Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/7192c2-a788-4f56-be6b-bb493c46df3e/1/46FMEFgZLYBUOgCb-rzRvudk7rU.roa
File:                     46FMEFgZLYBUOgCb-rzRvudk7rU.roa (raw, json)
Hash identifier:          6s+XziY+2z5jtnJczdnLliQjzVUM6i/KYEQryVt+OKI=
Subject key identifier:   E3:A1:4C:10:58:19:2D:80:54:3A:00:9B:FA:BC:D1:BE:E7:64:EE:B5
Certificate issuer:       /CN=8bb8b612721d4d4c2d07cbfe2e495e986a0f026d
Certificate serial:       018D8881F83C1E2AAD8EEACE1DBF528FAEEC
Authority key identifier: 8B:B8:B6:12:72:1D:4D:4C:2D:07:CB:FE:2E:49:5E:98:6A:0F:02:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i7i2EnIdTUwtB8v-LklemGoPAm0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/7192c2-a788-4f56-be6b-bb493c46df3e/1/46FMEFgZLYBUOgCb-rzRvudk7rU.roa
Signing time:             Thu 08 Feb 2024 11:37:15 +0000
ROA not before:           Thu 08 Feb 2024 11:37:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215586
IP address blocks:        185.118.116.0/24 maxlen: 24
                          2a14:6c80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/7192c2-a788-4f56-be6b-bb493c46df3e/1/i7i2EnIdTUwtB8v-LklemGoPAm0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/7192c2-a788-4f56-be6b-bb493c46df3e/1/i7i2EnIdTUwtB8v-LklemGoPAm0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i7i2EnIdTUwtB8v-LklemGoPAm0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:88:81:f8:3c:1e:2a:ad:8e:ea:ce:1d:bf:52:8f:ae:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bb8b612721d4d4c2d07cbfe2e495e986a0f026d
        Validity
            Not Before: Feb  8 11:37:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3a14c1058192d80543a009bfabcd1bee764eeb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:58:cb:67:8a:63:73:bc:ec:f4:c1:39:20:fc:
                    a7:91:61:af:c9:9c:14:e2:0c:cc:12:24:a6:4f:35:
                    f0:93:c5:2a:c9:b6:2e:07:3f:07:d0:b5:3f:41:b3:
                    e6:16:4a:e7:2e:92:4f:92:47:bc:35:ea:c6:ca:19:
                    cc:5b:42:ec:04:2a:90:f3:e0:3b:41:24:40:e5:34:
                    c7:fe:d6:56:b3:54:03:11:5f:0e:3f:e8:8f:af:ae:
                    a4:14:fd:15:92:fe:48:e5:2f:f9:74:0b:03:5e:1f:
                    04:b4:75:92:e3:d4:e7:9f:af:5a:c4:f3:a4:1d:a3:
                    1d:13:ac:ca:ed:f1:0f:f9:ba:67:85:c8:44:6a:9a:
                    b4:19:01:16:d4:25:aa:9a:c1:bd:21:9b:9e:8a:ad:
                    50:8f:b3:7d:fb:f3:d2:20:59:4f:3e:69:b9:0e:d5:
                    07:68:64:ad:5b:c4:df:ea:a0:28:1e:32:6b:1c:e0:
                    4e:4f:af:78:a9:b4:30:9d:80:0c:13:74:ac:e1:08:
                    3a:88:64:b6:4a:ba:bb:82:75:a5:87:f9:00:cc:8a:
                    53:cf:11:b9:f3:f1:a8:7f:48:a8:a0:dc:77:f7:3c:
                    e3:bd:1d:e4:98:f4:b5:cb:5a:04:29:7b:84:35:42:
                    54:dc:60:85:e2:3d:0e:6c:4e:33:c7:b3:5f:5d:5f:
                    98:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:A1:4C:10:58:19:2D:80:54:3A:00:9B:FA:BC:D1:BE:E7:64:EE:B5
            X509v3 Authority Key Identifier:
                keyid:8B:B8:B6:12:72:1D:4D:4C:2D:07:CB:FE:2E:49:5E:98:6A:0F:02:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i7i2EnIdTUwtB8v-LklemGoPAm0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/7192c2-a788-4f56-be6b-bb493c46df3e/1/46FMEFgZLYBUOgCb-rzRvudk7rU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/7192c2-a788-4f56-be6b-bb493c46df3e/1/i7i2EnIdTUwtB8v-LklemGoPAm0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.118.116.0/24
                IPv6:
                  2a14:6c80::/32

    Signature Algorithm: sha256WithRSAEncryption
         bc:fa:06:1d:8d:92:0b:30:0b:51:85:b2:4c:b7:0d:8b:df:0b:
         08:50:32:38:9a:46:09:56:f7:5a:4d:9e:3e:87:98:ac:70:22:
         dd:1f:23:c4:29:61:fd:ad:1f:e4:19:ba:67:7f:ee:1d:10:6b:
         41:ed:c4:92:20:eb:51:c1:71:fa:61:1d:18:86:df:f3:3f:df:
         e0:6c:58:07:05:13:74:17:9f:91:70:8b:eb:fa:8e:03:d1:53:
         d9:d7:48:69:71:93:e6:b7:24:ea:3d:9d:ba:19:95:01:cb:56:
         97:2e:16:75:ba:22:b8:8f:ca:63:bd:b5:85:8c:73:ea:d2:44:
         22:b9:60:04:31:65:85:a3:bb:a8:e5:f3:b1:5e:44:4a:15:75:
         89:0a:2c:5a:13:4f:67:41:18:fc:fe:71:ac:a4:69:23:7e:05:
         32:74:56:00:c0:ee:01:e3:eb:30:32:fd:b9:f4:6f:af:7b:8a:
         57:82:dc:8c:a4:9c:59:55:03:b0:29:0c:99:a2:59:7d:6c:1e:
         3d:a7:d3:94:ae:34:df:c3:1d:5c:b9:ea:c9:60:25:16:ff:a7:
         35:48:18:88:bc:91:8b:b2:29:05:08:7f:0d:15:24:bd:e9:40:
         e7:81:89:29:30:88:66:94:19:2f:82:94:a1:08:bf:93:3c:f7:
         a7:0c:4d:4f
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY2Igfg8HiqtjurOHb9Sj67sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYjhiNjEyNzIxZDRkNGMyZDA3Y2JmZTJlNDk1ZTk4NmEw
ZjAyNmQwHhcNMjQwMjA4MTEzNzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2ExNGMxMDU4MTkyZDgwNTQzYTAwOWJmYWJjZDFiZWU3NjRlZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwljLZ4pjc7zs9ME5IPynkWGvyZwU
4gzMEiSmTzXwk8UqybYuBz8H0LU/QbPmFkrnLpJPkke8NerGyhnMW0LsBCqQ8+A7
QSRA5TTH/tZWs1QDEV8OP+iPr66kFP0Vkv5I5S/5dAsDXh8EtHWS49Tnn69axPOk
HaMdE6zK7fEP+bpnhchEapq0GQEW1CWqmsG9IZueiq1Qj7N9+/PSIFlPPmm5DtUH
aGStW8Tf6qAoHjJrHOBOT694qbQwnYAME3Ss4Qg6iGS2Srq7gnWlh/kAzIpTzxG5
8/Gof0iooNx39zzjvR3kmPS1y1oEKXuENUJU3GCF4j0ObE4zx7NfXV+YWQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOOhTBBYGS2AVDoAm/q80b7nZO61MB8GA1UdIwQY
MBaAFIu4thJyHU1MLQfL/i5JXphqDwJtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTdpMkVuSWRUVXd0Qjh2LUxrbGVtR29QQW0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi83MTkyYzItYTc4OC00ZjU2LWJlNmIt
YmI0OTNjNDZkZjNlLzEvNDZGTUVGZ1pMWUJVT2dDYi1yelJ2dWRrN3JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi83MTkyYzItYTc4OC00ZjU2LWJlNmItYmI0OTNjNDZkZjNl
LzEvaTdpMkVuSWRUVXd0Qjh2LUxrbGVtR29QQW0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuXZ0MA0E
AgACMAcDBQAqFGyAMA0GCSqGSIb3DQEBCwUAA4IBAQC8+gYdjZILMAtRhbJMtw2L
3wsIUDI4mkYJVvdaTZ4+h5iscCLdHyPEKWH9rR/kGbpnf+4dEGtB7cSSIOtRwXH6
YR0Yht/zP9/gbFgHBRN0F5+RcIvr+o4D0VPZ10hpcZPmtyTqPZ26GZUBy1aXLhZ1
uiK4j8pjvbWFjHPq0kQiuWAEMWWFo7uo5fOxXkRKFXWJCixaE09nQRj8/nGspGkj
fgUydFYAwO4B4+swMv259G+ve4pXgtyMpJxZVQOwKQyZoll9bB49p9OUrjTfwx1c
uerJYCUW/6c1SBiIvJGLsikFCH8NFSS96UDngYkpMIhmlBkvgpShCL+TPPenDE1P
-----END CERTIFICATE-----