Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/gDHfXxpJiL6qAIM-DmGDDPPXhsE.roa
File:                     gDHfXxpJiL6qAIM-DmGDDPPXhsE.roa (raw, json)
Hash identifier:          EwM+qmk0XKl3xT+H8yDmY8L+ymzTN4F0sGQsq5heySI=
Subject key identifier:   80:31:DF:5F:1A:49:88:BE:AA:00:83:3E:0E:61:83:0C:F3:D7:86:C1
Certificate issuer:       /CN=c41c7221ede3af5ee92e3206af2f18bd010d5dd9
Certificate serial:       018CC50031EB75D4127B2FDD2B6FD7540828
Authority key identifier: C4:1C:72:21:ED:E3:AF:5E:E9:2E:32:06:AF:2F:18:BD:01:0D:5D:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/gDHfXxpJiL6qAIM-DmGDDPPXhsE.roa
Signing time:             Mon 01 Jan 2024 12:29:33 +0000
ROA not before:           Mon 01 Jan 2024 12:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     28785
IP address blocks:        46.20.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:31:eb:75:d4:12:7b:2f:dd:2b:6f:d7:54:08:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c41c7221ede3af5ee92e3206af2f18bd010d5dd9
        Validity
            Not Before: Jan  1 12:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8031df5f1a4988beaa00833e0e61830cf3d786c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:94:79:35:c8:53:d8:09:83:54:0e:2a:0e:f7:
                    d8:2b:ec:7e:22:1d:44:f0:f1:be:f0:c9:61:8a:fd:
                    63:ba:1d:ad:95:ca:20:1c:05:1c:48:e8:22:d8:2e:
                    3b:19:82:03:31:61:26:2d:62:cc:4e:ed:ff:09:2a:
                    1d:c4:f3:c3:d3:8d:9d:a5:17:4c:07:cd:6d:82:86:
                    a8:1a:59:e2:3f:a5:4b:d5:dc:6a:cb:8b:2e:55:6f:
                    6d:3f:5a:51:91:fe:f1:46:22:68:75:c8:4e:7d:c8:
                    80:fe:97:92:eb:c4:d9:6a:76:be:00:87:d7:27:b9:
                    4a:27:10:e9:18:59:59:cf:f9:15:74:c6:52:51:00:
                    03:f9:79:07:0b:f8:56:65:7b:e3:89:5e:ce:f8:0e:
                    b6:aa:3b:1b:e1:ba:46:e2:44:9d:9b:dc:96:54:2a:
                    3c:57:1a:af:6e:3d:c9:a3:03:ee:7d:84:b6:1f:b7:
                    41:64:3e:68:5c:f0:86:79:27:ec:35:7c:ea:e3:20:
                    d5:c5:80:7e:c9:da:60:3c:14:67:78:6b:ea:8d:27:
                    49:33:5a:0e:ba:1a:f8:f1:07:bc:a3:75:3c:c8:c2:
                    c4:59:9d:69:ba:bf:fa:ae:fd:82:c6:56:55:73:7b:
                    3c:26:df:99:f6:56:7b:af:38:26:1b:ee:98:c7:ed:
                    c9:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:31:DF:5F:1A:49:88:BE:AA:00:83:3E:0E:61:83:0C:F3:D7:86:C1
            X509v3 Authority Key Identifier:
                keyid:C4:1C:72:21:ED:E3:AF:5E:E9:2E:32:06:AF:2F:18:BD:01:0D:5D:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xBxyIe3jr17pLjIGry8YvQENXdk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/gDHfXxpJiL6qAIM-DmGDDPPXhsE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/e99b35-8cf6-4934-a591-9930f2194a0e/1/xBxyIe3jr17pLjIGry8YvQENXdk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.20.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:e7:1e:f4:ed:42:07:83:d3:ff:16:65:9a:20:f3:20:db:c6:
