Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/z1w7flMSnlsN-clqegHhsuje7xw.roa
File:                     z1w7flMSnlsN-clqegHhsuje7xw.roa (raw, json)
Hash identifier:          Nbd4CukJwQ1oi5fYZh0xh4qKmha4bc8rDliKC46655o=
Subject key identifier:   CF:5C:3B:7E:53:12:9E:5B:0D:F9:C9:6A:7A:01:E1:B2:E8:DE:EF:1C
Certificate issuer:       /CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
Certificate serial:       0192E695AC77B187E6ED380169D208B97E4A
Authority key identifier: 6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/z1w7flMSnlsN-clqegHhsuje7xw.roa
Signing time:             Fri 01 Nov 2024 07:17:01 +0000
ROA not before:           Fri 01 Nov 2024 07:17:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        46.233.42.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:e6:95:ac:77:b1:87:e6:ed:38:01:69:d2:08:b9:7e:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6fc50d0d42067b76ab1a2e8e533ff849b65d56f5
        Validity
            Not Before: Nov  1 07:17:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf5c3b7e53129e5b0df9c96a7a01e1b2e8deef1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:1b:25:9f:c1:ec:ff:af:c6:b2:87:15:f3:47:
                    55:4e:6c:c6:5f:44:23:60:49:55:c9:28:b2:ba:af:
                    81:7a:99:8e:94:6e:9e:1b:c1:af:e5:84:e1:32:25:
                    dd:3c:61:06:4b:76:34:63:60:36:43:6b:80:3d:d8:
                    f0:ab:b8:67:f9:83:77:ae:75:a6:16:0d:3e:12:ea:
                    52:80:e9:3e:75:22:e9:17:ac:c3:4b:5f:a1:2e:92:
                    81:9d:62:dd:9c:27:b2:cb:42:fc:05:79:c0:16:41:
                    8b:df:8f:5f:29:77:04:98:e8:b5:d3:c3:78:71:b4:
                    1c:9f:cf:53:ea:0f:f2:49:3b:3a:cf:b4:46:6e:71:
                    e6:cc:04:15:cb:d2:63:1a:a4:f3:2d:c5:07:bd:6e:
                    0a:b3:29:db:79:6b:65:38:74:c9:77:c0:17:5e:33:
                    38:4e:fd:76:aa:17:77:7d:11:6f:11:75:14:d8:f3:
                    d6:1b:d7:1b:b4:ab:26:b7:a4:c7:f8:0e:16:23:84:
                    b7:e1:e0:32:59:9e:96:36:f7:7c:c4:6e:dc:56:1b:
                    d0:8f:75:04:98:5b:d6:7b:69:d7:fd:69:eb:c6:d2:
                    e9:37:06:b0:1f:f9:20:0f:d6:a3:f2:5e:84:d7:43:
                    34:88:35:bb:ec:fe:bb:5f:4a:db:86:15:da:a9:5c:
                    b6:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:5C:3B:7E:53:12:9E:5B:0D:F9:C9:6A:7A:01:E1:B2:E8:DE:EF:1C
            X509v3 Authority Key Identifier:
