Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/tqeS3dFVj8LaEcFkOcBL8AGKO2k.roa
File:                     tqeS3dFVj8LaEcFkOcBL8AGKO2k.roa (raw, json)
Hash identifier:          kvcnjKlIl/7S+dEWs8xFhdRRWcSE8ThgnkG8UdMGMeU=
Subject key identifier:   B6:A7:92:DD:D1:55:8F:C2:DA:11:C1:64:39:C0:4B:F0:01:8A:3B:69
Certificate issuer:       /CN=a36d0ae5e2fbffcce08770ebc20c216b9fbf9485
Certificate serial:       018CC8713A8DE50FCBB41EEF8DF2C5C37792
Authority key identifier: A3:6D:0A:E5:E2:FB:FF:CC:E0:87:70:EB:C2:0C:21:6B:9F:BF:94:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o20K5eL7_8zgh3Drwgwha5-_lIU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/tqeS3dFVj8LaEcFkOcBL8AGKO2k.roa
Signing time:             Tue 02 Jan 2024 04:31:52 +0000
ROA not before:           Tue 02 Jan 2024 04:31:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57865
IP address blocks:        46.191.184.0/22 maxlen: 22
                          46.191.188.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/o20K5eL7_8zgh3Drwgwha5-_lIU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/o20K5eL7_8zgh3Drwgwha5-_lIU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o20K5eL7_8zgh3Drwgwha5-_lIU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 08:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:71:3a:8d:e5:0f:cb:b4:1e:ef:8d:f2:c5:c3:77:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a36d0ae5e2fbffcce08770ebc20c216b9fbf9485
        Validity
            Not Before: Jan  2 04:31:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b6a792ddd1558fc2da11c16439c04bf0018a3b69
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:58:d1:c5:f4:5f:19:77:d1:f6:4b:e0:27:38:
                    5c:18:84:7b:a1:2f:5f:42:a7:b9:16:f1:34:8e:83:
                    de:3f:3c:ee:8d:1c:ae:0a:c8:73:2c:96:62:7e:d4:
                    86:c6:fe:bf:47:75:c3:27:0a:70:dd:2a:b2:06:7c:
                    a6:35:34:8b:46:64:bf:f6:c5:d3:18:90:51:ba:63:
                    a7:b0:d7:b4:cd:08:28:2c:47:d2:7d:34:00:eb:89:
                    74:e1:c6:c1:a4:d0:5f:ab:1e:75:76:1e:32:b5:84:
                    c9:27:0d:12:40:32:c9:87:6b:26:c3:37:3e:bb:fa:
                    61:52:14:30:c8:ec:aa:ad:1e:7e:4c:64:d2:7c:46:
                    ae:5d:72:4a:25:21:be:79:29:c7:de:0f:63:8d:02:
                    ce:98:9a:b2:2f:02:ab:cf:e8:ba:5d:95:7f:ce:ff:
                    1d:a4:9e:29:59:4d:28:73:b9:b1:a5:99:e4:ba:03:
                    cc:f8:78:32:44:c4:09:7a:e6:8a:24:6e:fd:e0:b3:
                    99:90:47:16:63:ed:cc:e1:6a:15:aa:e8:f3:4e:2c:
                    74:31:4a:f6:39:22:d6:9e:63:f1:3c:b6:b8:d3:e8:
                    d7:39:a0:cd:6d:ca:9c:ec:49:e8:a7:4a:c6:ee:2e:
                    34:62:83:ae:94:cb:eb:a6:c2:16:4a:6b:a5:0f:6e:
                    70:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:A7:92:DD:D1:55:8F:C2:DA:11:C1:64:39:C0:4B:F0:01:8A:3B:69
            X509v3 Authority Key Identifier:
