Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/G9MzY6du8c3nNX1tLasK3pYd0hA.roa
File:                     G9MzY6du8c3nNX1tLasK3pYd0hA.roa (raw, json)
Hash identifier:          sZsKQWt9B17j3mU6QSBN5AD/yQif+SyHMwaVPrgijU4=
Subject key identifier:   1B:D3:33:63:A7:6E:F1:CD:E7:35:7D:6D:2D:AB:0A:DE:96:1D:D2:10
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       0190FFD5DF0F5431890F07E7F51542795D41
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/G9MzY6du8c3nNX1tLasK3pYd0hA.roa
Signing time:             Mon 29 Jul 2024 18:52:04 +0000
ROA not before:           Mon 29 Jul 2024 18:52:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        46.34.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:ff:d5:df:0f:54:31:89:0f:07:e7:f5:15:42:79:5d:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Jul 29 18:52:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1bd33363a76ef1cde7357d6d2dab0ade961dd210
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:fa:72:ab:fb:9c:15:89:4e:97:8e:42:4d:49:
                    c1:4e:ce:99:80:c6:79:6e:14:1c:c4:5f:31:df:45:
                    56:aa:38:8f:10:f3:ae:0d:32:58:cb:3e:df:80:37:
                    1a:2f:14:9c:f3:07:d0:68:49:24:d6:b2:cd:8c:2d:
                    e5:5c:f9:34:4a:12:69:c3:ec:23:58:4c:9d:73:61:
                    f8:ef:1a:94:ed:a6:36:3b:08:27:ce:5f:7e:1f:62:
                    e0:05:2a:79:79:45:0d:0e:0c:24:ec:94:74:14:3e:
                    d5:45:5c:61:99:4d:72:fe:a2:d9:be:4b:19:d1:d3:
                    4c:2a:5c:a9:34:06:28:70:54:27:e1:91:5f:37:29:
                    7c:71:e0:e2:aa:4c:61:5f:2f:24:11:e0:38:13:82:
                    97:1d:a9:8f:e4:4f:2e:93:fb:ab:c0:b8:49:db:f2:
                    e5:78:1a:a0:b1:52:91:db:34:43:2f:16:12:24:43:
                    77:a7:4c:8d:eb:93:61:54:36:26:c4:74:d1:ab:67:
                    22:9d:48:ca:86:fb:09:1c:58:d8:5b:fe:8a:21:87:
                    80:bb:3e:cb:ca:3e:a9:e3:cf:9f:4d:74:1a:3c:5c:
                    7b:44:ba:fd:f1:5f:71:e4:3c:e2:29:f8:90:6f:e1:
                    8a:c5:b3:0d:16:8e:ea:47:1b:8a:27:a6:46:65:c0:
                    8a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:D3:33:63:A7:6E:F1:CD:E7:35:7D:6D:2D:AB:0A:DE:96:1D:D2:10
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/G9MzY6du8c3nNX1tLasK3pYd0hA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:1e:a5:b4:e5:96:9c:d6:b6:d8:b5:3f:9a:c3:d3:ea:55:ed:
         64:5c:03:d3:1b:04:a4:25:e7:a6:cc:f6:7d:c5:ca:16:b6:2f:
         21:fd:80:36:1b:52:26:e0:8c:ae:fa:64:7e:5d:6a:65:4f:11:
         98:50:02:c6:6f:39:ae:b1:f1:2c:5d:49:7f:32:e8:89:76:fb:
         32:bc:b6:4d:44:e6:5b:b4:57:dc:0f:fc:e2:4a:2c:66:d5:51:
         a8:d3:94:87:9a:a0:41:48:5a:6d:f9:aa:be:fb:83:b8:7a:e3:
         43:25:cd:6c:f2:ad:a9:8f:c0:78:cf:4a:3a:7b:2d:70:bd:1d:
         e7:40:47:73:80:8f:7d:bb:b3:fd:49:6e:11:11:77:84:24:6a:
         fb:f0:65:e4:dc:12:f6:3a:06:e8:e7:4b:3b:74:a7:47:62:97:
         10:72:3a:25:b1:29:21:68:d7:51:13:d3:a7:9f:33:7b:d4:85:
         92:f9:ab:49:da:a1:ac:fe:c6:0c:7e:0f:94:45:d3:24:8e:a9:
         90:17:ef:21:ec:68:54:c9:17:39:5a:05:24:8d:02:5a:1e:d6:
         e6:06:da:90:e1:f9:d3:4d:56:94:84:28:ce:6f:02:9c:dd:c4:
         f9:8e:b6:43:ad:91:d1:f9:e0:6a:08:4e:43:a2:87:34:7a:f6:
         49:40:4c:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZD/1d8PVDGJDwfn9RVCeV1BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjQwNzI5MTg1MjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmQzMzM2M2E3NmVmMWNkZTczNTdkNmQyZGFiMGFkZTk2MWRkMjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm/pyq/ucFYlOl45CTUnBTs6ZgMZ5
bhQcxF8x30VWqjiPEPOuDTJYyz7fgDcaLxSc8wfQaEkk1rLNjC3lXPk0ShJpw+wj
WEydc2H47xqU7aY2Owgnzl9+H2LgBSp5eUUNDgwk7JR0FD7VRVxhmU1y/qLZvksZ
0dNMKlypNAYocFQn4ZFfNyl8ceDiqkxhXy8kEeA4E4KXHamP5E8uk/urwLhJ2/Ll
eBqgsVKR2zRDLxYSJEN3p0yN65NhVDYmxHTRq2cinUjKhvsJHFjYW/6KIYeAuz7L
yj6p48+fTXQaPFx7RLr98V9x5DziKfiQb+GKxbMNFo7qRxuKJ6ZGZcCKuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBvTM2OnbvHN5zV9bS2rCt6WHdIQMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvRzlNelk2ZHU4YzNuTlgxdExhc0szcFlkMGhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiI+MA0G
CSqGSIb3DQEBCwUAA4IBAQAVHqW05Zac1rbYtT+aw9PqVe1kXAPTGwSkJeemzPZ9
xcoWti8h/YA2G1Im4Iyu+mR+XWplTxGYUALGbzmusfEsXUl/MuiJdvsyvLZNROZb
tFfcD/ziSixm1VGo05SHmqBBSFpt+aq++4O4euNDJc1s8q2pj8B4z0o6ey1wvR3n
QEdzgI99u7P9SW4REXeEJGr78GXk3BL2Ogbo50s7dKdHYpcQcjolsSkhaNdRE9On
nzN71IWS+atJ2qGs/sYMfg+URdMkjqmQF+8h7GhUyRc5WgUkjQJaHtbmBtqQ4fnT
TVaUhCjObwKc3cT5jrZDrZHR+eBqCE5Dooc0evZJQEwt
-----END CERTIFICATE-----