Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/6d729e-e16b-41a9-9012-014c70977d49/1/I7L-RX8AfJfyyRlByagDjiuIGxo.roa
File:                     I7L-RX8AfJfyyRlByagDjiuIGxo.roa (raw, json)
Hash identifier:          ohxO+HYxRvU+WqulTjWuS+qpMNCmglZvgUXJ89EhGFA=
Subject key identifier:   23:B2:FE:45:7F:00:7C:97:F2:C9:19:41:C9:A8:03:8E:2B:88:1B:1A
Certificate issuer:       /CN=52a59bf043080306359f5a29491f545b07051c05
Certificate serial:       018CC64B78B684A9AD314C458B8AC1052263
Authority key identifier: 52:A5:9B:F0:43:08:03:06:35:9F:5A:29:49:1F:54:5B:07:05:1C:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqWb8EMIAwY1n1opSR9UWwcFHAU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/6d729e-e16b-41a9-9012-014c70977d49/1/I7L-RX8AfJfyyRlByagDjiuIGxo.roa
Signing time:             Mon 01 Jan 2024 18:31:24 +0000
ROA not before:           Mon 01 Jan 2024 18:31:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28716
IP address blocks:        46.183.232.0/21 maxlen: 21
                          185.133.216.0/22 maxlen: 22
                          2a03:9c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/6d729e-e16b-41a9-9012-014c70977d49/1/UqWb8EMIAwY1n1opSR9UWwcFHAU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/6d729e-e16b-41a9-9012-014c70977d49/1/UqWb8EMIAwY1n1opSR9UWwcFHAU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UqWb8EMIAwY1n1opSR9UWwcFHAU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:78:b6:84:a9:ad:31:4c:45:8b:8a:c1:05:22:63
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52a59bf043080306359f5a29491f545b07051c05
        Validity
            Not Before: Jan  1 18:31:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=23b2fe457f007c97f2c91941c9a8038e2b881b1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:5e:b5:30:f1:16:20:20:bc:00:17:66:c5:89:
                    df:3a:89:6f:3b:04:1a:81:b4:1b:32:e7:a6:cb:a5:
                    1c:76:d9:0c:a3:4a:1e:27:3a:15:04:f7:78:da:ab:
                    3b:da:4e:33:0a:6a:c7:e3:aa:3d:55:97:b3:c8:db:
                    3f:4e:ff:c8:c1:00:a6:d4:e6:e4:c2:8d:9a:ae:77:
                    23:db:63:a1:b5:cf:cf:f4:28:55:d3:ff:50:2a:ac:
                    5e:77:8d:a9:d3:fd:f9:80:9c:2a:2c:c8:18:c0:87:
                    c3:2e:33:c5:55:4a:dd:33:26:82:ef:b5:08:e0:0b:
                    e5:42:0e:04:da:e5:68:5b:f6:89:a7:d8:22:ea:91:
                    ec:a1:e1:39:40:6e:64:a7:1c:00:10:27:59:3b:30:
                    ff:24:40:f8:be:bb:48:8b:7d:17:f6:00:81:cc:e0:
                    1c:40:87:ac:06:fb:f2:d9:f1:4f:bf:5e:99:69:d6:
                    9e:e1:3d:d2:49:76:3b:e3:4d:c7:a5:50:7f:86:ca:
                    fb:a7:34:1c:16:f4:d4:a2:c2:e4:e2:2a:62:ec:42:
                    c1:cb:1f:61:34:e8:4c:14:89:31:af:f9:b8:f2:90:
                    ee:62:e2:b2:e0:3e:b1:f9:76:56:6e:10:f7:fd:e9:
                    44:27:a4:cc:76:4c:c7:cb:45:fe:2a:6d:1c:0b:74:
                    27:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:B2:FE:45:7F:00:7C:97:F2:C9:19:41:C9:A8:03:8E:2B:88:1B:1A
            X509v3 Authority Key Identifier:
