Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/97e3-j6MG3_NTsW9GJZrzZ-bH9U.roa
File:                     97e3-j6MG3_NTsW9GJZrzZ-bH9U.roa (raw, json)
Hash identifier:          35Y8+qS4Gg6yYQslCQB5sKFKZ2loZF8q/vwem72l73c=
Subject key identifier:   F7:B7:B7:FA:3E:8C:1B:7F:CD:4E:C5:BD:18:96:6B:CD:9F:9B:1F:D5
Certificate issuer:       /CN=1e36de27974727aa0046b3e9c8d0624674541255
Certificate serial:       018D5DF479EE1FA3B5E4EB897C8242B8431C
Authority key identifier: 1E:36:DE:27:97:47:27:AA:00:46:B3:E9:C8:D0:62:46:74:54:12:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HjbeJ5dHJ6oARrPpyNBiRnRUElU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/97e3-j6MG3_NTsW9GJZrzZ-bH9U.roa
Signing time:             Wed 31 Jan 2024 05:18:39 +0000
ROA not before:           Wed 31 Jan 2024 05:18:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51200
IP address blocks:        46.29.232.0/24 maxlen: 24
                          46.29.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/HjbeJ5dHJ6oARrPpyNBiRnRUElU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/HjbeJ5dHJ6oARrPpyNBiRnRUElU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HjbeJ5dHJ6oARrPpyNBiRnRUElU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 15 May 2024 13:36:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5d:f4:79:ee:1f:a3:b5:e4:eb:89:7c:82:42:b8:43:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e36de27974727aa0046b3e9c8d0624674541255
        Validity
            Not Before: Jan 31 05:18:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7b7b7fa3e8c1b7fcd4ec5bd18966bcd9f9b1fd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:be:2f:94:6f:d1:d5:37:cd:b8:b2:75:73:bf:
                    9c:1d:35:b6:00:15:d5:13:0b:5d:c7:98:cd:21:49:
                    c7:db:81:07:88:8e:e9:00:5a:38:ee:66:38:93:9d:
                    9f:2a:bc:39:a3:d4:bd:92:c0:79:81:0e:93:6f:d5:
                    aa:44:49:d9:98:e5:67:ec:4c:11:ad:c5:28:63:55:
                    0e:5c:8f:a5:5c:76:2c:3e:4c:09:7f:1c:03:ce:6e:
                    1a:e8:71:f0:c1:01:7b:70:35:c2:3c:91:9a:fb:e7:
                    76:2c:61:61:14:ba:8e:d6:ec:2a:4c:83:6b:28:ef:
                    6c:9f:f8:7e:cc:b0:07:37:aa:a5:4d:4c:a2:11:24:
                    ee:ed:0e:6e:ee:79:20:6c:36:ec:d6:5e:f5:6b:b4:
                    c5:3f:34:76:e0:bc:cb:a3:f4:58:ba:c3:5b:a5:8b:
                    7e:f4:3e:3d:19:02:3c:46:a7:f4:a8:91:dd:13:af:
                    27:4a:b7:fc:a6:e7:5e:60:88:b2:92:b9:d2:cc:ba:
                    58:64:d9:1d:95:cf:a2:94:eb:3e:d5:9f:8e:c2:4e:
                    46:0b:15:50:30:5d:a9:9f:44:72:7f:08:01:0c:15:
                    e2:09:e3:7c:66:5d:15:8d:40:aa:64:2f:5c:f1:4f:
                    e9:16:c7:88:b3:4a:de:ec:4c:20:45:8a:27:57:07:
                    8e:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:B7:B7:FA:3E:8C:1B:7F:CD:4E:C5:BD:18:96:6B:CD:9F:9B:1F:D5
            X509v3 Authority Key Identifier:
