Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/f63d76-2fb6-43a2-bfec-9f7aa094303b/1/nfkGuZvqoPK3fNHGrJ26HFR7mGg.roa
File:                     nfkGuZvqoPK3fNHGrJ26HFR7mGg.roa (raw, json)
Hash identifier:          8Btqxaxvm07vz/8BHD7jJlHtcAVkm/4269S4XN5woeY=
Subject key identifier:   9D:F9:06:B9:9B:EA:A0:F2:B7:7C:D1:C6:AC:9D:BA:1C:54:7B:98:68
Certificate issuer:       /CN=b4f49698d08e8c283c0df2a82f16997e6259bab6
Certificate serial:       018CC42458B1C7EF3E42236F287EE6795C5C
Authority key identifier: B4:F4:96:98:D0:8E:8C:28:3C:0D:F2:A8:2F:16:99:7E:62:59:BA:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPSWmNCOjCg8DfKoLxaZfmJZurY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/f63d76-2fb6-43a2-bfec-9f7aa094303b/1/nfkGuZvqoPK3fNHGrJ26HFR7mGg.roa
Signing time:             Mon 01 Jan 2024 08:29:25 +0000
ROA not before:           Mon 01 Jan 2024 08:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202614
IP address blocks:        46.102.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/f63d76-2fb6-43a2-bfec-9f7aa094303b/1/tPSWmNCOjCg8DfKoLxaZfmJZurY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/f63d76-2fb6-43a2-bfec-9f7aa094303b/1/tPSWmNCOjCg8DfKoLxaZfmJZurY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPSWmNCOjCg8DfKoLxaZfmJZurY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:58:b1:c7:ef:3e:42:23:6f:28:7e:e6:79:5c:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f49698d08e8c283c0df2a82f16997e6259bab6
        Validity
            Not Before: Jan  1 08:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9df906b99beaa0f2b77cd1c6ac9dba1c547b9868
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:3a:0f:f0:b7:6c:c7:79:fb:f3:26:0e:b0:66:
                    39:39:15:2c:b3:d7:c6:dc:40:3e:c5:e0:57:39:a9:
                    c2:ff:ea:cd:40:b3:ba:be:6f:a4:3f:be:16:1c:82:
                    83:bc:ad:d2:45:cb:68:d6:1b:24:9d:d7:26:d2:88:
                    a8:b4:ae:49:34:1a:b5:da:26:b6:26:47:26:39:b2:
                    8d:a1:5b:3d:7d:29:88:ff:2d:29:c7:e2:bc:2f:6d:
                    75:24:96:bd:2c:f5:d4:99:71:0f:10:62:03:46:33:
                    96:ea:14:9e:94:53:e8:59:82:51:1c:b0:f9:3a:22:
                    e0:5e:0b:6b:28:38:89:91:53:39:ec:5d:fb:6c:0f:
                    b9:2e:44:d3:4c:9d:99:9a:c2:3d:d9:9a:3f:87:09:
                    77:f3:15:a9:2e:f5:6d:15:1f:1c:86:a3:49:3d:a7:
                    fc:3f:cb:04:6b:f7:da:5d:c5:9c:f4:35:ce:a3:a6:
                    c0:27:38:37:26:98:a4:49:5e:19:87:12:e5:c0:6d:
                    86:48:e0:c6:ef:1d:c5:1d:f1:91:20:bc:57:04:5e:
                    15:11:6c:fc:82:b5:c4:a3:fb:db:29:29:09:fa:64:
                    2c:2c:82:b1:17:c6:4c:aa:a4:ca:26:67:20:e8:8e:
                    ac:9e:a5:97:0a:86:04:61:fb:46:a9:6d:5e:10:7a:
                    1a:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:F9:06:B9:9B:EA:A0:F2:B7:7C:D1:C6:AC:9D:BA:1C:54:7B:98:68
            X509v3 Authority Key Identifier:
