Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/572ec8-7456-4e55-b776-d8ece26afec0/1/qnKmvOkpYz7w00ChWi2CT8VZeAU.roa
File:                     qnKmvOkpYz7w00ChWi2CT8VZeAU.roa (raw, json)
Hash identifier:          nBt92ibjzpia/WcHlTKuDxDB2S4gmcCbQBcgz3/+YCI=
Subject key identifier:   AA:72:A6:BC:E9:29:63:3E:F0:D3:40:A1:5A:2D:82:4F:C5:59:78:05
Certificate issuer:       /CN=e3e46e2c4016a8d7392c8574134fd4793b9415a4
Certificate serial:       018CC801926B473428284E03769D032CB56A
Authority key identifier: E3:E4:6E:2C:40:16:A8:D7:39:2C:85:74:13:4F:D4:79:3B:94:15:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4-RuLEAWqNc5LIV0E0_UeTuUFaQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/572ec8-7456-4e55-b776-d8ece26afec0/1/qnKmvOkpYz7w00ChWi2CT8VZeAU.roa
Signing time:             Tue 02 Jan 2024 02:29:55 +0000
ROA not before:           Tue 02 Jan 2024 02:29:55 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31726
IP address blocks:        46.228.48.0/20 maxlen: 20
                          185.229.228.0/22 maxlen: 22
                          77.95.72.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/572ec8-7456-4e55-b776-d8ece26afec0/1/4-RuLEAWqNc5LIV0E0_UeTuUFaQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/572ec8-7456-4e55-b776-d8ece26afec0/1/4-RuLEAWqNc5LIV0E0_UeTuUFaQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4-RuLEAWqNc5LIV0E0_UeTuUFaQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:92:6b:47:34:28:28:4e:03:76:9d:03:2c:b5:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3e46e2c4016a8d7392c8574134fd4793b9415a4
        Validity
            Not Before: Jan  2 02:29:55 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aa72a6bce929633ef0d340a15a2d824fc5597805
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5c:d3:ba:40:de:08:d7:f2:5a:54:d2:0f:f2:
                    a4:13:80:c9:99:f1:e9:ca:37:63:ca:cb:d9:d6:65:
                    e0:0e:41:17:8b:9a:cd:07:52:89:7c:fc:86:b0:9d:
                    17:ee:a7:ce:b8:e0:10:b2:f3:12:49:fd:6f:7c:6b:
                    ea:c3:1b:4f:80:ba:c4:0f:ed:72:34:ec:03:93:a2:
                    11:ef:04:9f:e9:c0:92:d1:73:90:76:47:49:0d:5a:
                    36:31:32:68:9a:88:06:ad:cd:22:3e:d6:28:00:77:
                    48:23:23:df:02:66:9e:8d:31:69:9e:64:e6:10:d6:
                    15:3f:5c:7b:15:43:a3:7c:00:58:31:73:35:35:0a:
                    40:fd:c2:8a:4e:a0:a2:c7:27:ee:57:fc:5a:00:26:
                    94:3d:90:fe:87:49:3f:6d:2f:fe:58:40:9a:7e:2f:
                    99:99:65:86:5d:7c:b3:8a:83:b8:96:27:18:a8:1d:
                    b6:77:27:77:e6:3c:a0:16:fe:47:10:da:85:6b:93:
                    2e:80:85:89:2d:af:ff:dd:16:6b:ca:85:7b:cb:ef:
                    ea:b0:ee:b9:b1:08:a4:6b:40:d0:f8:99:29:87:02:
                    19:7e:9e:fc:25:ef:a1:01:9e:75:a9:de:79:92:b7:
                    8e:2a:57:11:62:51:52:6a:0b:1c:d5:3a:e1:51:ea:
                    13:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:72:A6:BC:E9:29:63:3E:F0:D3:40:A1:5A:2D:82:4F:C5:59:78:05
            X509v3 Authority Key Identifier:
