Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/149cf6-611d-4e03-a660-dce1127ab223/1/7YvWlEI3fG_6tIkLvcuJv3o01SY.roa
File:                     7YvWlEI3fG_6tIkLvcuJv3o01SY.roa (raw, json)
Hash identifier:          +EqQ2JJT90jy8C5ar8E5Q5unGgbRalMYij7MKJh7vbw=
Subject key identifier:   ED:8B:D6:94:42:37:7C:6F:FA:B4:89:0B:BD:CB:89:BF:7A:34:D5:26
Certificate issuer:       /CN=70cbeb388f5902c16160bbed0962cb622b2bb832
Certificate serial:       018CC6B80284DE6C74DD989DD94D326F5A52
Authority key identifier: 70:CB:EB:38:8F:59:02:C1:61:60:BB:ED:09:62:CB:62:2B:2B:B8:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cMvrOI9ZAsFhYLvtCWLLYisruDI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ae/149cf6-611d-4e03-a660-dce1127ab223/1/7YvWlEI3fG_6tIkLvcuJv3o01SY.roa
Signing time:             Mon 01 Jan 2024 20:29:57 +0000
ROA not before:           Mon 01 Jan 2024 20:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1299
IP address blocks:        185.46.20.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ae/149cf6-611d-4e03-a660-dce1127ab223/1/cMvrOI9ZAsFhYLvtCWLLYisruDI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ae/149cf6-611d-4e03-a660-dce1127ab223/1/cMvrOI9ZAsFhYLvtCWLLYisruDI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cMvrOI9ZAsFhYLvtCWLLYisruDI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 10:03:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:02:84:de:6c:74:dd:98:9d:d9:4d:32:6f:5a:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70cbeb388f5902c16160bbed0962cb622b2bb832
        Validity
            Not Before: Jan  1 20:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed8bd69442377c6ffab4890bbdcb89bf7a34d526
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:59:f4:79:ff:8a:ba:c4:66:56:9b:ea:51:91:
                    f7:62:13:ee:a3:e6:98:fc:5f:bd:1b:e3:f3:aa:39:
                    1f:eb:ae:37:62:04:3c:e7:e5:c4:39:cc:2b:ba:51:
                    0b:7f:50:96:cf:5f:03:83:39:44:8b:81:14:94:e0:
                    26:47:6a:5a:38:1d:20:06:bf:d5:e1:3c:67:ae:fd:
                    1f:80:f6:7b:3c:ff:23:fd:fa:32:39:c3:13:dc:2f:
                    69:ee:e3:98:5d:97:7b:22:56:35:04:6e:57:63:67:
                    a2:12:77:86:8f:8a:df:2e:bb:c5:98:2e:16:8f:77:
                    8a:fb:60:c9:96:e5:b6:b8:0f:2d:79:92:94:09:6d:
                    f0:26:1d:04:2d:c1:90:2d:f0:7d:a3:88:1c:1f:0d:
                    d7:7c:6e:59:37:79:0e:0f:8f:e7:c0:44:86:a8:75:
                    f9:27:4c:f5:bb:93:3d:15:fb:fa:52:93:63:f1:95:
                    40:89:25:b1:90:c2:cc:5f:fc:10:30:8d:58:65:ab:
                    66:2e:dd:af:99:6d:e0:44:c4:a8:b5:d0:d5:b6:83:
                    a1:c9:1f:b4:54:65:e3:f4:b3:a4:48:99:2b:e1:00:
                    36:a1:b5:57:2c:ab:66:42:dc:5a:78:bf:df:23:a7:
                    58:85:c3:5b:a0:0c:72:af:06:e6:dc:f8:36:bb:07:
                    3a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:8B:D6:94:42:37:7C:6F:FA:B4:89:0B:BD:CB:89:BF:7A:34:D5:26
            X509v3 Authority Key Identifier:
                keyid:70:CB:EB:38:8F:59:02:C1:61:60:BB:ED:09:62:CB:62:2B:2B:B8:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cMvrOI9ZAsFhYLvtCWLLYisruDI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/149cf6-611d-4e03-a660-dce1127ab223/1/7YvWlEI3fG_6tIkLvcuJv3o01SY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/149cf6-611d-4e03-a660-dce1127ab223/1/cMvrOI9ZAsFhYLvtCWLLYisruDI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         55:8e:54:19:ac:39:2e:d7:3c:23:0e:6f:db:d4:f2:ab:b1:13:
         3c:9c:be:9a:94:78:62:6e:89:2b:46:0c:ea:ce:d2:52:b1:71:
         b6:82:6e:5a:d3:71:6a:c1:d5:84:25:b6:e1:e2:aa:20:fe:41:
         a1:1d:10:2f:27:47:98:9f:f9:0e:5a:74:a0:33:ec:f1:8d:53:
         38:da:e9:94:72:34:c1:05:fa:10:be:7a:5c:ca:39:76:88:ed:
         32:3c:a4:19:e2:f4:26:1f:6a:bf:06:49:cc:f7:31:cf:76:2c:
         16:3d:66:c2:49:22:d4:36:a3:f8:f5:a3:4f:fe:8d:c6:48:8b:
         be:02:c2:9b:78:60:98:17:82:05:21:69:36:28:ad:88:1b:ed:
         8d:2e:9b:38:29:0d:00:29:28:af:28:86:ce:60:77:32:ba:ad:
         ff:e1:eb:c7:49:1f:1f:2b:f2:f3:7e:ce:56:dd:c9:a5:ad:a9:
         56:3a:4d:52:29:53:9d:8a:e5:65:28:78:08:44:af:98:b6:99:
         e4:fb:e7:17:eb:59:bd:3b:24:64:6f:9f:e1:e7:e2:22:96:41:
         07:03:49:25:04:dd:3a:79:81:91:6f:73:f7:bb:b1:c7:04:00:
         b9:66:51:3f:85:67:6d:04:f6:fd:87:79:92:85:b5:6b:8d:06:
         e8:1f:08:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuAKE3mx03Zid2U0yb1pSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwY2JlYjM4OGY1OTAyYzE2MTYwYmJlZDA5NjJjYjYyMmIy
YmI4MzIwHhcNMjQwMTAxMjAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDhiZDY5NDQyMzc3YzZmZmFiNDg5MGJiZGNiODliZjdhMzRkNTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1n0ef+KusRmVpvqUZH3YhPuo+aY
/F+9G+Pzqjkf6643YgQ85+XEOcwrulELf1CWz18DgzlEi4EUlOAmR2paOB0gBr/V
4Txnrv0fgPZ7PP8j/foyOcMT3C9p7uOYXZd7IlY1BG5XY2eiEneGj4rfLrvFmC4W
j3eK+2DJluW2uA8teZKUCW3wJh0ELcGQLfB9o4gcHw3XfG5ZN3kOD4/nwESGqHX5
J0z1u5M9Ffv6UpNj8ZVAiSWxkMLMX/wQMI1YZatmLt2vmW3gRMSotdDVtoOhyR+0
VGXj9LOkSJkr4QA2obVXLKtmQtxaeL/fI6dYhcNboAxyrwbm3Pg2uwc6uwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2L1pRCN3xv+rSJC73Lib96NNUmMB8GA1UdIwQY
MBaAFHDL6ziPWQLBYWC77Qliy2IrK7gyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY012ck9JOVpBc0ZoWUx2dENXTExZaXNydURJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS8xNDljZjYtNjExZC00ZTAzLWE2NjAt
ZGNlMTEyN2FiMjIzLzEvN1l2V2xFSTNmR182dElrTHZjdUp2M28wMVNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS8xNDljZjYtNjExZC00ZTAzLWE2NjAtZGNlMTEyN2FiMjIz
LzEvY012ck9JOVpBc0ZoWUx2dENXTExZaXNydURJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuS4UMA0G
CSqGSIb3DQEBCwUAA4IBAQBVjlQZrDku1zwjDm/b1PKrsRM8nL6alHhibokrRgzq
ztJSsXG2gm5a03FqwdWEJbbh4qog/kGhHRAvJ0eYn/kOWnSgM+zxjVM42umUcjTB
BfoQvnpcyjl2iO0yPKQZ4vQmH2q/BknM9zHPdiwWPWbCSSLUNqP49aNP/o3GSIu+
AsKbeGCYF4IFIWk2KK2IG+2NLps4KQ0AKSivKIbOYHcyuq3/4evHSR8fK/Lzfs5W
3cmlralWOk1SKVOdiuVlKHgIRK+Ytpnk++cX61m9OyRkb5/h5+IilkEHA0klBN06
eYGRb3P3u7HHBAC5ZlE/hWdtBPb9h3mShbVrjQboHwhN
-----END CERTIFICATE-----