Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/BHdj3W7XOCN2Nw3H3OmGAOlvKAg.roa
File:                     BHdj3W7XOCN2Nw3H3OmGAOlvKAg.roa (raw, json)
Hash identifier:          /CiAEky5G1XLXY1OjCk7Mmt9Vao6W8SxQN2aJ8/3nMY=
Subject key identifier:   04:77:63:DD:6E:D7:38:23:76:37:0D:C7:DC:E9:86:00:E9:6F:28:08
Certificate issuer:       /CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
Certificate serial:       018CC8020A3B80A4EF7A0CB947D69D18B76E
Authority key identifier: 5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/BHdj3W7XOCN2Nw3H3OmGAOlvKAg.roa
Signing time:             Tue 02 Jan 2024 02:30:25 +0000
ROA not before:           Tue 02 Jan 2024 02:30:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205060
IP address blocks:        46.61.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 00:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:0a:3b:80:a4:ef:7a:0c:b9:47:d6:9d:18:b7:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ee531b9ac2990d69a8a5c3023e72e6d841e6c09
        Validity
            Not Before: Jan  2 02:30:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=047763dd6ed7382376370dc7dce98600e96f2808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:f8:14:f4:5b:52:f7:30:9e:5c:c3:64:3c:cf:
                    ff:9a:21:4a:a6:2d:45:b1:11:fc:47:9d:dd:70:4c:
                    01:80:1e:34:35:de:76:64:f8:e8:6c:3b:71:fe:66:
                    44:a0:95:9f:17:64:3e:7a:11:f1:89:62:98:d1:46:
                    0c:47:6d:27:55:11:35:5e:9a:22:6b:bf:a7:be:b9:
                    33:6f:9a:f8:3e:50:06:9b:16:1e:76:c8:f5:52:ea:
                    39:fa:be:1e:a9:ab:3c:44:56:0e:9d:42:0a:ea:87:
                    96:6e:f2:51:01:04:5a:1e:20:5a:4d:3d:d3:b5:ca:
                    4b:21:37:e5:9f:b1:19:78:a4:5c:45:c3:de:5f:68:
                    9f:0c:34:71:4a:3d:53:66:0d:72:58:0a:8c:0e:12:
                    e5:ad:50:4b:30:bd:96:72:6c:28:7c:21:5a:ef:1f:
                    15:d0:78:77:ae:ab:55:d6:cd:34:09:76:3f:80:7a:
                    73:6a:cb:12:9b:07:13:c7:f5:51:22:5c:02:3f:22:
                    e4:d3:9d:40:6c:4d:c4:45:62:2d:5d:72:df:e3:ef:
                    11:10:bb:71:ed:d6:d5:80:25:2e:1a:17:0c:85:87:
                    d2:ff:ee:ec:3e:90:94:90:ae:ad:89:cd:5b:0a:b5:
                    2f:02:32:28:76:b1:a9:f7:dd:d3:cd:0a:d5:03:17:
                    4e:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:77:63:DD:6E:D7:38:23:76:37:0D:C7:DC:E9:86:00:E9:6F:28:08
            X509v3 Authority Key Identifier:
                keyid:5E:E5:31:B9:AC:29:90:D6:9A:8A:5C:30:23:E7:2E:6D:84:1E:6C:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XuUxuawpkNaailwwI-cubYQebAk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/BHdj3W7XOCN2Nw3H3OmGAOlvKAg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/9a1d44-8609-4e5e-ba94-5a86c2757c1e/1/XuUxuawpkNaailwwI-cubYQebAk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.61.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         98:d8:b9:f5:23:fc:66:d6:b4:63:c5:37:31:1e:f3:99:4b:74:
         a4:c0:7d:1b:a0:4f:12:08:f4:cd:72:bf:99:51:6d:94:84:4c:
         49:73:4a:ce:90:f2:b6:33:12:31:65:3b:42:d9:f3:9e:4d:32:
         08:42:3d:5f:da:92:58:5e:63:d8:f8:fa:5f:77:2a:d1:30:d2:
         1e:99:ef:9e:98:59:46:c1:19:d8:04:05:ea:11:ab:a4:87:ca:
         0d:b6:e7:4d:9a:0b:11:90:b5:8d:14:d2:b2:ce:70:b5:f7:f2:
         fa:bf:d0:6b:f3:e1:0a:e1:73:1d:de:1f:97:aa:1c:ad:b5:e4:
         e2:b6:31:32:4a:8d:44:ef:e2:ab:86:37:14:1e:e0:06:92:a5:
         20:cf:4d:76:c5:6b:5c:8d:32:89:e3:9b:8e:e7:d0:38:32:b2:
         ca:dd:49:af:0b:8c:9a:8e:c9:5c:1b:77:e9:60:3e:5b:60:4c:
         bd:e4:22:19:8b:6a:28:b6:6f:69:15:b7:78:8c:92:70:97:38:
         13:11:ab:ca:13:d2:df:33:d6:85:a6:97:ca:9b:04:14:03:79:
         14:0f:37:f4:41:29:91:ab:ed:98:47:97:82:d5:9f:c4:af:a9:
         d1:7e:68:f9:15:50:e1:50:50:7a:4b:66:bc:2e:d0:46:11:88:
         52:ee:cf:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAgo7gKTvegy5R9adGLduMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZTUzMWI5YWMyOTkwZDY5YThhNWMzMDIzZTcyZTZkODQx
ZTZjMDkwHhcNMjQwMTAyMDIzMDI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDc3NjNkZDZlZDczODIzNzYzNzBkYzdkY2U5ODYwMGU5NmYyODA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAofgU9FtS9zCeXMNkPM//miFKpi1F
sRH8R53dcEwBgB40Nd52ZPjobDtx/mZEoJWfF2Q+ehHxiWKY0UYMR20nVRE1Xpoi
a7+nvrkzb5r4PlAGmxYedsj1Uuo5+r4eqas8RFYOnUIK6oeWbvJRAQRaHiBaTT3T
tcpLITfln7EZeKRcRcPeX2ifDDRxSj1TZg1yWAqMDhLlrVBLML2WcmwofCFa7x8V
0Hh3rqtV1s00CXY/gHpzassSmwcTx/VRIlwCPyLk051AbE3ERWItXXLf4+8RELtx
7dbVgCUuGhcMhYfS/+7sPpCUkK6tic1bCrUvAjIodrGp993TzQrVAxdOTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAR3Y91u1zgjdjcNx9zphgDpbygIMB8GA1UdIwQY
MBaAFF7lMbmsKZDWmopcMCPnLm2EHmwJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQt
NWE4NmMyNzU3YzFlLzEvQkhkajNXN1hPQ04yTnczSDNPbUdBT2x2S0FnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC85YTFkNDQtODYwOS00ZTVlLWJhOTQtNWE4NmMyNzU3YzFl
LzEvWHVVeHVhd3BrTmFhaWx3d0ktY3ViWVFlYkFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALj3RMA0G
CSqGSIb3DQEBCwUAA4IBAQCY2Ln1I/xm1rRjxTcxHvOZS3SkwH0boE8SCPTNcr+Z
UW2UhExJc0rOkPK2MxIxZTtC2fOeTTIIQj1f2pJYXmPY+PpfdyrRMNIeme+emFlG
wRnYBAXqEaukh8oNtudNmgsRkLWNFNKyznC19/L6v9Br8+EK4XMd3h+XqhytteTi
tjEySo1E7+KrhjcUHuAGkqUgz012xWtcjTKJ45uO59A4MrLK3UmvC4yajslcG3fp
YD5bYEy95CIZi2ootm9pFbd4jJJwlzgTEavKE9LfM9aFppfKmwQUA3kUDzf0QSmR
q+2YR5eC1Z/Er6nRfmj5FVDhUFB6S2a8LtBGEYhS7s+P
-----END CERTIFICATE-----