Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/y0ommsCsC15s4VS_qF2pJRhm1uU.roa
File:                     y0ommsCsC15s4VS_qF2pJRhm1uU.roa (raw, json)
Hash identifier:          3eE/osDrkvrzefH4YMwZVn4jQMFOQaSknCryRPUJeEo=
Subject key identifier:   CB:4A:26:9A:C0:AC:0B:5E:6C:E1:54:BF:A8:5D:A9:25:18:66:D6:E5
Certificate issuer:       /CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
Certificate serial:       018CC5DC9E7645DD557E8F9D64371B5B975D
Authority key identifier: 7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/y0ommsCsC15s4VS_qF2pJRhm1uU.roa
Signing time:             Mon 01 Jan 2024 16:30:19 +0000
ROA not before:           Mon 01 Jan 2024 16:30:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208685
IP address blocks:        46.23.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:9e:76:45:dd:55:7e:8f:9d:64:37:1b:5b:97:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d06a42bb2446e51f192ea375bdf7eec5a51c77f
        Validity
            Not Before: Jan  1 16:30:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb4a269ac0ac0b5e6ce154bfa85da9251866d6e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f7:88:66:4a:14:3a:fb:d9:93:74:b1:2d:ff:0e:
                    2e:fa:d2:6f:9e:2d:8c:51:5f:37:9c:c2:3e:49:61:
                    5b:3c:b7:29:14:bf:7e:49:03:28:40:96:c7:de:26:
                    e6:c8:9c:fa:e0:ef:5f:70:95:cc:15:46:12:8a:41:
                    af:04:0e:41:36:42:d8:87:80:da:bf:fc:f7:df:8b:
                    2e:9e:e6:0c:cd:df:f1:f5:ea:34:fb:ef:f0:76:27:
                    d2:70:cb:32:8e:be:97:7d:03:44:42:28:7f:fc:57:
                    4f:7c:d5:ac:ea:8e:8b:33:36:7a:c4:99:55:e1:ce:
                    d3:5c:e1:d9:99:bc:93:35:d9:64:a2:45:d3:5f:1c:
                    c6:47:30:ad:b5:ca:7c:fc:57:5f:51:6a:95:21:21:
                    8a:2b:95:94:e9:72:e5:39:e2:8a:c8:c2:94:af:f2:
                    d3:c4:bb:d4:da:9e:3e:5c:80:0f:e2:a8:a1:f5:89:
                    d4:66:90:29:76:b7:67:d3:5b:8e:d0:49:d8:23:e0:
                    93:c1:63:5e:b1:91:e5:7e:b1:5e:d7:0d:71:92:7c:
                    ce:c2:6c:7f:f2:40:d8:7c:b9:b1:31:f0:40:be:90:
                    7c:fa:69:22:09:af:e2:b4:74:be:44:c3:f4:09:94:
                    b8:1c:c5:86:95:cb:b6:75:a1:07:e2:c5:df:53:0e:
                    4c:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:4A:26:9A:C0:AC:0B:5E:6C:E1:54:BF:A8:5D:A9:25:18:66:D6:E5
            X509v3 Authority Key Identifier:
                keyid:7D:06:A4:2B:B2:44:6E:51:F1:92:EA:37:5B:DF:7E:EC:5A:51:C7:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fQakK7JEblHxkuo3W99-7FpRx38.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/y0ommsCsC15s4VS_qF2pJRhm1uU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/78002a-4fc0-4dbf-8585-2cf806b2d0f2/1/fQakK7JEblHxkuo3W99-7FpRx38.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.23.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:3c:1d:8c:25:43:17:c9:09:db:60:16:b0:e4:49:e7:29:43:
         4c:61:c1:98:34:84:14:d2:30:bf:f9:48:de:63:6e:ce:06:fa:
         98:bf:cd:18:47:c8:56:7e:6b:40:cf:ae:e9:cb:16:2b:9d:04:
         a4:ac:a4:c1:c7:68:df:74:cd:cc:c4:d6:a3:99:8b:e6:dd:aa:
         49:24:fe:c9:89:77:e0:3f:d2:7b:3d:6f:3c:c3:4d:e7:f7:c9:
         16:74:d1:46:c9:58:7d:b5:64:77:a0:53:cb:06:66:50:07:d2:
         d5:a3:57:f3:09:78:25:c9:dd:67:ba:3c:2a:ed:3f:f9:21:48:
         3c:37:c0:10:11:8b:0f:1a:1e:e3:f5:6a:99:c5:96:a1:c2:66:
         31:bc:2d:31:af:95:6a:a7:74:61:af:58:06:4d:e4:30:19:61:
         92:2c:f7:cb:b7:be:42:44:ad:bd:32:07:8a:9d:ef:88:0f:01:
         2a:5c:11:74:e2:be:94:bf:be:29:eb:95:88:6c:76:da:e2:ed:
         84:24:60:80:89:90:6d:54:ce:ac:dd:73:56:8e:c5:8d:74:f1:
         5c:14:6d:77:33:15:cc:b3:50:dd:12:c6:cb:da:3d:26:47:32:
         c8:3d:02:d1:80:a7:a0:fb:8a:27:16:54:87:95:d6:59:17:b8:
         dd:da:99:a5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3J52Rd1Vfo+dZDcbW5ddMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMDZhNDJiYjI0NDZlNTFmMTkyZWEzNzViZGY3ZWVjNWE1
MWM3N2YwHhcNMjQwMTAxMTYzMDE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjRhMjY5YWMwYWMwYjVlNmNlMTU0YmZhODVkYTkyNTE4NjZkNmU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA94hmShQ6+9mTdLEt/w4u+tJvni2M
UV83nMI+SWFbPLcpFL9+SQMoQJbH3ibmyJz64O9fcJXMFUYSikGvBA5BNkLYh4Da
v/z334sunuYMzd/x9eo0++/wdifScMsyjr6XfQNEQih//FdPfNWs6o6LMzZ6xJlV
4c7TXOHZmbyTNdlkokXTXxzGRzCttcp8/FdfUWqVISGKK5WU6XLlOeKKyMKUr/LT
xLvU2p4+XIAP4qih9YnUZpApdrdn01uO0EnYI+CTwWNesZHlfrFe1w1xknzOwmx/
8kDYfLmxMfBAvpB8+mkiCa/itHS+RMP0CZS4HMWGlcu2daEH4sXfUw5M1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMtKJprArAtebOFUv6hdqSUYZtblMB8GA1UdIwQY
MBaAFH0GpCuyRG5R8ZLqN1vffuxaUcd/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUt
MmNmODA2YjJkMGYyLzEveTBvbW1zQ3NDMTVzNFZTX3FGMnBKUmhtMXVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy83ODAwMmEtNGZjMC00ZGJmLTg1ODUtMmNmODA2YjJkMGYy
LzEvZlFha0s3SkVibEh4a3VvM1c5OS03RnBSeDM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhdjMA0G
CSqGSIb3DQEBCwUAA4IBAQAcPB2MJUMXyQnbYBaw5EnnKUNMYcGYNIQU0jC/+Uje
Y27OBvqYv80YR8hWfmtAz67pyxYrnQSkrKTBx2jfdM3MxNajmYvm3apJJP7JiXfg
P9J7PW88w03n98kWdNFGyVh9tWR3oFPLBmZQB9LVo1fzCXglyd1nujwq7T/5IUg8
N8AQEYsPGh7j9WqZxZahwmYxvC0xr5Vqp3Rhr1gGTeQwGWGSLPfLt75CRK29MgeK
ne+IDwEqXBF04r6Uv74p65WIbHba4u2EJGCAiZBtVM6s3XNWjsWNdPFcFG13MxXM
s1DdEsbL2j0mRzLIPQLRgKeg+4onFlSHldZZF7jd2pml
-----END CERTIFICATE-----