Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/48f2ec-d3a7-4354-93ff-0f5c959aca0b/1/kQ1BLPglwFg0KsZl0O8q7aNzqqk.roa
File:                     kQ1BLPglwFg0KsZl0O8q7aNzqqk.roa (raw, json)
Hash identifier:          pLdDvvXaXd9yNGAvHhVEPOdJHfvSGpKPNp0JoGL37m4=
Subject key identifier:   91:0D:41:2C:F8:25:C0:58:34:2A:C6:65:D0:EF:2A:ED:A3:73:AA:A9
Certificate issuer:       /CN=7c3cca3419c8ab15b3ad4ed74438e53f4fb610df
Certificate serial:       018CC64B3407E00586B7FD02B30619343C77
Authority key identifier: 7C:3C:CA:34:19:C8:AB:15:B3:AD:4E:D7:44:38:E5:3F:4F:B6:10:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fDzKNBnIqxWzrU7XRDjlP0-2EN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/48f2ec-d3a7-4354-93ff-0f5c959aca0b/1/kQ1BLPglwFg0KsZl0O8q7aNzqqk.roa
Signing time:             Mon 01 Jan 2024 18:31:06 +0000
ROA not before:           Mon 01 Jan 2024 18:31:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199864
IP address blocks:        185.46.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/48f2ec-d3a7-4354-93ff-0f5c959aca0b/1/fDzKNBnIqxWzrU7XRDjlP0-2EN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/48f2ec-d3a7-4354-93ff-0f5c959aca0b/1/fDzKNBnIqxWzrU7XRDjlP0-2EN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fDzKNBnIqxWzrU7XRDjlP0-2EN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:34:07:e0:05:86:b7:fd:02:b3:06:19:34:3c:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c3cca3419c8ab15b3ad4ed74438e53f4fb610df
        Validity
            Not Before: Jan  1 18:31:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=910d412cf825c058342ac665d0ef2aeda373aaa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5b:62:d1:20:10:ef:a9:51:df:b8:fe:ab:cd:
                    ea:3b:06:6f:52:c5:77:14:d3:0e:9a:bc:9b:44:2c:
                    b7:54:77:14:64:9f:5c:a5:8e:ff:c3:79:3e:65:34:
                    e2:30:63:28:a5:2f:a3:c7:36:93:9c:c6:80:1e:15:
                    3d:2b:1e:95:8d:d3:60:b8:69:19:0c:54:1e:40:d7:
                    4e:a0:89:22:15:2d:8d:80:f4:3d:6a:83:20:50:25:
                    cd:23:03:c6:95:23:7b:3c:6d:75:86:eb:bd:87:4c:
                    f5:4b:8c:1d:3b:4f:73:2c:03:e5:36:75:d4:b3:fc:
                    af:c9:4e:13:60:ee:44:d7:63:db:68:4b:ce:ff:82:
                    1d:f9:2c:4e:ab:43:7a:ff:32:49:94:d8:0c:cf:e3:
                    ed:45:4d:ee:2f:d8:c2:15:cc:9d:7b:59:44:9a:e3:
                    ee:ae:08:2c:52:be:58:82:ab:d9:86:99:54:1d:70:
                    2f:54:a4:a1:79:b2:9b:e2:92:49:da:57:4a:b2:c4:
                    9e:9d:12:ca:aa:78:cf:ee:fb:4b:17:6a:f0:9f:61:
                    f9:ff:fb:2c:fd:8f:ec:a6:ed:40:b3:72:da:42:ca:
                    ed:b6:88:b1:e8:71:01:ac:64:cf:a3:ee:2e:84:53:
                    d5:f6:92:ee:32:09:c6:81:e1:b9:17:4c:12:02:8c:
                    0a:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:0D:41:2C:F8:25:C0:58:34:2A:C6:65:D0:EF:2A:ED:A3:73:AA:A9
            X509v3 Authority Key Identifier:
