Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/OoxtKk5JS6gPnMr7rsuFc1WzkSE.roa
File:                     OoxtKk5JS6gPnMr7rsuFc1WzkSE.roa (raw, json)
Hash identifier:          FC6H6CStns4CmgDfEuo8tmdZypw2u/+h8QcHRm/EjxU=
Subject key identifier:   3A:8C:6D:2A:4E:49:4B:A8:0F:9C:CA:FB:AE:CB:85:73:55:B3:91:21
Certificate issuer:       /CN=ca3b86e65470f994dfa6d6fee8e264db62e24af9
Certificate serial:       018CC72710EAFBCF4AEC3ED2389A5F9DD372
Authority key identifier: CA:3B:86:E6:54:70:F9:94:DF:A6:D6:FE:E8:E2:64:DB:62:E2:4A:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yjuG5lRw-ZTfptb-6OJk22LiSvk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/OoxtKk5JS6gPnMr7rsuFc1WzkSE.roa
Signing time:             Mon 01 Jan 2024 22:31:15 +0000
ROA not before:           Mon 01 Jan 2024 22:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60442
IP address blocks:        46.28.233.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/yjuG5lRw-ZTfptb-6OJk22LiSvk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/yjuG5lRw-ZTfptb-6OJk22LiSvk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yjuG5lRw-ZTfptb-6OJk22LiSvk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:10:ea:fb:cf:4a:ec:3e:d2:38:9a:5f:9d:d3:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca3b86e65470f994dfa6d6fee8e264db62e24af9
        Validity
            Not Before: Jan  1 22:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a8c6d2a4e494ba80f9ccafbaecb857355b39121
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:eb:c8:48:85:aa:86:50:be:a2:2a:fa:52:35:
                    97:54:41:3a:12:8a:85:a1:a2:03:59:cc:3b:9f:e6:
                    7f:43:e6:55:80:8c:37:4d:d7:ff:14:46:27:b5:33:
                    dd:23:34:4e:af:da:a2:0f:88:0a:10:e2:bc:8c:27:
                    52:1e:c2:0d:5c:d9:7d:14:49:7f:72:f7:3a:e4:7c:
                    b2:1b:5f:0d:da:f9:72:4f:d1:b5:67:12:f7:25:5b:
                    2d:fa:0e:b7:81:c2:9c:e2:23:20:6d:20:64:0b:45:
                    58:af:7e:57:b0:ae:91:90:e3:c3:76:46:ef:2d:b0:
                    07:0d:08:a6:ea:de:5c:9b:a4:70:ad:e8:9e:bd:d3:
                    fd:f2:99:ff:d0:c1:d3:ff:9e:b7:7e:ea:64:ae:42:
                    29:a3:c0:fd:8c:78:17:3b:fd:4a:21:b0:74:a7:1b:
                    7d:e5:88:0f:2e:4b:cc:93:f9:15:6a:84:cb:b7:88:
                    70:17:de:b2:34:34:3a:46:ae:b9:01:fa:16:bb:77:
                    ed:52:8b:ff:4c:12:02:a8:60:43:a1:47:2a:71:88:
                    72:25:69:c7:a0:02:ae:24:5d:55:4b:de:ac:34:53:
                    d7:05:e5:1f:70:ff:f9:04:16:43:aa:9a:4d:4b:8f:
                    c1:62:66:10:7c:bb:de:c8:1e:9a:af:3d:eb:76:00:
                    2e:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:8C:6D:2A:4E:49:4B:A8:0F:9C:CA:FB:AE:CB:85:73:55:B3:91:21
            X509v3 Authority Key Identifier:
                keyid:CA:3B:86:E6:54:70:F9:94:DF:A6:D6:FE:E8:E2:64:DB:62:E2:4A:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yjuG5lRw-ZTfptb-6OJk22LiSvk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/OoxtKk5JS6gPnMr7rsuFc1WzkSE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/3dae71-1acf-4196-9608-9531d24e0610/1/yjuG5lRw-ZTfptb-6OJk22LiSvk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.28.233.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:87:75:9f:0b:0c:4c:30:c1:37:dc:ad:ca:6c:8e:1b:86:59:
         1f:44:4b:7b:e6:56:27:cd:47:04:4f:11:ab:11:17:4f:aa:2c:
         2b:13:ab:82:23:2c:0e:9b:98:0e:92:3e:a6:d4:e7:13:e7:20:
         de:fd:52:af:6b:5d:dd:b5:4f:b0:8d:2d:54:c0:60:a0:04:a3:
         32:a7:dc:7e:af:03:ca:d2:2b:86:ed:fa:bc:73:b0:37:ea:cc:
         d6:30:8a:11:e9:37:0c:33:4e:2a:2c:d7:03:c8:69:18:d5:53:
         19:3b:61:59:0d:73:59:fb:76:a7:ff:e4:66:d1:c7:d9:57:c6:
         b0:2b:04:02:3e:e9:d7:5b:34:75:bc:8d:fc:47:b7:ed:8a:d6:
         b5:c9:cc:01:48:59:9c:02:f4:ad:91:74:75:db:a3:46:24:41:
         a3:98:c5:88:b3:e5:a1:21:66:ae:76:53:e9:b1:c6:a5:71:37:
         9c:21:a7:c0:7c:e3:60:73:5b:b6:f7:26:2e:fc:3e:5e:48:a9:
         2f:0e:dd:81:83:ef:b2:35:23:98:eb:d3:9d:d2:52:85:65:56:
         45:ee:9e:92:35:6b:f2:8e:c3:59:99:17:e8:9c:5f:85:17:18:
         60:7e:06:c0:e2:be:ac:c1:7a:00:7d:81:95:a6:3f:06:70:f3:
         2e:f6:6e:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJxDq+89K7D7SOJpfndNyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhM2I4NmU2NTQ3MGY5OTRkZmE2ZDZmZWU4ZTI2NGRiNjJl
MjRhZjkwHhcNMjQwMTAxMjIzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYThjNmQyYTRlNDk0YmE4MGY5Y2NhZmJhZWNiODU3MzU1YjM5MTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuOvISIWqhlC+oir6UjWXVEE6EoqF
oaIDWcw7n+Z/Q+ZVgIw3Tdf/FEYntTPdIzROr9qiD4gKEOK8jCdSHsINXNl9FEl/
cvc65HyyG18N2vlyT9G1ZxL3JVst+g63gcKc4iMgbSBkC0VYr35XsK6RkOPDdkbv
LbAHDQim6t5cm6RwreievdP98pn/0MHT/563fupkrkIpo8D9jHgXO/1KIbB0pxt9
5YgPLkvMk/kVaoTLt4hwF96yNDQ6Rq65AfoWu3ftUov/TBICqGBDoUcqcYhyJWnH
oAKuJF1VS96sNFPXBeUfcP/5BBZDqppNS4/BYmYQfLveyB6arz3rdgAuOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDqMbSpOSUuoD5zK+67LhXNVs5EhMB8GA1UdIwQY
MBaAFMo7huZUcPmU36bW/ujiZNti4kr5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWp1RzVsUnctWlRmcHRiLTZPSmsyMkxpU3ZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni8zZGFlNzEtMWFjZi00MTk2LTk2MDgt
OTUzMWQyNGUwNjEwLzEvT294dEtrNUpTNmdQbk1yN3JzdUZjMVd6a1NFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni8zZGFlNzEtMWFjZi00MTk2LTk2MDgtOTUzMWQyNGUwNjEw
LzEveWp1RzVsUnctWlRmcHRiLTZPSmsyMkxpU3ZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhzpMA0G
CSqGSIb3DQEBCwUAA4IBAQBch3WfCwxMMME33K3KbI4bhlkfREt75lYnzUcETxGr
ERdPqiwrE6uCIywOm5gOkj6m1OcT5yDe/VKva13dtU+wjS1UwGCgBKMyp9x+rwPK
0iuG7fq8c7A36szWMIoR6TcMM04qLNcDyGkY1VMZO2FZDXNZ+3an/+Rm0cfZV8aw
KwQCPunXWzR1vI38R7ftita1ycwBSFmcAvStkXR126NGJEGjmMWIs+WhIWaudlPp
scalcTecIafAfONgc1u29yYu/D5eSKkvDt2Bg++yNSOY69Od0lKFZVZF7p6SNWvy
jsNZmRfonF+FFxhgfgbA4r6swXoAfYGVpj8GcPMu9m4w
-----END CERTIFICATE-----