Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/86g_RSjpEahJfnUdJZnXDMatt6A.roa
File:                     86g_RSjpEahJfnUdJZnXDMatt6A.roa (raw, json)
Hash identifier:          Gvy2aQZnQsqqywwd8NSVG6gNlSSQOA6WHFWJglVGxa8=
Subject key identifier:   F3:A8:3F:45:28:E9:11:A8:49:7E:75:1D:25:99:D7:0C:C6:AD:B7:A0
Certificate issuer:       /CN=0283a8c69a2630cd8f6fa70af2a53fe019f2cc07
Certificate serial:       018F014EBEC241F6EDA814D5FF1AFBF4E89D
Authority key identifier: 02:83:A8:C6:9A:26:30:CD:8F:6F:A7:0A:F2:A5:3F:E0:19:F2:CC:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AoOoxpomMM2Pb6cK8qU_4BnyzAc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/86g_RSjpEahJfnUdJZnXDMatt6A.roa
Signing time:             Sun 21 Apr 2024 15:38:08 +0000
ROA not before:           Sun 21 Apr 2024 15:38:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215211
IP address blocks:        46.224.0.0/15 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/AoOoxpomMM2Pb6cK8qU_4BnyzAc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/AoOoxpomMM2Pb6cK8qU_4BnyzAc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AoOoxpomMM2Pb6cK8qU_4BnyzAc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:01:4e:be:c2:41:f6:ed:a8:14:d5:ff:1a:fb:f4:e8:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0283a8c69a2630cd8f6fa70af2a53fe019f2cc07
        Validity
            Not Before: Apr 21 15:38:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3a83f4528e911a8497e751d2599d70cc6adb7a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:81:64:15:98:c3:0a:1c:dd:80:26:7d:04:c3:
                    30:0c:f2:2a:c8:1f:ca:bf:b2:20:71:91:83:d7:5a:
                    3c:56:71:ce:c3:47:5f:b9:5b:aa:e9:48:ba:09:01:
                    22:6f:d6:57:96:89:0a:41:d6:5c:0b:86:27:7e:0c:
                    1d:2f:1f:f0:e0:17:5f:bf:6d:54:18:37:6a:bd:b3:
                    9b:77:b4:b7:cd:0e:bc:d3:dd:21:4b:de:8f:f5:64:
                    a3:03:53:5c:05:07:cc:58:2c:ce:65:77:58:2c:fe:
                    97:81:d8:e0:b8:00:c9:c5:4f:80:e6:70:b3:72:8b:
                    e9:e0:8f:b7:98:02:05:e7:7a:68:07:93:d6:9d:1a:
                    a4:d3:f8:4c:31:ed:d6:3a:9a:1f:6c:02:94:f0:61:
                    f4:46:e2:3a:96:c6:84:79:f2:36:5d:40:64:c3:cd:
                    39:50:1b:ad:b3:71:3f:ef:61:f4:5e:55:64:ba:0a:
                    40:a5:15:29:e0:d9:04:e4:7d:f5:8a:4a:f9:f3:32:
                    ac:0c:62:df:0a:68:14:43:9f:f6:04:c5:35:66:2f:
                    c3:28:ab:15:4b:0c:e8:40:08:b2:28:07:42:92:6f:
                    44:15:cb:9a:c6:e3:96:81:48:f4:67:ee:a5:f6:05:
                    e7:1e:93:bd:1e:2c:64:07:7f:08:ff:95:02:70:96:
                    89:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:A8:3F:45:28:E9:11:A8:49:7E:75:1D:25:99:D7:0C:C6:AD:B7:A0
            X509v3 Authority Key Identifier:
                keyid:02:83:A8:C6:9A:26:30:CD:8F:6F:A7:0A:F2:A5:3F:E0:19:F2:CC:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AoOoxpomMM2Pb6cK8qU_4BnyzAc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/86g_RSjpEahJfnUdJZnXDMatt6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/1c24ad-24b4-4c98-a659-592c0dcdaf79/1/AoOoxpomMM2Pb6cK8qU_4BnyzAc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.224.0.0/15

    Signature Algorithm: sha256WithRSAEncryption
         19:a2:9d:b0:f1:77:65:ce:53:18:29:d9:f2:c9:59:41:c1:46:
         08:90:0e:6b:f0:45:23:22:ef:2a:82:71:b4:e6:65:ea:41:94:
         f6:7b:bb:81:da:93:c4:c2:a9:fd:77:0a:85:59:a0:ba:10:8c:
         00:32:52:da:b5:11:4f:71:46:31:97:cc:ba:67:dc:0d:7e:33:
         f9:f5:f3:57:93:58:eb:e0:37:0e:16:42:27:52:73:d5:ec:cc:
         31:35:cd:1a:80:d3:9a:9f:cc:19:fc:00:13:ff:7b:72:b7:e8:
         a3:59:86:29:c6:ce:95:7d:07:fa:3d:41:e9:2d:ff:7f:91:fc:
         94:3d:cd:c2:44:d8:33:27:f2:dd:cb:5f:db:2e:29:e1:82:c7:
         cf:9b:05:b7:2b:45:5d:4f:43:03:c2:0e:55:d7:1a:37:2a:a8:
         80:83:8e:76:e4:27:07:c6:a5:db:da:71:60:bd:ba:74:73:f9:
         f8:09:3f:9b:8c:36:04:6b:72:6e:9e:dc:7e:9f:92:87:38:93:
         e2:82:58:b1:66:c8:06:26:43:48:f2:88:45:8c:56:68:ca:6b:
         a2:b4:8a:1f:02:6e:cc:32:23:b5:d2:9f:63:26:52:32:a2:24:
         30:9b:b2:e2:09:7f:42:00:49:62:56:3a:b5:4a:e5:cb:80:bc:
         f7:bf:44:b7
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAY8BTr7CQfbtqBTV/xr79OidMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyODNhOGM2OWEyNjMwY2Q4ZjZmYTcwYWYyYTUzZmUwMTlm
MmNjMDcwHhcNMjQwNDIxMTUzODA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2E4M2Y0NTI4ZTkxMWE4NDk3ZTc1MWQyNTk5ZDcwY2M2YWRiN2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsYFkFZjDChzdgCZ9BMMwDPIqyB/K
v7IgcZGD11o8VnHOw0dfuVuq6Ui6CQEib9ZXlokKQdZcC4YnfgwdLx/w4Bdfv21U
GDdqvbObd7S3zQ68090hS96P9WSjA1NcBQfMWCzOZXdYLP6XgdjguADJxU+A5nCz
covp4I+3mAIF53poB5PWnRqk0/hMMe3WOpofbAKU8GH0RuI6lsaEefI2XUBkw805
UButs3E/72H0XlVkugpApRUp4NkE5H31ikr58zKsDGLfCmgUQ5/2BMU1Zi/DKKsV
SwzoQAiyKAdCkm9EFcuaxuOWgUj0Z+6l9gXnHpO9HixkB38I/5UCcJaJewIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFPOoP0Uo6RGoSX51HSWZ1wzGrbegMB8GA1UdIwQY
MBaAFAKDqMaaJjDNj2+nCvKlP+AZ8swHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQW9Pb3hwb21NTTJQYjZjSzhxVV80Qm55ekFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8xYzI0YWQtMjRiNC00Yzk4LWE2NTkt
NTkyYzBkY2RhZjc5LzEvODZnX1JTanBFYWhKZm5VZEpablhETWF0dDZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8xYzI0YWQtMjRiNC00Yzk4LWE2NTktNTkyYzBkY2RhZjc5
LzEvQW9Pb3hwb21NTTJQYjZjSzhxVV80Qm55ekFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMBLuAwDQYJ
KoZIhvcNAQELBQADggEBABminbDxd2XOUxgp2fLJWUHBRgiQDmvwRSMi7yqCcbTm
ZepBlPZ7u4Hak8TCqf13CoVZoLoQjAAyUtq1EU9xRjGXzLpn3A1+M/n181eTWOvg
Nw4WQidSc9XszDE1zRqA05qfzBn8ABP/e3K36KNZhinGzpV9B/o9Qekt/3+R/JQ9
zcJE2DMn8t3LX9suKeGCx8+bBbcrRV1PQwPCDlXXGjcqqICDjnbkJwfGpdvacWC9
unRz+fgJP5uMNgRrcm6e3H6fkoc4k+KCWLFmyAYmQ0jyiEWMVmjKa6K0ih8Cbswy
I7XSn2MmUjKiJDCbsuIJf0IASWJWOrVK5cuAvPe/RLc=
-----END CERTIFICATE-----