Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/xrHb9RLfLgGyrp6vySbN9qL4WXI.roa
File:                     xrHb9RLfLgGyrp6vySbN9qL4WXI.roa (raw, json)
Hash identifier:          JI/HQb/xh9nsLtZwI1KZbFosNinwBYXfmn/O3PFNXKw=
Subject key identifier:   C6:B1:DB:F5:12:DF:2E:01:B2:AE:9E:AF:C9:26:CD:F6:A2:F8:59:72
Certificate issuer:       /CN=aca77c708af0ba1f81549c9f87089559390167a5
Certificate serial:       018CC9BC2266B06C4A743C42F6B55D0A4F3F
Authority key identifier: AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/xrHb9RLfLgGyrp6vySbN9qL4WXI.roa
Signing time:             Tue 02 Jan 2024 10:33:19 +0000
ROA not before:           Tue 02 Jan 2024 10:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        46.183.152.0/21 maxlen: 21
                          185.1.102.0/24 maxlen: 24
                          2001:7f8:bd::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 02:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:22:66:b0:6c:4a:74:3c:42:f6:b5:5d:0a:4f:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aca77c708af0ba1f81549c9f87089559390167a5
        Validity
            Not Before: Jan  2 10:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c6b1dbf512df2e01b2ae9eafc926cdf6a2f85972
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:06:fe:f7:35:7c:ed:bd:95:b6:3c:c9:fd:56:
                    9a:df:07:df:6d:67:22:62:a9:7f:d8:60:04:a1:2d:
                    ba:eb:9d:f5:07:2f:38:28:08:a2:8b:75:25:36:78:
                    08:d8:eb:ed:ab:a9:28:b0:1b:b6:73:79:c7:ac:4d:
                    be:7c:79:c4:da:47:75:4b:4d:05:7c:16:1c:9e:4c:
                    14:8e:53:9c:e7:2d:ca:da:69:2f:d3:a9:d8:d4:50:
                    33:e2:cf:cf:89:f9:d1:ae:cc:a9:4f:52:fa:bd:32:
                    55:04:7d:38:19:c7:c8:fb:31:f3:e7:49:52:50:7b:
                    78:16:22:fd:c5:df:81:76:cd:1e:fc:46:0e:06:06:
                    45:cd:b8:d7:a8:14:e1:5b:95:6d:a1:d2:f7:0f:aa:
                    e1:24:94:a6:4b:64:ba:83:ce:20:fd:60:a4:ed:05:
                    78:30:8b:0f:94:d3:39:2d:8a:43:49:f7:8f:84:af:
                    dc:ff:5f:93:54:93:bc:99:61:14:10:c4:f4:21:e8:
                    b8:32:7b:f4:b3:04:86:04:e5:1a:eb:5a:57:fa:e4:
                    f7:39:5e:bc:3d:15:72:f5:43:8f:88:65:67:ef:23:
                    71:04:b6:68:c0:42:00:20:07:a8:d3:74:84:7e:7c:
                    3b:07:09:73:57:51:fc:d8:f4:d8:74:9c:4d:06:a2:
                    57:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:B1:DB:F5:12:DF:2E:01:B2:AE:9E:AF:C9:26:CD:F6:A2:F8:59:72
            X509v3 Authority Key Identifier:
                keyid:AC:A7:7C:70:8A:F0:BA:1F:81:54:9C:9F:87:08:95:59:39:01:67:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/xrHb9RLfLgGyrp6vySbN9qL4WXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/8fe7d8-017b-41aa-a91f-28b19e3fd4a6/1/rKd8cIrwuh-BVJyfhwiVWTkBZ6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.152.0/21