                keyid:E3:E4:6E:2C:40:16:A8:D7:39:2C:85:74:13:4F:D4:79:3B:94:15:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4-RuLEAWqNc5LIV0E0_UeTuUFaQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/572ec8-7456-4e55-b776-d8ece26afec0/1/qnKmvOkpYz7w00ChWi2CT8VZeAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/572ec8-7456-4e55-b776-d8ece26afec0/1/4-RuLEAWqNc5LIV0E0_UeTuUFaQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.228.48.0/20
                  77.95.72.0/21
                  185.229.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:2f:00:a4:ff:31:58:32:76:0c:44:ef:bb:79:88:41:8c:94:
         28:5f:34:5b:c0:ba:f6:87:d1:fb:71:8c:91:21:6d:f5:cd:fc:
         c1:72:ec:79:7b:7d:27:c2:a2:c9:7e:ba:00:7d:11:60:0b:9a:
         3c:b2:2f:7a:f2:78:ef:31:05:9c:73:db:7d:0b:4f:92:fe:b5:
         a3:3b:96:81:49:c4:f3:f0:2e:7b:04:b7:4a:73:9f:55:2f:64:
         ae:8d:96:1e:55:7f:c5:2e:b4:68:ab:bb:00:a9:f7:88:19:5b:
         97:c1:c5:79:be:29:d9:84:cc:91:d8:a5:53:9d:88:b3:b6:ce:
         7e:65:b9:ad:25:d3:de:b3:9d:28:e5:0f:c4:ce:88:cb:19:37:
         bc:19:16:35:1c:f1:2b:4e:11:c9:91:d3:cd:69:91:e2:59:33:
         b5:08:9b:67:c3:ed:71:d5:49:13:11:85:35:69:44:8b:ab:c8:
         b2:e3:f6:ac:38:cd:a8:12:fd:b0:1a:fb:84:23:cb:a4:03:b2:
         a5:cf:df:dc:ab:a2:5d:08:2e:77:f8:97:c9:0d:18:81:1c:ee:
         3e:1f:34:75:25:1a:0d:38:8b:a8:94:75:31:4d:92:38:62:a3:
         f4:93:66:41:77:25:19:59:e3:71:20:4b:24:55:5a:41:05:6e:
         46:72:6b:83
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIAZJrRzQoKE4Ddp0DLLVqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzZTQ2ZTJjNDAxNmE4ZDczOTJjODU3NDEzNGZkNDc5M2I5
NDE1YTQwHhcNMjQwMTAyMDIyOTU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYTcyYTZiY2U5Mjk2MzNlZjBkMzQwYTE1YTJkODI0ZmM1NTk3ODA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1zTukDeCNfyWlTSD/KkE4DJmfHp
yjdjysvZ1mXgDkEXi5rNB1KJfPyGsJ0X7qfOuOAQsvMSSf1vfGvqwxtPgLrED+1y
NOwDk6IR7wSf6cCS0XOQdkdJDVo2MTJomogGrc0iPtYoAHdIIyPfAmaejTFpnmTm
ENYVP1x7FUOjfABYMXM1NQpA/cKKTqCixyfuV/xaACaUPZD+h0k/bS/+WECafi+Z
mWWGXXyzioO4licYqB22dyd35jygFv5HENqFa5MugIWJLa//3RZryoV7y+/qsO65
sQika0DQ+JkphwIZfp78Je+hAZ51qd55kreOKlcRYlFSagsc1TrhUeoTPwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFKpyprzpKWM+8NNAoVotgk/FWXgFMB8GA1UdIwQY
MBaAFOPkbixAFqjXOSyFdBNP1Hk7lBWkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNC1SdUxFQVdxTmM1TElWMEUwX1VlVHVVRmFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81NzJlYzgtNzQ1Ni00ZTU1LWI3NzYt
ZDhlY2UyNmFmZWMwLzEvcW5LbXZPa3BZejd3MDBDaFdpMkNUOFZaZUFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81NzJlYzgtNzQ1Ni00ZTU1LWI3NzYtZDhlY2UyNmFmZWMw
LzEvNC1SdUxFQVdxTmM1TElWMEUwX1VlVHVVRmFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQELuQwAwQD
TV9IAwQCueXkMA0GCSqGSIb3DQEBCwUAA4IBAQAPLwCk/zFYMnYMRO+7eYhBjJQo
XzRbwLr2h9H7cYyRIW31zfzBcux5e30nwqLJfroAfRFgC5o8si968njvMQWcc9t9
C0+S/rWjO5aBScTz8C57BLdKc59VL2SujZYeVX/FLrRoq7sAqfeIGVuXwcV5vinZ
hMyR2KVTnYizts5+ZbmtJdPes50o5Q/EzojLGTe8GRY1HPErThHJkdPNaZHiWTO1
CJtnw+1x1UkTEYU1aUSLq8iy4/asOM2oEv2wGvuEI8ukA7Klz9/cq6JdCC53+JfJ
DRiBHO4+HzR1JRoNOIuolHUxTZI4YqP0k2ZBdyUZWeNxIEskVVpBBW5GcmuD
-----END CERTIFICATE-----