Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/XNSPEidrLViPOnU_ylEcsNRIkSM.roa
File:                     XNSPEidrLViPOnU_ylEcsNRIkSM.roa (raw, json)
Hash identifier:          fVY8M+sOAQkYtWYmGStjgbj5+XvrK8ZmGdagOJ5rJcY=
Subject key identifier:   5C:D4:8F:12:27:6B:2D:58:8F:3A:75:3F:CA:51:1C:B0:D4:48:91:23
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       018CC9BC270534068E14DFF042E99BB0B7DF
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/XNSPEidrLViPOnU_ylEcsNRIkSM.roa
Signing time:             Tue 02 Jan 2024 10:33:20 +0000
ROA not before:           Tue 02 Jan 2024 10:33:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44077
IP address blocks:        46.233.40.0/23 maxlen: 24
                          46.233.47.0/24 maxlen: 24
                          46.233.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:05:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:27:05:34:06:8e:14:df:f0:42:e9:9b:b0:b7:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Jan  2 10:33:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cd48f12276b2d588f3a753fca511cb0d4489123
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:b6:26:c4:22:29:84:15:cc:ea:7c:e8:ac:60:
                    5c:97:27:1f:00:e7:38:49:35:37:6f:99:35:ea:b2:
                    b6:6b:b2:d3:89:26:92:a1:56:31:26:f0:57:05:5c:
                    2d:26:00:a3:b9:f3:a5:3e:b3:9e:fd:5c:99:9a:c5:
                    87:e3:09:11:ff:0c:e9:6a:f4:71:2b:52:c7:4a:ab:
                    09:88:88:44:cc:de:1d:26:23:6d:85:f9:73:bb:b3:
                    65:f8:cb:68:14:a7:78:75:62:d3:1f:aa:17:41:4c:
                    a2:43:a2:3a:4e:a2:9c:58:16:d3:96:d5:59:7c:d2:
                    ef:15:4a:78:ec:92:13:4a:28:5e:ae:d8:f7:43:a1:
                    e3:4e:6c:47:b8:e7:50:3e:80:77:42:57:52:60:1e:
                    4a:2b:ed:81:46:00:67:11:cc:51:a4:14:4a:aa:f1:
                    a4:3f:d5:fd:a1:f5:e8:76:ef:ef:3a:7e:8e:81:dc:
                    28:4d:4e:df:c8:39:a1:a2:45:21:83:3d:76:a8:cd:
                    fd:6b:6f:09:0f:b0:82:4b:bf:27:42:0e:19:17:c3:
                    99:87:e8:ef:48:22:b5:f5:52:d7:94:dc:25:b5:21:
                    77:30:ba:17:f4:f4:71:a6:13:da:ac:94:71:46:8f:
                    eb:49:33:78:28:24:d4:b5:1a:60:c3:55:03:13:3f:
                    ed:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:D4:8F:12:27:6B:2D:58:8F:3A:75:3F:CA:51:1C:B0:D4:48:91:23
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/XNSPEidrLViPOnU_ylEcsNRIkSM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.40.0/23
                  46.233.46.0/23

    Signature Algorithm: sha256WithRSAEncryption
         54:ee:7d:4a:22:7e:66:f5:7f:c9:be:a1:16:36:02:25:fb:fc:
         91:3c:1f:8f:00:72:8a:57:45:e1:d4:1d:44:e7:3c:45:4b:3f:
         8d:46:70:58:f3:cb:9b:4a:3b:4b:f1:b7:78:0f:17:7e:0a:ba:
         7d:87:41:2c:5c:e6:03:ad:a2:70:5e:91:05:da:17:f1:3b:7b:
         9c:6a:98:d6:6c:0e:30:46:b3:ac:83:13:48:1c:81:4d:6b:4e:
         2b:ed:cb:75:7f:fe:c6:b1:e2:64:0c:57:71:c7:66:9c:7f:34:
         53:b3:97:67:4c:82:30:22:d0:82:24:99:38:5d:02:0f:ab:ee:
         bf:8e:33:80:3e:c6:5d:7d:73:5a:a0:f7:ff:f3:18:87:bf:2d:
         9d:05:b0:ef:6d:1a:c5:68:be:48:0c:c4:a4:bf:12:00:17:f1:
         9c:09:05:49:a6:c5:82:f2:d5:c8:62:63:14:d4:64:b6:95:60:
         d0:6c:1f:33:48:45:b1:24:ed:0e:09:7c:8f:dd:fb:9e:dd:5c:
         5c:0d:9a:70:da:ed:ed:d5:c3:af:bc:32:9f:fe:fb:26:8a:74:
         00:0d:15:ea:b8:8c:15:35:1c:18:34:5b:e1:73:22:c5:1b:2f:
         8a:85:4d:2d:ea:98:c2:ff:d4:fd:0b:39:d2:e8:4f:9c:2b:b5:
         28:ae:d8:bd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvCcFNAaOFN/wQumbsLffMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjQwMTAyMTAzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2Q0OGYxMjI3NmIyZDU4OGYzYTc1M2ZjYTUxMWNiMGQ0NDg5MTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj7YmxCIphBXM6nzorGBclycfAOc4
STU3b5k16rK2a7LTiSaSoVYxJvBXBVwtJgCjufOlPrOe/VyZmsWH4wkR/wzpavRx
K1LHSqsJiIhEzN4dJiNthflzu7Nl+MtoFKd4dWLTH6oXQUyiQ6I6TqKcWBbTltVZ
fNLvFUp47JITSihertj3Q6HjTmxHuOdQPoB3QldSYB5KK+2BRgBnEcxRpBRKqvGk
P9X9ofXodu/vOn6OgdwoTU7fyDmhokUhgz12qM39a28JD7CCS78nQg4ZF8OZh+jv
SCK19VLXlNwltSF3MLoX9PRxphParJRxRo/rSTN4KCTUtRpgw1UDEz/t1QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFzUjxInay1Yjzp1P8pRHLDUSJEjMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvWE5TUEVpZHJMVmlQT25VX3lsRWNzTlJJa1NNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLukoAwQB
LukuMA0GCSqGSIb3DQEBCwUAA4IBAQBU7n1KIn5m9X/JvqEWNgIl+/yRPB+PAHKK
V0Xh1B1E5zxFSz+NRnBY88ubSjtL8bd4Dxd+Crp9h0EsXOYDraJwXpEF2hfxO3uc
apjWbA4wRrOsgxNIHIFNa04r7ct1f/7GseJkDFdxx2acfzRTs5dnTIIwItCCJJk4
XQIPq+6/jjOAPsZdfXNaoPf/8xiHvy2dBbDvbRrFaL5IDMSkvxIAF/GcCQVJpsWC
8tXIYmMU1GS2lWDQbB8zSEWxJO0OCXyP3fue3VxcDZpw2u3t1cOvvDKf/vsminQA
DRXquIwVNRwYNFvhcyLFGy+KhU0t6pjC/9T9CznS6E+cK7Uorti9
-----END CERTIFICATE-----