                  185.1.102.0/24
                IPv6:
                  2001:7f8:bd::/48

    Signature Algorithm: sha256WithRSAEncryption
         45:0d:22:c1:96:89:9d:1c:27:bf:ae:d5:8c:68:4f:71:6a:30:
         b9:60:77:57:41:ce:8a:03:a9:34:62:47:bd:7a:f7:fb:e3:6d:
         29:3f:82:d0:b2:44:e9:18:ad:8d:cb:ab:66:2a:68:f5:eb:29:
         29:07:0d:72:16:cd:58:56:8a:17:55:a2:9d:2d:75:cb:67:fe:
         87:de:09:29:45:e4:03:c9:4b:ef:73:75:5a:2d:e5:26:db:34:
         f5:f3:59:d0:a4:f4:c5:5f:f9:66:e2:92:d4:e8:c4:cc:24:3a:
         1b:aa:ed:a4:99:1a:e6:59:d5:b3:a0:51:f6:79:7c:0a:d4:58:
         93:61:29:fd:37:83:81:0a:de:2d:95:76:f8:c8:11:fc:c9:8f:
         63:96:9e:8d:19:a1:fe:60:ac:dd:73:59:0d:5c:45:07:4d:0a:
         4e:3a:f0:81:59:ed:30:d1:a2:89:79:a2:6e:f0:b4:5f:b9:ac:
         9d:57:eb:90:a0:75:6d:c1:67:50:e4:12:cb:28:6d:55:61:ac:
         63:b7:1c:cf:83:e1:aa:dc:31:0a:72:0c:08:25:b7:eb:37:ed:
         cf:2b:2c:80:d6:90:55:26:5c:f3:e3:af:57:5a:90:1a:e5:8b:
         71:ea:df:14:09:37:a5:9c:34:92:b5:5a:41:c7:0e:5e:20:7a:
         79:9b:c6:26
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzJvCJmsGxKdDxC9rVdCk8/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjYTc3YzcwOGFmMGJhMWY4MTU0OWM5Zjg3MDg5NTU5Mzkw
MTY3YTUwHhcNMjQwMTAyMTAzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNmIxZGJmNTEyZGYyZTAxYjJhZTllYWZjOTI2Y2RmNmEyZjg1OTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxwb+9zV87b2VtjzJ/Vaa3wffbWci
Yql/2GAEoS266531By84KAiii3UlNngI2Ovtq6kosBu2c3nHrE2+fHnE2kd1S00F
fBYcnkwUjlOc5y3K2mkv06nY1FAz4s/PifnRrsypT1L6vTJVBH04GcfI+zHz50lS
UHt4FiL9xd+Bds0e/EYOBgZFzbjXqBThW5VtodL3D6rhJJSmS2S6g84g/WCk7QV4
MIsPlNM5LYpDSfePhK/c/1+TVJO8mWEUEMT0Iei4Mnv0swSGBOUa61pX+uT3OV68
PRVy9UOPiGVn7yNxBLZowEIAIAeo03SEfnw7BwlzV1H82PTYdJxNBqJXkwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFMax2/US3y4Bsq6er8kmzfai+FlyMB8GA1UdIwQY
MBaAFKynfHCK8LofgVScn4cIlVk5AWelMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcktkOGNJcnd1aC1CVkp5Zmh3aVZXVGtCWjZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84ZmU3ZDgtMDE3Yi00MWFhLWE5MWYt
MjhiMTllM2ZkNGE2LzEveHJIYjlSTGZMZ0d5cnA2dnlTYk45cUw0V1hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84ZmU3ZDgtMDE3Yi00MWFhLWE5MWYtMjhiMTllM2ZkNGE2
LzEvcktkOGNJcnd1aC1CVkp5Zmh3aVZXVGtCWjZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQDLreYAwQA
uQFmMA8EAgACMAkDBwAgAQf4AL0wDQYJKoZIhvcNAQELBQADggEBAEUNIsGWiZ0c
J7+u1YxoT3FqMLlgd1dBzooDqTRiR7169/vjbSk/gtCyROkYrY3Lq2YqaPXrKSkH
DXIWzVhWihdVop0tdctn/ofeCSlF5APJS+9zdVot5SbbNPXzWdCk9MVf+WbiktTo
xMwkOhuq7aSZGuZZ1bOgUfZ5fArUWJNhKf03g4EK3i2VdvjIEfzJj2OWno0Zof5g
rN1zWQ1cRQdNCk468IFZ7TDRool5om7wtF+5rJ1X65CgdW3BZ1DkEssobVVhrGO3
HM+D4arcMQpyDAglt+s37c8rLIDWkFUmXPPjr1dakBrli3Hq3xQJN6WcNJK1WkHH
Dl4genmbxiY=
-----END CERTIFICATE-----