Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/nL4qMNMs3AzfI7aIflXBeKuLPO0.roa
File:                     nL4qMNMs3AzfI7aIflXBeKuLPO0.roa (raw, json)
Hash identifier:          SWpispmzSHZRo6Zym4lYZ9nsIsrvLr5nMBuiny6JSlo=
Subject key identifier:   9C:BE:2A:30:D3:2C:DC:0C:DF:23:B6:88:7E:55:C1:78:AB:8B:3C:ED
Certificate issuer:       /CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
Certificate serial:       018CC26D607FC27F87262E6C502D77C5D8AF
Authority key identifier: 84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/nL4qMNMs3AzfI7aIflXBeKuLPO0.roa
Signing time:             Mon 01 Jan 2024 00:29:57 +0000
ROA not before:           Mon 01 Jan 2024 00:29:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198202
IP address blocks:        46.249.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:60:7f:c2:7f:87:26:2e:6c:50:2d:77:c5:d8:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=84b2f4fa5163af96168e88fbf9cb4ed1ed8fb4c4
        Validity
            Not Before: Jan  1 00:29:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9cbe2a30d32cdc0cdf23b6887e55c178ab8b3ced
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:1b:3b:e0:23:ec:69:1d:c9:fe:b1:6d:90:a3:
                    4a:50:59:b5:98:b2:74:74:0b:85:83:87:f0:7e:0c:
                    2a:dc:a1:aa:80:e3:c7:01:5f:fb:25:a3:99:12:01:
                    a0:0a:1a:fd:75:4d:90:e2:89:cf:11:0c:69:7d:8a:
                    1b:c1:22:b4:13:97:58:fd:0b:15:6d:2e:18:b6:3f:
                    10:b8:91:c1:30:b3:4b:4e:47:89:3a:5a:e1:db:1d:
                    95:23:73:fc:47:45:79:91:3f:8d:ac:10:98:19:f7:
                    49:a2:c2:19:f2:55:fb:9c:25:93:be:52:5c:3a:9d:
                    f3:b1:7d:0d:98:af:8f:bc:0b:6c:f5:f9:ca:01:d6:
                    c5:72:62:41:5d:c6:6b:01:c6:83:f9:4c:1b:bd:aa:
                    38:7e:dd:1d:0b:5d:87:09:c3:fb:fe:b8:6e:1b:f6:
                    50:e0:25:fe:33:43:9f:a8:96:e4:60:3f:f0:24:f5:
                    4c:b4:00:41:e4:cb:5a:a0:ae:e4:b5:25:b2:82:03:
                    cb:0f:94:59:0a:f6:b6:18:7f:17:0e:81:46:20:44:
                    02:3a:7b:7b:51:e6:29:9e:97:3c:47:7e:0b:bc:ba:
                    ce:99:cb:a6:ba:21:a6:87:00:06:32:a3:6b:3c:c5:
                    a5:22:52:64:6f:a9:9e:e3:4b:ff:29:a0:cf:87:b6:
                    19:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:BE:2A:30:D3:2C:DC:0C:DF:23:B6:88:7E:55:C1:78:AB:8B:3C:ED
            X509v3 Authority Key Identifier:
