Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/QI7GUMavMO4fIP0fbCgb6V0iw5g.roa
File:                     QI7GUMavMO4fIP0fbCgb6V0iw5g.roa (raw, json)
Hash identifier:          t4wxOXvvKtYc/nwksboDxZP8PEE+VqcM5ffpZBs7yYI=
Subject key identifier:   40:8E:C6:50:C6:AF:30:EE:1F:20:FD:1F:6C:28:1B:E9:5D:22:C3:98
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       018D21B513988AE3B0AE07F40E8BE120E97C
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/QI7GUMavMO4fIP0fbCgb6V0iw5g.roa
Signing time:             Fri 19 Jan 2024 12:32:11 +0000
ROA not before:           Fri 19 Jan 2024 12:32:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     398465
IP address blocks:        46.34.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 00:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:21:b5:13:98:8a:e3:b0:ae:07:f4:0e:8b:e1:20:e9:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Jan 19 12:32:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=408ec650c6af30ee1f20fd1f6c281be95d22c398
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:8a:50:e9:14:58:fc:1f:6d:9b:14:e3:ba:e0:
                    47:21:60:ff:db:d3:a5:2e:17:1c:93:0f:ca:59:0f:
                    98:d6:71:29:f8:fa:e7:35:ff:f5:33:35:cc:fa:a4:
                    19:06:b2:1d:2a:7e:9a:0b:1b:0d:02:e0:08:0f:fb:
                    a7:7b:1d:eb:8b:2a:e8:b7:2c:8e:6f:ca:cf:1b:f2:
                    85:fb:95:8c:f5:c1:80:fd:72:e2:93:7b:8e:83:cc:
                    aa:78:54:f8:d0:32:d1:24:af:1d:ec:62:df:ec:cd:
                    fa:3e:c3:d1:b0:aa:0d:c1:4c:77:99:1f:77:35:66:
                    10:15:33:c2:cf:aa:11:a0:e1:bc:e1:f7:65:91:db:
                    c7:24:11:ed:68:49:b1:f9:30:a3:19:76:50:ac:83:
                    73:f9:4c:5a:b5:6a:1e:20:c3:64:36:8a:73:7f:c6:
                    3a:d8:47:a2:e2:3c:a0:aa:45:29:ba:9a:81:14:95:
                    86:26:43:db:a4:44:34:8d:0e:4c:0b:f9:f8:e8:0b:
                    fd:da:86:4f:85:8a:d1:1a:b7:25:c0:b8:f5:83:f0:
                    87:52:c5:22:d9:bc:2a:11:0c:c7:86:0e:6b:ff:24:
                    52:e2:ce:0a:0d:70:46:19:b1:72:aa:b2:41:18:30:
                    33:9e:96:f9:e8:b1:a4:fc:9b:6e:2d:73:b2:1d:59:
                    74:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:8E:C6:50:C6:AF:30:EE:1F:20:FD:1F:6C:28:1B:E9:5D:22:C3:98
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/QI7GUMavMO4fIP0fbCgb6V0iw5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:da:65:b6:29:da:cc:8b:76:8f:12:09:84:03:54:cb:6c:8c:
         bb:1d:75:91:0a:64:59:e3:60:89:2d:6e:36:d5:d3:ff:d5:96:
         cf:e4:7b:3d:9b:75:a1:59:a0:c6:a3:40:29:44:e5:d0:bb:1f:
         86:3e:c9:0f:b5:c0:c9:8e:05:4c:16:8d:c6:f6:01:a4:67:a3:
         00:da:05:48:86:db:57:41:a9:54:dc:82:1a:fb:4c:13:96:db:
         7e:a6:d1:4b:69:22:09:a2:21:fc:9d:4d:bf:ad:f4:76:98:8f:
         b1:58:33:02:67:ad:33:18:7b:9c:9c:63:0f:37:d0:cc:9b:9d:
         02:fc:d0:a3:4a:76:7d:91:0d:50:19:55:7f:f0:0a:80:c1:70:
         dd:98:c5:25:a7:f5:92:44:8a:77:a9:1f:df:37:f8:15:5f:75:
         20:02:65:d4:04:7e:74:a8:34:a8:12:e6:00:cb:6c:f9:8e:d7:
         6a:67:9a:ee:1d:a2:97:bd:69:60:4a:22:80:1c:f5:f4:6c:ef:
         f2:d9:70:fc:da:2d:5b:56:fa:ef:64:78:cd:c0:c7:a4:3b:64:
         e5:38:e9:47:ee:e4:db:a2:43:8c:f3:7d:8a:41:f8:15:7f:3d:
         99:6f:19:fc:88:4b:ee:1e:68:39:6a:17:19:2f:f0:1f:9d:dc:
         d3:c9:63:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0htROYiuOwrgf0DovhIOl8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjQwMTE5MTIzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDhlYzY1MGM2YWYzMGVlMWYyMGZkMWY2YzI4MWJlOTVkMjJjMzk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk4pQ6RRY/B9tmxTjuuBHIWD/29Ol
Lhcckw/KWQ+Y1nEp+PrnNf/1MzXM+qQZBrIdKn6aCxsNAuAID/unex3riyrotyyO
b8rPG/KF+5WM9cGA/XLik3uOg8yqeFT40DLRJK8d7GLf7M36PsPRsKoNwUx3mR93
NWYQFTPCz6oRoOG84fdlkdvHJBHtaEmx+TCjGXZQrINz+UxatWoeIMNkNopzf8Y6
2Eei4jygqkUpupqBFJWGJkPbpEQ0jQ5MC/n46Av92oZPhYrRGrclwLj1g/CHUsUi
2bwqEQzHhg5r/yRS4s4KDXBGGbFyqrJBGDAznpb56LGk/JtuLXOyHVl0HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFECOxlDGrzDuHyD9H2woG+ldIsOYMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvUUk3R1VNYXZNTzRmSVAwZmJDZ2I2VjBpdzVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiI+MA0G
CSqGSIb3DQEBCwUAA4IBAQBS2mW2KdrMi3aPEgmEA1TLbIy7HXWRCmRZ42CJLW42
1dP/1ZbP5Hs9m3WhWaDGo0ApROXQux+GPskPtcDJjgVMFo3G9gGkZ6MA2gVIhttX
QalU3IIa+0wTltt+ptFLaSIJoiH8nU2/rfR2mI+xWDMCZ60zGHucnGMPN9DMm50C
/NCjSnZ9kQ1QGVV/8AqAwXDdmMUlp/WSRIp3qR/fN/gVX3UgAmXUBH50qDSoEuYA
y2z5jtdqZ5ruHaKXvWlgSiKAHPX0bO/y2XD82i1bVvrvZHjNwMekO2TlOOlH7uTb
okOM832KQfgVfz2Zbxn8iEvuHmg5ahcZL/AfndzTyWNh
-----END CERTIFICATE-----