Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/iNQ35d-u6-CD0rzJ08bW0wNu2oM.roa
File:                     iNQ35d-u6-CD0rzJ08bW0wNu2oM.roa (raw, json)
Hash identifier:          YfFEfSXyLm10VKzNLFyugbXvd3lXE9siAlKIUkO2Tk0=
Subject key identifier:   88:D4:37:E5:DF:AE:EB:E0:83:D2:BC:C9:D3:C6:D6:D3:03:6E:DA:83
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       01942369E96D79CEB48173227CF14EF22D13
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/iNQ35d-u6-CD0rzJ08bW0wNu2oM.roa
Signing time:             Wed 01 Jan 2025 19:48:51 +0000
ROA not before:           Wed 01 Jan 2025 19:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30407
IP address blocks:        46.232.48.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:e9:6d:79:ce:b4:81:73:22:7c:f1:4e:f2:2d:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  1 19:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=88d437e5dfaeebe083d2bcc9d3c6d6d3036eda83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:04:5e:dc:68:1e:da:5d:ef:24:07:ad:e9:a1:
                    b8:cb:52:d1:47:0b:82:95:62:b1:21:52:ec:64:52:
                    82:7a:26:a6:2b:19:7a:f0:a0:ef:b1:1a:ce:3b:2d:
                    80:e3:e5:06:62:e9:04:fe:ac:ea:82:14:55:b3:b6:
                    97:a6:dc:d9:8a:5e:a4:7b:f3:84:63:80:8f:53:7a:
                    66:4b:49:4c:4d:90:c1:b1:72:e3:70:6f:55:b3:99:
                    09:80:c0:2c:8a:4a:43:5c:57:aa:f9:ce:ec:04:fd:
                    f8:88:41:c6:f5:97:9a:1f:a8:b1:d5:b1:74:5f:28:
                    3f:82:57:0d:5e:06:72:3a:58:96:39:ae:62:b1:56:
                    7a:e8:48:5a:8f:a2:35:6c:0b:20:d8:f2:74:15:1d:
                    ce:ea:c4:ab:83:6b:6a:ae:be:e1:a2:75:c9:f6:9c:
                    45:ff:3f:c7:96:a3:2a:6c:a3:13:bd:83:2c:f3:33:
                    ea:52:b1:10:e5:7c:08:3f:cc:fe:d5:e7:4b:a6:6f:
                    a9:9f:02:4a:17:25:44:e7:d9:54:7b:a0:e5:3a:fb:
                    30:47:12:fb:82:63:c6:a4:0c:a2:90:26:65:26:64:
                    e5:93:36:e0:d8:38:31:a0:8c:95:ef:c5:95:eb:49:
                    52:a6:e5:15:fd:78:69:0c:22:93:54:ff:86:27:ac:
                    f5:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:D4:37:E5:DF:AE:EB:E0:83:D2:BC:C9:D3:C6:D6:D3:03:6E:DA:83
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/iNQ35d-u6-CD0rzJ08bW0wNu2oM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.232.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         08:d2:6f:36:e6:64:43:a9:c4:11:9a:1d:ed:63:c5:84:21:1e:
         6e:7c:f3:fe:9e:c1:6d:d4:26:99:47:53:1b:4b:c5:6a:86:ba:
         64:f8:6f:a8:70:ac:f2:f3:33:33:cf:2e:96:fe:02:a2:89:34:
         26:a0:51:69:76:8c:f5:e9:77:51:a3:d5:25:d7:b0:3e:cf:3f:
         06:c8:7c:db:fd:f2:c0:d2:50:19:50:87:5f:8a:46:70:39:28:
         0b:49:3c:c0:f6:88:c7:a0:56:c5:e4:41:6e:2c:3f:88:89:b8:
         49:92:2d:5b:4c:87:5b:a9:38:26:2e:4e:c2:1b:b6:86:8a:56:
         04:3c:dc:d6:79:44:2f:a3:9b:37:f4:4d:b0:28:f9:93:d4:3c:
         29:d8:b8:38:3e:d1:8a:2a:f5:60:5d:9d:0e:67:d6:7f:88:49:
         e6:33:7c:d7:c7:1f:e7:24:fd:d9:b1:b4:2a:cf:fb:f0:7c:3b:
         11:1b:70:67:a8:6d:c7:2a:17:97:5f:44:18:d1:c6:53:02:60:
         51:a7:df:73:90:ad:87:4e:cf:06:08:c2:94:71:36:98:38:11:
         2e:7a:ee:b1:35:d3:77:57:07:6f:29:ce:1b:35:8f:e6:7d:ee:
         e2:f9:5a:49:fe:4f:ba:54:3d:ca:a3:bb:57:e4:0c:1e:df:0e:
         ee:7e:b4:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaeltec60gXMifPFO8i0TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjUwMTAxMTk0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGQ0MzdlNWRmYWVlYmUwODNkMmJjYzlkM2M2ZDZkMzAzNmVkYTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAugRe3Gge2l3vJAet6aG4y1LRRwuC
lWKxIVLsZFKCeiamKxl68KDvsRrOOy2A4+UGYukE/qzqghRVs7aXptzZil6ke/OE
Y4CPU3pmS0lMTZDBsXLjcG9Vs5kJgMAsikpDXFeq+c7sBP34iEHG9ZeaH6ix1bF0
Xyg/glcNXgZyOliWOa5isVZ66Ehaj6I1bAsg2PJ0FR3O6sSrg2tqrr7honXJ9pxF
/z/HlqMqbKMTvYMs8zPqUrEQ5XwIP8z+1edLpm+pnwJKFyVE59lUe6DlOvswRxL7
gmPGpAyikCZlJmTlkzbg2DgxoIyV78WV60lSpuUV/XhpDCKTVP+GJ6z1aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIjUN+Xfruvgg9K8ydPG1tMDbtqDMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvaU5RMzVkLXU2LUNEMHJ6SjA4Ylcwd051Mm9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQELugwMA0G
CSqGSIb3DQEBCwUAA4IBAQAI0m825mRDqcQRmh3tY8WEIR5ufPP+nsFt1CaZR1Mb
S8Vqhrpk+G+ocKzy8zMzzy6W/gKiiTQmoFFpdoz16XdRo9Ul17A+zz8GyHzb/fLA
0lAZUIdfikZwOSgLSTzA9ojHoFbF5EFuLD+IibhJki1bTIdbqTgmLk7CG7aGilYE
PNzWeUQvo5s39E2wKPmT1Dwp2Lg4PtGKKvVgXZ0OZ9Z/iEnmM3zXxx/nJP3ZsbQq
z/vwfDsRG3BnqG3HKheXX0QY0cZTAmBRp99zkK2HTs8GCMKUcTaYOBEueu6xNdN3
VwdvKc4bNY/mfe7i+VpJ/k+6VD3Ko7tX5Awe3w7ufrQ3
-----END CERTIFICATE-----