Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/kFbvGRx-vk8hnM5v6ZVvsvMGmoM.roa
File:                     kFbvGRx-vk8hnM5v6ZVvsvMGmoM.roa (raw, json)
Hash identifier:          khqpdu9wCYtgL3CqZe/c6Dw+oI+KSioTSYm8SfqUFk8=
Subject key identifier:   90:56:EF:19:1C:7E:BE:4F:21:9C:CE:6F:E9:95:6F:B2:F3:06:9A:83
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       018CC9BC25BBCECDB5DFE559A49BA4775361
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/kFbvGRx-vk8hnM5v6ZVvsvMGmoM.roa
Signing time:             Tue 02 Jan 2024 10:33:19 +0000
ROA not before:           Tue 02 Jan 2024 10:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        46.233.38.0/24 maxlen: 24
                          46.233.42.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 04:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:25:bb:ce:cd:b5:df:e5:59:a4:9b:a4:77:53:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Jan  2 10:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9056ef191c7ebe4f219cce6fe9956fb2f3069a83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a6:c1:4d:5a:e3:f9:39:41:8b:ce:27:a7:8b:
                    c8:8d:17:a8:f4:de:99:98:e8:11:bb:be:24:68:ae:
                    8d:68:eb:0d:ab:c1:92:1e:42:58:58:cd:b0:4f:3c:
                    46:ef:3d:7e:8b:56:bf:e1:b7:8d:5b:94:b3:2c:5e:
                    31:f4:a0:ae:8a:98:44:33:da:f3:7b:dc:8a:aa:66:
                    3e:03:27:5c:49:b7:12:3b:98:15:d3:e9:50:ce:87:
                    cd:da:73:19:44:1e:57:45:62:ef:16:0d:6b:0d:11:
                    d5:a4:a7:51:23:a3:98:05:fc:c6:21:28:7a:18:a5:
                    bc:f0:cf:53:13:e4:18:3c:8a:28:b6:f6:d5:ad:24:
                    53:c1:7f:ab:53:81:79:8e:27:33:6f:6b:38:f0:f3:
                    0c:91:5a:83:f5:6b:2a:aa:e4:f4:a3:d4:15:8d:c9:
                    3e:1a:51:98:de:a4:25:40:1e:99:1f:58:d8:b0:88:
                    b3:cf:6d:66:d8:36:1b:2f:f2:8c:ed:08:d2:bc:ea:
                    71:cb:09:8d:be:a2:72:2e:2e:97:96:d5:d5:25:fe:
                    04:12:97:f3:dc:97:6b:b4:2f:57:bf:72:dd:3f:e5:
                    33:28:6b:e5:6f:16:a9:01:d6:bd:0a:68:7d:46:aa:
                    86:59:f1:9b:0e:b0:e0:a7:dc:0d:9c:f9:a4:a0:f0:
                    ff:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:56:EF:19:1C:7E:BE:4F:21:9C:CE:6F:E9:95:6F:B2:F3:06:9A:83
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/kFbvGRx-vk8hnM5v6ZVvsvMGmoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.38.0/24
                  46.233.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:a0:e5:9d:34:02:6d:a3:ea:68:e5:13:44:26:3a:17:f1:ae:
         37:d4:03:48:1f:44:a8:61:14:59:8e:88:99:b3:01:0b:ec:08:
         e0:73:60:94:eb:28:f4:73:f0:88:2a:b9:61:3b:f2:f7:67:43:
         8c:0c:46:65:af:73:77:a1:aa:51:08:ca:b6:f5:45:9e:39:72:
         11:a4:98:18:d2:6d:07:6e:e7:01:1a:da:e4:f9:b2:dd:25:08:
         39:de:be:69:df:d6:b0:3d:23:93:0a:0a:27:17:58:db:05:28:
         6d:bf:40:4f:fe:bd:83:b8:18:ef:72:c0:69:72:df:68:5e:81:
         2e:a1:72:3f:f3:05:e8:f2:40:87:06:bc:3c:40:16:fa:78:aa:
         b3:f5:7b:f5:d6:81:fd:f1:6e:b8:e2:cd:8b:2b:48:3b:1d:d2:
         a2:2d:69:e1:67:35:3e:1a:76:89:d9:3a:6e:03:60:17:17:60:
         50:99:2f:2e:e1:c4:72:4d:48:05:ce:7a:df:e8:17:6d:eb:92:
         cc:76:ff:b4:24:cc:c3:6a:50:52:04:cf:58:00:e3:6f:47:5f:
         2e:e6:aa:aa:17:63:36:ff:bd:b7:7a:67:20:d3:77:80:d0:d9:
         38:ec:2c:a4:25:12:e3:19:71:7d:9f:37:67:55:db:35:f7:60:
         7e:44:6d:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvCW7zs213+VZpJukd1NhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjQwMTAyMTAzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDU2ZWYxOTFjN2ViZTRmMjE5Y2NlNmZlOTk1NmZiMmYzMDY5YTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06bBTVrj+TlBi84np4vIjReo9N6Z
mOgRu74kaK6NaOsNq8GSHkJYWM2wTzxG7z1+i1a/4beNW5SzLF4x9KCuiphEM9rz
e9yKqmY+AydcSbcSO5gV0+lQzofN2nMZRB5XRWLvFg1rDRHVpKdRI6OYBfzGISh6
GKW88M9TE+QYPIootvbVrSRTwX+rU4F5jiczb2s48PMMkVqD9WsqquT0o9QVjck+
GlGY3qQlQB6ZH1jYsIizz21m2DYbL/KM7QjSvOpxywmNvqJyLi6XltXVJf4EEpfz
3JdrtC9Xv3LdP+UzKGvlbxapAda9Cmh9RqqGWfGbDrDgp9wNnPmkoPD/YwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJBW7xkcfr5PIZzOb+mVb7LzBpqDMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEva0ZidkdSeC12azhobk01djZaVnZzdk1HbW9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALukmAwQB
LukqMA0GCSqGSIb3DQEBCwUAA4IBAQAHoOWdNAJto+po5RNEJjoX8a431ANIH0So
YRRZjoiZswEL7Ajgc2CU6yj0c/CIKrlhO/L3Z0OMDEZlr3N3oapRCMq29UWeOXIR
pJgY0m0HbucBGtrk+bLdJQg53r5p39awPSOTCgonF1jbBShtv0BP/r2DuBjvcsBp
ct9oXoEuoXI/8wXo8kCHBrw8QBb6eKqz9Xv11oH98W644s2LK0g7HdKiLWnhZzU+
GnaJ2TpuA2AXF2BQmS8u4cRyTUgFznrf6Bdt65LMdv+0JMzDalBSBM9YAONvR18u
5qqqF2M2/723emcg03eA0Nk47CykJRLjGXF9nzdnVds192B+RG1T
-----END CERTIFICATE-----