Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/e2b349-e796-4865-8040-ecf4f420c98a/1/sa_zZmDW_2OwQToN9Jdgj3uhUd0.roa
File:                     sa_zZmDW_2OwQToN9Jdgj3uhUd0.roa (raw, json)
Hash identifier:          DR70A1vHXFrWKlBKsT147ErNYZBEu+IwcPWjU94PO48=
Subject key identifier:   B1:AF:F3:66:60:D6:FF:63:B0:41:3A:0D:F4:97:60:8F:7B:A1:51:DD
Certificate issuer:       /CN=c4f1f214fb22cc536128f5de4aa017a87880f285
Certificate serial:       018CC42540283F41840C576AC50D5195BE30
Authority key identifier: C4:F1:F2:14:FB:22:CC:53:61:28:F5:DE:4A:A0:17:A8:78:80:F2:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xPHyFPsizFNhKPXeSqAXqHiA8oU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/e2b349-e796-4865-8040-ecf4f420c98a/1/sa_zZmDW_2OwQToN9Jdgj3uhUd0.roa
Signing time:             Mon 01 Jan 2024 08:30:24 +0000
ROA not before:           Mon 01 Jan 2024 08:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51707
IP address blocks:        46.18.8.0/23 maxlen: 23
                          46.18.10.0/23 maxlen: 23
                          46.18.8.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/e2b349-e796-4865-8040-ecf4f420c98a/1/xPHyFPsizFNhKPXeSqAXqHiA8oU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/e2b349-e796-4865-8040-ecf4f420c98a/1/xPHyFPsizFNhKPXeSqAXqHiA8oU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xPHyFPsizFNhKPXeSqAXqHiA8oU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:40:28:3f:41:84:0c:57:6a:c5:0d:51:95:be:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c4f1f214fb22cc536128f5de4aa017a87880f285
        Validity
            Not Before: Jan  1 08:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b1aff36660d6ff63b0413a0df497608f7ba151dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:17:3f:1e:c3:c9:97:5b:17:8f:bf:b5:31:6e:
                    81:d8:25:46:85:f2:fc:08:2d:2d:49:e3:5e:0b:fc:
                    2c:3d:54:9f:99:d7:9b:86:d9:a6:3e:b3:65:21:dc:
                    69:e0:27:e9:df:ef:c1:52:c5:40:4a:30:c9:dc:94:
                    30:19:ff:02:b4:45:12:5d:4d:ed:f0:ca:ce:64:00:
                    92:aa:d1:de:fd:7c:90:21:52:f2:1f:92:57:4a:2b:
                    f6:f6:11:59:1d:5f:fb:36:74:87:5e:25:eb:a5:0d:
                    cd:de:f1:4b:d6:e4:13:9f:aa:f1:dd:12:7f:f4:30:
                    fd:00:93:76:6c:5d:f3:48:9c:53:2a:ba:a5:b9:fd:
                    1c:2e:72:25:61:bb:8a:b0:6b:f8:6d:4c:8a:6c:28:
                    43:d5:d9:41:3a:b7:f9:08:9f:7a:4c:11:4d:d9:be:
                    45:cf:03:c6:e5:b1:8e:f3:ea:ea:a7:f9:8c:9e:1e:
                    d9:78:74:52:b4:52:a0:8e:1f:aa:eb:dd:07:75:b5:
                    a3:a3:a3:46:e5:9c:7a:85:23:9d:d8:07:f9:de:34:
                    07:df:a6:b7:10:b5:81:70:7d:4e:d5:19:3a:b1:bf:
                    94:74:80:02:9e:e6:f5:57:36:e2:45:1d:25:ae:01:
                    2b:f3:8d:91:00:40:bd:bd:0f:dd:06:fe:fb:99:cb:
                    22:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:AF:F3:66:60:D6:FF:63:B0:41:3A:0D:F4:97:60:8F:7B:A1:51:DD
            X509v3 Authority Key Identifier:
                keyid:C4:F1:F2:14:FB:22:CC:53:61:28:F5:DE:4A:A0:17:A8:78:80:F2:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xPHyFPsizFNhKPXeSqAXqHiA8oU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/e2b349-e796-4865-8040-ecf4f420c98a/1/sa_zZmDW_2OwQToN9Jdgj3uhUd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/e2b349-e796-4865-8040-ecf4f420c98a/1/xPHyFPsizFNhKPXeSqAXqHiA8oU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         07:4b:d6:4f:80:7e:59:b9:8c:ff:f2:84:02:24:d9:e8:c7:52:
         15:f7:0b:11:77:be:d2:fe:06:00:9a:07:fb:74:19:71:c5:64:
         75:16:47:22:bb:f9:da:49:35:d2:e9:5f:8e:65:80:5b:04:90:
         8d:75:64:03:59:00:91:ab:01:e1:da:10:c0:9a:34:d6:ea:d6:
         00:6f:90:9e:f7:ac:45:19:6c:49:54:a5:f1:c2:6f:8e:c3:8c:
         b5:5c:a0:57:1c:14:84:f4:76:a0:63:8f:4f:04:0b:9e:2d:49:
         0f:03:a4:a6:50:ea:22:dc:b7:95:b3:d5:2c:e9:53:4b:97:1a:
         b5:c6:26:80:b5:bb:f5:5e:dd:eb:cb:b5:23:33:fb:cf:29:d4:
         64:ce:a9:24:49:7f:73:bf:cd:07:c7:47:07:d4:4c:2c:2d:02:
         f9:ae:da:94:90:e2:f8:53:37:36:0b:d7:98:fb:3b:d3:27:5b:
         a1:0c:2c:15:6b:86:a2:0f:d3:16:b1:97:47:2e:77:71:bf:80:
         94:05:b8:52:56:a9:6e:8e:98:7f:83:52:10:c3:62:dd:93:1d:
         2f:d6:60:ee:80:15:49:aa:6c:3c:c9:a6:9e:98:61:eb:80:b9:
         32:ec:64:5c:35:76:7c:4a:6a:6d:ce:cb:db:e3:fd:fc:7e:0f:
         0f:5d:c2:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUAoP0GEDFdqxQ1Rlb4wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM0ZjFmMjE0ZmIyMmNjNTM2MTI4ZjVkZTRhYTAxN2E4Nzg4
MGYyODUwHhcNMjQwMTAxMDgzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWFmZjM2NjYwZDZmZjYzYjA0MTNhMGRmNDk3NjA4ZjdiYTE1MWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhhc/HsPJl1sXj7+1MW6B2CVGhfL8
CC0tSeNeC/wsPVSfmdebhtmmPrNlIdxp4Cfp3+/BUsVASjDJ3JQwGf8CtEUSXU3t
8MrOZACSqtHe/XyQIVLyH5JXSiv29hFZHV/7NnSHXiXrpQ3N3vFL1uQTn6rx3RJ/
9DD9AJN2bF3zSJxTKrqluf0cLnIlYbuKsGv4bUyKbChD1dlBOrf5CJ96TBFN2b5F
zwPG5bGO8+rqp/mMnh7ZeHRStFKgjh+q690HdbWjo6NG5Zx6hSOd2Af53jQH36a3
ELWBcH1O1Rk6sb+UdIACnub1VzbiRR0lrgEr842RAEC9vQ/dBv77mcsiIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLGv82Zg1v9jsEE6DfSXYI97oVHdMB8GA1UdIwQY
MBaAFMTx8hT7IsxTYSj13kqgF6h4gPKFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFBIeUZQc2l6Rk5oS1BYZVNxQVhxSGlBOG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi9lMmIzNDktZTc5Ni00ODY1LTgwNDAt
ZWNmNGY0MjBjOThhLzEvc2FfelptRFdfMk93UVRvTjlKZGdqM3VoVWQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi9lMmIzNDktZTc5Ni00ODY1LTgwNDAtZWNmNGY0MjBjOThh
LzEveFBIeUZQc2l6Rk5oS1BYZVNxQVhxSGlBOG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLhIIMA0G
CSqGSIb3DQEBCwUAA4IBAQAHS9ZPgH5ZuYz/8oQCJNnox1IV9wsRd77S/gYAmgf7
dBlxxWR1Fkciu/naSTXS6V+OZYBbBJCNdWQDWQCRqwHh2hDAmjTW6tYAb5Ce96xF
GWxJVKXxwm+Ow4y1XKBXHBSE9HagY49PBAueLUkPA6SmUOoi3LeVs9Us6VNLlxq1
xiaAtbv1Xt3ry7UjM/vPKdRkzqkkSX9zv80Hx0cH1EwsLQL5rtqUkOL4Uzc2C9eY
+zvTJ1uhDCwVa4aiD9MWsZdHLndxv4CUBbhSVqlujph/g1IQw2Ldkx0v1mDugBVJ
qmw8yaaemGHrgLky7GRcNXZ8Smptzsvb4/38fg8PXcLk
-----END CERTIFICATE-----