Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/d2ff5b-0008-4572-9380-976c04bdf18f/1/lH8mLE4gasgYICo5LsqC2R0vWac.roa
File:                     lH8mLE4gasgYICo5LsqC2R0vWac.roa (raw, json)
Hash identifier:          s+D0sCpC6TcaBXNbpJvdHwa11NEoBcu9NxrPWsyJhAU=
Subject key identifier:   94:7F:26:2C:4E:20:6A:C8:18:20:2A:39:2E:CA:82:D9:1D:2F:59:A7
Certificate issuer:       /CN=29ea0bde7f692bc5fdc0b168ba614a0272f2e64d
Certificate serial:       018CC3490B26E2CDD607D0C62AC09F55210C
Authority key identifier: 29:EA:0B:DE:7F:69:2B:C5:FD:C0:B1:68:BA:61:4A:02:72:F2:E6:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KeoL3n9pK8X9wLFoumFKAnLy5k0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/d2ff5b-0008-4572-9380-976c04bdf18f/1/lH8mLE4gasgYICo5LsqC2R0vWac.roa
Signing time:             Mon 01 Jan 2024 04:29:53 +0000
ROA not before:           Mon 01 Jan 2024 04:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207456
IP address blocks:        46.149.104.0/24 maxlen: 24
                          193.23.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/d2ff5b-0008-4572-9380-976c04bdf18f/1/KeoL3n9pK8X9wLFoumFKAnLy5k0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/d2ff5b-0008-4572-9380-976c04bdf18f/1/KeoL3n9pK8X9wLFoumFKAnLy5k0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KeoL3n9pK8X9wLFoumFKAnLy5k0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 19:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:0b:26:e2:cd:d6:07:d0:c6:2a:c0:9f:55:21:0c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29ea0bde7f692bc5fdc0b168ba614a0272f2e64d
        Validity
            Not Before: Jan  1 04:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=947f262c4e206ac818202a392eca82d91d2f59a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:7d:15:d6:56:c4:c4:4c:36:17:97:41:d7:87:
                    37:b4:a1:e2:22:9d:93:50:7f:ea:4a:61:78:47:fc:
                    79:b8:29:4c:74:d3:98:26:8a:31:de:d8:7b:b8:12:
                    fc:11:5f:6b:92:2a:24:e5:1d:74:f5:b1:b5:57:c5:
                    e6:09:c2:6e:bc:29:c5:a5:29:e7:de:c2:15:48:c7:
                    dc:49:ba:9a:72:86:24:a1:6a:75:3e:c2:83:45:be:
                    eb:92:1b:c2:a0:14:f1:6a:27:81:11:f1:d9:c1:85:
                    54:a2:81:6f:7b:fc:2c:0e:c2:ad:27:a9:a9:67:47:
                    14:28:95:3e:7a:2a:ec:d5:4b:dc:51:e3:16:2a:d4:
                    cc:19:56:c9:af:23:a2:23:02:09:5f:de:84:92:13:
                    06:ad:20:45:99:e5:c7:e0:cd:99:3c:a2:11:ff:aa:
                    ca:a8:15:b1:f5:66:94:9a:57:d2:d2:b1:80:0c:d2:
                    37:cb:3b:f6:ad:b9:b9:20:07:7c:8e:46:e9:94:dc:
                    09:fc:1f:bb:66:48:66:e4:87:74:81:1e:31:3c:a5:
                    57:3c:7b:b3:c9:67:db:bc:bf:d0:9d:76:20:e9:3d:
                    09:e6:06:1c:65:51:1e:ff:f9:1e:c0:a9:96:a8:48:
                    c1:a8:9c:00:c9:29:d5:21:c4:3a:0c:be:5d:f2:fb:
                    69:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:7F:26:2C:4E:20:6A:C8:18:20:2A:39:2E:CA:82:D9:1D:2F:59:A7
            X509v3 Authority Key Identifier:
