Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/ba2857-c098-44d2-9c01-e720feb10103/1/RhLlNCw6qtpA4ux3xjQBOcMl7rc.roa
File:                     RhLlNCw6qtpA4ux3xjQBOcMl7rc.roa (raw, json)
Hash identifier:          6gKAvupDMRAyfbro1TkW10sjIg2UaJNJ9gnashg98fs=
Subject key identifier:   46:12:E5:34:2C:3A:AA:DA:40:E2:EC:77:C6:34:01:39:C3:25:EE:B7
Certificate issuer:       /CN=23a42497970d65541ddb159658e3b0a6e2f516b7
Certificate serial:       018CC9BBB00D19D3F6AE56810EFEA634112F
Authority key identifier: 23:A4:24:97:97:0D:65:54:1D:DB:15:96:58:E3:B0:A6:E2:F5:16:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I6Qkl5cNZVQd2xWWWOOwpuL1Frc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/ba2857-c098-44d2-9c01-e720feb10103/1/RhLlNCw6qtpA4ux3xjQBOcMl7rc.roa
Signing time:             Tue 02 Jan 2024 10:32:49 +0000
ROA not before:           Tue 02 Jan 2024 10:32:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50134
IP address blocks:        194.246.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/ba2857-c098-44d2-9c01-e720feb10103/1/I6Qkl5cNZVQd2xWWWOOwpuL1Frc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/ba2857-c098-44d2-9c01-e720feb10103/1/I6Qkl5cNZVQd2xWWWOOwpuL1Frc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I6Qkl5cNZVQd2xWWWOOwpuL1Frc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 22:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:b0:0d:19:d3:f6:ae:56:81:0e:fe:a6:34:11:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23a42497970d65541ddb159658e3b0a6e2f516b7
        Validity
            Not Before: Jan  2 10:32:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4612e5342c3aaada40e2ec77c6340139c325eeb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d8:2f:75:d8:7f:6b:e0:70:32:7b:d0:c4:53:
                    e2:c3:c0:62:80:a7:1b:0a:7d:6a:f8:4d:e9:97:de:
                    2b:b8:8b:87:68:ca:80:2d:35:f4:91:16:07:b5:0c:
                    34:eb:6f:75:24:4c:5a:2c:a1:04:be:30:a9:c3:85:
                    65:20:3e:2d:f7:12:d2:52:b8:24:c2:d6:73:c3:b7:
                    88:ff:cf:11:19:9d:31:8e:80:7d:6d:ff:b9:e2:0b:
                    a9:29:b3:b7:f0:26:a0:43:51:21:fc:ff:54:38:d8:
                    91:0c:19:f8:c9:8e:0e:1d:27:e9:b7:33:1d:66:66:
                    94:69:aa:79:62:a4:4a:22:04:3b:45:e2:cf:d2:26:
                    60:d8:0b:aa:76:11:a4:c7:46:64:16:81:ac:d0:60:
                    c5:53:e7:3d:d7:24:45:a5:96:cc:13:c7:0d:f9:c4:
                    9c:df:00:db:cf:2e:d0:ea:e0:23:11:63:1c:61:cf:
                    f0:46:8b:bf:1b:e8:82:f6:48:1d:fd:7f:b1:db:16:
                    f4:34:14:e3:7b:cc:f0:75:c9:8c:20:49:0a:8f:7f:
                    1e:af:1a:f2:de:a8:87:78:0f:4d:c0:33:71:7f:71:
                    37:91:3c:80:3a:38:ee:f0:6e:c9:64:91:b6:d1:98:
                    f2:65:8d:dc:07:dd:76:36:32:26:2f:c1:8b:32:01:
                    54:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:12:E5:34:2C:3A:AA:DA:40:E2:EC:77:C6:34:01:39:C3:25:EE:B7
            X509v3 Authority Key Identifier:
