Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/0fnKdl9KG2CSwBHOxuQ0ceCimOY.roa
File:                     0fnKdl9KG2CSwBHOxuQ0ceCimOY.roa (raw, json)
Hash identifier:          6c7j9c7iGklR7qqEleE/IBes1mjwZ8ruDR6sBZSXvM4=
Subject key identifier:   D1:F9:CA:76:5F:4A:1B:60:92:C0:11:CE:C6:E4:34:71:E0:A2:98:E6
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       018F8799A551FFD4A04EDE7D46A869F72875
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/0fnKdl9KG2CSwBHOxuQ0ceCimOY.roa
Signing time:             Fri 17 May 2024 17:29:04 +0000
ROA not before:           Fri 17 May 2024 17:29:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        46.34.52.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:87:99:a5:51:ff:d4:a0:4e:de:7d:46:a8:69:f7:28:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: May 17 17:29:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d1f9ca765f4a1b6092c011cec6e43471e0a298e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:33:3d:f8:2c:2f:70:cc:56:16:f2:51:fb:2d:
                    03:81:44:25:6d:5d:fc:67:d5:3a:11:fe:4e:d6:f6:
                    36:f1:91:a4:65:c7:09:3c:be:3b:35:37:23:92:06:
                    e3:6f:01:de:c0:00:fb:90:85:e5:52:10:6e:9a:05:
                    02:3e:1f:4b:a6:5e:3f:d7:88:54:3b:d8:e7:34:9d:
                    70:c8:25:e1:08:cb:68:78:03:26:e1:43:e7:38:8c:
                    01:c4:26:be:3e:5a:aa:2f:f6:e9:c8:ad:cd:59:06:
                    a5:c0:60:03:60:bf:97:2c:3e:7d:26:e4:d3:d4:48:
                    2f:5e:8c:95:2b:04:2d:a8:e0:ea:4f:43:f3:a3:d3:
                    b1:fc:a6:a2:3a:df:be:e6:4f:e2:90:65:d3:20:ab:
                    06:af:e9:ea:d2:7c:35:95:4a:bc:9e:e5:9b:48:48:
                    2c:02:1c:17:2f:6f:e8:7c:0c:20:d9:01:d9:93:07:
                    a2:3e:ca:cb:dd:49:04:4c:de:61:77:d0:44:eb:82:
                    86:31:85:c5:52:95:bf:30:7d:2f:76:44:e4:3d:64:
                    29:f0:ff:48:85:23:b3:17:14:6b:af:fa:fd:8d:19:
                    83:a0:46:f7:54:a8:65:a7:fc:b9:73:f7:87:f8:78:
                    c9:24:3a:a8:e8:09:b1:d0:e6:d2:ea:07:c4:08:61:
                    2b:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:F9:CA:76:5F:4A:1B:60:92:C0:11:CE:C6:E4:34:71:E0:A2:98:E6
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/0fnKdl9KG2CSwBHOxuQ0ceCimOY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.52.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:5b:10:02:b1:4b:e5:c6:ac:64:2e:f8:8e:d6:78:04:f8:a0:
         eb:8f:91:22:f6:94:21:22:cf:a8:1a:f2:23:5e:0d:82:29:57:
         40:74:48:60:59:4e:41:52:37:12:ad:be:5a:30:c4:42:85:f7:
         15:09:7d:c9:3a:ad:e8:6c:45:17:33:61:cb:00:d9:92:35:fa:
         e4:57:b7:d9:9b:6e:72:29:1c:9d:83:5e:aa:1c:7d:5f:32:ca:
         81:cc:aa:d6:fc:35:49:f9:f1:01:b0:f9:be:3a:5e:ad:ad:ed:
         e8:6a:2e:5c:12:b4:76:bb:ca:54:09:47:3e:83:a7:e9:9e:79:
         51:00:e8:c3:e9:fb:66:87:27:2b:85:47:60:a0:53:1d:11:b1:
         71:3f:7e:f0:7d:19:3c:28:b8:75:03:33:de:ca:33:13:1c:c4:
         2d:15:49:8a:ed:ad:56:df:3c:bd:27:07:2e:1d:95:43:d7:52:
         f9:83:da:b0:e8:12:91:cf:4a:57:ed:2f:04:1e:ba:bb:83:2f:
         ae:71:18:56:55:ba:56:f0:8e:5c:e8:25:4b:c2:77:b0:ef:70:
         1e:85:0f:ef:2b:ca:c7:0b:fe:e3:a5:db:b2:5c:c3:ce:bc:77:
         dd:a2:af:67:d6:09:73:f6:1a:b4:c9:dc:ce:67:53:52:c5:da:
         99:01:87:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+HmaVR/9SgTt59Rqhp9yh1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjQwNTE3MTcyOTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWY5Y2E3NjVmNGExYjYwOTJjMDExY2VjNmU0MzQ3MWUwYTI5OGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujM9+CwvcMxWFvJR+y0DgUQlbV38
Z9U6Ef5O1vY28ZGkZccJPL47NTcjkgbjbwHewAD7kIXlUhBumgUCPh9Lpl4/14hU
O9jnNJ1wyCXhCMtoeAMm4UPnOIwBxCa+PlqqL/bpyK3NWQalwGADYL+XLD59JuTT
1EgvXoyVKwQtqODqT0Pzo9Ox/KaiOt++5k/ikGXTIKsGr+nq0nw1lUq8nuWbSEgs
AhwXL2/ofAwg2QHZkweiPsrL3UkETN5hd9BE64KGMYXFUpW/MH0vdkTkPWQp8P9I
hSOzFxRrr/r9jRmDoEb3VKhlp/y5c/eH+HjJJDqo6Amx0ObS6gfECGErAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNH5ynZfShtgksARzsbkNHHgopjmMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvMGZuS2RsOUtHMkNTd0JIT3h1UTBjZUNpbU9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiI0MA0G
CSqGSIb3DQEBCwUAA4IBAQBSWxACsUvlxqxkLviO1ngE+KDrj5Ei9pQhIs+oGvIj
Xg2CKVdAdEhgWU5BUjcSrb5aMMRChfcVCX3JOq3obEUXM2HLANmSNfrkV7fZm25y
KRydg16qHH1fMsqBzKrW/DVJ+fEBsPm+Ol6tre3oai5cErR2u8pUCUc+g6fpnnlR
AOjD6ftmhycrhUdgoFMdEbFxP37wfRk8KLh1AzPeyjMTHMQtFUmK7a1W3zy9Jwcu
HZVD11L5g9qw6BKRz0pX7S8EHrq7gy+ucRhWVbpW8I5c6CVLwnew73AehQ/vK8rH
C/7jpduyXMPOvHfdoq9n1glz9hq0ydzOZ1NSxdqZAYe1
-----END CERTIFICATE-----