Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/sREyx3bLJb0XgAC5PV-gWyipruU.roa
File:                     sREyx3bLJb0XgAC5PV-gWyipruU.roa (raw, json)
Hash identifier:          2duZA3T201SbKb4p5/N3A8WtcK0qxupvIJyRFQ+mYIc=
Subject key identifier:   B1:11:32:C7:76:CB:25:BD:17:80:00:B9:3D:5F:A0:5B:28:A9:AE:E5
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       01946EC44F38DC387142122894E263CF24D3
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/sREyx3bLJb0XgAC5PV-gWyipruU.roa
Signing time:             Thu 16 Jan 2025 10:59:06 +0000
ROA not before:           Thu 16 Jan 2025 10:59:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        46.3.117.0/24 maxlen: 24
                          46.3.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:6e:c4:4f:38:dc:38:71:42:12:28:94:e2:63:cf:24:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan 16 10:59:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b11132c776cb25bd178000b93d5fa05b28a9aee5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c4:34:b4:67:10:ad:51:08:1c:76:d9:22:5a:
                    c0:4e:ea:a5:2e:12:b4:93:47:ed:09:c5:d6:1b:d7:
                    a3:c1:36:f8:a4:7f:c1:8d:e4:68:d5:1a:9b:d6:25:
                    e5:86:a9:1d:e1:0e:17:a3:3a:1a:4b:07:4d:7c:cf:
                    c0:b2:1f:27:6d:0d:d4:c4:02:ac:f7:48:71:83:f0:
                    05:c1:a1:d4:52:d7:06:b3:4e:f2:d2:19:18:43:03:
                    c5:a8:09:b2:36:87:15:89:e3:e6:72:77:2f:b8:4a:
                    b6:db:20:9b:b7:30:86:6f:6b:bf:33:ed:8d:46:fa:
                    f3:8a:cf:b4:a4:9d:12:51:d9:a2:72:88:85:5a:ec:
                    44:72:e4:69:a1:30:31:2f:9f:d5:17:9c:77:1c:c3:
                    8e:7f:75:d8:56:9a:fe:84:eb:52:a8:bc:c7:51:69:
                    9b:64:b9:ce:f1:96:bc:08:5a:bc:53:41:d0:03:fb:
                    fa:13:c6:8b:e2:45:dd:37:34:54:43:cc:a2:b0:67:
                    08:c1:00:42:b0:36:78:e8:71:c5:b8:f3:74:2e:25:
                    a6:16:cf:99:6b:f9:88:f8:29:a2:3d:74:d1:ef:5d:
                    1a:b3:cd:e7:d9:40:94:4a:35:c7:59:99:65:51:9e:
                    e6:08:4f:e5:71:1d:5f:18:a8:9e:dc:3f:ed:f8:28:
                    6e:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:11:32:C7:76:CB:25:BD:17:80:00:B9:3D:5F:A0:5B:28:A9:AE:E5
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/sREyx3bLJb0XgAC5PV-gWyipruU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.117.0/24
                  46.3.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:55:5f:e0:c6:7d:38:9a:31:11:c7:28:5b:0c:a7:9c:51:9c:
         c5:c6:88:03:ce:d0:01:b3:e4:7f:83:9a:78:e4:4a:fa:dd:21:
         32:9a:e1:e7:fd:4a:fa:bb:65:f5:39:79:83:bf:d5:ff:f1:d0:
         13:f5:09:63:a3:88:5f:58:ad:b7:7d:43:d1:ff:e5:c5:50:43:
         8d:53:e4:66:7e:42:87:92:6b:d2:07:4e:0f:25:ef:c4:80:f3:
         9f:b2:8b:40:07:b3:78:ce:86:37:6e:fd:98:6f:d6:e8:98:9f:
         8b:6a:3b:d2:52:25:78:a3:17:ff:37:5f:f8:84:95:69:71:2d:
         ce:d9:43:22:f3:85:fe:df:d1:84:1f:66:15:cc:f2:67:96:8d:
         96:78:08:eb:d7:fc:00:12:98:0d:ea:0f:c2:5f:ae:80:89:5b:
         f2:33:5b:09:ba:1d:a0:f4:66:44:33:c3:5f:07:8e:d7:a9:22:
         70:3f:03:20:d2:fe:5f:1e:f8:a4:fa:99:39:4c:d2:25:b2:6e:
         ae:be:10:ab:2e:07:d1:9b:2e:11:a4:37:d7:c7:a1:62:4a:56:
         31:c0:74:42:7b:47:82:aa:7e:30:a6:3c:2f:7c:b4:de:61:63:
         8a:aa:e2:bd:1a:8e:ef:3b:32:c3:bc:b4:d7:8e:80:52:86:a1:
         35:f0:ad:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZRuxE843DhxQhIolOJjzyTTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjUwMTE2MTA1OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTExMzJjNzc2Y2IyNWJkMTc4MDAwYjkzZDVmYTA1YjI4YTlhZWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqsQ0tGcQrVEIHHbZIlrATuqlLhK0
k0ftCcXWG9ejwTb4pH/BjeRo1Rqb1iXlhqkd4Q4XozoaSwdNfM/Ash8nbQ3UxAKs
90hxg/AFwaHUUtcGs07y0hkYQwPFqAmyNocViePmcncvuEq22yCbtzCGb2u/M+2N
Rvrzis+0pJ0SUdmicoiFWuxEcuRpoTAxL5/VF5x3HMOOf3XYVpr+hOtSqLzHUWmb
ZLnO8Za8CFq8U0HQA/v6E8aL4kXdNzRUQ8yisGcIwQBCsDZ46HHFuPN0LiWmFs+Z
a/mI+CmiPXTR710as83n2UCUSjXHWZllUZ7mCE/lcR1fGKie3D/t+Chu6QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLERMsd2yyW9F4AAuT1foFsoqa7lMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvc1JFeXgzYkxKYjBYZ0FDNVBWLWdXeWlwcnVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALgN1AwQA
LgO+MA0GCSqGSIb3DQEBCwUAA4IBAQBEVV/gxn04mjERxyhbDKecUZzFxogDztAB
s+R/g5p45Er63SEymuHn/Ur6u2X1OXmDv9X/8dAT9Qljo4hfWK23fUPR/+XFUEON
U+RmfkKHkmvSB04PJe/EgPOfsotAB7N4zoY3bv2Yb9bomJ+LajvSUiV4oxf/N1/4
hJVpcS3O2UMi84X+39GEH2YVzPJnlo2WeAjr1/wAEpgN6g/CX66AiVvyM1sJuh2g
9GZEM8NfB47XqSJwPwMg0v5fHvik+pk5TNIlsm6uvhCrLgfRmy4RpDfXx6FiSlYx
wHRCe0eCqn4wpjwvfLTeYWOKquK9Go7vOzLDvLTXjoBShqE18K1q
-----END CERTIFICATE-----