Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/v3LEWwb7-BnUG0FAp9GVaKai1sM.roa
File:                     v3LEWwb7-BnUG0FAp9GVaKai1sM.roa (raw, json)
Hash identifier:          6xuEY0uVvo0VRgPSx6X6lfBAEXh+XNCgDQ3GmriYnQA=
Subject key identifier:   BF:72:C4:5B:06:FB:F8:19:D4:1B:41:40:A7:D1:95:68:A6:A2:D6:C3
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       0191BC245307F9585ACE15CA8CB21BC071E2
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/v3LEWwb7-BnUG0FAp9GVaKai1sM.roa
Signing time:             Wed 04 Sep 2024 08:26:22 +0000
ROA not before:           Wed 04 Sep 2024 08:26:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49304
IP address blocks:        46.3.96.0/20 maxlen: 24
                          46.232.48.0/21 maxlen: 24
                          46.232.56.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bc:24:53:07:f9:58:5a:ce:15:ca:8c:b2:1b:c0:71:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Sep  4 08:26:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf72c45b06fbf819d41b4140a7d19568a6a2d6c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:5c:ed:28:b7:97:7c:85:08:33:de:e5:fc:43:
                    52:f2:9f:1c:b4:13:cb:69:44:ff:13:89:29:9c:d8:
                    24:4a:97:47:a2:eb:3f:e3:9f:65:c4:a1:37:aa:b7:
                    4a:5b:03:c0:cb:17:ad:80:61:21:82:98:46:c5:a0:
                    0c:33:43:93:57:39:bc:a8:77:fb:16:0f:3e:1c:68:
                    ce:9e:8e:bb:d3:fe:e3:4d:d3:df:fb:e1:f1:ef:40:
                    99:57:ed:47:26:b3:51:c3:c9:0c:01:19:93:cc:84:
                    0f:e3:0b:14:ad:31:aa:ed:b3:1d:c4:73:21:f6:35:
                    70:9d:24:8c:73:01:ec:31:23:36:39:e3:f1:54:eb:
                    cc:7f:4e:14:6c:f1:24:57:a5:92:d6:99:5d:9a:1d:
                    41:48:90:f9:42:71:e8:57:35:2a:3f:c4:5a:ab:4f:
                    ba:6a:97:f5:68:1d:62:d2:e3:f7:00:20:ed:c8:c1:
                    52:1f:dc:36:50:7a:c0:7b:a4:b6:d8:8c:08:c8:48:
                    f9:d1:27:11:b1:9b:72:7d:75:6b:77:57:a0:09:19:
                    77:30:fc:61:10:5b:94:ed:35:d0:5c:c1:28:b0:82:
                    5a:21:51:60:e4:7b:42:58:43:10:f7:16:a4:4c:3e:
                    f4:00:c3:27:23:27:da:c4:9d:de:3b:50:2e:44:61:
                    23:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:72:C4:5B:06:FB:F8:19:D4:1B:41:40:A7:D1:95:68:A6:A2:D6:C3
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/v3LEWwb7-BnUG0FAp9GVaKai1sM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.96.0/20
                  46.232.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         16:eb:ea:aa:8f:5c:ab:e0:27:99:0b:3a:05:68:a1:4b:a8:6a:
         39:cb:fc:26:85:cf:ff:72:44:57:3e:62:4d:5f:6d:53:8e:81:
         4a:39:8a:1f:75:c8:b5:e4:5d:03:1b:80:ec:bc:e8:2e:1d:c6:
         0e:6f:14:ed:42:02:a2:f1:b2:43:1f:fd:59:91:25:94:30:79:
         21:31:f7:3b:e1:50:f5:ef:37:71:92:f1:24:52:03:5b:da:7e:
         23:fe:33:d5:97:5f:6a:92:2a:e7:51:ff:3f:d6:69:87:de:a9:
         24:26:91:74:6e:18:c5:c9:07:d0:a6:97:92:ab:73:01:46:f5:
         bd:5d:34:b1:da:28:0a:96:88:c7:d4:20:3d:8d:fa:b4:8a:d3:
         8c:83:ef:94:3f:56:19:20:52:79:ce:c7:a2:fa:40:0f:ab:c7:
         9d:83:91:3b:a1:fe:b6:f5:29:9a:87:2b:9e:d3:d4:b3:7e:fd:
         c1:54:93:ba:cf:04:66:19:98:e8:6a:3d:d0:4a:59:21:60:21:
         04:51:13:1b:97:70:ca:3b:1a:35:13:2e:06:90:52:45:f6:74:
         cf:a8:71:18:df:4d:83:c0:df:3a:ed:5d:ba:74:08:b0:d7:be:
         31:59:11:63:2e:d5:ce:0e:b2:94:c4:f4:78:8b:ee:95:bb:7b:
         5a:61:67:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZG8JFMH+VhazhXKjLIbwHHiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjQwOTA0MDgyNjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjcyYzQ1YjA2ZmJmODE5ZDQxYjQxNDBhN2QxOTU2OGE2YTJkNmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1ztKLeXfIUIM97l/ENS8p8ctBPL
aUT/E4kpnNgkSpdHous/459lxKE3qrdKWwPAyxetgGEhgphGxaAMM0OTVzm8qHf7
Fg8+HGjOno670/7jTdPf++Hx70CZV+1HJrNRw8kMARmTzIQP4wsUrTGq7bMdxHMh
9jVwnSSMcwHsMSM2OePxVOvMf04UbPEkV6WS1pldmh1BSJD5QnHoVzUqP8Raq0+6
apf1aB1i0uP3ACDtyMFSH9w2UHrAe6S22IwIyEj50ScRsZtyfXVrd1egCRl3MPxh
EFuU7TXQXMEosIJaIVFg5HtCWEMQ9xakTD70AMMnIyfaxJ3eO1AuRGEjwwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFL9yxFsG+/gZ1BtBQKfRlWimotbDMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvdjNMRVd3YjctQm5VRzBGQXA5R1ZhS2FpMXNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQELgNgAwQE
LugwMA0GCSqGSIb3DQEBCwUAA4IBAQAW6+qqj1yr4CeZCzoFaKFLqGo5y/wmhc//
ckRXPmJNX21TjoFKOYofdci15F0DG4DsvOguHcYObxTtQgKi8bJDH/1ZkSWUMHkh
Mfc74VD17zdxkvEkUgNb2n4j/jPVl19qkirnUf8/1mmH3qkkJpF0bhjFyQfQppeS
q3MBRvW9XTSx2igKlojH1CA9jfq0itOMg++UP1YZIFJ5zsei+kAPq8edg5E7of62
9Smahyue09Szfv3BVJO6zwRmGZjoaj3QSlkhYCEEURMbl3DKOxo1Ey4GkFJF9nTP
qHEY302DwN867V26dAiw174xWRFjLtXODrKUxPR4i+6Vu3taYWcC
-----END CERTIFICATE-----