Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/elwm09BwP1VPEnes7-mlZaInm5g.roa
File:                     elwm09BwP1VPEnes7-mlZaInm5g.roa (raw, json)
Hash identifier:          tRmtrJaLjPsl/5qwW8pQTJHIJfMPFr6f7m/2QZBIxu0=
Subject key identifier:   7A:5C:26:D3:D0:70:3F:55:4F:12:77:AC:EF:E9:A5:65:A2:27:9B:98
Certificate issuer:       /CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
Certificate serial:       018CC4924AC5B5B0B6AEB7553DDC8C696C4A
Authority key identifier: EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/elwm09BwP1VPEnes7-mlZaInm5g.roa
Signing time:             Mon 01 Jan 2024 10:29:30 +0000
ROA not before:           Mon 01 Jan 2024 10:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21230
IP address blocks:        46.35.160.0/21 maxlen: 24
                          46.35.168.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 07:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:4a:c5:b5:b0:b6:ae:b7:55:3d:dc:8c:69:6c:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ebec9030c70a3d4192d59c28dcc8d547694340b3
        Validity
            Not Before: Jan  1 10:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a5c26d3d0703f554f1277acefe9a565a2279b98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ea:cd:38:8b:7a:3a:38:21:3e:98:0a:b9:af:
                    e7:bb:b9:74:a9:f3:fb:4f:17:b1:47:f6:73:15:f2:
                    39:5a:69:f0:77:d4:5b:e3:99:67:75:7e:6d:ae:6f:
                    97:28:94:ae:7c:21:95:ed:58:ef:0b:b8:47:5e:c4:
                    71:ed:71:d1:76:51:0e:b1:d7:7b:ec:9f:e7:9f:0a:
                    1f:e5:85:80:0a:d9:1e:f7:f2:27:d8:20:c4:45:d6:
                    fc:7e:55:22:59:25:17:4f:cf:82:d0:a8:0c:e2:4d:
                    1f:b9:2e:0a:50:c1:69:e0:d0:bb:af:7f:f9:a3:83:
                    a9:3a:d4:bf:70:4e:18:8c:e1:b8:37:7b:f8:63:4a:
                    6a:d2:c2:44:2a:06:9b:a4:de:53:00:aa:e4:b1:16:
                    3e:4f:3c:fd:1f:35:ee:63:e9:65:82:0a:af:b1:55:
                    2a:07:f5:a8:c4:67:6d:9b:b3:fd:20:3d:52:9d:9c:
                    bf:bb:08:ff:33:69:bc:24:11:81:e9:1a:68:98:33:
                    1b:6c:16:a1:58:85:f3:05:09:ee:92:e7:02:d7:33:
                    f6:4f:91:6f:5f:1d:10:74:4f:51:0f:ce:7c:d9:86:
                    1a:b9:1f:c5:16:00:a3:dd:3d:fd:79:f4:56:d8:2c:
                    66:58:37:32:ae:5b:75:07:db:87:18:36:40:c2:3b:
                    ce:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:5C:26:D3:D0:70:3F:55:4F:12:77:AC:EF:E9:A5:65:A2:27:9B:98
            X509v3 Authority Key Identifier:
                keyid:EB:EC:90:30:C7:0A:3D:41:92:D5:9C:28:DC:C8:D5:47:69:43:40:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/elwm09BwP1VPEnes7-mlZaInm5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/372b87-95f4-4c98-a6f4-4a6f8683265c/1/6-yQMMcKPUGS1Zwo3MjVR2lDQLM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.35.160.0-46.35.169.255

    Signature Algorithm: sha256WithRSAEncryption
         31:0d:e6:09:2b:95:64:f5:fd:64:1a:cb:cc:d9:b2:3d:4d:ad:
         bb:b2:2d:47:0f:20:df:34:28:fc:7d:b5:b7:07:c5:d6:c7:5b:
         cf:5d:7b:20:a6:7d:ad:9f:08:9c:a0:aa:ed:00:c4:fe:ed:ea:
         e9:a7:ad:9f:60:59:2d:c8:84:ad:72:e9:01:05:9f:5b:a7:0f:
         83:d6:86:54:ec:58:ba:75:23:97:38:23:a6:ae:fd:ef:7c:5c:
         e8:a2:e6:21:d1:70:a6:b8:af:d4:d1:57:a4:ee:67:ba:b7:02:
         b4:13:94:79:5a:01:f0:4a:bc:c8:45:c9:31:cb:55:33:b8:c1:
         39:8c:2a:05:92:b1:eb:e7:53:a1:09:9e:f7:24:5e:0f:eb:f0:
         e6:dd:91:f9:b1:41:c7:02:f8:12:b5:9c:06:8c:14:a3:5e:90:
         b5:4d:ce:f0:2e:ec:db:81:86:ea:b4:fd:71:c9:7e:dc:24:c7:
         25:69:93:ea:3e:35:ce:d1:4c:2a:c9:f8:7a:42:fa:b8:2b:32:
         80:99:99:7c:a3:a5:ef:0c:e2:49:1b:39:62:40:8d:ce:ad:81:
         70:84:5d:12:27:da:04:71:b1:94:51:49:73:7a:66:98:c4:aa:
         e3:b0:02:ce:be:a0:fc:b9:56:05:54:54:e3:c0:d2:cf:ee:d9:
         33:ad:f2:e8
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzEkkrFtbC2rrdVPdyMaWxKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViZWM5MDMwYzcwYTNkNDE5MmQ1OWMyOGRjYzhkNTQ3Njk0
MzQwYjMwHhcNMjQwMTAxMTAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTVjMjZkM2QwNzAzZjU1NGYxMjc3YWNlZmU5YTU2NWEyMjc5Yjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOrNOIt6OjghPpgKua/nu7l0qfP7
TxexR/ZzFfI5Wmnwd9Rb45lndX5trm+XKJSufCGV7VjvC7hHXsRx7XHRdlEOsdd7
7J/nnwof5YWACtke9/In2CDERdb8flUiWSUXT8+C0KgM4k0fuS4KUMFp4NC7r3/5
o4OpOtS/cE4YjOG4N3v4Y0pq0sJEKgabpN5TAKrksRY+Tzz9HzXuY+llggqvsVUq
B/WoxGdtm7P9ID1SnZy/uwj/M2m8JBGB6RpomDMbbBahWIXzBQnukucC1zP2T5Fv
Xx0QdE9RD8582YYauR/FFgCj3T39efRW2CxmWDcyrlt1B9uHGDZAwjvO+QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFHpcJtPQcD9VTxJ3rO/ppWWiJ5uYMB8GA1UdIwQY
MBaAFOvskDDHCj1BktWcKNzI1UdpQ0CzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQt
NGE2Zjg2ODMyNjVjLzEvZWx3bTA5QndQMVZQRW5lczctbWxaYUlubTVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS8zNzJiODctOTVmNC00Yzk4LWE2ZjQtNGE2Zjg2ODMyNjVj
LzEvNi15UU1NY0tQVUdTMVp3bzNNalZSMmxEUUxNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAUuI6AD
BAEuI6gwDQYJKoZIhvcNAQELBQADggEBADEN5gkrlWT1/WQay8zZsj1NrbuyLUcP
IN80KPx9tbcHxdbHW89deyCmfa2fCJygqu0AxP7t6umnrZ9gWS3IhK1y6QEFn1un
D4PWhlTsWLp1I5c4I6au/e98XOii5iHRcKa4r9TRV6TuZ7q3ArQTlHlaAfBKvMhF
yTHLVTO4wTmMKgWSsevnU6EJnvckXg/r8ObdkfmxQccC+BK1nAaMFKNekLVNzvAu
7NuBhuq0/XHJftwkxyVpk+o+Nc7RTCrJ+HpC+rgrMoCZmXyjpe8M4kkbOWJAjc6t
gXCEXRIn2gRxsZRRSXN6ZpjEquOwAs6+oPy5VgVUVOPA0s/u2TOt8ug=
-----END CERTIFICATE-----