                keyid:52:A5:9B:F0:43:08:03:06:35:9F:5A:29:49:1F:54:5B:07:05:1C:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqWb8EMIAwY1n1opSR9UWwcFHAU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/6d729e-e16b-41a9-9012-014c70977d49/1/I7L-RX8AfJfyyRlByagDjiuIGxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/6d729e-e16b-41a9-9012-014c70977d49/1/UqWb8EMIAwY1n1opSR9UWwcFHAU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.232.0/21
                  185.133.216.0/22
                IPv6:
                  2a03:9c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         8e:0e:76:3e:91:8e:10:8a:67:0b:de:36:ff:e3:63:95:9e:c8:
         cd:69:c7:32:00:ce:c8:0a:1a:ad:ba:92:84:c6:04:b5:e7:19:
         f6:10:e3:1a:94:9c:4d:8f:dd:26:5d:e9:f7:63:da:8c:f1:1b:
         f6:2b:c2:0d:42:f1:65:c2:70:41:ec:3f:92:54:9d:a2:c0:80:
         53:55:d6:cc:e2:65:6f:72:93:a3:d1:32:d1:91:f3:c7:68:a1:
         1b:7d:72:e1:8a:31:be:7f:8e:0b:8d:83:08:bf:00:56:73:3f:
         82:03:a4:f6:e7:14:1e:80:d7:59:f0:6a:71:be:4d:6e:b0:5a:
         05:fe:a9:a1:fe:f1:5b:29:df:b1:a3:5b:60:89:ab:1d:6e:3a:
         7d:a5:24:8d:17:ff:66:26:5d:90:b0:55:6c:ef:0e:7d:9e:46:
         bc:9a:55:fe:8a:7f:5a:7c:a9:c7:7a:b5:45:34:d9:7d:40:8e:
         a5:1b:3a:96:ee:00:4c:0a:b8:6e:c8:8f:78:df:d5:0b:c6:5b:
         c8:f7:b5:d2:c6:53:6a:5f:ed:81:af:2a:6d:71:b5:a3:e0:ca:
         a8:80:b2:13:0f:b1:80:8a:21:53:45:6f:18:05:d3:53:41:3f:
         b0:ef:99:10:32:7e:74:f7:64:6e:94:30:24:1e:1a:04:10:db:
         c0:5a:a8:4a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzGS3i2hKmtMUxFi4rBBSJjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYTU5YmYwNDMwODAzMDYzNTlmNWEyOTQ5MWY1NDViMDcw
NTFjMDUwHhcNMjQwMTAxMTgzMTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2IyZmU0NTdmMDA3Yzk3ZjJjOTE5NDFjOWE4MDM4ZTJiODgxYjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnF61MPEWICC8ABdmxYnfOolvOwQa
gbQbMuemy6UcdtkMo0oeJzoVBPd42qs72k4zCmrH46o9VZezyNs/Tv/IwQCm1Obk
wo2arncj22Ohtc/P9ChV0/9QKqxed42p0/35gJwqLMgYwIfDLjPFVUrdMyaC77UI
4AvlQg4E2uVoW/aJp9gi6pHsoeE5QG5kpxwAECdZOzD/JED4vrtIi30X9gCBzOAc
QIesBvvy2fFPv16Zadae4T3SSXY7403HpVB/hsr7pzQcFvTUosLk4ipi7ELByx9h
NOhMFIkxr/m48pDuYuKy4D6x+XZWbhD3/elEJ6TMdkzHy0X+Km0cC3QnGwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCOy/kV/AHyX8skZQcmoA44riBsaMB8GA1UdIwQY
MBaAFFKlm/BDCAMGNZ9aKUkfVFsHBRwFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFXYjhFTUlBd1kxbjFvcFNSOVVXd2NGSEFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy82ZDcyOWUtZTE2Yi00MWE5LTkwMTIt
MDE0YzcwOTc3ZDQ5LzEvSTdMLVJYOEFmSmZ5eVJsQnlhZ0RqaXVJR3hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy82ZDcyOWUtZTE2Yi00MWE5LTkwMTItMDE0YzcwOTc3ZDQ5
LzEvVXFXYjhFTUlBd1kxbjFvcFNSOVVXd2NGSEFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDLrfoAwQC
uYXYMA0EAgACMAcDBQAqAwnAMA0GCSqGSIb3DQEBCwUAA4IBAQCODnY+kY4QimcL
3jb/42OVnsjNaccyAM7IChqtupKExgS15xn2EOMalJxNj90mXen3Y9qM8Rv2K8IN
QvFlwnBB7D+SVJ2iwIBTVdbM4mVvcpOj0TLRkfPHaKEbfXLhijG+f44LjYMIvwBW
cz+CA6T25xQegNdZ8Gpxvk1usFoF/qmh/vFbKd+xo1tgiasdbjp9pSSNF/9mJl2Q
sFVs7w59nka8mlX+in9afKnHerVFNNl9QI6lGzqW7gBMCrhuyI9439ULxlvI97XS
xlNqX+2BryptcbWj4MqogLITD7GAiiFTRW8YBdNTQT+w75kQMn5092RulDAkHhoE
ENvAWqhK
-----END CERTIFICATE-----