Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/y5bjjlCHP_eMFY_hKvS_Ckup73A.roa
File:                     y5bjjlCHP_eMFY_hKvS_Ckup73A.roa (raw, json)
Hash identifier:          1nyFzL3E1AO+7HEYIZ5GRJyB6HFnz3QPQnBu/sN+QyU=
Subject key identifier:   CB:96:E3:8E:50:87:3F:F7:8C:15:8F:E1:2A:F4:BF:0A:4B:A9:EF:70
Certificate issuer:       /CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
Certificate serial:       0192B44645C985FE4F0C006DB43FFFA86580
Authority key identifier: D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/y5bjjlCHP_eMFY_hKvS_Ckup73A.roa
Signing time:             Tue 22 Oct 2024 12:49:17 +0000
ROA not before:           Tue 22 Oct 2024 12:49:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5483
IP address blocks:        46.183.186.0/24 maxlen: 24
                          89.46.237.0/24 maxlen: 24
                          2a03:f80:36::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b4:46:45:c9:85:fe:4f:0c:00:6d:b4:3f:ff:a8:65:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d217b472c841c1d68550a24f1936d29cc6c28f6a
        Validity
            Not Before: Oct 22 12:49:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb96e38e50873ff78c158fe12af4bf0a4ba9ef70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:80:cb:f6:e3:88:5b:3b:f6:46:ba:12:ea:91:
                    5c:54:f6:54:3e:49:2f:3f:8b:1d:82:75:7d:36:3b:
                    f3:66:4e:9f:9e:18:a9:ae:91:23:46:9e:9b:81:4d:
                    5f:40:b4:52:78:5c:3d:31:ce:b2:48:48:5e:43:24:
                    d1:4e:3b:b7:e5:ca:a8:a8:cb:09:1c:f0:fb:24:22:
                    1b:6f:ba:87:19:ab:02:8f:31:b5:a5:6f:b9:2c:e3:
                    b2:01:9a:ed:fc:0c:d3:5e:90:91:8b:05:59:68:60:
                    13:d5:1d:86:95:12:fb:b8:49:f1:56:19:13:4d:37:
                    3b:ad:9e:08:10:04:74:aa:5a:7a:29:ff:a4:0e:9b:
                    cb:ab:30:c6:bc:e1:06:6f:be:14:2a:17:0e:ff:2a:
                    20:78:bc:bf:a7:df:46:43:a1:98:15:7a:5a:69:6c:
                    40:ed:a6:f5:eb:dc:93:8d:5d:5d:fb:fe:17:da:d5:
                    0b:97:74:18:ea:16:42:72:50:e7:91:4a:dc:90:8e:
                    c4:81:44:0e:a8:c3:b4:40:cd:25:ef:fd:14:f0:d6:
                    d9:c6:24:51:ad:7a:42:14:ff:48:1a:c0:43:0e:e7:
                    c2:2e:4a:a9:4d:d2:39:7e:69:79:0e:77:e7:48:0d:
                    5f:2f:82:b4:f1:df:6a:54:38:d2:da:4b:9a:21:e8:
                    a5:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:96:E3:8E:50:87:3F:F7:8C:15:8F:E1:2A:F4:BF:0A:4B:A9:EF:70
            X509v3 Authority Key Identifier:
                keyid:D2:17:B4:72:C8:41:C1:D6:85:50:A2:4F:19:36:D2:9C:C6:C2:8F:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0he0cshBwdaFUKJPGTbSnMbCj2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/y5bjjlCHP_eMFY_hKvS_Ckup73A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/290e44-b479-46cf-ab4b-b38e2677b3dc/1/0he0cshBwdaFUKJPGTbSnMbCj2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.186.0/24
