Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/vO_y6VIwYq6qfEIxk5e9qSRMRSo.roa
File:                     vO_y6VIwYq6qfEIxk5e9qSRMRSo.roa (raw, json)
Hash identifier:          t2qvnHemp+7MxMy1gOFg0UZH4D+EK8bgUwRnPbmLpec=
Subject key identifier:   BC:EF:F2:E9:52:30:62:AE:AA:7C:42:31:93:97:BD:A9:24:4C:45:2A
Certificate issuer:       /CN=0c90c356e2864f43894857443555d8b5c0352819
Certificate serial:       018E4D823EC715EEEE6867939A21981B235F
Authority key identifier: 0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/vO_y6VIwYq6qfEIxk5e9qSRMRSo.roa
Signing time:             Sun 17 Mar 2024 17:42:45 +0000
ROA not before:           Sun 17 Mar 2024 17:42:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215421
IP address blocks:        46.36.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:4d:82:3e:c7:15:ee:ee:68:67:93:9a:21:98:1b:23:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0c90c356e2864f43894857443555d8b5c0352819
        Validity
            Not Before: Mar 17 17:42:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bceff2e9523062aeaa7c42319397bda9244c452a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:40:01:dc:5a:ea:b8:28:ea:27:eb:41:fa:ab:
                    59:bf:3e:49:34:47:80:bc:c0:bb:d8:a2:85:23:a3:
                    08:4a:f7:87:be:b9:fc:c1:36:7b:4e:b7:c6:48:91:
                    08:17:9e:84:d9:ab:9d:06:08:08:ec:0c:8c:52:28:
                    a1:64:d5:92:c0:d3:12:1a:87:bf:86:96:4b:f0:f0:
                    24:86:76:c2:3a:d4:a8:80:ac:2d:e3:16:c4:c7:9b:
                    de:00:7f:19:8d:8b:64:a5:95:16:b9:60:06:9c:36:
                    34:7d:79:ef:21:33:2b:39:fe:d1:b0:1a:52:86:0f:
                    7a:93:89:c5:b7:5f:01:8b:81:55:c5:3e:de:17:c9:
                    9a:e9:7f:20:51:f4:ce:e3:4a:14:9d:81:62:5b:fb:
                    99:2a:1c:8c:ea:5a:19:c5:eb:f7:82:ba:7b:56:35:
                    cc:e3:2e:2c:a8:cc:94:89:2e:48:c0:b9:35:98:21:
                    47:56:37:d7:25:15:ae:46:41:4c:5c:a7:4d:e7:66:
                    17:ed:10:04:bb:e2:4f:ae:b6:61:cf:21:c9:7a:bd:
                    e9:3f:e2:d7:87:3e:92:c2:7c:c0:02:17:71:df:b5:
                    54:e1:5c:0a:ff:35:b7:25:20:e2:3d:9c:63:96:31:
                    19:42:be:6d:d8:61:f2:ba:50:79:69:df:c5:a6:02:
                    fa:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:EF:F2:E9:52:30:62:AE:AA:7C:42:31:93:97:BD:A9:24:4C:45:2A
            X509v3 Authority Key Identifier:
                keyid:0C:90:C3:56:E2:86:4F:43:89:48:57:44:35:55:D8:B5:C0:35:28:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DJDDVuKGT0OJSFdENVXYtcA1KBk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/vO_y6VIwYq6qfEIxk5e9qSRMRSo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/ac5a56-163a-497a-9547-e3799ade9dfe/1/DJDDVuKGT0OJSFdENVXYtcA1KBk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:82:49:91:6f:b1:1f:f7:03:59:eb:86:cf:82:4b:79:ca:5d:
         8f:5a:9d:b9:46:1d:f5:65:85:1a:39:43:b0:43:38:a9:ce:e5:
         60:d2:80:77:82:65:92:74:ca:2f:85:ef:1b:cc:ba:76:47:fb:
         cc:2f:f0:b8:3c:43:bd:2c:36:c5:37:b6:66:81:f9:65:8d:e3:
         3b:5e:bb:ff:4a:87:8c:d9:7a:96:aa:b4:5b:e2:3e:10:0f:8d:
         21:f1:e8:1c:d9:0b:c3:fe:86:e7:f4:de:23:66:f1:9f:0f:0d:
         cf:2f:33:d7:d1:c1:d6:30:02:cb:8f:89:c8:2b:82:53:1f:72:
         b2:41:ef:5f:70:7d:2d:e8:f2:00:de:29:c0:ef:5e:73:fe:49:
         1e:8d:2e:21:e0:9c:ce:a8:15:a3:de:bb:cb:92:ff:61:fc:ff:
         70:34:a2:cf:1c:e6:bd:d7:1e:31:0a:bc:68:c3:4d:fd:f8:d2:
         54:c0:e0:c2:ad:a2:e2:c9:e6:25:19:49:df:23:b5:f7:9f:12:
         30:3c:e3:ed:7e:ca:19:45:07:b7:fd:cf:82:61:2f:c2:98:c2:
         d1:6f:4b:7f:c5:5c:a6:36:d3:1e:f6:fb:7c:79:8f:1c:66:06:
         00:7d:85:67:bf:ad:47:e2:6f:17:31:3f:ac:26:23:88:67:e5:
         9b:c3:ee:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5Ngj7HFe7uaGeTmiGYGyNfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjOTBjMzU2ZTI4NjRmNDM4OTQ4NTc0NDM1NTVkOGI1YzAz
NTI4MTkwHhcNMjQwMzE3MTc0MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2VmZjJlOTUyMzA2MmFlYWE3YzQyMzE5Mzk3YmRhOTI0NGM0NTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkAB3FrquCjqJ+tB+qtZvz5JNEeA
vMC72KKFI6MISveHvrn8wTZ7TrfGSJEIF56E2audBggI7AyMUiihZNWSwNMSGoe/
hpZL8PAkhnbCOtSogKwt4xbEx5veAH8ZjYtkpZUWuWAGnDY0fXnvITMrOf7RsBpS
hg96k4nFt18Bi4FVxT7eF8ma6X8gUfTO40oUnYFiW/uZKhyM6loZxev3grp7VjXM
4y4sqMyUiS5IwLk1mCFHVjfXJRWuRkFMXKdN52YX7RAEu+JPrrZhzyHJer3pP+LX
hz6SwnzAAhdx37VU4VwK/zW3JSDiPZxjljEZQr5t2GHyulB5ad/FpgL66wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLzv8ulSMGKuqnxCMZOXvakkTEUqMB8GA1UdIwQY
MBaAFAyQw1bihk9DiUhXRDVV2LXANSgZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDct
ZTM3OTlhZGU5ZGZlLzEvdk9feTZWSXdZcTZxZkVJeGs1ZTlxU1JNUlNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC9hYzVhNTYtMTYzYS00OTdhLTk1NDctZTM3OTlhZGU5ZGZl
LzEvREpERFZ1S0dUME9KU0ZkRU5WWFl0Y0ExS0JrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiR7MA0G
CSqGSIb3DQEBCwUAA4IBAQBNgkmRb7Ef9wNZ64bPgkt5yl2PWp25Rh31ZYUaOUOw
QzipzuVg0oB3gmWSdMovhe8bzLp2R/vML/C4PEO9LDbFN7ZmgflljeM7Xrv/SoeM
2XqWqrRb4j4QD40h8egc2QvD/obn9N4jZvGfDw3PLzPX0cHWMALLj4nIK4JTH3Ky
Qe9fcH0t6PIA3inA715z/kkejS4h4JzOqBWj3rvLkv9h/P9wNKLPHOa91x4xCrxo
w039+NJUwODCraLiyeYlGUnfI7X3nxIwPOPtfsoZRQe3/c+CYS/CmMLRb0t/xVym
NtMe9vt8eY8cZgYAfYVnv61H4m8XMT+sJiOIZ+Wbw+4S
-----END CERTIFICATE-----