Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/LdgwqVAtaVDvTnisp9cFnN-BxHE.roa
File:                     LdgwqVAtaVDvTnisp9cFnN-BxHE.roa (raw, json)
Hash identifier:          doXryGcoy+3bHBJXDyP22rK3xR+uHi9C2slVdtrP/x0=
Subject key identifier:   2D:D8:30:A9:50:2D:69:50:EF:4E:78:AC:A7:D7:05:9C:DF:81:C4:71
Certificate issuer:       /CN=719e59b5017bfe634411949eff2d70ba0a07c540
Certificate serial:       018CC2DAF2251929C890932C0DF8EA5EB23A
Authority key identifier: 71:9E:59:B5:01:7B:FE:63:44:11:94:9E:FF:2D:70:BA:0A:07:C5:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/LdgwqVAtaVDvTnisp9cFnN-BxHE.roa
Signing time:             Mon 01 Jan 2024 02:29:37 +0000
ROA not before:           Mon 01 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        46.28.58.0/24 maxlen: 24
                          46.28.59.0/24 maxlen: 24
                          46.28.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 14:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:f2:25:19:29:c8:90:93:2c:0d:f8:ea:5e:b2:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=719e59b5017bfe634411949eff2d70ba0a07c540
        Validity
            Not Before: Jan  1 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2dd830a9502d6950ef4e78aca7d7059cdf81c471
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:73:1b:58:9a:1f:6a:cd:5d:03:ba:7d:49:1b:
                    86:e8:ca:d3:7a:42:8a:9f:e8:28:cd:44:02:20:06:
                    3e:00:db:fd:41:7d:95:e0:c3:a2:6a:b6:e1:64:c2:
                    83:2e:f7:96:3c:78:dc:7b:bc:76:51:ad:60:ab:2e:
                    06:5d:78:ee:ba:c7:d1:db:82:ce:50:e7:3c:b2:f6:
                    f0:23:0b:ef:d6:12:af:ca:e0:a8:2c:33:25:30:09:
                    0b:aa:50:51:c1:60:a0:b6:08:a5:4c:77:34:ef:2b:
                    76:6f:ce:84:43:4f:2e:37:91:43:66:e6:d9:78:18:
                    15:97:aa:98:09:b7:75:3e:31:a8:68:dd:d0:76:26:
                    27:84:a7:1e:7e:c2:cf:6a:70:ae:8c:e7:11:51:c2:
                    5c:9d:46:ba:14:9d:ba:fb:ab:56:10:1e:d3:5f:a4:
                    6a:7a:4f:74:70:1f:4f:35:fa:03:44:63:2a:c9:33:
                    8f:8c:c6:06:ba:3b:fd:33:60:d1:ad:80:41:6d:a1:
                    86:b0:98:80:24:25:da:f2:a7:2b:98:b9:af:d7:2d:
                    51:a9:56:43:b8:67:d9:47:6d:b4:f2:49:86:ff:1e:
                    46:c6:1c:93:48:a8:09:65:18:54:6b:2c:6d:ee:6b:
                    7c:6e:fc:ee:e6:fd:19:6a:03:ea:55:1f:15:88:2b:
                    a6:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:D8:30:A9:50:2D:69:50:EF:4E:78:AC:A7:D7:05:9C:DF:81:C4:71
            X509v3 Authority Key Identifier:
                keyid:71:9E:59:B5:01:7B:FE:63:44:11:94:9E:FF:2D:70:BA:0A:07:C5:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/LdgwqVAtaVDvTnisp9cFnN-BxHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a3/1f9e6c-e6b8-4ad4-9941-f46f9d674f6c/1/cZ5ZtQF7_mNEEZSe_y1wugoHxUA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.58.0/23
