Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/ca17f7-c593-474d-8cf0-538b47709956/1/l5T_St9yx2dbcws5bEaAvWIATS0.roa
File:                     l5T_St9yx2dbcws5bEaAvWIATS0.roa (raw, json)
Hash identifier:          cNVkf6QxpiirfMnsNigw4g28jJZn2/IEqgxcxBm4+C0=
Subject key identifier:   97:94:FF:4A:DF:72:C7:67:5B:73:0B:39:6C:46:80:BD:62:00:4D:2D
Certificate issuer:       /CN=7078e75635a09dcc03f625a80bfa552b22e3662c
Certificate serial:       018CC6B903D916F579B2E173C6A65D22FC8F
Authority key identifier: 70:78:E7:56:35:A0:9D:CC:03:F6:25:A8:0B:FA:55:2B:22:E3:66:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cHjnVjWgncwD9iWoC_pVKyLjZiw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/ca17f7-c593-474d-8cf0-538b47709956/1/l5T_St9yx2dbcws5bEaAvWIATS0.roa
Signing time:             Mon 01 Jan 2024 20:31:03 +0000
ROA not before:           Mon 01 Jan 2024 20:31:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16019
IP address blocks:        46.174.16.0/21 maxlen: 21
                          46.174.21.0/24 maxlen: 24
                          46.174.22.0/24 maxlen: 24
                          46.174.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/ca17f7-c593-474d-8cf0-538b47709956/1/cHjnVjWgncwD9iWoC_pVKyLjZiw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/ca17f7-c593-474d-8cf0-538b47709956/1/cHjnVjWgncwD9iWoC_pVKyLjZiw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cHjnVjWgncwD9iWoC_pVKyLjZiw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:03:d9:16:f5:79:b2:e1:73:c6:a6:5d:22:fc:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7078e75635a09dcc03f625a80bfa552b22e3662c
        Validity
            Not Before: Jan  1 20:31:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9794ff4adf72c7675b730b396c4680bd62004d2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:75:3b:dc:1b:ad:33:1b:27:48:6c:e2:81:89:
                    fb:62:fb:47:2d:0f:07:d3:99:42:2d:dc:b6:bd:be:
                    4c:7b:9f:fb:ad:ab:7e:ab:85:60:25:fd:87:ec:64:
                    ae:9c:49:4c:5b:4b:eb:40:99:20:30:c7:ce:b3:a5:
                    97:d9:ec:c4:db:4e:45:fe:17:84:4f:02:da:d9:9d:
                    dc:94:0c:34:5f:58:b9:5f:7e:62:76:b1:88:86:4e:
                    63:0f:51:15:8d:5c:fb:fa:ff:15:8a:3c:f6:8f:1c:
                    c7:d3:39:04:86:20:8b:f9:ef:53:c6:c9:32:86:96:
                    50:52:94:8b:f0:bc:de:03:62:9d:89:0f:6c:7b:de:
                    6d:fe:09:07:7b:32:5d:65:7f:6a:ba:c2:e7:d7:ca:
                    70:8f:0e:06:40:68:81:8d:87:24:e7:1e:92:f3:01:
                    d1:06:18:33:03:64:a6:ef:2b:6f:83:76:55:8a:97:
                    18:69:eb:ea:e6:77:fe:f8:43:06:42:00:85:e3:e7:
                    54:b4:43:b0:40:8a:3b:cb:c9:ac:10:a4:7a:2f:41:
                    e6:75:4b:0d:e2:75:50:1a:3d:ef:5f:e3:e5:34:cc:
                    f5:70:7d:00:d5:5c:75:33:48:94:ab:8e:7e:b2:fd:
                    40:97:0a:7e:d0:5d:08:a6:0b:00:5f:55:50:40:4a:
                    f9:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:94:FF:4A:DF:72:C7:67:5B:73:0B:39:6C:46:80:BD:62:00:4D:2D
            X509v3 Authority Key Identifier:
                keyid:70:78:E7:56:35:A0:9D:CC:03:F6:25:A8:0B:FA:55:2B:22:E3:66:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cHjnVjWgncwD9iWoC_pVKyLjZiw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ca17f7-c593-474d-8cf0-538b47709956/1/l5T_St9yx2dbcws5bEaAvWIATS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/ca17f7-c593-474d-8cf0-538b47709956/1/cHjnVjWgncwD9iWoC_pVKyLjZiw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.174.16.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ce:da:0f:e4:d1:4e:ef:8d:28:8a:71:0a:07:ec:71:bc:d8:ed:
         0d:fd:41:da:82:89:86:1f:3a:09:0e:14:b2:b6:1b:8c:1f:95:
         e9:81:37:1a:69:c0:03:a3:8d:97:be:06:eb:87:1d:f2:0d:70:
         7a:57:e3:61:9f:d7:db:2f:ce:a9:95:6e:9a:0a:84:9b:65:e3:
         cd:2e:d8:7e:a2:12:da:69:3f:3f:aa:64:b2:37:f4:69:8c:c7:
         be:f5:e8:84:b6:85:2a:fc:7a:b2:24:c0:ba:61:18:08:ef:6e:
         49:58:d0:c5:a2:72:f5:9d:32:6b:d8:23:a1:07:6b:36:57:5c:
         19:3b:d7:5d:da:fe:cc:97:6f:8e:87:dd:9f:6a:7a:6a:eb:af:
         4d:76:d3:4b:22:1a:0c:3b:b2:e8:3e:ec:e4:3e:f3:68:83:6e:
         1a:de:39:6d:cc:b9:8d:29:95:32:74:b6:d0:e0:f3:c1:e7:e2:
         e5:15:61:15:4d:d0:e1:4c:b8:e8:10:7d:5c:cf:10:18:8b:ad:
         6e:ed:10:a6:25:7c:aa:29:78:e1:d2:5f:ad:bd:8f:c5:6e:99:
         6d:bd:e6:89:84:c1:bd:f6:1b:19:6a:a7:de:59:f9:02:21:3e:
         04:ef:37:79:67:82:08:1d:14:a9:db:da:50:7b:a3:c8:a2:b8:
         2c:30:f9:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuQPZFvV5suFzxqZdIvyPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwNzhlNzU2MzVhMDlkY2MwM2Y2MjVhODBiZmE1NTJiMjJl
MzY2MmMwHhcNMjQwMTAxMjAzMTAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Nzk0ZmY0YWRmNzJjNzY3NWI3MzBiMzk2YzQ2ODBiZDYyMDA0ZDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3U73ButMxsnSGzigYn7YvtHLQ8H
05lCLdy2vb5Me5/7rat+q4VgJf2H7GSunElMW0vrQJkgMMfOs6WX2ezE205F/heE
TwLa2Z3clAw0X1i5X35idrGIhk5jD1EVjVz7+v8Vijz2jxzH0zkEhiCL+e9Txsky
hpZQUpSL8LzeA2KdiQ9se95t/gkHezJdZX9qusLn18pwjw4GQGiBjYck5x6S8wHR
BhgzA2Sm7ytvg3ZVipcYaevq5nf++EMGQgCF4+dUtEOwQIo7y8msEKR6L0HmdUsN
4nVQGj3vX+PlNMz1cH0A1Vx1M0iUq45+sv1Alwp+0F0IpgsAX1VQQEr5EwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJeU/0rfcsdnW3MLOWxGgL1iAE0tMB8GA1UdIwQY
MBaAFHB451Y1oJ3MA/YlqAv6VSsi42YsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY0hqblZqV2duY3dEOWlXb0NfcFZLeUxqWml3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jYTE3ZjctYzU5My00NzRkLThjZjAt
NTM4YjQ3NzA5OTU2LzEvbDVUX1N0OXl4MmRiY3dzNWJFYUF2V0lBVFMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jYTE3ZjctYzU5My00NzRkLThjZjAtNTM4YjQ3NzA5OTU2
LzEvY0hqblZqV2duY3dEOWlXb0NfcFZLeUxqWml3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLq4QMA0G
CSqGSIb3DQEBCwUAA4IBAQDO2g/k0U7vjSiKcQoH7HG82O0N/UHagomGHzoJDhSy
thuMH5XpgTcaacADo42Xvgbrhx3yDXB6V+Nhn9fbL86plW6aCoSbZePNLth+ohLa
aT8/qmSyN/RpjMe+9eiEtoUq/HqyJMC6YRgI725JWNDFonL1nTJr2COhB2s2V1wZ
O9dd2v7Ml2+Oh92fanpq669NdtNLIhoMO7LoPuzkPvNog24a3jltzLmNKZUydLbQ
4PPB5+LlFWEVTdDhTLjoEH1czxAYi61u7RCmJXyqKXjh0l+tvY/FbpltveaJhMG9
9hsZaqfeWfkCIT4E7zd5Z4IIHRSp29pQe6PIorgsMPk2
-----END CERTIFICATE-----