Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/7aadab-959a-4663-b935-8f9827344790/1/qX3jXkYNtl4CKyQIuU9Piy-lqT4.roa
File:                     qX3jXkYNtl4CKyQIuU9Piy-lqT4.roa (raw, json)
Hash identifier:          mFxSZcvkZ4TqUXXvJWXPkaIKL3w5AZznhhtpoavyWhY=
Subject key identifier:   A9:7D:E3:5E:46:0D:B6:5E:02:2B:24:08:B9:4F:4F:8B:2F:A5:A9:3E
Certificate issuer:       /CN=c3c61b51ebc84180f0a6b232e87df9d61c90faab
Certificate serial:       01904AC7EC40E2F02E43320B1C07C70DD1F2
Authority key identifier: C3:C6:1B:51:EB:C8:41:80:F0:A6:B2:32:E8:7D:F9:D6:1C:90:FA:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/w8YbUevIQYDwprIy6H351hyQ-qs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/7aadab-959a-4663-b935-8f9827344790/1/qX3jXkYNtl4CKyQIuU9Piy-lqT4.roa
Signing time:             Mon 24 Jun 2024 15:05:34 +0000
ROA not before:           Mon 24 Jun 2024 15:05:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52142
IP address blocks:        46.174.179.0/24 maxlen: 24
                          2a03:c940::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/7aadab-959a-4663-b935-8f9827344790/1/w8YbUevIQYDwprIy6H351hyQ-qs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/7aadab-959a-4663-b935-8f9827344790/1/w8YbUevIQYDwprIy6H351hyQ-qs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/w8YbUevIQYDwprIy6H351hyQ-qs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4a:c7:ec:40:e2:f0:2e:43:32:0b:1c:07:c7:0d:d1:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c3c61b51ebc84180f0a6b232e87df9d61c90faab
        Validity
            Not Before: Jun 24 15:05:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a97de35e460db65e022b2408b94f4f8b2fa5a93e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:7a:f7:ab:b7:7b:a4:b1:cc:77:6d:71:58:8f:
                    7d:8b:d6:c3:b9:d1:31:d9:b2:a6:f1:df:04:32:13:
                    4d:2b:26:54:6e:5d:b1:56:89:4d:8e:f9:ec:6d:04:
                    9f:b5:67:df:b1:42:26:17:b0:99:1b:fa:4c:1e:dc:
                    6b:b4:4d:94:ad:fd:e4:5d:91:15:f5:53:13:d3:f1:
                    b9:97:2c:bd:12:2d:f7:00:fd:87:00:e0:71:3d:2e:
                    37:5c:97:59:fd:da:ee:d3:78:21:bb:ce:78:da:ec:
                    0b:c2:14:ca:c1:89:5f:b9:5e:c0:7e:52:0a:a3:70:
                    22:9b:c3:4b:ee:84:e2:85:0e:b2:4a:91:bd:15:a8:
                    ce:7f:2c:f3:af:75:3b:90:f4:98:26:90:d3:4f:72:
                    11:c3:f7:46:cf:96:4a:b8:38:2f:29:f1:cc:a7:b2:
                    e5:55:ed:03:8b:1b:dd:0e:f4:1a:d2:67:8c:72:c5:
                    b6:d1:8a:f6:78:bc:80:77:6e:67:ea:19:fa:59:98:
                    1b:ca:a7:5a:77:4c:10:8f:0c:5d:40:5e:02:7c:e4:
                    96:7c:ed:31:8b:1e:6f:a1:d3:f1:0a:71:26:f2:23:
                    86:eb:d9:bf:fd:09:85:66:fe:68:e0:8d:86:78:9a:
                    98:a9:1a:86:65:ef:89:e8:b2:06:63:0d:94:b8:58:
                    fd:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:7D:E3:5E:46:0D:B6:5E:02:2B:24:08:B9:4F:4F:8B:2F:A5:A9:3E
            X509v3 Authority Key Identifier:
                keyid:C3:C6:1B:51:EB:C8:41:80:F0:A6:B2:32:E8:7D:F9:D6:1C:90:FA:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w8YbUevIQYDwprIy6H351hyQ-qs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/7aadab-959a-4663-b935-8f9827344790/1/qX3jXkYNtl4CKyQIuU9Piy-lqT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/7aadab-959a-4663-b935-8f9827344790/1/w8YbUevIQYDwprIy6H351hyQ-qs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.174.179.0/24
                IPv6:
                  2a03:c940::/32

    Signature Algorithm: sha256WithRSAEncryption
         bd:6e:ed:04:5d:f9:d5:bc:6a:92:a6:16:c2:1f:d3:3a:39:e6:
         79:28:5f:7a:61:c2:d5:bf:76:96:03:9b:7a:97:6c:b3:17:bf:
         0c:38:ee:08:0c:40:0a:41:2c:a7:e1:5e:9e:41:aa:7c:40:03:
         fa:07:81:5f:3f:41:a5:54:bd:db:63:3d:e7:b2:31:15:da:fb:
         23:0b:0a:9c:af:ca:e1:55:75:52:4a:4c:a7:b6:a4:9f:39:ef:
         79:af:2f:d2:08:10:35:ab:fb:45:eb:af:19:53:1a:9a:d5:30:
         61:f0:95:3c:5d:cf:ed:8c:4d:88:82:c4:2e:3c:41:ad:e0:84:
         9a:36:21:29:66:40:be:89:8e:e2:c3:3b:0d:28:40:04:0a:d0:
         cd:94:f4:1a:71:3c:5f:d0:36:74:9e:fa:77:8f:32:e9:4b:6a:
         3f:bf:25:9d:d2:75:af:8e:b5:f9:8b:19:8c:44:fb:ce:2e:ec:
         53:06:c4:78:fa:d2:7a:83:a8:e4:a9:41:18:e4:dd:29:62:85:
         89:62:f2:a8:ac:ef:89:1d:27:16:f9:3c:e1:1e:3e:31:55:b0:
         6c:1b:6a:2f:b2:5c:43:a5:c4:e5:1c:76:ab:4e:9e:6b:56:77:
         e1:43:d2:72:8d:85:37:6d:49:f0:e0:56:ad:80:fb:dd:46:8b:
         46:f7:5a:95
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZBKx+xA4vAuQzILHAfHDdHyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzYzYxYjUxZWJjODQxODBmMGE2YjIzMmU4N2RmOWQ2MWM5
MGZhYWIwHhcNMjQwNjI0MTUwNTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTdkZTM1ZTQ2MGRiNjVlMDIyYjI0MDhiOTRmNGY4YjJmYTVhOTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwHr3q7d7pLHMd21xWI99i9bDudEx
2bKm8d8EMhNNKyZUbl2xVolNjvnsbQSftWffsUImF7CZG/pMHtxrtE2Urf3kXZEV
9VMT0/G5lyy9Ei33AP2HAOBxPS43XJdZ/dru03ghu8542uwLwhTKwYlfuV7AflIK
o3Aim8NL7oTihQ6ySpG9FajOfyzzr3U7kPSYJpDTT3IRw/dGz5ZKuDgvKfHMp7Ll
Ve0DixvdDvQa0meMcsW20Yr2eLyAd25n6hn6WZgbyqdad0wQjwxdQF4CfOSWfO0x
ix5vodPxCnEm8iOG69m//QmFZv5o4I2GeJqYqRqGZe+J6LIGYw2UuFj9gQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKl9415GDbZeAiskCLlPT4svpak+MB8GA1UdIwQY
MBaAFMPGG1HryEGA8KayMuh9+dYckPqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzhZYlVldklRWUR3cHJJeTZIMzUxaHlRLXFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS83YWFkYWItOTU5YS00NjYzLWI5MzUt
OGY5ODI3MzQ0NzkwLzEvcVgzalhrWU50bDRDS3lRSXVVOVBpeS1scVQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS83YWFkYWItOTU5YS00NjYzLWI5MzUtOGY5ODI3MzQ0Nzkw
LzEvdzhZYlVldklRWUR3cHJJeTZIMzUxaHlRLXFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALq6zMA0E
AgACMAcDBQAqA8lAMA0GCSqGSIb3DQEBCwUAA4IBAQC9bu0EXfnVvGqSphbCH9M6
OeZ5KF96YcLVv3aWA5t6l2yzF78MOO4IDEAKQSyn4V6eQap8QAP6B4FfP0GlVL3b
Yz3nsjEV2vsjCwqcr8rhVXVSSkyntqSfOe95ry/SCBA1q/tF668ZUxqa1TBh8JU8
Xc/tjE2IgsQuPEGt4ISaNiEpZkC+iY7iwzsNKEAECtDNlPQacTxf0DZ0nvp3jzLp
S2o/vyWd0nWvjrX5ixmMRPvOLuxTBsR4+tJ6g6jkqUEY5N0pYoWJYvKorO+JHScW
+TzhHj4xVbBsG2ovslxDpcTlHHarTp5rVnfhQ9JyjYU3bUnw4FatgPvdRotG91qV
-----END CERTIFICATE-----