Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Fes22w4v3EEVMN6lS9Cqb2Yv9MU.roa
File:                     Fes22w4v3EEVMN6lS9Cqb2Yv9MU.roa (raw, json)
Hash identifier:          BrWSkY3t9BgEGr5EvAOzjN3yekx0ltKcdx3Dm7J8lMg=
Subject key identifier:   15:EB:36:DB:0E:2F:DC:41:15:30:DE:A5:4B:D0:AA:6F:66:2F:F4:C5
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       018E7A498ADDC98826557A95AA94210AE6FF
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Fes22w4v3EEVMN6lS9Cqb2Yv9MU.roa
Signing time:             Tue 26 Mar 2024 10:23:43 +0000
ROA not before:           Tue 26 Mar 2024 10:23:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398395
IP address blocks:        46.34.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 18:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:7a:49:8a:dd:c9:88:26:55:7a:95:aa:94:21:0a:e6:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Mar 26 10:23:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=15eb36db0e2fdc411530dea54bd0aa6f662ff4c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:52:eb:23:c1:c5:86:57:d7:3b:d2:02:f0:62:
                    d8:75:c3:81:f3:6c:a3:9e:07:62:0a:97:70:ff:dd:
                    b7:43:02:03:ea:2d:63:90:f5:fd:b7:1c:d7:46:6f:
                    27:32:7e:40:38:f2:38:e3:fd:a7:5b:26:c0:78:92:
                    74:28:cb:ff:1f:32:7e:32:f0:49:ff:da:cb:f1:68:
                    60:e1:40:b6:ab:fb:6d:40:3a:6b:f7:12:97:c7:5e:
                    28:0c:3a:ae:5f:22:14:b3:23:f2:c9:c2:fc:81:cb:
                    2d:21:80:5f:08:fc:b1:88:ac:09:7e:cd:d5:df:78:
                    80:77:b2:d1:5a:49:af:98:16:93:ee:40:5c:e9:23:
                    d5:46:44:ae:fd:f5:47:35:d4:9d:6e:b9:d2:b9:8e:
                    56:e2:d0:b5:a1:d7:ef:c2:2f:c4:d2:4f:b3:1d:27:
                    ce:dd:f2:99:35:17:ac:2d:06:27:82:87:01:38:a6:
                    87:83:1c:f8:af:5c:85:37:19:31:39:97:51:08:02:
                    44:46:1f:21:99:c2:27:09:2f:c7:0b:2b:63:2a:c2:
                    e9:51:48:e4:13:b9:a5:65:25:d9:a5:c3:79:22:c7:
                    fe:46:ba:1e:9f:ca:bb:0c:95:00:13:6b:f3:1b:dc:
                    d1:b9:85:36:56:ea:d5:db:27:7f:84:8b:95:b2:39:
                    0e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:EB:36:DB:0E:2F:DC:41:15:30:DE:A5:4B:D0:AA:6F:66:2F:F4:C5
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Fes22w4v3EEVMN6lS9Cqb2Yv9MU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:f2:2a:71:5e:ac:ac:ce:75:a0:37:fb:3a:47:24:f1:47:f7:
         e0:8b:ac:13:f5:f0:73:ac:df:a7:f0:70:ef:d3:57:12:7e:9c:
         82:2d:db:fa:fc:82:b2:0d:8c:d1:a2:66:ea:5e:1d:f6:e0:01:
         0a:62:c2:86:44:c3:e0:8c:16:dd:29:33:fe:00:c6:04:06:b2:
         cf:de:cc:4a:b1:c9:e3:ce:4f:27:4f:2f:ba:29:67:f0:42:0b:
         2b:6f:be:59:f9:4a:99:fc:29:dc:e0:77:f0:8a:40:f3:ea:e2:
         94:9d:a1:f5:ab:ae:a4:97:73:17:28:01:56:72:8f:c9:51:fb:
         be:4e:f1:fd:c1:c4:35:89:10:8f:7c:08:76:ba:85:71:fe:73:
         ca:7d:8c:73:b5:7f:37:1d:99:68:2e:ab:34:78:16:82:c1:b6:
         f7:57:75:ce:74:fa:c9:52:3b:33:da:a0:ed:8a:5b:8e:ea:4a:
         36:a4:ae:b6:50:f1:b3:c8:36:94:42:7f:4e:35:4a:1c:9b:22:
         f7:0b:a2:66:57:e3:48:42:0c:7c:5a:66:f1:be:25:f0:f0:20:
         b5:8e:86:13:ce:2f:00:12:45:d9:e2:8a:d9:58:3d:4a:93:31:
         4a:6c:e0:d8:00:33:fc:e1:3e:22:9a:25:e5:83:a4:e2:6a:39:
         b7:c0:69:a1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY56SYrdyYgmVXqVqpQhCub/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjQwMzI2MTAyMzQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWViMzZkYjBlMmZkYzQxMTUzMGRlYTU0YmQwYWE2ZjY2MmZmNGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71LrI8HFhlfXO9IC8GLYdcOB82yj
ngdiCpdw/923QwID6i1jkPX9txzXRm8nMn5AOPI44/2nWybAeJJ0KMv/HzJ+MvBJ
/9rL8Whg4UC2q/ttQDpr9xKXx14oDDquXyIUsyPyycL8gcstIYBfCPyxiKwJfs3V
33iAd7LRWkmvmBaT7kBc6SPVRkSu/fVHNdSdbrnSuY5W4tC1odfvwi/E0k+zHSfO
3fKZNResLQYngocBOKaHgxz4r1yFNxkxOZdRCAJERh8hmcInCS/HCytjKsLpUUjk
E7mlZSXZpcN5Isf+Rroen8q7DJUAE2vzG9zRuYU2VurV2yd/hIuVsjkOwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBXrNtsOL9xBFTDepUvQqm9mL/TFMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvRmVzMjJ3NHYzRUVWTU42bFM5Q3FiMll2OU1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiInMA0G
CSqGSIb3DQEBCwUAA4IBAQAX8ipxXqysznWgN/s6RyTxR/fgi6wT9fBzrN+n8HDv
01cSfpyCLdv6/IKyDYzRombqXh324AEKYsKGRMPgjBbdKTP+AMYEBrLP3sxKscnj
zk8nTy+6KWfwQgsrb75Z+UqZ/Cnc4HfwikDz6uKUnaH1q66kl3MXKAFWco/JUfu+
TvH9wcQ1iRCPfAh2uoVx/nPKfYxztX83HZloLqs0eBaCwbb3V3XOdPrJUjsz2qDt
iluO6ko2pK62UPGzyDaUQn9ONUocmyL3C6JmV+NIQgx8WmbxviXw8CC1joYTzi8A
EkXZ4orZWD1KkzFKbODYADP84T4imiXlg6Tiajm3wGmh
-----END CERTIFICATE-----