Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/9b8d3b-0c03-4591-bd0f-87750d6f77a8/1/UtVCIRjXBxSUrq-GfxluhJ4xQe0.roa
File:                     UtVCIRjXBxSUrq-GfxluhJ4xQe0.roa (raw, json)
Hash identifier:          eZt3U3qzswT1Y55JKkwMywy6bE6PM1fhuE6aiDwBo8E=
Subject key identifier:   52:D5:42:21:18:D7:07:14:94:AE:AF:86:7F:19:6E:84:9E:31:41:ED
Certificate issuer:       /CN=88775003f7d9e8e6e1ef48db06728e668ed187bc
Certificate serial:       018CED2C6E150458176316870DD6C08179D7
Authority key identifier: 88:77:50:03:F7:D9:E8:E6:E1:EF:48:DB:06:72:8E:66:8E:D1:87:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iHdQA_fZ6Obh70jbBnKOZo7Rh7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/9b8d3b-0c03-4591-bd0f-87750d6f77a8/1/UtVCIRjXBxSUrq-GfxluhJ4xQe0.roa
Signing time:             Tue 09 Jan 2024 07:42:40 +0000
ROA not before:           Tue 09 Jan 2024 07:42:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57588
IP address blocks:        46.149.96.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/9b8d3b-0c03-4591-bd0f-87750d6f77a8/1/iHdQA_fZ6Obh70jbBnKOZo7Rh7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/9b8d3b-0c03-4591-bd0f-87750d6f77a8/1/iHdQA_fZ6Obh70jbBnKOZo7Rh7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iHdQA_fZ6Obh70jbBnKOZo7Rh7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ed:2c:6e:15:04:58:17:63:16:87:0d:d6:c0:81:79:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=88775003f7d9e8e6e1ef48db06728e668ed187bc
        Validity
            Not Before: Jan  9 07:42:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=52d5422118d7071494aeaf867f196e849e3141ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7c:4d:1f:ac:51:2c:07:ba:c3:9a:d3:22:8c:
                    b0:1c:c3:89:37:99:64:4a:c0:94:31:7b:2c:c1:2a:
                    fb:aa:2f:b2:67:17:12:4e:42:1f:0b:21:fa:2f:ea:
                    d8:d9:98:24:e0:3a:68:c5:d2:bd:89:be:37:a0:7c:
                    4a:10:48:35:d3:05:d0:f5:66:c6:d4:92:42:27:0a:
                    28:6d:ca:04:b3:b7:2a:30:dd:d4:ad:44:26:5b:e1:
                    a7:07:c9:e7:2b:ee:5c:47:e3:40:d9:3c:2e:6d:06:
                    f8:5b:83:88:39:54:92:a4:ba:ef:bb:47:f4:9c:d1:
                    5d:13:a6:34:7d:43:40:f7:d6:4c:7a:89:91:4f:4f:
                    ba:30:ea:30:3b:ff:5c:da:b1:eb:c1:a2:0a:92:19:
                    e0:d2:8a:f1:5d:00:7d:db:da:87:2d:08:a6:a0:a6:
                    d9:d8:72:4a:d2:2c:a3:14:1e:c8:0d:2b:40:77:63:
                    c5:2e:4e:f4:46:df:6b:31:c4:19:69:0b:4c:88:43:
                    eb:38:ad:81:bd:8b:91:8e:90:e4:b3:13:be:cf:0c:
                    17:3b:c5:e7:42:33:e4:68:f6:8a:19:02:7e:19:57:
                    39:b6:75:11:b4:29:29:f7:86:9b:44:2d:0f:33:bc:
                    80:58:e0:ac:5f:c2:96:d2:ba:72:74:ec:1a:ce:04:
                    79:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:D5:42:21:18:D7:07:14:94:AE:AF:86:7F:19:6E:84:9E:31:41:ED
            X509v3 Authority Key Identifier:
                keyid:88:77:50:03:F7:D9:E8:E6:E1:EF:48:DB:06:72:8E:66:8E:D1:87:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iHdQA_fZ6Obh70jbBnKOZo7Rh7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/9b8d3b-0c03-4591-bd0f-87750d6f77a8/1/UtVCIRjXBxSUrq-GfxluhJ4xQe0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/9b8d3b-0c03-4591-bd0f-87750d6f77a8/1/iHdQA_fZ6Obh70jbBnKOZo7Rh7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.149.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:01:41:c8:ff:77:18:38:e2:03:67:c7:59:0d:b2:bc:83:a5:
         e5:fa:48:47:22:62:0a:fa:a7:89:dd:09:f2:1f:d7:fb:bd:b3:
         6e:d1:8a:db:e1:f8:ef:de:94:5f:f7:5b:54:12:eb:d7:2e:43:
         9e:57:d9:5e:43:19:a1:86:43:46:3a:6a:42:a8:bf:5f:9b:e4:
         1e:e1:af:7c:1c:a9:c6:d2:f6:00:d1:d6:ad:65:34:6e:cd:50:
         af:66:0b:9a:b6:90:94:bd:75:82:17:a3:95:c4:b0:a6:fb:5f:
         77:ff:c0:2b:da:a7:94:40:5f:a2:ac:03:3a:d1:6f:9e:15:89:
         07:92:14:f1:45:e9:87:7e:71:ab:46:17:56:3d:33:5d:56:7c:
         6b:f9:83:51:a0:a2:5f:2e:4f:11:23:cf:2e:15:39:59:d3:0c:
         6c:42:c4:df:79:b6:62:d5:e8:ec:94:84:d6:4a:1b:d3:65:4d:
         4b:c2:26:5e:cb:c2:a2:cd:01:1b:d9:ad:e9:18:d6:ea:60:29:
         cb:6d:76:04:ae:30:39:f8:56:ee:34:97:4b:74:0d:56:51:d5:
         16:11:23:63:f8:26:93:95:83:39:99:52:12:5e:31:95:8b:2e:
         47:1a:6b:fc:79:38:b4:46:49:f8:0b:8b:32:db:87:44:db:f0:
         2b:31:e2:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYztLG4VBFgXYxaHDdbAgXnXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4Nzc1MDAzZjdkOWU4ZTZlMWVmNDhkYjA2NzI4ZTY2OGVk
MTg3YmMwHhcNMjQwMTA5MDc0MjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmQ1NDIyMTE4ZDcwNzE0OTRhZWFmODY3ZjE5NmU4NDllMzE0MWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAunxNH6xRLAe6w5rTIoywHMOJN5lk
SsCUMXsswSr7qi+yZxcSTkIfCyH6L+rY2Zgk4DpoxdK9ib43oHxKEEg10wXQ9WbG
1JJCJwoobcoEs7cqMN3UrUQmW+GnB8nnK+5cR+NA2TwubQb4W4OIOVSSpLrvu0f0
nNFdE6Y0fUNA99ZMeomRT0+6MOowO/9c2rHrwaIKkhng0orxXQB929qHLQimoKbZ
2HJK0iyjFB7IDStAd2PFLk70Rt9rMcQZaQtMiEPrOK2BvYuRjpDksxO+zwwXO8Xn
QjPkaPaKGQJ+GVc5tnURtCkp94abRC0PM7yAWOCsX8KW0rpydOwazgR54wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFLVQiEY1wcUlK6vhn8ZboSeMUHtMB8GA1UdIwQY
MBaAFIh3UAP32ejm4e9I2wZyjmaO0Ye8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUhkUUFfZlo2T2JoNzBqYkJuS09abzdSaDd3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi85YjhkM2ItMGMwMy00NTkxLWJkMGYt
ODc3NTBkNmY3N2E4LzEvVXRWQ0lSalhCeFNVcnEtR2Z4bHVoSjR4UWUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi85YjhkM2ItMGMwMy00NTkxLWJkMGYtODc3NTBkNmY3N2E4
LzEvaUhkUUFfZlo2T2JoNzBqYkJuS09abzdSaDd3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALpVgMA0G
CSqGSIb3DQEBCwUAA4IBAQCZAUHI/3cYOOIDZ8dZDbK8g6Xl+khHImIK+qeJ3Qny
H9f7vbNu0Yrb4fjv3pRf91tUEuvXLkOeV9leQxmhhkNGOmpCqL9fm+Qe4a98HKnG
0vYA0datZTRuzVCvZguatpCUvXWCF6OVxLCm+193/8Ar2qeUQF+irAM60W+eFYkH
khTxRemHfnGrRhdWPTNdVnxr+YNRoKJfLk8RI88uFTlZ0wxsQsTfebZi1ejslITW
ShvTZU1LwiZey8KizQEb2a3pGNbqYCnLbXYErjA5+FbuNJdLdA1WUdUWESNj+CaT
lYM5mVISXjGViy5HGmv8eTi0Rkn4C4sy24dE2/ArMeJc
-----END CERTIFICATE-----