Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/xPK4I6Pz6ciyaktohR-44b-OD1w.roa
File:                     xPK4I6Pz6ciyaktohR-44b-OD1w.roa (raw, json)
Hash identifier:          AhX83S8xR7JNhtiMn1pifC3nA7Ohv23GCMEZGe9ssgA=
Subject key identifier:   C4:F2:B8:23:A3:F3:E9:C8:B2:6A:4B:68:85:1F:B8:E1:BF:8E:0F:5C
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       018CC9BBF29FB2EFC01690EC4DEA192FAA53
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/xPK4I6Pz6ciyaktohR-44b-OD1w.roa
Signing time:             Tue 02 Jan 2024 10:33:06 +0000
ROA not before:           Tue 02 Jan 2024 10:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        46.34.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 12:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f2:9f:b2:ef:c0:16:90:ec:4d:ea:19:2f:aa:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Jan  2 10:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4f2b823a3f3e9c8b26a4b68851fb8e1bf8e0f5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:d1:21:a6:2b:84:22:ac:31:3e:47:9d:18:23:
                    f5:04:65:ae:00:b8:a1:16:ee:de:be:b7:d3:dd:4f:
                    67:82:62:e4:3f:53:45:48:cc:d3:1b:93:36:3f:8c:
                    c3:f3:9a:3a:97:ed:6e:92:ae:c6:86:b0:51:e0:2a:
                    2a:cc:b6:0a:38:24:f0:8f:bf:c8:c7:93:9e:73:1e:
                    c6:d3:5b:a9:55:f8:0e:4c:9e:3f:bf:c8:ec:69:6b:
                    4a:c0:13:cf:7a:8e:fd:da:71:e4:28:e7:76:d8:d4:
                    e6:27:76:56:55:2e:80:85:d5:de:42:8f:d0:af:eb:
                    fd:dd:53:c2:40:69:e8:fc:96:06:ac:f4:a2:1c:05:
                    ed:aa:4d:b5:b0:87:8d:99:61:98:c8:52:d9:3d:6b:
                    61:e2:80:b2:8f:b8:5e:57:76:11:3d:78:a0:b7:4a:
                    de:db:a7:97:41:d5:99:7b:e1:45:8d:91:19:ed:33:
                    95:1a:af:39:a9:01:4f:3d:dc:08:5c:5f:a6:ae:4f:
                    46:db:07:e1:f8:54:5c:85:6a:b9:e9:dc:a4:0a:bd:
                    34:74:5c:63:f4:8a:66:38:84:33:38:0d:27:1a:75:
                    25:a8:35:a1:bf:b5:83:9c:1d:46:0d:94:c8:2c:66:
                    54:32:18:e3:92:f8:bf:15:6f:00:2d:9f:d2:42:cd:
                    0e:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:F2:B8:23:A3:F3:E9:C8:B2:6A:4B:68:85:1F:B8:E1:BF:8E:0F:5C
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/xPK4I6Pz6ciyaktohR-44b-OD1w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:d6:8c:a8:39:2f:f2:37:e8:55:43:12:ad:3e:16:4d:dc:eb:
         0b:c5:3b:6a:f3:12:9e:41:c1:e3:c3:9e:71:28:f6:70:24:c9:
         cf:d5:f3:4b:f0:b5:c0:58:28:46:e5:27:eb:da:71:d0:f4:76:
         94:6f:de:fc:07:0b:32:b0:e2:32:7b:e9:0b:62:4c:db:fa:f3:
         02:9a:6a:f4:fd:a7:5f:88:1a:c0:94:81:d4:95:f7:74:2f:6f:
         38:1f:7d:69:c1:0d:3d:3a:4e:c5:c7:b3:b2:52:8e:63:ba:b2:
         c4:dc:6d:68:23:72:0b:0f:6c:db:0e:a1:4a:43:f9:1a:3d:22:
         d5:a1:02:80:a8:8f:43:b1:0d:2e:b1:98:7b:e8:7c:9e:b4:6d:
         ce:83:dd:90:e0:e2:6d:fd:e4:31:01:37:2e:6f:c7:e2:ac:a4:
         0e:94:bb:d5:f8:c7:ea:da:a2:ce:28:72:03:e8:6f:9c:c4:50:
         b7:ad:5e:73:84:03:8a:74:92:e6:2e:f1:52:8d:ce:24:a3:da:
         bc:1e:82:38:dd:85:7f:6f:b8:46:6f:75:56:ee:22:3c:c3:e0:
         49:dc:09:cd:12:33:a1:14:e9:85:59:46:7c:1b:d3:ea:c6:11:
         51:2a:3b:cb:61:cc:64:f5:ad:b9:e2:9d:79:d2:37:2f:10:61:
         c2:62:27:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu/Kfsu/AFpDsTeoZL6pTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjQwMTAyMTAzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGYyYjgyM2EzZjNlOWM4YjI2YTRiNjg4NTFmYjhlMWJmOGUwZjVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAltEhpiuEIqwxPkedGCP1BGWuALih
Fu7evrfT3U9ngmLkP1NFSMzTG5M2P4zD85o6l+1ukq7GhrBR4CoqzLYKOCTwj7/I
x5Oecx7G01upVfgOTJ4/v8jsaWtKwBPPeo792nHkKOd22NTmJ3ZWVS6AhdXeQo/Q
r+v93VPCQGno/JYGrPSiHAXtqk21sIeNmWGYyFLZPWth4oCyj7heV3YRPXigt0re
26eXQdWZe+FFjZEZ7TOVGq85qQFPPdwIXF+mrk9G2wfh+FRchWq56dykCr00dFxj
9IpmOIQzOA0nGnUlqDWhv7WDnB1GDZTILGZUMhjjkvi/FW8ALZ/SQs0OmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMTyuCOj8+nIsmpLaIUfuOG/jg9cMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEveFBLNEk2UHo2Y2l5YWt0b2hSLTQ0Yi1PRDF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiIlMA0G
CSqGSIb3DQEBCwUAA4IBAQA91oyoOS/yN+hVQxKtPhZN3OsLxTtq8xKeQcHjw55x
KPZwJMnP1fNL8LXAWChG5Sfr2nHQ9HaUb978BwsysOIye+kLYkzb+vMCmmr0/adf
iBrAlIHUlfd0L284H31pwQ09Ok7Fx7OyUo5jurLE3G1oI3ILD2zbDqFKQ/kaPSLV
oQKAqI9DsQ0usZh76HyetG3Og92Q4OJt/eQxATcub8firKQOlLvV+Mfq2qLOKHID
6G+cxFC3rV5zhAOKdJLmLvFSjc4ko9q8HoI43YV/b7hGb3VW7iI8w+BJ3AnNEjOh
FOmFWUZ8G9PqxhFRKjvLYcxk9a254p150jcvEGHCYieT
-----END CERTIFICATE-----