTjF0aEM2OVRkMEl5dFFkal9nV3Y5X19nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLuc0MA0G
CSqGSIb3DQEBCwUAA4IBAQAPZqs51uo6lg5GY0zqSXoFfjpaDQKzayw7SDwz8sLC
3brLRbiJivhR27hTbP31I5ZTTSDcH/SMZECmeiMMS8e98V3o5xG34052q/R30j6l
FvZgRdu4qDe9TGJNiwJb+XV8kl1TyN0LvwDzNgiyLU/A7r0Bv6KE9JudGagAdOfF
svwwJtUFZV0JMY83JOFusVP34PF7gPgJVXPCC16g41kDtul2+0E1YkbDMlkaZ4vf
7Z1QSIbDuuAEJBKWxfh2iQNwoM1CGecFCfRnwu7YsJDkBgpWI5/uCOLlyQPM9XsW
jUege5/2j7ZwyY/E0SM0VQmhaUoCXG0l5X7WDbMjFpVz
-----END CERTIFICATE-----