Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/49424a-aa5f-4b9f-a627-24654e941c12/1/qEdWz2VClhT65VZD4qW7_cHoiPo.roa
File:                     qEdWz2VClhT65VZD4qW7_cHoiPo.roa (raw, json)
Hash identifier:          lUZ7qOoYiE0vTUwntk/m2r6BrQU754mOSdQ7x3lpFXU=
Subject key identifier:   A8:47:56:CF:65:42:96:14:FA:E5:56:43:E2:A5:BB:FD:C1:E8:88:FA
Certificate issuer:       /CN=dac32632aa9154253c6dcd2331e9ad6920b6bdcc
Certificate serial:       018CC3B7319E4C83FBAA7A8C767BBF3613FD
Authority key identifier: DA:C3:26:32:AA:91:54:25:3C:6D:CD:23:31:E9:AD:69:20:B6:BD:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2sMmMqqRVCU8bc0jMemtaSC2vcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/49424a-aa5f-4b9f-a627-24654e941c12/1/qEdWz2VClhT65VZD4qW7_cHoiPo.roa
Signing time:             Mon 01 Jan 2024 06:30:11 +0000
ROA not before:           Mon 01 Jan 2024 06:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        212.46.57.0/24 maxlen: 24
                          2a12:fc0::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/49424a-aa5f-4b9f-a627-24654e941c12/1/2sMmMqqRVCU8bc0jMemtaSC2vcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/49424a-aa5f-4b9f-a627-24654e941c12/1/2sMmMqqRVCU8bc0jMemtaSC2vcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2sMmMqqRVCU8bc0jMemtaSC2vcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 14:46:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:31:9e:4c:83:fb:aa:7a:8c:76:7b:bf:36:13:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dac32632aa9154253c6dcd2331e9ad6920b6bdcc
        Validity
            Not Before: Jan  1 06:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a84756cf65429614fae55643e2a5bbfdc1e888fa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:dd:52:a7:60:24:02:8c:22:62:a4:59:c6:03:
                    9d:56:8a:ac:dd:bd:11:dd:61:df:c4:42:f3:6b:b6:
                    e4:e4:0c:f5:7f:87:eb:4f:42:f8:7c:71:42:19:0e:
                    2d:ad:3c:3c:88:b1:59:ca:8d:64:39:04:9d:69:40:
                    9d:ec:99:13:f2:05:4d:ae:e0:ec:17:3e:31:3f:3b:
                    9e:50:c1:67:5a:8b:32:ad:3e:ce:18:45:62:1f:33:
                    de:2a:b6:fa:67:fb:85:69:e7:79:07:66:c0:de:ce:
                    91:d2:8b:2b:8b:39:a1:a0:39:c9:98:95:de:56:b5:
                    11:57:36:05:8b:62:95:3f:d2:6a:58:c2:d1:97:3d:
                    ac:aa:94:9e:7a:db:ac:58:4d:48:80:48:21:20:7b:
                    75:24:aa:94:f5:a2:75:93:07:a8:75:21:25:21:89:
                    41:fe:18:6c:fe:c5:2d:cc:dc:36:30:a9:07:55:d0:
                    43:59:e7:33:76:fc:38:cd:77:78:42:e0:ce:bf:ed:
                    88:8f:22:c5:41:4c:1b:7a:fc:e7:d1:4b:73:c0:d4:
                    e1:8c:96:5a:e2:23:63:cf:f9:cd:9b:86:f7:c3:9a:
                    9d:07:02:8d:ec:71:33:d4:76:0e:e8:9e:83:06:d5:
                    a7:dc:de:9e:ae:41:51:68:19:48:5e:da:62:bf:da:
                    b5:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:47:56:CF:65:42:96:14:FA:E5:56:43:E2:A5:BB:FD:C1:E8:88:FA
            X509v3 Authority Key Identifier:
                keyid:DA:C3:26:32:AA:91:54:25:3C:6D:CD:23:31:E9:AD:69:20:B6:BD:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2sMmMqqRVCU8bc0jMemtaSC2vcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/49424a-aa5f-4b9f-a627-24654e941c12/1/qEdWz2VClhT65VZD4qW7_cHoiPo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/49424a-aa5f-4b9f-a627-24654e941c12/1/2sMmMqqRVCU8bc0jMemtaSC2vcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.46.57.0/24
                IPv6:
                  2a12:fc0::/44

    Signature Algorithm: sha256WithRSAEncryption
         a5:c1:a2:20:6b:6a:27:52:c7:48:51:82:d7:55:1b:95:cc:1a:
         8b:72:cb:cd:e8:65:66:ee:db:3a:92:1a:4f:34:76:08:b0:e3:
         cc:24:6d:14:7b:83:05:51:a8:03:9d:b1:31:0d:c6:74:31:b6:
         d1:47:94:e9:eb:68:ea:e6:95:0c:6a:f0:1b:64:3b:af:ee:fa:
         5d:ca:88:8d:a7:15:ed:db:8e:97:e2:e5:ef:1b:3e:5f:2e:7b:
         31:a8:52:16:e4:dc:63:af:80:72:4a:88:5e:ed:78:50:de:9f:
         ad:9e:6f:02:42:ee:6c:1b:92:82:44:b2:d2:e1:e3:54:53:d8:
         1c:ce:2c:9e:2f:fa:e3:63:f5:ac:29:e0:3a:98:28:cd:d5:8a:
         c8:bb:48:43:22:c6:1f:e1:0b:b1:86:94:51:cf:90:22:88:5b:
         c6:e6:30:cc:b0:e6:4b:8a:1b:81:dd:d9:01:e6:1d:0e:28:19:
         01:1e:30:c1:e2:56:e4:a2:25:f4:00:cd:93:e7:7d:e6:f2:85:
         c0:58:f4:9c:47:e7:f4:e6:7e:8d:ca:23:50:8d:13:51:17:7d:
         fc:ed:5c:21:4a:63:a8:d0:08:91:49:af:42:f8:92:52:de:05:
         ee:96:b2:32:b1:c9:d8:a6:e1:1e:16:54:66:d5:cb:45:bd:e1:
         a0:02:a7:71
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzDtzGeTIP7qnqMdnu/NhP9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYzMyNjMyYWE5MTU0MjUzYzZkY2QyMzMxZTlhZDY5MjBi
NmJkY2MwHhcNMjQwMTAxMDYzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODQ3NTZjZjY1NDI5NjE0ZmFlNTU2NDNlMmE1YmJmZGMxZTg4OGZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo91Sp2AkAowiYqRZxgOdVoqs3b0R
3WHfxELza7bk5Az1f4frT0L4fHFCGQ4trTw8iLFZyo1kOQSdaUCd7JkT8gVNruDs
Fz4xPzueUMFnWosyrT7OGEViHzPeKrb6Z/uFaed5B2bA3s6R0osrizmhoDnJmJXe
VrURVzYFi2KVP9JqWMLRlz2sqpSeetusWE1IgEghIHt1JKqU9aJ1kweodSElIYlB
/hhs/sUtzNw2MKkHVdBDWeczdvw4zXd4QuDOv+2IjyLFQUwbevzn0UtzwNThjJZa
4iNjz/nNm4b3w5qdBwKN7HEz1HYO6J6DBtWn3N6erkFRaBlIXtpiv9q1TQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFKhHVs9lQpYU+uVWQ+Klu/3B6Ij6MB8GA1UdIwQY
MBaAFNrDJjKqkVQlPG3NIzHprWkgtr3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnNNbU1xcVJWQ1U4YmMwak1lbXRhU0MydmN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi80OTQyNGEtYWE1Zi00YjlmLWE2Mjct
MjQ2NTRlOTQxYzEyLzEvcUVkV3oyVkNsaFQ2NVZaRDRxVzdfY0hvaVBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi80OTQyNGEtYWE1Zi00YjlmLWE2MjctMjQ2NTRlOTQxYzEy
LzEvMnNNbU1xcVJWQ1U4YmMwak1lbXRhU0MydmN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1C45MA8E
AgACMAkDBwQqEg/AAAAwDQYJKoZIhvcNAQELBQADggEBAKXBoiBraidSx0hRgtdV
G5XMGotyy83oZWbu2zqSGk80dgiw48wkbRR7gwVRqAOdsTENxnQxttFHlOnraOrm
lQxq8BtkO6/u+l3KiI2nFe3bjpfi5e8bPl8uezGoUhbk3GOvgHJKiF7teFDen62e
bwJC7mwbkoJEstLh41RT2BzOLJ4v+uNj9awp4DqYKM3Visi7SEMixh/hC7GGlFHP
kCKIW8bmMMyw5kuKG4Hd2QHmHQ4oGQEeMMHiVuSiJfQAzZPnfebyhcBY9JxH5/Tm
fo3KI1CNE1EXffztXCFKY6jQCJFJr0L4klLeBe6WsjKxydim4R4WVGbVy0W94aAC
p3E=
-----END CERTIFICATE-----