Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/rBXgFm3KgUI2dIqHycSF8tzU4ME.roa
File:                     rBXgFm3KgUI2dIqHycSF8tzU4ME.roa (raw, json)
Hash identifier:          BLSMsbDp7cI+2J2+fdBsuB2FAWujwa573gwCBNe7HPM=
Subject key identifier:   AC:15:E0:16:6D:CA:81:42:36:74:8A:87:C9:C4:85:F2:DC:D4:E0:C1
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       018E65AB8D46BF2D13C6E15C04E671D44B49
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/rBXgFm3KgUI2dIqHycSF8tzU4ME.roa
Signing time:             Fri 22 Mar 2024 10:18:45 +0000
ROA not before:           Fri 22 Mar 2024 10:18:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     174
IP address blocks:        46.34.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 09:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:65:ab:8d:46:bf:2d:13:c6:e1:5c:04:e6:71:d4:4b:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Mar 22 10:18:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac15e0166dca814236748a87c9c485f2dcd4e0c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:d8:45:2d:74:2a:5a:dc:61:9e:1e:88:20:5a:
                    e0:ab:df:27:87:bf:a5:ee:22:30:4e:88:9e:a4:e2:
                    17:00:06:a2:48:85:06:d6:5b:c0:73:4d:26:d8:33:
                    a4:7e:f4:98:cc:28:9c:a5:00:98:fd:0f:dc:fc:92:
                    b2:ff:e4:9c:23:bc:f0:a9:fb:eb:34:12:95:4d:68:
                    14:12:67:05:5a:a9:b2:0b:6d:e8:12:11:22:db:73:
                    9f:c6:3a:ec:92:93:ee:78:6f:11:ac:26:08:7b:ad:
                    93:bc:00:73:23:90:5c:0a:76:eb:34:5c:a5:e3:2c:
                    11:26:b3:f6:2a:7f:0d:3b:32:54:30:76:06:81:64:
                    26:d9:2e:3e:cd:7f:1d:02:6f:f5:88:1a:e6:6e:c8:
                    57:c6:89:32:43:e6:59:3c:57:67:f8:9b:2c:46:8e:
                    79:39:70:da:50:ae:49:1a:51:63:1f:6e:5e:ad:57:
                    4f:b3:f2:1f:a3:44:d2:e4:f9:fb:ea:dd:e9:70:1f:
                    53:b9:57:c7:ba:74:6d:32:c6:b8:fa:70:02:18:25:
                    92:e7:f4:4c:df:8b:78:fa:75:6e:d4:07:d7:3e:1b:
                    ae:1e:54:6a:a2:d4:4e:76:8e:e7:18:85:89:cf:35:
                    b5:ec:86:01:0f:c1:bd:f4:9b:82:f5:1b:12:8e:5b:
                    c5:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:15:E0:16:6D:CA:81:42:36:74:8A:87:C9:C4:85:F2:DC:D4:E0:C1
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/rBXgFm3KgUI2dIqHycSF8tzU4ME.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:13:eb:51:90:ce:2c:ad:2f:82:3e:77:21:98:60:cb:cb:2d:
         ee:bf:b1:0e:f7:c5:f2:dc:95:05:98:1d:5a:a5:84:13:eb:b9:
         97:d8:b9:94:e6:c2:be:17:c9:e3:82:4d:2a:a1:8c:e5:49:23:
         96:1d:3d:a7:a9:07:e5:80:a7:6a:41:5a:7e:ce:00:62:a1:d9:
         52:1c:14:4e:52:e0:07:f8:67:30:fe:7c:93:b2:b0:a2:c1:82:
         ed:fb:75:ed:b4:42:38:9f:a7:ad:18:cc:42:ed:ed:98:d1:7b:
         52:51:37:88:3f:30:55:61:b1:b4:23:6a:9e:b5:81:80:fd:e4:
         57:1a:18:bc:22:d2:31:f6:6f:24:91:08:1d:be:b0:8a:11:b8:
         c2:b0:e1:26:ad:1d:31:dc:33:4d:24:52:cc:ac:37:7e:99:35:
         12:75:8d:26:f8:af:5b:65:8a:72:75:08:fa:e8:84:ba:57:5a:
         0e:3c:eb:81:e2:93:00:54:57:9d:24:fb:7f:bf:80:31:de:9a:
         22:a1:ec:bb:75:e9:41:8a:bf:ed:39:d8:d5:6c:96:f9:42:bd:
         79:0a:34:e6:38:a0:a5:f5:01:de:7d:28:25:19:44:d8:37:3d:
         6f:c7:23:67:94:0f:d8:34:57:8e:31:a0:af:ee:99:10:6b:1f:
         b3:31:90:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5lq41Gvy0TxuFcBOZx1EtJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjQwMzIyMTAxODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzE1ZTAxNjZkY2E4MTQyMzY3NDhhODdjOWM0ODVmMmRjZDRlMGMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg9hFLXQqWtxhnh6IIFrgq98nh7+l
7iIwToiepOIXAAaiSIUG1lvAc00m2DOkfvSYzCicpQCY/Q/c/JKy/+ScI7zwqfvr
NBKVTWgUEmcFWqmyC23oEhEi23OfxjrskpPueG8RrCYIe62TvABzI5BcCnbrNFyl
4ywRJrP2Kn8NOzJUMHYGgWQm2S4+zX8dAm/1iBrmbshXxokyQ+ZZPFdn+JssRo55
OXDaUK5JGlFjH25erVdPs/Ifo0TS5Pn76t3pcB9TuVfHunRtMsa4+nACGCWS5/RM
34t4+nVu1AfXPhuuHlRqotROdo7nGIWJzzW17IYBD8G99JuC9RsSjlvFQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKwV4BZtyoFCNnSKh8nEhfLc1ODBMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEvckJYZ0ZtM0tnVUkyZElxSHljU0Y4dHpVNE1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiI6MA0G
CSqGSIb3DQEBCwUAA4IBAQBfE+tRkM4srS+CPnchmGDLyy3uv7EO98Xy3JUFmB1a
pYQT67mX2LmU5sK+F8njgk0qoYzlSSOWHT2nqQflgKdqQVp+zgBiodlSHBROUuAH
+Gcw/nyTsrCiwYLt+3XttEI4n6etGMxC7e2Y0XtSUTeIPzBVYbG0I2qetYGA/eRX
Ghi8ItIx9m8kkQgdvrCKEbjCsOEmrR0x3DNNJFLMrDd+mTUSdY0m+K9bZYpydQj6
6IS6V1oOPOuB4pMAVFedJPt/v4Ax3poioey7delBir/tOdjVbJb5Qr15CjTmOKCl
9QHefSglGUTYNz1vxyNnlA/YNFeOMaCv7pkQax+zMZBM
-----END CERTIFICATE-----