                keyid:84:B2:F4:FA:51:63:AF:96:16:8E:88:FB:F9:CB:4E:D1:ED:8F:B4:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/nL4qMNMs3AzfI7aIflXBeKuLPO0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/4aa789-878b-472b-b847-872ba2d9f44c/1/hLL0-lFjr5YWjoj7-ctO0e2PtMQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.249.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:60:42:0c:3d:3b:99:4d:94:17:23:7c:34:60:2e:9f:ae:80:
         38:6d:b1:e6:7b:d1:a4:0b:5d:d0:29:19:47:85:05:32:8e:ee:
         e9:5d:9e:f2:6c:06:cf:7f:1f:e8:7a:78:53:f3:96:73:e2:84:
         b2:b9:bf:f3:05:84:80:a2:f0:a1:2b:f4:a7:ac:36:d5:4b:98:
         93:f7:18:13:b6:64:7a:32:64:37:fe:96:8f:ce:35:2a:85:cd:
         a7:89:4e:cc:eb:47:4d:4b:60:93:a4:47:92:93:b7:c4:03:15:
         97:f0:ba:b0:b1:8f:2c:8e:57:27:bd:0b:06:7c:10:a8:bd:67:
         6b:ee:0a:5d:55:39:fb:af:22:33:7d:28:eb:68:84:fc:c4:dd:
         c9:af:5c:dc:6d:b7:17:66:be:2e:cb:40:d9:86:40:cd:c9:e8:
         50:91:85:5e:c4:80:40:a6:ab:60:ae:5b:c7:df:3e:52:7b:36:
         06:ef:6f:7a:dc:09:ef:3b:4c:7d:15:3d:03:ba:b3:07:b9:b1:
         80:da:28:d2:10:c9:45:76:c2:be:19:4d:1f:06:51:12:5d:a5:
         97:7b:d6:a1:1f:2b:07:94:40:8a:ae:c8:c8:c3:1f:b6:52:86:
         e1:94:57:37:e3:98:8c:35:9a:97:0a:90:07:a2:ba:62:f1:5f:
         fb:31:ea:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbWB/wn+HJi5sUC13xdivMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0YjJmNGZhNTE2M2FmOTYxNjhlODhmYmY5Y2I0ZWQxZWQ4
ZmI0YzQwHhcNMjQwMTAxMDAyOTU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2JlMmEzMGQzMmNkYzBjZGYyM2I2ODg3ZTU1YzE3OGFiOGIzY2VkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBs74CPsaR3J/rFtkKNKUFm1mLJ0
dAuFg4fwfgwq3KGqgOPHAV/7JaOZEgGgChr9dU2Q4onPEQxpfYobwSK0E5dY/QsV
bS4Ytj8QuJHBMLNLTkeJOlrh2x2VI3P8R0V5kT+NrBCYGfdJosIZ8lX7nCWTvlJc
Op3zsX0NmK+PvAts9fnKAdbFcmJBXcZrAcaD+Uwbvao4ft0dC12HCcP7/rhuG/ZQ
4CX+M0OfqJbkYD/wJPVMtABB5MtaoK7ktSWyggPLD5RZCva2GH8XDoFGIEQCOnt7
UeYpnpc8R34LvLrOmcumuiGmhwAGMqNrPMWlIlJkb6me40v/KaDPh7YZQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJy+KjDTLNwM3yO2iH5VwXirizztMB8GA1UdIwQY
MBaAFISy9PpRY6+WFo6I+/nLTtHtj7TEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDct
ODcyYmEyZDlmNDRjLzEvbkw0cU1OTXMzQXpmSTdhSWZsWEJlS3VMUE8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC80YWE3ODktODc4Yi00NzJiLWI4NDctODcyYmEyZDlmNDRj
LzEvaExMMC1sRmpyNVlXam9qNy1jdE8wZTJQdE1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALvleMA0G
CSqGSIb3DQEBCwUAA4IBAQCRYEIMPTuZTZQXI3w0YC6froA4bbHme9GkC13QKRlH
hQUyju7pXZ7ybAbPfx/oenhT85Zz4oSyub/zBYSAovChK/SnrDbVS5iT9xgTtmR6
MmQ3/paPzjUqhc2niU7M60dNS2CTpEeSk7fEAxWX8LqwsY8sjlcnvQsGfBCovWdr
7gpdVTn7ryIzfSjraIT8xN3Jr1zcbbcXZr4uy0DZhkDNyehQkYVexIBApqtgrlvH
3z5SezYG72963AnvO0x9FT0DurMHubGA2ijSEMlFdsK+GU0fBlESXaWXe9ahHysH
lECKrsjIwx+2UobhlFc345iMNZqXCpAHorpi8V/7Mepz
-----END CERTIFICATE-----