Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/yKdblybwP4L70tLmCZCZol2WsBQ.roa
File:                     yKdblybwP4L70tLmCZCZol2WsBQ.roa (raw, json)
Hash identifier:          lrusUqBAPqQ8zBiBKVuxjzHLCkZGFvsK/Q1rDWUuKws=
Subject key identifier:   C8:A7:5B:97:26:F0:3F:82:FB:D2:D2:E6:09:90:99:A2:5D:96:B0:14
Certificate issuer:       /CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
Certificate serial:       018E65AAA17A42E0B1416C66BCC99E1E0CE7
Authority key identifier: 4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/yKdblybwP4L70tLmCZCZol2WsBQ.roa
Signing time:             Fri 22 Mar 2024 10:17:45 +0000
ROA not before:           Fri 22 Mar 2024 10:17:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        46.34.58.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 10 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:65:aa:a1:7a:42:e0:b1:41:6c:66:bc:c9:9e:1e:0c:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a471cd6ce60abedd74762b101aa5e6f4207efce
        Validity
            Not Before: Mar 22 10:17:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8a75b9726f03f82fbd2d2e6099099a25d96b014
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:7e:47:0d:26:33:75:23:af:57:6b:1c:8a:33:
                    06:56:34:e1:69:c8:df:7b:73:8d:53:79:a6:ee:28:
                    c6:21:25:a6:db:2b:44:5a:f8:7e:a2:7a:24:71:9c:
                    f4:ec:13:d3:50:6c:0c:15:99:c5:f3:f8:b0:2a:05:
                    1e:62:4e:6d:c2:6d:4d:a8:24:14:7a:9b:d5:b9:e1:
                    2c:56:bf:c2:f0:93:48:8e:25:12:ec:a8:a6:4e:96:
                    c1:55:81:08:56:b8:3d:36:f9:a7:75:aa:ae:fd:19:
                    1d:1c:eb:34:26:24:bf:9b:a6:ad:49:c4:37:67:bb:
                    8b:71:93:ce:e8:02:47:5e:81:a4:d0:0d:75:2b:1b:
                    3e:de:fd:57:5e:bc:73:63:b9:1c:62:c9:a2:30:1d:
                    52:bc:ec:cd:7f:cc:66:21:0d:92:2b:f4:14:44:36:
                    51:70:28:bf:99:42:e8:aa:19:88:fe:be:50:b8:9c:
                    55:61:07:c2:5c:c1:4c:57:4f:db:8a:d2:90:ca:43:
                    8f:e5:f5:97:3d:e4:fc:6e:9e:b7:93:1c:9c:62:02:
                    10:97:82:6f:a9:f1:c9:85:a7:46:7b:a2:fb:6f:3d:
                    06:a1:cb:92:e7:b3:7e:4d:77:e9:ec:77:76:91:71:
                    6d:7a:c4:59:85:48:69:3e:6a:eb:26:85:2f:c7:86:
                    2e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:A7:5B:97:26:F0:3F:82:FB:D2:D2:E6:09:90:99:A2:5D:96:B0:14
            X509v3 Authority Key Identifier:
