Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/_4SdtYgwornflH0iPJrvWJoA3y4.roa
File:                     _4SdtYgwornflH0iPJrvWJoA3y4.roa (raw, json)
Hash identifier:          275vhxsObzLKxm+j2A8f9rXQHuNP+vDl4uTbmqbs6Sc=
Subject key identifier:   FF:84:9D:B5:88:30:A2:B9:DF:94:7D:22:3C:9A:EF:58:9A:00:DF:2E
Certificate issuer:       /CN=07fa540a25432e2aa4dca057845c359d214886f7
Certificate serial:       018CC4934EE9F4BF01FB6FB03BF271A98A44
Authority key identifier: 07:FA:54:0A:25:43:2E:2A:A4:DC:A0:57:84:5C:35:9D:21:48:86:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B_pUCiVDLiqk3KBXhFw1nSFIhvc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/_4SdtYgwornflH0iPJrvWJoA3y4.roa
Signing time:             Mon 01 Jan 2024 10:30:37 +0000
ROA not before:           Mon 01 Jan 2024 10:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213300
IP address blocks:        46.232.187.0/26 maxlen: 26

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/B_pUCiVDLiqk3KBXhFw1nSFIhvc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/B_pUCiVDLiqk3KBXhFw1nSFIhvc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B_pUCiVDLiqk3KBXhFw1nSFIhvc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:4e:e9:f4:bf:01:fb:6f:b0:3b:f2:71:a9:8a:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=07fa540a25432e2aa4dca057845c359d214886f7
        Validity
            Not Before: Jan  1 10:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff849db58830a2b9df947d223c9aef589a00df2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:f5:fd:13:6c:c3:ca:b9:ad:2d:07:27:48:61:
                    12:a5:32:1e:93:d0:72:42:53:4e:0a:e7:8e:fa:da:
                    c9:96:0d:22:aa:a5:66:3d:e9:27:25:60:79:95:43:
                    68:f3:59:4c:e1:de:10:a4:f7:96:3b:74:2e:f8:6f:
                    a7:06:1b:3f:85:60:c9:fa:70:c8:53:f8:8c:c2:c9:
                    56:c6:ed:b2:37:40:88:82:2f:d7:ab:b6:a4:59:a5:
                    ec:4c:ca:49:b2:c5:7c:d9:26:1d:0a:ec:d8:ae:38:
                    c0:18:30:3b:e0:4c:86:bb:ec:a6:fd:1d:ac:1c:f8:
                    e8:2c:08:74:ca:0f:b0:71:fd:ef:5a:39:0d:7f:67:
                    c5:5a:f6:4d:4a:08:0d:ba:ab:cf:52:24:35:60:ff:
                    86:b9:c6:62:69:62:c7:39:61:72:82:34:d4:5b:d0:
                    da:70:92:a8:a4:ac:9b:2b:78:1f:3e:73:17:4a:81:
                    3a:4f:39:37:d7:59:ba:97:01:f3:92:bf:81:ca:1b:
                    3a:6f:fe:dc:b9:76:ab:92:40:0e:74:df:ff:58:7e:
                    2e:0f:d9:f8:1d:fa:9a:90:5b:bf:26:94:81:2c:96:
                    c4:ca:a4:80:6b:83:34:c7:d0:25:db:ed:96:b8:04:
                    eb:d9:ce:a3:9a:89:27:83:e0:0d:be:37:c1:df:80:
                    af:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:84:9D:B5:88:30:A2:B9:DF:94:7D:22:3C:9A:EF:58:9A:00:DF:2E
            X509v3 Authority Key Identifier:
