Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/giCBWON-J44v5k3VBMPJtsYzdwI.roa
File:                     giCBWON-J44v5k3VBMPJtsYzdwI.roa (raw, json)
Hash identifier:          /j9hYu7445Fnqvp55EfL/BXfjNLPCw6i9ja7Z48p0D0=
Subject key identifier:   82:20:81:58:E3:7E:27:8E:2F:E6:4D:D5:04:C3:C9:B6:C6:33:77:02
Certificate issuer:       /CN=0f6363d428b7915c108825f09706004b8ea3d4b5
Certificate serial:       018CC7935A5BBA5682FBB5B62C2915352A76
Authority key identifier: 0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/giCBWON-J44v5k3VBMPJtsYzdwI.roa
Signing time:             Tue 02 Jan 2024 00:29:32 +0000
ROA not before:           Tue 02 Jan 2024 00:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47583
IP address blocks:        46.28.44.0/22 maxlen: 24
                          46.28.40.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:5a:5b:ba:56:82:fb:b5:b6:2c:29:15:35:2a:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f6363d428b7915c108825f09706004b8ea3d4b5
        Validity
            Not Before: Jan  2 00:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=82208158e37e278e2fe64dd504c3c9b6c6337702
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:4f:4b:6d:9f:bb:2f:22:cb:76:67:95:ed:c9:
                    62:31:0f:ba:49:ed:df:e6:c0:0e:c4:da:72:76:87:
                    ac:1b:c5:a3:0c:aa:a7:56:5c:15:d6:17:67:ee:9f:
                    1a:6a:28:7f:3a:bd:2b:d2:8f:96:13:b0:4a:88:2f:
                    af:74:11:4a:91:1b:4c:38:1a:cd:b0:37:f5:da:22:
                    c1:e2:31:e0:de:f6:9b:b9:78:6e:a2:1f:a8:91:3e:
                    05:80:e4:55:39:2b:24:b2:88:41:aa:8f:7a:6e:1c:
                    4b:df:50:e1:0f:e8:bd:f2:fb:2e:33:82:24:22:71:
                    6d:3b:54:81:87:fe:fe:93:94:9b:3d:56:19:37:93:
                    57:1b:fe:bb:6d:08:ce:6c:fd:30:ae:8e:49:7c:5a:
                    d7:2d:37:66:b8:25:3d:9e:d0:35:5c:16:be:a4:01:
                    dd:41:ba:f6:92:c5:09:48:4e:27:73:72:52:d3:4a:
                    e1:0a:a2:91:41:85:77:e5:06:da:26:da:d3:7f:71:
                    7c:2f:30:d1:b7:11:0e:54:6a:90:4b:8c:78:ae:b6:
                    e8:fc:9c:14:14:c9:9b:f1:2a:10:3b:b5:15:42:ee:
                    e7:76:12:9d:ea:e0:e2:49:19:bf:74:37:6e:da:27:
                    83:66:cd:b2:50:da:b1:c3:5b:82:16:b1:1b:1c:6c:
                    7b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:20:81:58:E3:7E:27:8E:2F:E6:4D:D5:04:C3:C9:B6:C6:33:77:02
            X509v3 Authority Key Identifier:
                keyid:0F:63:63:D4:28:B7:91:5C:10:88:25:F0:97:06:00:4B:8E:A3:D4:B5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/giCBWON-J44v5k3VBMPJtsYzdwI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d7/6becb0-18fd-4add-bb41-2e1c0af4faa4/1/D2Nj1Ci3kVwQiCXwlwYAS46j1LU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         97:b0:39:5c:1c:d6:2a:89:46:13:90:40:15:c0:14:eb:30:71:
         95:0b:79:da:20:ef:ab:4a:fc:6b:f0:7c:92:32:77:f1:3d:e3:
         49:7e:70:15:27:29:17:8c:ad:77:a3:23:47:d3:db:bb:0d:e6:
         3e:e3:97:64:dd:74:fb:27:2e:38:79:4b:0c:22:7a:e3:ef:d1:
         90:cb:21:bc:7f:8e:6a:27:1d:b8:06:00:4a:29:f6:3d:5f:3b:
         0e:9a:6f:cd:ea:f9:23:f9:d2:83:e0:4c:0b:a1:f1:54:fb:9b:
         5c:95:53:d7:54:1f:6c:04:a1:c0:4d:10:81:57:13:9b:d0:2f:
         fe:f3:e2:be:8e:a0:c5:27:4c:3b:a0:a4:78:cb:36:5e:b6:5b:
         df:57:3d:96:8e:24:22:69:22:3f:2b:f1:ba:9a:9e:a8:bc:71:
         f0:3a:90:26:56:b1:c8:d1:20:cc:8a:f5:4e:36:bb:0a:50:b7:
         25:74:ce:a9:91:a8:5e:bb:86:5d:fe:c5:88:25:89:c0:0d:f1:
         c2:02:2f:30:6a:75:3a:cd:c9:e6:7a:bc:87:04:83:8c:0e:eb:
         64:88:8b:04:8f:65:14:e7:c8:a8:ba:9d:42:10:14:8a:b1:38:
         8d:34:af:f7:56:ab:13:54:a9:d1:f3:01:58:47:66:c6:f3:64:
         c0:d7:94:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHk1pbulaC+7W2LCkVNSp2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmNjM2M2Q0MjhiNzkxNWMxMDg4MjVmMDk3MDYwMDRiOGVh
M2Q0YjUwHhcNMjQwMTAyMDAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjIwODE1OGUzN2UyNzhlMmZlNjRkZDUwNGMzYzliNmM2MzM3NzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoE9LbZ+7LyLLdmeV7cliMQ+6Se3f
5sAOxNpydoesG8WjDKqnVlwV1hdn7p8aaih/Or0r0o+WE7BKiC+vdBFKkRtMOBrN
sDf12iLB4jHg3vabuXhuoh+okT4FgORVOSsksohBqo96bhxL31DhD+i98vsuM4Ik
InFtO1SBh/7+k5SbPVYZN5NXG/67bQjObP0wro5JfFrXLTdmuCU9ntA1XBa+pAHd
Qbr2ksUJSE4nc3JS00rhCqKRQYV35QbaJtrTf3F8LzDRtxEOVGqQS4x4rrbo/JwU
FMmb8SoQO7UVQu7ndhKd6uDiSRm/dDdu2ieDZs2yUNqxw1uCFrEbHGx7aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIIggVjjfieOL+ZN1QTDybbGM3cCMB8GA1UdIwQY
MBaAFA9jY9Qot5FcEIgl8JcGAEuOo9S1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEt
MmUxYzBhZjRmYWE0LzEvZ2lDQldPTi1KNDR2NWszVkJNUEp0c1l6ZHdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNy82YmVjYjAtMThmZC00YWRkLWJiNDEtMmUxYzBhZjRmYWE0
LzEvRDJOajFDaTNrVndRaUNYd2x3WUFTNDZqMUxVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLhwoMA0G
CSqGSIb3DQEBCwUAA4IBAQCXsDlcHNYqiUYTkEAVwBTrMHGVC3naIO+rSvxr8HyS
MnfxPeNJfnAVJykXjK13oyNH09u7DeY+45dk3XT7Jy44eUsMInrj79GQyyG8f45q
Jx24BgBKKfY9XzsOmm/N6vkj+dKD4EwLofFU+5tclVPXVB9sBKHATRCBVxOb0C/+
8+K+jqDFJ0w7oKR4yzZetlvfVz2WjiQiaSI/K/G6mp6ovHHwOpAmVrHI0SDMivVO
NrsKULcldM6pkaheu4Zd/sWIJYnADfHCAi8wanU6zcnmeryHBIOMDutkiIsEj2UU
58ioup1CEBSKsTiNNK/3VqsTVKnR8wFYR2bG82TA15Si
-----END CERTIFICATE-----