         63:d8:1f:ec:e0:1c:80:ad:f2:01:a2:70:5e:58:06:0f:8a:1c:
         fa:d0:b0:ea:cc:92:5b:3c:1d:ce:18:2b:bf:4f:c6:cb:b1:ec:
         67:36:f9:b2:6f:a7:6c:46:56:65:a5:82:4e:a5:5a:0c:a6:4a:
         6c:c5:4b:d4:49:96:95:56:e4:dc:d3:5d:0c:fa:66:a1:c5:86:
         ce:a7:73:44:86:35:0e:6a:1c:51:53:ad:83:8b:c4:bc:08:ff:
         32:9d:d5:97:d7:52:42:e1:dd:64:4d:d2:69:d4:25:0f:44:ea:
         24:66:56:19:06:56:a0:63:21:fb:ae:20:a9:38:73:b2:56:1c:
         f1:2f:5d:53:99:e4:28:fc:b0:4e:9c:29:ef:bc:2c:98:e0:a1:
         29:66:c8:45:16:ee:8c:9d:9b:b8:89:89:16:75:10:65:41:03:
         18:15:25:b6:11:b9:60:7c:45:f6:05:49:b3:cd:7c:19:e2:4c:
         ee:63:54:7f:56:78:ad:14:5e:4f:97:bd:33:59:f6:9a:45:c1:
         a3:6d:6c:a4:78:50:30:d7:10:4d:20:41:f8:f7:ee:3b:b5:08:
         57:b9:ce:0c:13:0a:3a:0b:a5:d6:13:18:cd:5c:e7:4c:46:4d:
         55:18:54:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFADHrddQSey/dK2/XVAgoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0MWM3MjIxZWRlM2FmNWVlOTJlMzIwNmFmMmYxOGJkMDEw
ZDVkZDkwHhcNMjQwMTAxMTIyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDMxZGY1ZjFhNDk4OGJlYWEwMDgzM2UwZTYxODMwY2YzZDc4NmMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspR5NchT2AmDVA4qDvfYK+x+Ih1E
8PG+8Mlhiv1juh2tlcogHAUcSOgi2C47GYIDMWEmLWLMTu3/CSodxPPD042dpRdM
B81tgoaoGlniP6VL1dxqy4suVW9tP1pRkf7xRiJodchOfciA/peS68TZana+AIfX
J7lKJxDpGFlZz/kVdMZSUQAD+XkHC/hWZXvjiV7O+A62qjsb4bpG4kSdm9yWVCo8
Vxqvbj3JowPufYS2H7dBZD5oXPCGeSfsNXzq4yDVxYB+ydpgPBRneGvqjSdJM1oO
uhr48Qe8o3U8yMLEWZ1pur/6rv2CxlZVc3s8Jt+Z9lZ7rzgmG+6Yx+3JvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIAx318aSYi+qgCDPg5hgwzz14bBMB8GA1UdIwQY
MBaAFMQcciHt469e6S4yBq8vGL0BDV3ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveEJ4eUllM2pyMTdwTGpJR3J5OFl2UUVOWGRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC9lOTliMzUtOGNmNi00OTM0LWE1OTEt
OTkzMGYyMTk0YTBlLzEvZ0RIZlh4cEppTDZxQUlNLURtR0REUFBYaHNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC9lOTliMzUtOGNmNi00OTM0LWE1OTEtOTkzMGYyMTk0YTBl
LzEveEJ4eUllM2pyMTdwTGpJR3J5OFl2UUVOWGRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhQxMA0G
CSqGSIb3DQEBCwUAA4IBAQA85x707UIHg9P/FmWaIPMg28Zj2B/s4ByArfIBonBe
WAYPihz60LDqzJJbPB3OGCu/T8bLsexnNvmyb6dsRlZlpYJOpVoMpkpsxUvUSZaV
VuTc010M+mahxYbOp3NEhjUOahxRU62Di8S8CP8yndWX11JC4d1kTdJp1CUPROok
ZlYZBlagYyH7riCpOHOyVhzxL11TmeQo/LBOnCnvvCyY4KEpZshFFu6MnZu4iYkW
dRBlQQMYFSW2EblgfEX2BUmzzXwZ4kzuY1R/VnitFF5Pl70zWfaaRcGjbWykeFAw
1xBNIEH49+47tQhXuc4MEwo6C6XWExjNXOdMRk1VGFSL
-----END CERTIFICATE-----