                keyid:A3:6D:0A:E5:E2:FB:FF:CC:E0:87:70:EB:C2:0C:21:6B:9F:BF:94:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o20K5eL7_8zgh3Drwgwha5-_lIU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/tqeS3dFVj8LaEcFkOcBL8AGKO2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/8cac0c-3426-4f07-af20-cbb95183b27a/1/o20K5eL7_8zgh3Drwgwha5-_lIU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.191.184.0/21

    Signature Algorithm: sha256WithRSAEncryption
         a3:1f:1f:c8:c0:17:fb:16:be:99:59:1c:87:cc:41:1a:87:64:
         df:32:2e:0a:ef:16:e0:f8:80:06:1a:46:1e:03:91:03:48:1c:
         7f:63:e5:24:5b:1a:31:4c:bc:f7:78:84:50:91:5c:72:0e:66:
         8a:ab:56:91:aa:cc:28:10:3e:f5:10:07:f3:b7:b6:cb:17:9f:
         6b:2d:93:65:35:b5:b0:f8:58:dd:dc:34:af:e5:40:7d:d0:d1:
         5a:ce:bd:8b:35:e2:3c:6c:b8:25:f4:c1:7f:54:db:85:35:6e:
         f7:30:aa:d6:69:77:ab:46:64:7f:41:33:3f:b0:16:e1:8f:88:
         24:69:02:1e:6b:41:6e:aa:99:c0:85:a2:97:9b:39:2f:34:3b:
         52:85:bc:cc:5c:cf:4d:a3:a7:5a:da:a2:af:44:1e:f3:2c:68:
         20:d7:28:d7:7e:d8:7c:77:3a:52:13:65:ef:4c:a9:4a:91:9c:
         e9:9d:8a:a3:0f:4e:b6:fa:d2:d6:f0:9d:4f:e7:eb:b3:f0:39:
         c6:5a:b8:7c:0e:30:33:ee:c1:9f:16:1b:03:cb:74:b7:e5:49:
         87:58:49:6c:62:72:15:5f:f9:51:23:d8:67:dc:8c:a7:58:df:
         69:99:d2:c7:42:ca:dc:da:8d:28:4b:11:50:40:9d:48:b7:e5:
         62:4b:11:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIcTqN5Q/LtB7vjfLFw3eSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNmQwYWU1ZTJmYmZmY2NlMDg3NzBlYmMyMGMyMTZiOWZi
Zjk0ODUwHhcNMjQwMTAyMDQzMTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmE3OTJkZGQxNTU4ZmMyZGExMWMxNjQzOWMwNGJmMDAxOGEzYjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhljRxfRfGXfR9kvgJzhcGIR7oS9f
Qqe5FvE0joPePzzujRyuCshzLJZiftSGxv6/R3XDJwpw3SqyBnymNTSLRmS/9sXT
GJBRumOnsNe0zQgoLEfSfTQA64l04cbBpNBfqx51dh4ytYTJJw0SQDLJh2smwzc+
u/phUhQwyOyqrR5+TGTSfEauXXJKJSG+eSnH3g9jjQLOmJqyLwKrz+i6XZV/zv8d
pJ4pWU0oc7mxpZnkugPM+HgyRMQJeuaKJG794LOZkEcWY+3M4WoVqujzTix0MUr2
OSLWnmPxPLa40+jXOaDNbcqc7Enop0rG7i40YoOulMvrpsIWSmulD25wiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLankt3RVY/C2hHBZDnAS/ABijtpMB8GA1UdIwQY
MBaAFKNtCuXi+//M4Idw68IMIWufv5SFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzIwSzVlTDdfOHpnaDNEcndnd2hhNS1fbElVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC84Y2FjMGMtMzQyNi00ZjA3LWFmMjAt
Y2JiOTUxODNiMjdhLzEvdHFlUzNkRlZqOExhRWNGa09jQkw4QUdLTzJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC84Y2FjMGMtMzQyNi00ZjA3LWFmMjAtY2JiOTUxODNiMjdh
LzEvbzIwSzVlTDdfOHpnaDNEcndnd2hhNS1fbElVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLr+4MA0G
CSqGSIb3DQEBCwUAA4IBAQCjHx/IwBf7Fr6ZWRyHzEEah2TfMi4K7xbg+IAGGkYe
A5EDSBx/Y+UkWxoxTLz3eIRQkVxyDmaKq1aRqswoED71EAfzt7bLF59rLZNlNbWw
+Fjd3DSv5UB90NFazr2LNeI8bLgl9MF/VNuFNW73MKrWaXerRmR/QTM/sBbhj4gk
aQIea0FuqpnAhaKXmzkvNDtShbzMXM9No6da2qKvRB7zLGgg1yjXfth8dzpSE2Xv
TKlKkZzpnYqjD062+tLW8J1P5+uz8DnGWrh8DjAz7sGfFhsDy3S35UmHWElsYnIV
X/lRI9hn3IynWN9pmdLHQsrc2o0oSxFQQJ1It+ViSxFz
-----END CERTIFICATE-----