                  89.46.237.0/24
                IPv6:
                  2a03:f80:36::/48

    Signature Algorithm: sha256WithRSAEncryption
         53:4e:cf:bb:3c:e8:07:49:50:ab:ee:71:a8:fb:a6:5f:9b:05:
         bf:7d:10:72:a7:20:fa:a8:bf:93:88:93:a1:3b:a1:3c:89:8f:
         3c:7f:c0:a1:38:b7:44:89:d8:ff:99:27:33:7e:30:29:10:d2:
         7e:21:ed:af:c6:cc:5d:ba:ac:a0:dd:7c:31:a5:a9:66:17:dc:
         e4:26:08:01:dd:7d:54:d6:ad:8b:51:4f:71:7a:3a:6f:3d:88:
         a5:47:e5:34:d4:1d:f8:6b:75:da:a2:36:fe:c0:ba:76:41:fc:
         d5:b4:89:b9:a7:cd:42:0d:44:42:90:61:df:83:b3:0e:33:7c:
         b4:12:7d:6a:27:8b:9c:c2:79:0b:e2:8f:ac:84:0c:a6:80:9d:
         86:46:e9:02:3f:9d:28:54:69:b2:54:e0:cb:0a:18:18:15:d1:
         01:5e:b1:d5:94:6e:2b:61:53:0f:cb:8a:dd:a6:cf:48:7f:e2:
         da:e2:c2:cf:b7:f4:60:24:67:14:46:2b:b2:bd:84:4b:b0:d6:
         e3:e0:f2:5b:d4:13:2d:c3:99:3e:bb:28:b7:42:9a:8f:59:ab:
         ef:a6:25:d5:89:39:ad:20:ba:10:00:fc:ea:b3:dc:9e:a4:d8:
         e3:cf:cb:d5:0d:49:21:d3:a4:6a:8b:1a:76:85:d4:4e:a0:e4:
         a1:d3:1a:16
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZK0RkXJhf5PDABttD//qGWAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyMTdiNDcyYzg0MWMxZDY4NTUwYTI0ZjE5MzZkMjljYzZj
MjhmNmEwHhcNMjQxMDIyMTI0OTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjk2ZTM4ZTUwODczZmY3OGMxNThmZTEyYWY0YmYwYTRiYTllZjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAroDL9uOIWzv2RroS6pFcVPZUPkkv
P4sdgnV9NjvzZk6fnhiprpEjRp6bgU1fQLRSeFw9Mc6ySEheQyTRTju35cqoqMsJ
HPD7JCIbb7qHGasCjzG1pW+5LOOyAZrt/AzTXpCRiwVZaGAT1R2GlRL7uEnxVhkT
TTc7rZ4IEAR0qlp6Kf+kDpvLqzDGvOEGb74UKhcO/yogeLy/p99GQ6GYFXpaaWxA
7ab169yTjV1d+/4X2tULl3QY6hZCclDnkUrckI7EgUQOqMO0QM0l7/0U8NbZxiRR
rXpCFP9IGsBDDufCLkqpTdI5fml5DnfnSA1fL4K08d9qVDjS2kuaIeil8QIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFMuW445Qhz/3jBWP4Sr0vwpLqe9wMB8GA1UdIwQY
MBaAFNIXtHLIQcHWhVCiTxk20pzGwo9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGIt
YjM4ZTI2NzdiM2RjLzEveTViampsQ0hQX2VNRllfaEt2U19Da3VwNzNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8yOTBlNDQtYjQ3OS00NmNmLWFiNGItYjM4ZTI2NzdiM2Rj
LzEvMGhlMGNzaEJ3ZGFGVUtKUEdUYlNuTWJDajJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQALre6AwQA
WS7tMA8EAgACMAkDBwAqAw+AADYwDQYJKoZIhvcNAQELBQADggEBAFNOz7s86AdJ
UKvucaj7pl+bBb99EHKnIPqov5OIk6E7oTyJjzx/wKE4t0SJ2P+ZJzN+MCkQ0n4h
7a/GzF26rKDdfDGlqWYX3OQmCAHdfVTWrYtRT3F6Om89iKVH5TTUHfhrddqiNv7A
unZB/NW0ibmnzUINREKQYd+Dsw4zfLQSfWoni5zCeQvij6yEDKaAnYZG6QI/nShU
abJU4MsKGBgV0QFesdWUbithUw/Lit2mz0h/4triws+39GAkZxRGK7K9hEuw1uPg
8lvUEy3DmT67KLdCmo9Zq++mJdWJOa0guhAA/Oqz3J6k2OPPy9UNSSHTpGqLGnaF
1E6g5KHTGhY=
-----END CERTIFICATE-----