Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/flLeHrhnVUUBvbelfnCGU_lIF74.roa
File:                     flLeHrhnVUUBvbelfnCGU_lIF74.roa (raw, json)
Hash identifier:          peozI3VK+tjqmVXSoTJY3nUMesdpXI2cFTpVmsR6bys=
Subject key identifier:   7E:52:DE:1E:B8:67:55:45:01:BD:B7:A5:7E:70:86:53:F9:48:17:BE
Certificate issuer:       /CN=3bd9a177bb5dfb6eabe4cad79def8f8b005df656
Certificate serial:       01926D9C498151A0DBACBC04D70A4F99B39E
Authority key identifier: 3B:D9:A1:77:BB:5D:FB:6E:AB:E4:CA:D7:9D:EF:8F:8B:00:5D:F6:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O9mhd7td-26r5MrXne-PiwBd9lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/flLeHrhnVUUBvbelfnCGU_lIF74.roa
Signing time:             Tue 08 Oct 2024 19:30:11 +0000
ROA not before:           Tue 08 Oct 2024 19:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        46.31.164.0/24 maxlen: 24
                          213.190.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/O9mhd7td-26r5MrXne-PiwBd9lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/O9mhd7td-26r5MrXne-PiwBd9lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O9mhd7td-26r5MrXne-PiwBd9lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:6d:9c:49:81:51:a0:db:ac:bc:04:d7:0a:4f:99:b3:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bd9a177bb5dfb6eabe4cad79def8f8b005df656
        Validity
            Not Before: Oct  8 19:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e52de1eb867554501bdb7a57e708653f94817be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:44:1e:21:74:af:6a:fb:f1:5f:be:dd:8c:c0:
                    d0:d8:6c:e8:1a:12:be:16:9d:5e:9d:2b:d7:dd:8f:
                    a1:8b:91:a8:6a:64:49:cd:dc:60:3e:49:87:08:92:
                    39:4b:27:4d:0a:0f:8d:6a:c9:52:b8:3b:19:8c:c8:
                    b2:67:ee:68:74:aa:3b:63:20:e9:03:19:c4:41:74:
                    5f:c3:a3:f9:77:1a:f5:25:f4:94:f1:e0:91:cb:6f:
                    21:11:fd:48:9a:a8:dc:ab:fb:c9:36:f3:3d:f3:9c:
                    57:4e:7a:71:ce:14:fb:00:af:af:77:ef:0d:69:35:
                    53:28:3d:2f:ea:c1:ab:48:96:21:e5:c9:2a:b9:dd:
                    f7:4d:56:0c:b3:91:6a:49:78:47:e3:fd:4f:8c:c9:
                    1c:c0:9a:f3:69:58:94:92:bb:d6:ac:16:5b:b6:44:
                    66:1e:f7:59:00:80:cb:b0:3e:6e:ba:89:9c:8b:10:
                    33:68:7b:73:8c:90:4b:b5:f3:86:64:be:f5:f2:07:
                    70:e5:a9:cf:ad:d6:ca:87:ea:6e:4b:2d:8b:95:64:
                    ac:fa:29:6b:84:3a:f8:af:51:80:84:10:1c:a8:7d:
                    03:2e:34:c1:b1:88:bc:be:bc:97:78:81:7c:04:22:
                    7b:82:e1:c6:7b:8b:30:c9:07:cf:aa:ac:37:2a:b6:
                    08:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:52:DE:1E:B8:67:55:45:01:BD:B7:A5:7E:70:86:53:F9:48:17:BE
            X509v3 Authority Key Identifier:
                keyid:3B:D9:A1:77:BB:5D:FB:6E:AB:E4:CA:D7:9D:EF:8F:8B:00:5D:F6:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O9mhd7td-26r5MrXne-PiwBd9lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/flLeHrhnVUUBvbelfnCGU_lIF74.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/c0d467-f62a-419c-be85-e38030b69d5a/1/O9mhd7td-26r5MrXne-PiwBd9lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.164.0/24
                  213.190.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:40:5a:7f:3e:a4:f0:7a:11:2e:90:9c:cb:26:1e:84:32:9a:
         db:44:7b:d2:69:35:3a:1e:fd:33:34:e3:53:7a:d3:a7:b4:81:
         4c:52:9c:ef:ef:0d:ab:69:d6:b0:7b:0e:0d:c0:e1:7e:88:42:
         4a:9d:c8:cf:a2:b4:81:c0:c6:65:ce:5e:ba:14:ec:4c:6a:52:
         7b:a0:06:05:32:eb:0e:a2:95:c9:43:f5:9a:ca:ba:6e:32:57:
         0e:34:d0:ee:7c:09:a9:b1:dd:51:6f:8f:e6:24:ef:80:75:aa:
         98:fc:07:f1:d0:17:a8:ab:c3:00:f7:6c:4b:cf:84:77:18:73:
         74:8b:f6:de:f8:30:cf:d2:f4:5f:0b:2d:95:6d:90:99:8a:e8:
         f4:f9:fb:4a:56:55:de:84:7b:3f:dd:43:47:38:71:8c:29:30:
         e1:ab:2f:98:c5:03:f3:6f:b3:10:af:c0:be:63:54:5c:81:31:
         13:44:0d:b3:b0:a7:5a:14:74:fa:f0:a7:6a:bd:ae:f4:53:79:
         e7:73:dd:af:97:83:c6:58:3f:4e:ca:3d:9f:44:b8:1d:84:97:
         e4:b3:65:50:6c:e5:df:5b:06:8b:43:4f:cb:3b:d8:21:7d:89:
         c1:0e:a5:6c:06:11:dd:57:4c:6a:f6:29:49:cc:6b:e7:26:d3:
         47:4a:ae:78
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZJtnEmBUaDbrLwE1wpPmbOeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiZDlhMTc3YmI1ZGZiNmVhYmU0Y2FkNzlkZWY4ZjhiMDA1
ZGY2NTYwHhcNMjQxMDA4MTkzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTUyZGUxZWI4Njc1NTQ1MDFiZGI3YTU3ZTcwODY1M2Y5NDgxN2JlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokQeIXSvavvxX77djMDQ2GzoGhK+
Fp1enSvX3Y+hi5GoamRJzdxgPkmHCJI5SydNCg+NaslSuDsZjMiyZ+5odKo7YyDp
AxnEQXRfw6P5dxr1JfSU8eCRy28hEf1Imqjcq/vJNvM985xXTnpxzhT7AK+vd+8N
aTVTKD0v6sGrSJYh5ckqud33TVYMs5FqSXhH4/1PjMkcwJrzaViUkrvWrBZbtkRm
HvdZAIDLsD5uuomcixAzaHtzjJBLtfOGZL718gdw5anPrdbKh+puSy2LlWSs+ilr
hDr4r1GAhBAcqH0DLjTBsYi8vryXeIF8BCJ7guHGe4swyQfPqqw3KrYILwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH5S3h64Z1VFAb23pX5whlP5SBe+MB8GA1UdIwQY
MBaAFDvZoXe7Xftuq+TK153vj4sAXfZWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzltaGQ3dGQtMjZyNU1yWG5lLVBpd0JkOWxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9jMGQ0NjctZjYyYS00MTljLWJlODUt
ZTM4MDMwYjY5ZDVhLzEvZmxMZUhyaG5WVVVCdmJlbGZuQ0dVX2xJRjc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9jMGQ0NjctZjYyYS00MTljLWJlODUtZTM4MDMwYjY5ZDVh
LzEvTzltaGQ3dGQtMjZyNU1yWG5lLVBpd0JkOWxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALh+kAwQA
1b4OMA0GCSqGSIb3DQEBCwUAA4IBAQAKQFp/PqTwehEukJzLJh6EMprbRHvSaTU6
Hv0zNONTetOntIFMUpzv7w2radawew4NwOF+iEJKncjPorSBwMZlzl66FOxMalJ7
oAYFMusOopXJQ/WayrpuMlcONNDufAmpsd1Rb4/mJO+AdaqY/Afx0Beoq8MA92xL
z4R3GHN0i/be+DDP0vRfCy2VbZCZiuj0+ftKVlXehHs/3UNHOHGMKTDhqy+YxQPz
b7MQr8C+Y1RcgTETRA2zsKdaFHT68Kdqva70U3nnc92vl4PGWD9Oyj2fRLgdhJfk
s2VQbOXfWwaLQ0/LO9ghfYnBDqVsBhHdV0xq9ilJzGvnJtNHSq54
-----END CERTIFICATE-----