                keyid:4A:47:1C:D6:CE:60:AB:ED:D7:47:62:B1:01:AA:5E:6F:42:07:EF:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Skcc1s5gq-3XR2KxAapeb0IH784.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/yKdblybwP4L70tLmCZCZol2WsBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/e17714-467b-4433-9b7d-a6b991f4faf8/1/Skcc1s5gq-3XR2KxAapeb0IH784.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.34.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:0e:f7:a8:e2:c5:c4:81:ef:21:9a:4f:1f:21:c5:05:d5:61:
         d4:4a:c6:6f:f5:d3:a8:2a:59:2a:a1:37:61:b6:4f:a8:5f:77:
         3a:4d:15:89:e3:63:42:c5:19:37:5a:6f:a2:14:d9:5c:c6:3d:
         63:b4:34:97:97:18:40:3b:85:a4:e4:e2:b2:00:9c:04:17:f6:
         53:d6:ed:f5:9a:85:28:ff:be:cd:91:0e:50:db:c9:98:98:9b:
         ea:41:7a:28:14:70:9c:dc:3f:f9:f0:4a:0e:d1:4f:b6:24:07:
         d7:02:df:b7:22:1e:76:02:76:ce:ab:9b:0d:9e:d7:d9:10:b1:
         06:8e:6b:a6:58:f3:00:c1:55:d9:7d:4d:f7:6b:d0:90:e7:fe:
         78:11:15:09:c1:f3:0b:5f:f7:66:6d:43:fd:02:11:5a:e7:92:
         92:ac:0d:fc:02:6d:39:0a:17:24:52:8a:9e:b1:1e:25:f1:c9:
         9f:e3:6f:eb:19:18:08:29:85:9f:1a:27:fd:9c:ce:90:e7:68:
         d9:7a:89:00:37:5f:d4:a5:6a:4f:9a:53:49:7d:58:b6:81:b3:
         c8:74:ba:af:0a:03:f3:d5:51:3d:6b:f9:46:83:1f:8a:a7:d7:
         c1:8e:c6:c6:6f:07:76:63:2d:b2:63:43:f7:fa:72:c7:3d:4c:
         cd:d8:86:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5lqqF6QuCxQWxmvMmeHgznMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNDcxY2Q2Y2U2MGFiZWRkNzQ3NjJiMTAxYWE1ZTZmNDIw
N2VmY2UwHhcNMjQwMzIyMTAxNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGE3NWI5NzI2ZjAzZjgyZmJkMmQyZTYwOTkwOTlhMjVkOTZiMDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxn5HDSYzdSOvV2scijMGVjThacjf
e3ONU3mm7ijGISWm2ytEWvh+onokcZz07BPTUGwMFZnF8/iwKgUeYk5twm1NqCQU
epvVueEsVr/C8JNIjiUS7KimTpbBVYEIVrg9Nvmndaqu/RkdHOs0JiS/m6atScQ3
Z7uLcZPO6AJHXoGk0A11Kxs+3v1XXrxzY7kcYsmiMB1SvOzNf8xmIQ2SK/QURDZR
cCi/mULoqhmI/r5QuJxVYQfCXMFMV0/bitKQykOP5fWXPeT8bp63kxycYgIQl4Jv
qfHJhadGe6L7bz0GocuS57N+TXfp7Hd2kXFtesRZhUhpPmrrJoUvx4YuTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMinW5cm8D+C+9LS5gmQmaJdlrAUMB8GA1UdIwQY
MBaAFEpHHNbOYKvt10disQGqXm9CB+/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2Qt
YTZiOTkxZjRmYWY4LzEveUtkYmx5YndQNEw3MHRMbUNaQ1pvbDJXc0JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS9lMTc3MTQtNDY3Yi00NDMzLTliN2QtYTZiOTkxZjRmYWY4
LzEvU2tjYzFzNWdxLTNYUjJLeEFhcGViMElINzg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiI6MA0G
CSqGSIb3DQEBCwUAA4IBAQANDveo4sXEge8hmk8fIcUF1WHUSsZv9dOoKlkqoTdh
tk+oX3c6TRWJ42NCxRk3Wm+iFNlcxj1jtDSXlxhAO4Wk5OKyAJwEF/ZT1u31moUo
/77NkQ5Q28mYmJvqQXooFHCc3D/58EoO0U+2JAfXAt+3Ih52AnbOq5sNntfZELEG
jmumWPMAwVXZfU33a9CQ5/54ERUJwfMLX/dmbUP9AhFa55KSrA38Am05ChckUoqe
sR4l8cmf42/rGRgIKYWfGif9nM6Q52jZeokAN1/UpWpPmlNJfVi2gbPIdLqvCgPz
1VE9a/lGgx+Kp9fBjsbGbwd2Yy2yY0P3+nLHPUzN2Ia9
-----END CERTIFICATE-----