                keyid:6F:C5:0D:0D:42:06:7B:76:AB:1A:2E:8E:53:3F:F8:49:B6:5D:56:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8UNDUIGe3arGi6OUz_4SbZdVvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/z1w7flMSnlsN-clqegHhsuje7xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/de/f2bd6c-4843-4ead-aa09-3c16ff841ab2/1/b8UNDUIGe3arGi6OUz_4SbZdVvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.233.42.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:eb:75:79:57:09:b3:0f:d0:79:5b:6d:c2:d8:c7:b9:e3:9a:
         5c:8c:6f:bd:35:de:fa:4c:d0:54:14:37:da:12:07:43:8e:21:
         24:ca:26:4d:8b:fe:22:5a:02:6a:2c:a4:a9:3a:01:42:ef:e2:
         04:d8:c0:05:69:8b:9d:b5:d7:54:9f:01:11:b1:86:0a:94:7f:
         3f:f8:09:e3:30:7b:92:71:aa:2e:04:9b:e2:22:00:79:9c:25:
         fd:dc:01:ee:21:95:2f:2b:09:e3:12:57:a0:7c:7c:e4:9a:e5:
         e5:21:05:e9:59:1d:54:59:15:a5:a1:33:ae:b3:17:18:2f:a1:
         0f:f3:b7:0c:35:3f:37:cb:e8:ab:fd:5b:25:51:be:de:dd:ff:
         10:13:46:c1:83:16:09:ed:16:df:36:60:5a:f5:f4:69:d7:47:
         1e:5f:73:34:0b:47:f1:3f:27:94:3b:c3:d8:eb:a8:8a:fe:d6:
         29:41:1a:66:5f:16:9e:1d:a5:0d:89:b8:ba:13:07:01:b8:f9:
         0c:58:7b:03:86:d9:1f:4e:a1:af:33:66:4d:ee:77:8a:90:5f:
         04:46:7c:29:08:90:34:85:9b:80:14:a3:ac:48:26:17:38:06:
         54:32:61:5f:6b:7d:c4:91:1a:d8:6d:15:b0:31:81:4c:98:22:
         87:60:c2:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLmlax3sYfm7TgBadIIuX5KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmYzUwZDBkNDIwNjdiNzZhYjFhMmU4ZTUzM2ZmODQ5YjY1
ZDU2ZjUwHhcNMjQxMTAxMDcxNzAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjVjM2I3ZTUzMTI5ZTViMGRmOWM5NmE3YTAxZTFiMmU4ZGVlZjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyhsln8Hs/6/GsocV80dVTmzGX0Qj
YElVySiyuq+BepmOlG6eG8Gv5YThMiXdPGEGS3Y0Y2A2Q2uAPdjwq7hn+YN3rnWm
Fg0+EupSgOk+dSLpF6zDS1+hLpKBnWLdnCeyy0L8BXnAFkGL349fKXcEmOi108N4
cbQcn89T6g/ySTs6z7RGbnHmzAQVy9JjGqTzLcUHvW4KsynbeWtlOHTJd8AXXjM4
Tv12qhd3fRFvEXUU2PPWG9cbtKsmt6TH+A4WI4S34eAyWZ6WNvd8xG7cVhvQj3UE
mFvWe2nX/WnrxtLpNwawH/kgD9aj8l6E10M0iDW77P67X0rbhhXaqVy2HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM9cO35TEp5bDfnJanoB4bLo3u8cMB8GA1UdIwQY
MBaAFG/FDQ1CBnt2qxoujlM/+Em2XVb1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDkt
M2MxNmZmODQxYWIyLzEvejF3N2ZsTVNubHNOLWNscWVnSGhzdWplN3h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS9mMmJkNmMtNDg0My00ZWFkLWFhMDktM2MxNmZmODQxYWIy
LzEvYjhVTkRVSUdlM2FyR2k2T1V6XzRTYlpkVnZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLukqMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ63V5VwmzD9B5W23C2Me545pcjG+9Nd76TNBUFDfa
EgdDjiEkyiZNi/4iWgJqLKSpOgFC7+IE2MAFaYudtddUnwERsYYKlH8/+AnjMHuS
caouBJviIgB5nCX93AHuIZUvKwnjElegfHzkmuXlIQXpWR1UWRWloTOusxcYL6EP
87cMNT83y+ir/VslUb7e3f8QE0bBgxYJ7RbfNmBa9fRp10ceX3M0C0fxPyeUO8PY
66iK/tYpQRpmXxaeHaUNibi6EwcBuPkMWHsDhtkfTqGvM2ZN7neKkF8ERnwpCJA0
hZuAFKOsSCYXOAZUMmFfa33EkRrYbRWwMYFMmCKHYMJM
-----END CERTIFICATE-----