Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/Go_TPOfKW1TPHIXjma9O4ObqeJU.roa
File:                     Go_TPOfKW1TPHIXjma9O4ObqeJU.roa (raw, json)
Hash identifier:          N4UeIKsCNupQLXMmHLd6JUYhsbFcfzKth1vkXC2im5I=
Subject key identifier:   1A:8F:D3:3C:E7:CA:5B:54:CF:1C:85:E3:99:AF:4E:E0:E6:EA:78:95
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       018CC9BC26CC875EE81558459817A44B8B8A
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/Go_TPOfKW1TPHIXjma9O4ObqeJU.roa
Signing time:             Tue 02 Jan 2024 10:33:20 +0000
ROA not before:           Tue 02 Jan 2024 10:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43431
IP address blocks:        46.233.38.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:26:cc:87:5e:e8:15:58:45:98:17:a4:4b:8b:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Jan  2 10:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1a8fd33ce7ca5b54cf1c85e399af4ee0e6ea7895
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:86:17:19:72:15:7f:a5:cd:8a:9a:9c:d2:57:
                    55:de:12:3e:0e:2e:ca:16:4f:0a:45:7c:29:c1:3c:
                    7a:b4:89:14:1f:78:84:39:ad:c3:ef:2f:ac:a8:5c:
                    66:2b:fb:9e:59:e1:91:2b:63:a8:19:10:a9:a3:79:
                    57:62:53:df:aa:9c:59:66:de:e2:30:4f:91:b3:c7:
                    a5:a9:3b:4d:aa:7a:1f:13:fd:04:f3:1c:ff:ab:c3:
                    2c:ac:b7:70:c0:eb:ca:5a:08:4e:5f:90:64:da:0c:
                    f7:73:08:e9:1b:56:2e:56:e1:2a:b7:78:1c:5f:e9:
                    9f:05:01:f1:60:f1:92:7c:6e:1e:4c:3b:bc:d1:a3:
                    fe:0b:0a:9c:b9:60:aa:fd:25:bd:41:80:60:f3:dc:
                    68:15:87:6d:b7:78:c3:73:c6:4d:82:a1:8e:1d:0c:
                    b2:7c:1c:ce:8a:9e:5e:bc:5c:f5:1e:a6:a2:64:45:
                    08:e1:33:a9:d1:59:9f:e3:c1:ca:19:34:9d:dc:e3:
                    35:2b:da:c2:df:63:d4:a9:89:22:8e:93:2b:ef:d6:
                    fc:54:18:bf:99:17:d8:75:eb:5f:87:38:99:c2:ef:
                    8f:0a:2a:a8:0e:03:9d:99:66:1a:be:57:14:15:75:
                    82:3d:1b:57:57:73:77:a8:d0:4c:e6:77:79:9e:59:
                    a4:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:8F:D3:3C:E7:CA:5B:54:CF:1C:85:E3:99:AF:4E:E0:E6:EA:78:95
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/Go_TPOfKW1TPHIXjma9O4ObqeJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:86:8f:d9:9e:91:55:7f:89:4b:f7:a5:10:88:29:83:ec:89:
         ce:cc:da:0c:5f:35:44:48:12:c7:c0:c3:f4:92:95:d6:0e:0d:
         6a:8c:f8:d4:59:eb:72:32:69:72:16:d0:90:bc:b1:04:71:ab:
         35:2c:85:2e:30:9b:6d:2f:2c:8d:17:31:dc:c5:ac:3f:76:ac:
         e2:13:28:ae:c0:87:a5:15:51:c4:49:78:bf:3b:a4:33:fc:d7:
         78:9f:a4:ed:97:d8:e7:e2:43:dd:68:a7:e9:74:53:da:16:d6:
         f3:fa:c2:d0:48:d6:ed:75:66:99:00:f3:88:a8:d5:29:5e:75:
         fa:b2:aa:ef:90:10:40:dc:5a:55:11:95:1d:b3:15:7f:3d:45:
         f7:06:59:6e:e8:89:76:d2:6a:ab:f8:79:98:32:76:7f:a7:82:
         0d:4a:33:73:62:47:90:95:75:cb:66:b6:e7:f0:85:41:b2:ab:
         d6:04:d3:87:42:42:27:0b:24:db:f2:fb:91:bd:f6:4f:35:b1:
         0e:4a:c3:aa:b1:58:a4:7f:55:92:f9:77:c8:d6:b8:df:74:d8:
         d5:68:ae:ca:e9:31:02:c3:71:23:30:9e:b4:25:a7:c2:b0:bb:
         d6:82:f5:47:d7:b8:ca:cd:8d:03:e4:e3:bc:0b:0d:be:a7:9b:
         fe:3c:2c:1e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvCbMh17oFVhFmBekS4uKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjQwMTAyMTAzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYThmZDMzY2U3Y2E1YjU0Y2YxYzg1ZTM5OWFmNGVlMGU2ZWE3ODk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3IYXGXIVf6XNipqc0ldV3hI+Di7K
Fk8KRXwpwTx6tIkUH3iEOa3D7y+sqFxmK/ueWeGRK2OoGRCpo3lXYlPfqpxZZt7i
ME+Rs8elqTtNqnofE/0E8xz/q8MsrLdwwOvKWghOX5Bk2gz3cwjpG1YuVuEqt3gc
X+mfBQHxYPGSfG4eTDu80aP+CwqcuWCq/SW9QYBg89xoFYdtt3jDc8ZNgqGOHQyy
fBzOip5evFz1HqaiZEUI4TOp0Vmf48HKGTSd3OM1K9rC32PUqYkijpMr79b8VBi/
mRfYdetfhziZwu+PCiqoDgOdmWYavlcUFXWCPRtXV3N3qNBM5nd5nlmkFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBqP0zznyltUzxyF45mvTuDm6niVMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvR29fVFBPZktXMVRQSElYam1hOU80T2JxZUpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALukmMA0G
CSqGSIb3DQEBCwUAA4IBAQCbho/ZnpFVf4lL96UQiCmD7InOzNoMXzVESBLHwMP0
kpXWDg1qjPjUWetyMmlyFtCQvLEEcas1LIUuMJttLyyNFzHcxaw/dqziEyiuwIel
FVHESXi/O6Qz/Nd4n6Ttl9jn4kPdaKfpdFPaFtbz+sLQSNbtdWaZAPOIqNUpXnX6
sqrvkBBA3FpVEZUdsxV/PUX3Bllu6Il20mqr+HmYMnZ/p4INSjNzYkeQlXXLZrbn
8IVBsqvWBNOHQkInCyTb8vuRvfZPNbEOSsOqsVikf1WS+XfI1rjfdNjVaK7K6TEC
w3EjMJ60JafCsLvWgvVH17jKzY0D5OO8Cw2+p5v+PCwe
-----END CERTIFICATE-----