Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/ea0d4a-64a0-42ea-8bd7-9c22d04228b2/1/ARJiU5eLhDKvZnD6c0tNlltO8J4.roa
File:                     ARJiU5eLhDKvZnD6c0tNlltO8J4.roa (raw, json)
Hash identifier:          PUe/EUy1001zsWktV4WDW2Q8DrsmcsYXUhQungauaeg=
Subject key identifier:   01:12:62:53:97:8B:84:32:AF:66:70:FA:73:4B:4D:96:5B:4E:F0:9E
Certificate issuer:       /CN=18c48d1b33abdead205b0a920fb333827e1ce150
Certificate serial:       018E668C39E912AB4DCE1F2C1A64A951A884
Authority key identifier: 18:C4:8D:1B:33:AB:DE:AD:20:5B:0A:92:0F:B3:33:82:7E:1C:E1:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GMSNGzOr3q0gWwqSD7Mzgn4c4VA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/ea0d4a-64a0-42ea-8bd7-9c22d04228b2/1/ARJiU5eLhDKvZnD6c0tNlltO8J4.roa
Signing time:             Fri 22 Mar 2024 14:24:09 +0000
ROA not before:           Fri 22 Mar 2024 14:24:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25504
IP address blocks:        46.175.56.0/21 maxlen: 24
                          91.233.26.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/ea0d4a-64a0-42ea-8bd7-9c22d04228b2/1/GMSNGzOr3q0gWwqSD7Mzgn4c4VA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/ea0d4a-64a0-42ea-8bd7-9c22d04228b2/1/GMSNGzOr3q0gWwqSD7Mzgn4c4VA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GMSNGzOr3q0gWwqSD7Mzgn4c4VA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 09:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:66:8c:39:e9:12:ab:4d:ce:1f:2c:1a:64:a9:51:a8:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18c48d1b33abdead205b0a920fb333827e1ce150
        Validity
            Not Before: Mar 22 14:24:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01126253978b8432af6670fa734b4d965b4ef09e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:ad:ba:57:92:7b:97:a1:d6:b5:22:34:d2:e3:
                    fa:0a:e1:3c:a5:be:af:06:a0:c3:b5:d2:44:5f:04:
                    c3:c5:16:05:ba:85:70:23:eb:35:f1:8f:f7:f0:b0:
                    25:99:c3:6d:b9:71:58:7d:5e:90:88:e7:9c:f1:12:
                    38:b9:23:24:f9:85:b7:a5:60:1c:6a:9b:42:e2:62:
                    47:35:ee:99:12:48:85:e7:f4:75:20:ec:10:75:82:
                    4b:44:fe:d3:a8:b3:c9:12:a2:f3:32:df:cb:ba:ac:
                    e3:d3:a6:9a:be:cb:8d:48:78:dd:21:bb:36:0b:66:
                    28:ed:48:0a:8d:8e:c4:7c:15:ab:e6:36:c7:26:23:
                    6a:c3:6f:c9:17:1c:01:8c:31:12:ae:68:16:30:ae:
                    de:cc:d1:7f:81:f0:ce:ef:4a:66:7a:67:c7:5c:fd:
                    b1:ae:d7:4c:9f:68:88:88:e4:b2:83:81:35:6f:a6:
                    75:9d:95:58:8b:9d:55:ce:d9:4b:ca:c0:e1:b2:6f:
                    fc:6a:03:9c:89:b2:a9:e4:0f:1e:0d:9a:73:ae:65:
                    fe:98:8c:13:1a:73:7f:cd:26:4d:30:49:dd:5d:a7:
                    85:1a:09:6e:a7:ca:36:94:a3:d2:80:54:bf:1f:ee:
                    29:42:6e:43:b9:e8:ed:70:1d:ee:65:37:a6:fe:a2:
                    3f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:12:62:53:97:8B:84:32:AF:66:70:FA:73:4B:4D:96:5B:4E:F0:9E
            X509v3 Authority Key Identifier:
                keyid:18:C4:8D:1B:33:AB:DE:AD:20:5B:0A:92:0F:B3:33:82:7E:1C:E1:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GMSNGzOr3q0gWwqSD7Mzgn4c4VA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/ea0d4a-64a0-42ea-8bd7-9c22d04228b2/1/ARJiU5eLhDKvZnD6c0tNlltO8J4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/ea0d4a-64a0-42ea-8bd7-9c22d04228b2/1/GMSNGzOr3q0gWwqSD7Mzgn4c4VA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.175.56.0/21
                  91.233.26.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8c:bf:62:4d:d5:7e:be:5f:33:4d:07:11:ae:a8:20:b2:70:cd:
         82:d5:7e:20:5a:c9:a2:5b:02:1b:8e:69:9f:4e:7c:8c:e9:78:
         46:59:0c:47:40:eb:ff:73:6b:82:39:69:f2:60:01:72:47:ee:
         ae:ea:af:32:f4:84:84:a1:af:fa:7e:39:d6:e8:1f:29:d1:a6:
         ca:bf:47:a9:bb:42:86:d9:bb:1c:9c:c6:b4:e8:1f:6b:89:ca:
         de:07:62:65:a1:9f:b1:fe:65:f9:d0:cf:ee:47:4f:5a:b8:0b:
         2e:db:cb:d8:a6:80:95:f2:8e:eb:47:d8:8b:36:5a:6c:dc:c1:
         4a:f3:95:3d:26:d6:d1:b7:a7:29:ad:a4:7e:a1:37:51:30:aa:
         16:4f:ff:91:9e:ed:c4:42:22:2d:1d:69:1e:5c:e5:28:e9:38:
         f2:4b:02:3b:5b:33:06:04:af:07:a0:c6:82:34:a9:ad:5b:a9:
         84:29:7d:79:c4:3a:b5:1a:65:10:7a:e9:30:de:20:c9:0f:65:
         ce:bc:02:84:90:cd:17:f6:3d:22:8a:3c:9d:bf:2a:4e:98:32:
         e3:ee:dc:bd:4f:59:d8:fb:b6:09:25:41:6f:60:09:d4:fb:d3:
         3a:83:cd:38:5b:44:05:0a:31:1d:0b:2c:bf:a6:d1:69:34:24:
         0e:99:e8:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY5mjDnpEqtNzh8sGmSpUaiEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4YzQ4ZDFiMzNhYmRlYWQyMDViMGE5MjBmYjMzMzgyN2Ux
Y2UxNTAwHhcNMjQwMzIyMTQyNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTEyNjI1Mzk3OGI4NDMyYWY2NjcwZmE3MzRiNGQ5NjViNGVmMDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5626V5J7l6HWtSI00uP6CuE8pb6v
BqDDtdJEXwTDxRYFuoVwI+s18Y/38LAlmcNtuXFYfV6QiOec8RI4uSMk+YW3pWAc
aptC4mJHNe6ZEkiF5/R1IOwQdYJLRP7TqLPJEqLzMt/Luqzj06aavsuNSHjdIbs2
C2Yo7UgKjY7EfBWr5jbHJiNqw2/JFxwBjDESrmgWMK7ezNF/gfDO70pmemfHXP2x
rtdMn2iIiOSyg4E1b6Z1nZVYi51VztlLysDhsm/8agOcibKp5A8eDZpzrmX+mIwT
GnN/zSZNMEndXaeFGglup8o2lKPSgFS/H+4pQm5DuejtcB3uZTem/qI/UQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAESYlOXi4Qyr2Zw+nNLTZZbTvCeMB8GA1UdIwQY
MBaAFBjEjRszq96tIFsKkg+zM4J+HOFQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR01TTkd6T3IzcTBnV3dxU0Q3TXpnbjRjNFZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC9lYTBkNGEtNjRhMC00MmVhLThiZDct
OWMyMmQwNDIyOGIyLzEvQVJKaVU1ZUxoREt2Wm5ENmMwdE5sbHRPOEo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC9lYTBkNGEtNjRhMC00MmVhLThiZDctOWMyMmQwNDIyOGIy
LzEvR01TTkd6T3IzcTBnV3dxU0Q3TXpnbjRjNFZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLq84AwQB
W+kaMA0GCSqGSIb3DQEBCwUAA4IBAQCMv2JN1X6+XzNNBxGuqCCycM2C1X4gWsmi
WwIbjmmfTnyM6XhGWQxHQOv/c2uCOWnyYAFyR+6u6q8y9ISEoa/6fjnW6B8p0abK
v0epu0KG2bscnMa06B9ricreB2JloZ+x/mX50M/uR09auAsu28vYpoCV8o7rR9iL
Nlps3MFK85U9JtbRt6cpraR+oTdRMKoWT/+Rnu3EQiItHWkeXOUo6TjySwI7WzMG
BK8HoMaCNKmtW6mEKX15xDq1GmUQeukw3iDJD2XOvAKEkM0X9j0iijydvypOmDLj
7ty9T1nY+7YJJUFvYAnU+9M6g804W0QFCjEdCyy/ptFpNCQOmegA
-----END CERTIFICATE-----