                keyid:1E:36:DE:27:97:47:27:AA:00:46:B3:E9:C8:D0:62:46:74:54:12:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HjbeJ5dHJ6oARrPpyNBiRnRUElU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/97e3-j6MG3_NTsW9GJZrzZ-bH9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/59e8c3-626b-4ece-8e39-df793a940bab/1/HjbeJ5dHJ6oARrPpyNBiRnRUElU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.232.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:51:f0:a7:39:11:e3:07:6c:11:26:c8:03:d0:83:e0:6f:9a:
         71:c0:13:16:09:f3:da:29:0f:92:10:cb:88:c6:53:5f:8b:7b:
         40:cf:26:48:a8:d1:05:2c:70:c2:68:44:43:5c:b6:7f:fa:f4:
         21:ca:91:5c:e2:39:6b:ef:07:3f:48:c6:90:d2:83:57:9d:26:
         6d:6e:ff:d7:a0:1b:8f:84:fa:80:13:c2:b8:42:a9:17:8e:15:
         7d:5f:2e:87:f5:33:ab:ba:f9:e5:a7:f7:54:da:f9:3c:aa:43:
         2a:cd:4d:99:a5:98:82:93:59:60:34:93:18:fe:c9:36:cc:cd:
         78:cb:c8:dd:b1:c4:25:f3:f3:50:41:5c:e7:4b:a8:8b:7c:64:
         7d:b6:da:b2:9c:0c:3c:40:c3:bb:99:9d:ee:0e:97:f9:05:55:
         c4:92:b2:eb:12:ea:ed:bb:29:97:5f:dc:0b:3a:e4:07:f5:df:
         6f:e3:3f:d1:a4:bc:00:3f:eb:0f:17:2c:ad:cb:44:80:16:bc:
         0a:1c:f8:b9:f2:6b:04:84:de:c5:f3:39:c2:af:50:d9:f1:13:
         e4:cd:a7:a2:b7:08:57:04:48:38:b4:72:37:e5:52:9e:c5:cd:
         96:41:76:04:c9:ae:17:a6:0d:0f:55:9e:0f:a5:83:95:1a:53:
         5e:eb:75:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1d9HnuH6O15OuJfIJCuEMcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMzZkZTI3OTc0NzI3YWEwMDQ2YjNlOWM4ZDA2MjQ2NzQ1
NDEyNTUwHhcNMjQwMTMxMDUxODM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2I3YjdmYTNlOGMxYjdmY2Q0ZWM1YmQxODk2NmJjZDlmOWIxZmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmb4vlG/R1TfNuLJ1c7+cHTW2ABXV
Ewtdx5jNIUnH24EHiI7pAFo47mY4k52fKrw5o9S9ksB5gQ6Tb9WqREnZmOVn7EwR
rcUoY1UOXI+lXHYsPkwJfxwDzm4a6HHwwQF7cDXCPJGa++d2LGFhFLqO1uwqTINr
KO9sn/h+zLAHN6qlTUyiESTu7Q5u7nkgbDbs1l71a7TFPzR24LzLo/RYusNbpYt+
9D49GQI8Rqf0qJHdE68nSrf8pudeYIiykrnSzLpYZNkdlc+ilOs+1Z+Owk5GCxVQ
MF2pn0RyfwgBDBXiCeN8Zl0VjUCqZC9c8U/pFseIs0re7EwgRYonVweOFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPe3t/o+jBt/zU7FvRiWa82fmx/VMB8GA1UdIwQY
MBaAFB423ieXRyeqAEaz6cjQYkZ0VBJVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGpiZUo1ZEhKNm9BUnJQcHlOQmlSblJVRWxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy81OWU4YzMtNjI2Yi00ZWNlLThlMzkt
ZGY3OTNhOTQwYmFiLzEvOTdlMy1qNk1HM19OVHNXOUdKWnJ6Wi1iSDlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy81OWU4YzMtNjI2Yi00ZWNlLThlMzktZGY3OTNhOTQwYmFi
LzEvSGpiZUo1ZEhKNm9BUnJQcHlOQmlSblJVRWxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLh3oMA0G
CSqGSIb3DQEBCwUAA4IBAQCZUfCnORHjB2wRJsgD0IPgb5pxwBMWCfPaKQ+SEMuI
xlNfi3tAzyZIqNEFLHDCaERDXLZ/+vQhypFc4jlr7wc/SMaQ0oNXnSZtbv/XoBuP
hPqAE8K4QqkXjhV9Xy6H9TOruvnlp/dU2vk8qkMqzU2ZpZiCk1lgNJMY/sk2zM14
y8jdscQl8/NQQVznS6iLfGR9ttqynAw8QMO7mZ3uDpf5BVXEkrLrEurtuymXX9wL
OuQH9d9v4z/RpLwAP+sPFyyty0SAFrwKHPi58msEhN7F8znCr1DZ8RPkzaeitwhX
BEg4tHI35VKexc2WQXYEya4Xpg0PVZ4PpYOVGlNe63Vc
-----END CERTIFICATE-----