                keyid:B4:F4:96:98:D0:8E:8C:28:3C:0D:F2:A8:2F:16:99:7E:62:59:BA:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPSWmNCOjCg8DfKoLxaZfmJZurY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/f63d76-2fb6-43a2-bfec-9f7aa094303b/1/nfkGuZvqoPK3fNHGrJ26HFR7mGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/f63d76-2fb6-43a2-bfec-9f7aa094303b/1/tPSWmNCOjCg8DfKoLxaZfmJZurY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:d7:9b:5c:e5:fa:38:23:08:12:64:c5:bb:7c:0e:c5:07:22:
         6e:a2:bb:7a:ca:e5:c3:b5:3b:66:9c:42:c0:9d:b5:12:d7:fc:
         88:08:67:ef:42:b8:62:8f:01:8d:f1:b3:57:b3:72:7e:c2:ef:
         09:1d:a6:55:67:27:ba:96:90:ab:1b:d8:54:ca:92:e4:ea:e6:
         8c:2b:01:db:bb:97:5e:5d:d2:52:22:95:53:ec:83:f3:11:ca:
         49:62:a6:18:c3:7b:92:37:38:f8:35:10:d4:2c:c9:40:11:82:
         4b:d5:b5:fe:e3:f9:53:63:4b:64:be:e7:64:ba:b5:22:c7:7b:
         95:3f:e0:5c:43:b6:ff:04:9d:80:e0:d0:3d:7c:22:f1:c8:de:
         72:11:bb:ca:f3:6d:f1:25:59:e9:5b:98:70:4f:bf:32:aa:d0:
         ed:74:b7:af:a7:76:97:d9:9c:16:4c:94:e1:5f:4b:4f:52:e3:
         d9:5d:da:24:ae:63:50:fc:cd:eb:7f:7f:08:b1:6a:82:d5:8e:
         83:96:44:4c:4a:ea:0a:7c:17:f9:2e:91:83:fa:87:ef:70:27:
         ef:aa:ca:16:a3:db:7d:fe:5b:2d:53:27:cf:9c:7a:eb:75:bd:
         7e:a7:e6:16:bc:73:fe:1e:c0:69:e0:3f:8e:fe:77:6f:a5:51:
         bf:1d:08:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJFixx+8+QiNvKH7meVxcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0ZjQ5Njk4ZDA4ZThjMjgzYzBkZjJhODJmMTY5OTdlNjI1
OWJhYjYwHhcNMjQwMTAxMDgyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZGY5MDZiOTliZWFhMGYyYjc3Y2QxYzZhYzlkYmExYzU0N2I5ODY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzoP8Ldsx3n78yYOsGY5ORUss9fG
3EA+xeBXOanC/+rNQLO6vm+kP74WHIKDvK3SRcto1hskndcm0oiotK5JNBq12ia2
JkcmObKNoVs9fSmI/y0px+K8L211JJa9LPXUmXEPEGIDRjOW6hSelFPoWYJRHLD5
OiLgXgtrKDiJkVM57F37bA+5LkTTTJ2ZmsI92Zo/hwl38xWpLvVtFR8chqNJPaf8
P8sEa/faXcWc9DXOo6bAJzg3JpikSV4ZhxLlwG2GSODG7x3FHfGRILxXBF4VEWz8
grXEo/vbKSkJ+mQsLIKxF8ZMqqTKJmcg6I6snqWXCoYEYftGqW1eEHoaLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ35Brmb6qDyt3zRxqyduhxUe5hoMB8GA1UdIwQY
MBaAFLT0lpjQjowoPA3yqC8WmX5iWbq2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBTV21OQ09qQ2c4RGZLb0x4YVpmbUpadXJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS9mNjNkNzYtMmZiNi00M2EyLWJmZWMt
OWY3YWEwOTQzMDNiLzEvbmZrR3VadnFvUEszZk5IR3JKMjZIRlI3bUdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS9mNjNkNzYtMmZiNi00M2EyLWJmZWMtOWY3YWEwOTQzMDNi
LzEvdFBTV21OQ09qQ2c4RGZLb0x4YVpmbUpadXJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALmZoMA0G
CSqGSIb3DQEBCwUAA4IBAQCa15tc5fo4IwgSZMW7fA7FByJuort6yuXDtTtmnELA
nbUS1/yICGfvQrhijwGN8bNXs3J+wu8JHaZVZye6lpCrG9hUypLk6uaMKwHbu5de
XdJSIpVT7IPzEcpJYqYYw3uSNzj4NRDULMlAEYJL1bX+4/lTY0tkvudkurUix3uV
P+BcQ7b/BJ2A4NA9fCLxyN5yEbvK823xJVnpW5hwT78yqtDtdLevp3aX2ZwWTJTh
X0tPUuPZXdokrmNQ/M3rf38IsWqC1Y6DlkRMSuoKfBf5LpGD+ofvcCfvqsoWo9t9
/lstUyfPnHrrdb1+p+YWvHP+HsBp4D+O/ndvpVG/HQjD
-----END CERTIFICATE-----