Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/H9wk5Crjzg5PnXeh__C0JeWgRx4.roa
File:                     H9wk5Crjzg5PnXeh__C0JeWgRx4.roa (raw, json)
Hash identifier:          m+sTUl7QJ/QUJWpKpO652y7oN7P2qdny6phwGmPaO58=
Subject key identifier:   1F:DC:24:E4:2A:E3:CE:0E:4F:9D:77:A1:FF:F0:B4:25:E5:A0:47:1E
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       018CC9BBF555B1CC19EF23365706127ACF1F
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/H9wk5Crjzg5PnXeh__C0JeWgRx4.roa
Signing time:             Tue 02 Jan 2024 10:33:07 +0000
ROA not before:           Tue 02 Jan 2024 10:33:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204774
IP address blocks:        46.34.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 23 May 2024 22:35:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f5:55:b1:cc:19:ef:23:36:57:06:12:7a:cf:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Jan  2 10:33:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1fdc24e42ae3ce0e4f9d77a1fff0b425e5a0471e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:d4:0d:57:2c:fe:8a:4e:0d:56:5d:14:21:c4:
                    a2:45:7d:0a:7e:ed:5f:da:0d:c8:e8:6e:8a:ea:30:
                    d1:38:29:f3:eb:7c:d8:04:5a:50:96:b9:3c:d2:54:
                    e9:a0:64:85:8f:74:1d:7a:b4:df:1f:d3:79:88:ec:
                    ee:1b:a4:a0:4d:5b:32:f4:77:1e:5e:d6:b6:af:56:
                    e1:bb:33:99:f6:2a:73:1c:30:15:4a:01:38:1e:a1:
                    e7:94:67:e9:76:6d:da:1a:9d:8a:86:6e:60:75:07:
                    3d:3f:17:25:72:27:80:94:13:52:d1:ad:5e:6c:5b:
                    3c:f8:48:47:e9:10:5c:91:94:9e:a1:42:f0:67:1a:
                    70:ba:d7:90:98:5b:ce:72:79:dc:b4:9c:e0:71:14:
                    c1:49:9b:ec:ae:b1:04:c8:d7:af:05:4e:6d:26:d0:
                    1a:3a:87:12:cf:7a:65:d3:98:76:25:00:d0:c0:1b:
                    d1:59:e5:92:35:d5:66:be:8d:18:e3:8c:08:80:ca:
                    9e:b3:13:91:24:92:82:75:bf:88:0e:63:ab:d9:bb:
                    6b:00:a0:f0:48:1d:40:f4:8a:7e:d6:6e:93:0f:7e:
                    4e:e7:f1:4a:86:72:9e:f2:17:58:2a:a8:6a:db:43:
                    31:9a:7a:e0:07:45:74:fd:3a:2c:2e:ea:45:9d:e2:
                    27:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:DC:24:E4:2A:E3:CE:0E:4F:9D:77:A1:FF:F0:B4:25:E5:A0:47:1E
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/H9wk5Crjzg5PnXeh__C0JeWgRx4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.53.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:86:7b:1e:01:11:de:c9:1b:2c:6b:c3:8a:3c:9d:c7:35:09:
         73:45:43:a7:bb:f9:12:81:30:21:c0:7c:89:40:77:dc:7a:d7:
         e1:eb:ed:35:ea:77:38:93:db:b5:8c:e2:c4:c9:37:68:2b:31:
         d2:d8:9b:df:33:17:cb:f6:2b:0c:eb:b5:b2:b6:7e:6c:83:fa:
         5c:ae:1b:73:dc:b7:4d:9a:15:1f:e8:ee:29:30:fe:0c:6c:13:
         28:33:7e:54:c5:99:51:01:2f:0b:7d:bd:42:60:fd:8d:cd:a3:
         24:1d:a8:9e:2b:de:de:61:f6:ab:33:ab:9a:84:aa:cc:53:f0:
         14:ea:ce:12:bf:02:6d:66:6f:d3:c8:f2:af:ec:41:04:37:a2:
         81:a4:7b:f2:18:b2:ec:1f:09:05:20:fd:9e:aa:ea:c1:09:bf:
         5e:c8:2b:86:50:b2:04:34:07:de:82:a4:f0:30:15:79:53:bf:
         d6:06:c2:77:58:06:f5:27:39:3d:92:ef:47:73:c5:9e:cc:8f:
         9e:19:00:fe:24:c5:11:fe:d4:ff:e9:0c:a4:df:2a:9c:ac:f3:
         fa:a8:68:be:05:ea:80:c4:63:11:65:72:59:f0:e0:8c:ff:34:
         28:69:d7:14:d1:2f:ce:6e:3d:b2:28:6a:d2:5d:ae:5f:c9:30:
         ad:c1:6f:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu/VVscwZ7yM2VwYSes8fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjQwMTAyMTAzMzA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZmRjMjRlNDJhZTNjZTBlNGY5ZDc3YTFmZmYwYjQyNWU1YTA0NzFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn9QNVyz+ik4NVl0UIcSiRX0Kfu1f
2g3I6G6K6jDROCnz63zYBFpQlrk80lTpoGSFj3QderTfH9N5iOzuG6SgTVsy9Hce
Xta2r1bhuzOZ9ipzHDAVSgE4HqHnlGfpdm3aGp2Khm5gdQc9PxclcieAlBNS0a1e
bFs8+EhH6RBckZSeoULwZxpwuteQmFvOcnnctJzgcRTBSZvsrrEEyNevBU5tJtAa
OocSz3pl05h2JQDQwBvRWeWSNdVmvo0Y44wIgMqesxORJJKCdb+IDmOr2btrAKDw
SB1A9Ip+1m6TD35O5/FKhnKe8hdYKqhq20MxmnrgB0V0/TosLupFneInFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB/cJOQq484OT513of/wtCXloEceMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvSDl3azVDcmp6ZzVQblhlaF9fQzBKZVdnUng0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiI1MA0G
CSqGSIb3DQEBCwUAA4IBAQA9hnseARHeyRssa8OKPJ3HNQlzRUOnu/kSgTAhwHyJ
QHfcetfh6+016nc4k9u1jOLEyTdoKzHS2JvfMxfL9isM67Wytn5sg/pcrhtz3LdN
mhUf6O4pMP4MbBMoM35UxZlRAS8Lfb1CYP2NzaMkHaieK97eYfarM6uahKrMU/AU
6s4SvwJtZm/TyPKv7EEEN6KBpHvyGLLsHwkFIP2equrBCb9eyCuGULIENAfegqTw
MBV5U7/WBsJ3WAb1Jzk9ku9Hc8WezI+eGQD+JMUR/tT/6Qyk3yqcrPP6qGi+BeqA
xGMRZXJZ8OCM/zQoadcU0S/Obj2yKGrSXa5fyTCtwW8T
-----END CERTIFICATE-----