                keyid:07:FA:54:0A:25:43:2E:2A:A4:DC:A0:57:84:5C:35:9D:21:48:86:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B_pUCiVDLiqk3KBXhFw1nSFIhvc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/_4SdtYgwornflH0iPJrvWJoA3y4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/4307d1-b608-4581-992c-753741a80e94/1/B_pUCiVDLiqk3KBXhFw1nSFIhvc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.232.187.0/26

    Signature Algorithm: sha256WithRSAEncryption
         09:ab:5c:fe:ad:c8:fb:d1:cc:4e:b9:c9:2c:50:ee:ad:45:92:
         44:b2:c2:78:a8:42:32:ff:9a:89:4d:b1:e4:89:5f:f5:0e:af:
         ff:5a:8f:4b:81:3f:60:dc:a9:95:6d:34:1b:41:6d:f7:52:99:
         b4:0f:33:2b:ef:bc:19:47:c0:bd:d2:49:ed:0d:fc:ed:b6:a1:
         16:fb:bc:ca:66:78:6b:2b:b7:c4:65:05:90:ad:97:7b:38:a4:
         ed:be:aa:97:e1:9b:c2:b1:e7:d6:52:bf:07:ad:ec:ff:74:74:
         25:65:d4:d1:b6:34:ff:5d:87:81:fc:0d:7f:1e:23:c3:85:6e:
         ca:f2:16:35:63:5c:50:75:53:37:24:21:80:c1:6f:d2:f9:85:
         59:d6:6b:52:3a:89:65:23:74:6c:24:2d:75:56:d7:57:72:18:
         cc:d0:b0:1f:cf:96:3c:65:d9:a5:69:12:a3:ce:94:62:cd:0c:
         30:0b:99:32:96:b3:31:55:db:42:a0:2e:92:90:ec:e5:06:e2:
         91:f4:2e:5a:de:cc:de:9b:8b:4f:87:0b:12:5a:4e:08:43:ed:
         0b:4d:ac:ba:de:4f:9e:4b:ed:5d:38:8a:22:82:f6:08:a5:cc:
         39:74:07:1d:8a:11:f5:5e:a5:ae:32:99:95:b0:d9:68:80:f6:
         b1:c6:0d:16
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEk07p9L8B+2+wO/JxqYpEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3ZmE1NDBhMjU0MzJlMmFhNGRjYTA1Nzg0NWMzNTlkMjE0
ODg2ZjcwHhcNMjQwMTAxMTAzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjg0OWRiNTg4MzBhMmI5ZGY5NDdkMjIzYzlhZWY1ODlhMDBkZjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/X9E2zDyrmtLQcnSGESpTIek9By
QlNOCueO+trJlg0iqqVmPeknJWB5lUNo81lM4d4QpPeWO3Qu+G+nBhs/hWDJ+nDI
U/iMwslWxu2yN0CIgi/Xq7akWaXsTMpJssV82SYdCuzYrjjAGDA74EyGu+ym/R2s
HPjoLAh0yg+wcf3vWjkNf2fFWvZNSggNuqvPUiQ1YP+GucZiaWLHOWFygjTUW9Da
cJKopKybK3gfPnMXSoE6Tzk311m6lwHzkr+Byhs6b/7cuXarkkAOdN//WH4uD9n4
HfqakFu/JpSBLJbEyqSAa4M0x9Al2+2WuATr2c6jmokng+ANvjfB34CvyQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFP+EnbWIMKK535R9Ijya71iaAN8uMB8GA1UdIwQY
MBaAFAf6VAolQy4qpNygV4RcNZ0hSIb3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQl9wVUNpVkRMaXFrM0tCWGhGdzFuU0ZJaHZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC80MzA3ZDEtYjYwOC00NTgxLTk5MmMt
NzUzNzQxYTgwZTk0LzEvXzRTZHRZZ3dvcm5mbEgwaVBKcnZXSm9BM3k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC80MzA3ZDEtYjYwOC00NTgxLTk5MmMtNzUzNzQxYTgwZTk0
LzEvQl9wVUNpVkRMaXFrM0tCWGhGdzFuU0ZJaHZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUGLui7ADAN
BgkqhkiG9w0BAQsFAAOCAQEACatc/q3I+9HMTrnJLFDurUWSRLLCeKhCMv+aiU2x
5Ilf9Q6v/1qPS4E/YNyplW00G0Ft91KZtA8zK++8GUfAvdJJ7Q387bahFvu8ymZ4
ayu3xGUFkK2Xezik7b6ql+GbwrHn1lK/B63s/3R0JWXU0bY0/12HgfwNfx4jw4Vu
yvIWNWNcUHVTNyQhgMFv0vmFWdZrUjqJZSN0bCQtdVbXV3IYzNCwH8+WPGXZpWkS
o86UYs0MMAuZMpazMVXbQqAukpDs5QbikfQuWt7M3puLT4cLElpOCEPtC02sut5P
nkvtXTiKIoL2CKXMOXQHHYoR9V6lrjKZlbDZaID2scYNFg==
-----END CERTIFICATE-----