                  46.28.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:a7:70:df:10:3d:0d:05:59:f0:f5:38:47:67:a9:07:c6:c8:
         67:de:4b:76:1c:93:a6:bf:f5:7b:55:01:69:64:72:51:09:de:
         85:ed:7f:f0:81:69:23:31:c4:6f:2f:d7:df:4e:21:a8:a9:2d:
         00:0e:49:c8:fe:d5:56:55:7b:38:29:1c:c5:a1:22:10:c4:50:
         23:21:2d:39:97:ae:0b:89:68:06:55:54:ad:8f:b8:6a:df:a6:
         56:b9:7d:19:3a:78:6b:d5:82:95:aa:f0:dc:9c:47:71:c8:c6:
         17:1b:12:0a:7c:22:b8:06:c7:0d:f7:24:ec:b6:94:50:4a:b9:
         e8:6a:4c:88:a6:a8:6d:ee:1d:06:f8:f1:da:fc:72:cc:30:23:
         1f:7c:b6:29:3c:e8:c7:75:db:45:ab:ab:eb:7f:b7:b5:be:b4:
         c2:74:af:d9:7e:ac:5e:a8:79:94:9e:66:59:df:cd:e0:14:b2:
         67:b7:1d:6d:81:8c:a2:b4:9e:98:ff:de:56:c3:67:01:13:b1:
         b2:9d:a8:a9:3d:1f:7e:cf:3d:df:09:97:08:b3:e6:5c:e9:0d:
         c7:c1:24:3d:7d:ea:73:21:b1:a8:1d:ee:4a:9c:e8:aa:00:0b:
         e6:85:c4:04:ff:85:c0:f9:c6:38:4a:b4:ec:4c:90:c3:ad:7b:
         9a:42:7c:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzC2vIlGSnIkJMsDfjqXrI6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxOWU1OWI1MDE3YmZlNjM0NDExOTQ5ZWZmMmQ3MGJhMGEw
N2M1NDAwHhcNMjQwMTAxMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGQ4MzBhOTUwMmQ2OTUwZWY0ZTc4YWNhN2Q3MDU5Y2RmODFjNDcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiHMbWJofas1dA7p9SRuG6MrTekKK
n+gozUQCIAY+ANv9QX2V4MOiarbhZMKDLveWPHjce7x2Ua1gqy4GXXjuusfR24LO
UOc8svbwIwvv1hKvyuCoLDMlMAkLqlBRwWCgtgilTHc07yt2b86EQ08uN5FDZubZ
eBgVl6qYCbd1PjGoaN3QdiYnhKcefsLPanCujOcRUcJcnUa6FJ26+6tWEB7TX6Rq
ek90cB9PNfoDRGMqyTOPjMYGujv9M2DRrYBBbaGGsJiAJCXa8qcrmLmv1y1RqVZD
uGfZR2208kmG/x5GxhyTSKgJZRhUayxt7mt8bvzu5v0ZagPqVR8ViCum5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC3YMKlQLWlQ7054rKfXBZzfgcRxMB8GA1UdIwQY
MBaAFHGeWbUBe/5jRBGUnv8tcLoKB8VAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1o1WnRRRjdfbU5FRVpTZV95MXd1Z29IeFVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMy8xZjllNmMtZTZiOC00YWQ0LTk5NDEt
ZjQ2ZjlkNjc0ZjZjLzEvTGRnd3FWQXRhVkR2VG5pc3A5Y0ZuTi1CeEhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMy8xZjllNmMtZTZiOC00YWQ0LTk5NDEtZjQ2ZjlkNjc0ZjZj
LzEvY1o1WnRRRjdfbU5FRVpTZV95MXd1Z29IeFVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLhw6AwQA
Lhw/MA0GCSqGSIb3DQEBCwUAA4IBAQCLp3DfED0NBVnw9ThHZ6kHxshn3kt2HJOm
v/V7VQFpZHJRCd6F7X/wgWkjMcRvL9ffTiGoqS0ADknI/tVWVXs4KRzFoSIQxFAj
IS05l64LiWgGVVStj7hq36ZWuX0ZOnhr1YKVqvDcnEdxyMYXGxIKfCK4BscN9yTs
tpRQSrnoakyIpqht7h0G+PHa/HLMMCMffLYpPOjHddtFq6vrf7e1vrTCdK/Zfqxe
qHmUnmZZ383gFLJntx1tgYyitJ6Y/95Ww2cBE7GynaipPR9+zz3fCZcIs+Zc6Q3H
wSQ9fepzIbGoHe5KnOiqAAvmhcQE/4XA+cY4SrTsTJDDrXuaQnxA
-----END CERTIFICATE-----