Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VLLBGSlahD8mlp_FSgMy0Ygt3oQ.roa
File:                     VLLBGSlahD8mlp_FSgMy0Ygt3oQ.roa (raw, json)
Hash identifier:          vG/FV+g2fYPK+WRctY6WT91Xe68gOTCuL8Cv/VeDHE0=
Subject key identifier:   54:B2:C1:19:29:5A:84:3F:26:96:9F:C5:4A:03:32:D1:88:2D:DE:84
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       01942369ED94DAC46F91FAD7C6BA1689E771
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VLLBGSlahD8mlp_FSgMy0Ygt3oQ.roa
Signing time:             Wed 01 Jan 2025 19:48:51 +0000
ROA not before:           Wed 01 Jan 2025 19:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41255
IP address blocks:        46.3.240.0/22 maxlen: 24
                          46.232.120.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:ed:94:da:c4:6f:91:fa:d7:c6:ba:16:89:e7:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  1 19:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=54b2c119295a843f26969fc54a0332d1882dde84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:23:be:9f:eb:4f:f7:d2:29:65:42:e2:30:74:
                    15:07:4d:5e:f5:b3:0e:de:9a:8a:92:3c:ff:ff:19:
                    3c:7e:8d:ee:a2:01:56:4f:2a:a7:2e:4f:e4:d8:64:
                    36:8e:ac:ae:0e:45:79:a3:37:9d:95:5a:d5:f8:a2:
                    16:2b:34:99:51:11:70:4c:30:b2:43:84:82:c7:30:
                    f2:b1:46:ec:46:13:77:fc:3b:97:5f:5b:92:f9:3e:
                    b9:32:7e:57:fc:24:05:2c:60:ae:1a:20:0d:7a:6d:
                    00:6c:2d:2c:04:4f:87:0a:32:2e:ba:ee:46:cc:87:
                    3a:5a:e2:41:a5:e5:c7:95:12:f4:b7:51:03:58:61:
                    fd:05:7b:d1:8a:7a:1f:6d:28:da:fb:5c:ec:8c:f1:
                    e2:4c:83:53:7e:a9:49:00:44:36:78:8c:f4:ad:3b:
                    80:0b:e9:89:3f:31:28:94:de:3a:8c:26:23:53:bc:
                    de:4a:ae:91:e8:c1:93:4d:c2:22:a8:bf:bd:69:0a:
                    91:f0:83:48:61:be:0f:15:e7:13:95:62:35:15:19:
                    cc:82:d2:2c:42:65:4f:b1:64:ea:f2:a3:e3:38:f8:
                    5e:a2:23:2e:ed:32:45:35:31:7b:3a:ca:29:69:d7:
                    a3:c7:df:bd:dd:75:56:ca:a1:e4:2f:49:b7:95:36:
                    b6:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:B2:C1:19:29:5A:84:3F:26:96:9F:C5:4A:03:32:D1:88:2D:DE:84
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VLLBGSlahD8mlp_FSgMy0Ygt3oQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.240.0/22
                  46.232.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3d:5a:a6:e8:6e:e7:89:a0:4d:e8:b0:46:dd:55:b3:a2:82:4a:
         77:23:af:54:ae:9e:b9:ef:71:e6:54:2a:fd:95:0c:09:a6:51:
         e4:f1:d0:70:30:4f:e3:60:b8:0d:56:76:65:d1:49:4e:70:52:
         cf:dc:68:ff:e9:b3:ba:f2:ac:67:7d:45:c8:ab:04:28:f2:fc:
         9b:7c:f5:bf:7e:ea:56:c8:13:98:93:cb:46:20:39:69:97:9c:
         12:96:4e:06:dd:3a:82:4d:d2:96:09:10:b3:6a:48:f0:45:a2:
         0c:07:b5:86:5d:03:83:db:41:48:b0:08:c0:76:67:64:b8:fa:
         17:97:d9:f6:56:28:6b:64:8c:01:dc:84:d6:c6:b3:8a:9b:74:
         e0:dd:63:56:84:ec:be:38:c5:69:8b:e3:56:03:e5:b0:6e:83:
         83:5d:b4:a4:b8:22:d7:90:e1:d8:38:84:ab:ff:ab:91:53:f4:
         f3:33:bd:70:fd:c7:78:9a:f3:6e:65:ef:d0:f5:72:5b:7d:96:
         d0:3f:4c:2b:ee:f1:a0:26:e8:0d:84:64:c7:4d:b9:f0:e6:34:
         fa:c7:5c:0b:37:92:91:a2:90:77:71:23:a8:de:fa:73:a0:1c:
         0d:21:19:28:e2:bc:b9:60:d7:14:12:92:e8:1e:50:69:ec:7e:
         9f:c6:60:7a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjae2U2sRvkfrXxroWiedxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjUwMTAxMTk0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGIyYzExOTI5NWE4NDNmMjY5NjlmYzU0YTAzMzJkMTg4MmRkZTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsSO+n+tP99IpZULiMHQVB01e9bMO
3pqKkjz//xk8fo3uogFWTyqnLk/k2GQ2jqyuDkV5ozedlVrV+KIWKzSZURFwTDCy
Q4SCxzDysUbsRhN3/DuXX1uS+T65Mn5X/CQFLGCuGiANem0AbC0sBE+HCjIuuu5G
zIc6WuJBpeXHlRL0t1EDWGH9BXvRinofbSja+1zsjPHiTINTfqlJAEQ2eIz0rTuA
C+mJPzEolN46jCYjU7zeSq6R6MGTTcIiqL+9aQqR8INIYb4PFecTlWI1FRnMgtIs
QmVPsWTq8qPjOPheoiMu7TJFNTF7Osopadejx9+93XVWyqHkL0m3lTa2AQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFSywRkpWoQ/JpafxUoDMtGILd6EMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvVkxMQkdTbGFoRDhtbHBfRlNnTXkwWWd0M29RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLgPwAwQC
Luh4MA0GCSqGSIb3DQEBCwUAA4IBAQA9WqbobueJoE3osEbdVbOigkp3I69Urp65
73HmVCr9lQwJplHk8dBwME/jYLgNVnZl0UlOcFLP3Gj/6bO68qxnfUXIqwQo8vyb
fPW/fupWyBOYk8tGIDlpl5wSlk4G3TqCTdKWCRCzakjwRaIMB7WGXQOD20FIsAjA
dmdkuPoXl9n2VihrZIwB3ITWxrOKm3Tg3WNWhOy+OMVpi+NWA+WwboODXbSkuCLX
kOHYOISr/6uRU/TzM71w/cd4mvNuZe/Q9XJbfZbQP0wr7vGgJugNhGTHTbnw5jT6
x1wLN5KRopB3cSOo3vpzoBwNIRko4ry5YNcUEpLoHlBp7H6fxmB6
-----END CERTIFICATE-----