                keyid:23:A4:24:97:97:0D:65:54:1D:DB:15:96:58:E3:B0:A6:E2:F5:16:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I6Qkl5cNZVQd2xWWWOOwpuL1Frc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/ba2857-c098-44d2-9c01-e720feb10103/1/RhLlNCw6qtpA4ux3xjQBOcMl7rc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/ba2857-c098-44d2-9c01-e720feb10103/1/I6Qkl5cNZVQd2xWWWOOwpuL1Frc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.246.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:97:41:38:c1:8b:f9:72:58:bb:20:83:90:6c:64:d9:4a:e1:
         00:ed:60:a5:b3:fd:cc:b6:d0:dc:6b:82:ef:ec:f9:28:8d:80:
         da:6c:76:e7:74:17:3b:8a:49:75:9c:a8:80:69:46:ab:1e:1c:
         fa:63:b9:56:04:8b:14:59:12:a7:d3:19:a4:ac:d6:e7:28:fc:
         df:e3:c0:4f:7e:13:fd:c8:9a:1b:20:85:6c:fb:1a:78:8a:06:
         f1:4d:e5:ad:fe:f2:5f:86:bb:fa:c4:df:e5:56:3a:33:8f:19:
         44:3e:92:30:2e:e2:75:c2:db:2b:d9:63:06:a0:33:b5:ff:04:
         f0:f0:5a:dd:70:aa:1e:17:cb:86:86:e2:7c:e1:e3:55:47:df:
         c6:e3:e3:44:55:da:0d:94:23:e4:80:d2:4d:52:37:85:52:19:
         5f:cd:cc:42:34:14:4b:3c:a4:e7:f6:7c:8c:69:6e:37:64:79:
         64:69:eb:b1:fa:e8:3f:29:55:a3:92:4a:26:5f:c4:62:59:2b:
         57:42:1f:56:75:26:3d:ea:00:2d:f3:17:00:9e:bf:dd:7d:8b:
         c6:3a:3e:b4:56:40:a0:f0:2a:95:47:a0:7c:14:a6:e1:80:c4:
         62:ec:aa:41:d5:5f:f9:01:2e:d9:93:58:8f:d9:f3:c0:65:56:
         ef:35:cc:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu7ANGdP2rlaBDv6mNBEvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzYTQyNDk3OTcwZDY1NTQxZGRiMTU5NjU4ZTNiMGE2ZTJm
NTE2YjcwHhcNMjQwMTAyMTAzMjQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjEyZTUzNDJjM2FhYWRhNDBlMmVjNzdjNjM0MDEzOWMzMjVlZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9gvddh/a+BwMnvQxFPiw8BigKcb
Cn1q+E3pl94ruIuHaMqALTX0kRYHtQw06291JExaLKEEvjCpw4VlID4t9xLSUrgk
wtZzw7eI/88RGZ0xjoB9bf+54gupKbO38CagQ1Eh/P9UONiRDBn4yY4OHSfptzMd
ZmaUaap5YqRKIgQ7ReLP0iZg2AuqdhGkx0ZkFoGs0GDFU+c91yRFpZbME8cN+cSc
3wDbzy7Q6uAjEWMcYc/wRou/G+iC9kgd/X+x2xb0NBTje8zwdcmMIEkKj38erxry
3qiHeA9NwDNxf3E3kTyAOjju8G7JZJG20ZjyZY3cB912NjImL8GLMgFUDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEYS5TQsOqraQOLsd8Y0ATnDJe63MB8GA1UdIwQY
MBaAFCOkJJeXDWVUHdsVlljjsKbi9Ra3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTZRa2w1Y05aVlFkMnhXV1dPT3dwdUwxRnJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC9iYTI4NTctYzA5OC00NGQyLTljMDEt
ZTcyMGZlYjEwMTAzLzEvUmhMbE5DdzZxdHBBNHV4M3hqUUJPY01sN3JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC9iYTI4NTctYzA5OC00NGQyLTljMDEtZTcyMGZlYjEwMTAz
LzEvSTZRa2w1Y05aVlFkMnhXV1dPT3dwdUwxRnJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwvZMMA0G
CSqGSIb3DQEBCwUAA4IBAQB7l0E4wYv5cli7IIOQbGTZSuEA7WCls/3MttDca4Lv
7PkojYDabHbndBc7ikl1nKiAaUarHhz6Y7lWBIsUWRKn0xmkrNbnKPzf48BPfhP9
yJobIIVs+xp4igbxTeWt/vJfhrv6xN/lVjozjxlEPpIwLuJ1wtsr2WMGoDO1/wTw
8FrdcKoeF8uGhuJ84eNVR9/G4+NEVdoNlCPkgNJNUjeFUhlfzcxCNBRLPKTn9nyM
aW43ZHlkaeux+ug/KVWjkkomX8RiWStXQh9WdSY96gAt8xcAnr/dfYvGOj60VkCg
8CqVR6B8FKbhgMRi7KpB1V/5AS7Zk1iP2fPAZVbvNcyu
-----END CERTIFICATE-----