                keyid:7C:3C:CA:34:19:C8:AB:15:B3:AD:4E:D7:44:38:E5:3F:4F:B6:10:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fDzKNBnIqxWzrU7XRDjlP0-2EN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/48f2ec-d3a7-4354-93ff-0f5c959aca0b/1/kQ1BLPglwFg0KsZl0O8q7aNzqqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/48f2ec-d3a7-4354-93ff-0f5c959aca0b/1/fDzKNBnIqxWzrU7XRDjlP0-2EN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:a0:eb:b4:67:40:7a:79:70:ac:0f:a4:26:3b:d1:58:e7:0e:
         ea:07:d4:59:22:de:51:3a:3a:e7:46:56:a1:02:b8:a9:19:32:
         c2:67:cd:17:4e:70:32:57:63:31:42:93:74:86:d6:ee:a7:b3:
         90:2a:73:64:50:fb:48:e4:c8:ae:0f:bc:4c:f0:0a:1b:dc:9d:
         e6:61:e5:03:14:9b:1e:77:ea:3f:81:1e:54:d3:12:50:97:7a:
         98:f3:23:52:fe:eb:c6:b1:cd:5e:d0:8f:17:30:cb:85:8a:6e:
         94:da:f2:6f:08:73:22:d0:b9:9f:9a:da:73:eb:d1:be:1a:76:
         51:6d:5c:5d:85:15:ce:6c:dd:e7:75:ea:59:77:20:0e:42:6a:
         0b:20:52:4a:89:99:ab:68:c1:64:61:e9:49:dc:3f:6e:6e:23:
         95:41:83:54:24:06:c3:4c:79:42:40:77:31:92:dd:ab:23:b5:
         d3:59:77:14:af:20:2c:fe:a3:89:b0:50:e1:ef:e6:c0:0a:20:
         c1:70:ca:c8:49:f2:59:36:c0:ac:63:80:85:d4:3f:68:e3:54:
         6b:93:59:6a:ee:ac:cb:2a:fc:53:98:50:68:46:71:87:9c:60:
         4b:c4:7e:0c:18:eb:0a:7b:06:61:26:e0:b5:33:c5:cf:31:c7:
         2d:61:ef:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSzQH4AWGt/0CswYZNDx3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjM2NjYTM0MTljOGFiMTViM2FkNGVkNzQ0MzhlNTNmNGZi
NjEwZGYwHhcNMjQwMTAxMTgzMTA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTBkNDEyY2Y4MjVjMDU4MzQyYWM2NjVkMGVmMmFlZGEzNzNhYWE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsFti0SAQ76lR37j+q83qOwZvUsV3
FNMOmrybRCy3VHcUZJ9cpY7/w3k+ZTTiMGMopS+jxzaTnMaAHhU9Kx6VjdNguGkZ
DFQeQNdOoIkiFS2NgPQ9aoMgUCXNIwPGlSN7PG11huu9h0z1S4wdO09zLAPlNnXU
s/yvyU4TYO5E12PbaEvO/4Id+SxOq0N6/zJJlNgMz+PtRU3uL9jCFcyde1lEmuPu
rggsUr5YgqvZhplUHXAvVKShebKb4pJJ2ldKssSenRLKqnjP7vtLF2rwn2H5//ss
/Y/spu1As3LaQsrttoix6HEBrGTPo+4uhFPV9pLuMgnGgeG5F0wSAowKQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJENQSz4JcBYNCrGZdDvKu2jc6qpMB8GA1UdIwQY
MBaAFHw8yjQZyKsVs61O10Q45T9PthDfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkR6S05CbklxeFd6clU3WFJEamxQMC0yRU44LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS80OGYyZWMtZDNhNy00MzU0LTkzZmYt
MGY1Yzk1OWFjYTBiLzEva1ExQkxQZ2x3RmcwS3NabDBPOHE3YU56cXFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS80OGYyZWMtZDNhNy00MzU0LTkzZmYtMGY1Yzk1OWFjYTBi
LzEvZkR6S05CbklxeFd6clU3WFJEamxQMC0yRU44LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuS4bMA0G
CSqGSIb3DQEBCwUAA4IBAQA6oOu0Z0B6eXCsD6QmO9FY5w7qB9RZIt5ROjrnRlah
AripGTLCZ80XTnAyV2MxQpN0htbup7OQKnNkUPtI5MiuD7xM8Aob3J3mYeUDFJse
d+o/gR5U0xJQl3qY8yNS/uvGsc1e0I8XMMuFim6U2vJvCHMi0Lmfmtpz69G+GnZR
bVxdhRXObN3ndepZdyAOQmoLIFJKiZmraMFkYelJ3D9ubiOVQYNUJAbDTHlCQHcx
kt2rI7XTWXcUryAs/qOJsFDh7+bACiDBcMrISfJZNsCsY4CF1D9o41Rrk1lq7qzL
KvxTmFBoRnGHnGBLxH4MGOsKewZhJuC1M8XPMcctYe/s
-----END CERTIFICATE-----