Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/289fc2-f278-4f66-b8ec-c743cb6d2fc3/1/HX-xUDBF6Fipwv8hCIXrqDNQed8.roa
File:                     HX-xUDBF6Fipwv8hCIXrqDNQed8.roa (raw, json)
Hash identifier:          oalbGVxr11uJXmrrsQHYxeU1Gq+3rZZ8ADU9vPgcOnY=
Subject key identifier:   1D:7F:B1:50:30:45:E8:58:A9:C2:FF:21:08:85:EB:A8:33:50:79:DF
Certificate issuer:       /CN=c35f03949e661e24be0f1e08c64dad05e31c4eaf
Certificate serial:       018CC348B96CCCCA24C654833FDC76985538
Authority key identifier: C3:5F:03:94:9E:66:1E:24:BE:0F:1E:08:C6:4D:AD:05:E3:1C:4E:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w18DlJ5mHiS-Dx4Ixk2tBeMcTq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/289fc2-f278-4f66-b8ec-c743cb6d2fc3/1/HX-xUDBF6Fipwv8hCIXrqDNQed8.roa
Signing time:             Mon 01 Jan 2024 04:29:32 +0000
ROA not before:           Mon 01 Jan 2024 04:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46071
IP address blocks:        46.40.203.0/24 maxlen: 24
                          46.40.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/289fc2-f278-4f66-b8ec-c743cb6d2fc3/1/w18DlJ5mHiS-Dx4Ixk2tBeMcTq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/289fc2-f278-4f66-b8ec-c743cb6d2fc3/1/w18DlJ5mHiS-Dx4Ixk2tBeMcTq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w18DlJ5mHiS-Dx4Ixk2tBeMcTq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:b9:6c:cc:ca:24:c6:54:83:3f:dc:76:98:55:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c35f03949e661e24be0f1e08c64dad05e31c4eaf
        Validity
            Not Before: Jan  1 04:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1d7fb1503045e858a9c2ff210885eba8335079df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:5f:06:61:1e:a3:91:b2:ba:6a:27:9a:99:f6:
                    84:d0:f7:99:71:61:fd:62:f0:fe:58:46:b7:46:3f:
                    55:c9:f8:0b:a8:ff:2c:c9:9d:0e:a7:55:bd:c2:a4:
                    ce:70:e5:a1:8c:48:e0:ab:ed:c2:c6:07:62:a3:eb:
                    a2:0b:37:71:82:bc:30:50:94:d7:62:d3:3e:7b:12:
                    72:a3:e6:42:d3:11:24:34:fa:dd:71:f4:6d:71:b4:
                    82:91:a1:6d:d4:46:fd:c6:ea:f0:14:8c:96:df:07:
                    58:7b:1b:fc:e5:d6:0c:f3:4c:dd:17:fc:68:54:75:
                    20:55:b1:c2:a8:39:4e:f5:4f:8c:0a:a6:bf:ed:ca:
                    1b:66:91:63:ed:f2:18:0b:05:0c:68:40:1c:54:cb:
                    2d:0f:fc:58:4f:91:93:7f:3a:8f:c1:b0:26:ee:f3:
                    f1:de:3e:70:fd:bf:8e:51:d7:23:3f:ec:2b:1b:a1:
                    44:ca:bb:8c:0f:9c:aa:93:49:b2:ca:ce:cf:be:0e:
                    59:12:56:7b:3e:43:bc:04:31:d0:b1:81:85:ae:39:
                    18:00:cb:5a:fc:c1:41:4d:62:b6:ea:4b:ea:19:32:
                    0c:af:a8:3f:44:76:fb:95:e2:f9:4b:82:84:b7:11:
                    d8:c4:fa:a3:65:1c:ed:e4:d2:bf:23:f5:0e:00:ec:
                    ca:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:7F:B1:50:30:45:E8:58:A9:C2:FF:21:08:85:EB:A8:33:50:79:DF
            X509v3 Authority Key Identifier:
                keyid:C3:5F:03:94:9E:66:1E:24:BE:0F:1E:08:C6:4D:AD:05:E3:1C:4E:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w18DlJ5mHiS-Dx4Ixk2tBeMcTq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/289fc2-f278-4f66-b8ec-c743cb6d2fc3/1/HX-xUDBF6Fipwv8hCIXrqDNQed8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/289fc2-f278-4f66-b8ec-c743cb6d2fc3/1/w18DlJ5mHiS-Dx4Ixk2tBeMcTq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.40.203.0/24
                  46.40.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:20:ac:de:4a:0d:46:d4:69:4d:37:2c:e1:72:c6:80:f1:d3:
         b9:b0:24:3b:e5:05:68:89:0b:77:ed:cd:43:b2:40:a3:7d:8e:
         2e:86:46:7f:55:6b:7c:e6:27:6b:fe:b5:9d:72:70:85:a1:47:
         12:76:8b:6b:28:d5:bc:74:e0:e8:84:18:c1:9e:7f:fe:69:fa:
         b5:59:9b:df:cc:c1:46:f7:3b:1f:c4:ac:15:48:49:9b:82:29:
         e5:d5:0e:ef:eb:9e:71:9c:4a:c9:a8:62:56:15:7b:9b:ac:8d:
         42:26:a1:c5:c2:46:94:ae:c8:9c:17:61:20:df:6a:f2:57:e6:
         63:e4:47:69:2d:29:00:76:85:25:fb:dc:25:50:d5:a9:f1:4e:
         f1:1b:e6:8f:64:d8:b9:69:f9:50:24:7c:14:0c:8c:06:0f:0c:
         c5:ef:29:cf:3e:6f:02:66:a5:d5:1a:ab:50:a7:67:5e:5a:10:
         52:78:15:69:f7:9b:09:a6:f3:fa:a2:e2:1c:ff:e6:b8:a0:de:
         48:df:e2:16:6e:00:56:90:ea:76:15:c9:cd:c3:d4:af:c8:00:
         0b:bb:0c:5b:e7:77:f2:70:aa:15:92:3d:de:50:36:90:91:84:
         0e:36:bf:a7:80:63:5b:ec:3f:00:c4:ab:35:30:e1:25:25:42:
         f3:3c:5d:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDSLlszMokxlSDP9x2mFU4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzNWYwMzk0OWU2NjFlMjRiZTBmMWUwOGM2NGRhZDA1ZTMx
YzRlYWYwHhcNMjQwMTAxMDQyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDdmYjE1MDMwNDVlODU4YTljMmZmMjEwODg1ZWJhODMzNTA3OWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqV8GYR6jkbK6aieamfaE0PeZcWH9
YvD+WEa3Rj9VyfgLqP8syZ0Op1W9wqTOcOWhjEjgq+3Cxgdio+uiCzdxgrwwUJTX
YtM+exJyo+ZC0xEkNPrdcfRtcbSCkaFt1Eb9xurwFIyW3wdYexv85dYM80zdF/xo
VHUgVbHCqDlO9U+MCqa/7cobZpFj7fIYCwUMaEAcVMstD/xYT5GTfzqPwbAm7vPx
3j5w/b+OUdcjP+wrG6FEyruMD5yqk0myys7Pvg5ZElZ7PkO8BDHQsYGFrjkYAMta
/MFBTWK26kvqGTIMr6g/RHb7leL5S4KEtxHYxPqjZRzt5NK/I/UOAOzK1wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFB1/sVAwRehYqcL/IQiF66gzUHnfMB8GA1UdIwQY
MBaAFMNfA5SeZh4kvg8eCMZNrQXjHE6vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzE4RGxKNW1IaVMtRHg0SXhrMnRCZU1jVHE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8yODlmYzItZjI3OC00ZjY2LWI4ZWMt
Yzc0M2NiNmQyZmMzLzEvSFgteFVEQkY2Rmlwd3Y4aENJWHJxRE5RZWQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8yODlmYzItZjI3OC00ZjY2LWI4ZWMtYzc0M2NiNmQyZmMz
LzEvdzE4RGxKNW1IaVMtRHg0SXhrMnRCZU1jVHE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALijLAwQA
LijNMA0GCSqGSIb3DQEBCwUAA4IBAQCoIKzeSg1G1GlNNyzhcsaA8dO5sCQ75QVo
iQt37c1DskCjfY4uhkZ/VWt85idr/rWdcnCFoUcSdotrKNW8dODohBjBnn/+afq1
WZvfzMFG9zsfxKwVSEmbginl1Q7v655xnErJqGJWFXubrI1CJqHFwkaUrsicF2Eg
32ryV+Zj5EdpLSkAdoUl+9wlUNWp8U7xG+aPZNi5aflQJHwUDIwGDwzF7ynPPm8C
ZqXVGqtQp2deWhBSeBVp95sJpvP6ouIc/+a4oN5I3+IWbgBWkOp2FcnNw9SvyAAL
uwxb53fycKoVkj3eUDaQkYQONr+ngGNb7D8AxKs1MOElJULzPF0a
-----END CERTIFICATE-----