                keyid:29:EA:0B:DE:7F:69:2B:C5:FD:C0:B1:68:BA:61:4A:02:72:F2:E6:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KeoL3n9pK8X9wLFoumFKAnLy5k0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d2ff5b-0008-4572-9380-976c04bdf18f/1/lH8mLE4gasgYICo5LsqC2R0vWac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/d2ff5b-0008-4572-9380-976c04bdf18f/1/KeoL3n9pK8X9wLFoumFKAnLy5k0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.149.104.0/24
                  193.23.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:c0:5a:a1:9e:76:14:3b:3a:c0:bb:10:97:e4:a0:b1:08:86:
         44:b4:3a:0b:5a:4a:1c:72:46:e4:62:bf:ad:a2:8d:7f:71:d8:
         0b:77:40:3d:7d:78:c9:fb:79:53:c2:5d:2e:f1:16:92:82:9c:
         ac:89:4c:47:db:bf:b3:7e:5e:66:6e:00:4e:66:c7:f6:61:8f:
         46:5f:86:39:a1:27:0d:db:16:75:f8:98:a3:08:2b:82:5b:12:
         2e:4c:75:e3:25:5b:5b:ba:31:7b:ac:ae:f4:f8:b1:fa:20:41:
         f9:7a:71:ea:1f:99:d5:66:df:02:f6:50:b9:90:9b:8e:e9:48:
         27:4f:48:34:b7:1b:70:11:c0:b9:5e:d8:92:4b:1e:ca:a4:1c:
         5b:a9:19:29:b5:2a:d3:4e:99:a3:a7:76:7e:d4:cb:36:10:f9:
         13:1f:e3:2f:4c:42:7c:e8:b4:1a:4e:45:c8:4c:c1:b2:2b:49:
         6f:3b:41:72:65:ce:9f:d5:10:38:42:e6:fa:03:3a:d8:63:e7:
         72:5b:18:74:6c:5a:9b:ac:5e:39:0a:1f:02:08:c0:10:91:e7:
         f2:d9:dc:a3:19:63:88:b6:89:f7:ec:2d:ac:ba:80:e6:80:c3:
         88:4e:4f:3f:80:4f:b0:69:34:71:4e:90:4c:0c:0c:23:01:53:
         67:e6:e7:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSQsm4s3WB9DGKsCfVSEMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ZWEwYmRlN2Y2OTJiYzVmZGMwYjE2OGJhNjE0YTAyNzJm
MmU2NGQwHhcNMjQwMTAxMDQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDdmMjYyYzRlMjA2YWM4MTgyMDJhMzkyZWNhODJkOTFkMmY1OWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwn0V1lbExEw2F5dB14c3tKHiIp2T
UH/qSmF4R/x5uClMdNOYJoox3th7uBL8EV9rkiok5R109bG1V8XmCcJuvCnFpSnn
3sIVSMfcSbqacoYkoWp1PsKDRb7rkhvCoBTxaieBEfHZwYVUooFve/wsDsKtJ6mp
Z0cUKJU+eirs1UvcUeMWKtTMGVbJryOiIwIJX96EkhMGrSBFmeXH4M2ZPKIR/6rK
qBWx9WaUmlfS0rGADNI3yzv2rbm5IAd8jkbplNwJ/B+7Zkhm5Id0gR4xPKVXPHuz
yWfbvL/QnXYg6T0J5gYcZVEe//kewKmWqEjBqJwAySnVIcQ6DL5d8vtp0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJR/JixOIGrIGCAqOS7KgtkdL1mnMB8GA1UdIwQY
MBaAFCnqC95/aSvF/cCxaLphSgJy8uZNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2VvTDNuOXBLOFg5d0xGb3VtRktBbkx5NWswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9kMmZmNWItMDAwOC00NTcyLTkzODAt
OTc2YzA0YmRmMThmLzEvbEg4bUxFNGdhc2dZSUNvNUxzcUMyUjB2V2FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9kMmZmNWItMDAwOC00NTcyLTkzODAtOTc2YzA0YmRmMThm
LzEvS2VvTDNuOXBLOFg5d0xGb3VtRktBbkx5NWswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALpVoAwQA
wReFMA0GCSqGSIb3DQEBCwUAA4IBAQCcwFqhnnYUOzrAuxCX5KCxCIZEtDoLWkoc
ckbkYr+too1/cdgLd0A9fXjJ+3lTwl0u8RaSgpysiUxH27+zfl5mbgBOZsf2YY9G
X4Y5oScN2xZ1+JijCCuCWxIuTHXjJVtbujF7rK70+LH6IEH5enHqH5nVZt8C9lC5
kJuO6UgnT0g0txtwEcC5XtiSSx7KpBxbqRkptSrTTpmjp3Z+1Ms2EPkTH+MvTEJ8
6LQaTkXITMGyK0lvO0FyZc6f1RA4Qub6AzrYY+dyWxh0bFqbrF45Ch8CCMAQkefy
2dyjGWOIton37C2suoDmgMOITk8/gE+waTRxTpBMDAwjAVNn5ufn
-----END CERTIFICATE-----