Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/fe3d1a-ec07-4033-b40c-ca24361e7e4d/1/OpbuBeBMPY56pkwBZR4tNBE-DMU.roa
File:                     OpbuBeBMPY56pkwBZR4tNBE-DMU.roa (raw, json)
Hash identifier:          lRuoL/YZVNi85l4fI91YxgQgQA9ie2QE+joXnXg07e0=
Subject key identifier:   3A:96:EE:05:E0:4C:3D:8E:7A:A6:4C:01:65:1E:2D:34:11:3E:0C:C5
Certificate issuer:       /CN=311867bba7eeccf2b04c122ab8ec2cf1e72fc5ea
Certificate serial:       018CC56E444CAE6CD0FFCB97D1AF5B7DB933
Authority key identifier: 31:18:67:BB:A7:EE:CC:F2:B0:4C:12:2A:B8:EC:2C:F1:E7:2F:C5:EA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MRhnu6fuzPKwTBIquOws8ecvxeo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/fe3d1a-ec07-4033-b40c-ca24361e7e4d/1/OpbuBeBMPY56pkwBZR4tNBE-DMU.roa
Signing time:             Mon 01 Jan 2024 14:29:47 +0000
ROA not before:           Mon 01 Jan 2024 14:29:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39591
IP address blocks:        46.17.12.0/23 maxlen: 24
                          46.17.8.0/22 maxlen: 24
                          2a02:2870::/33 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/fe3d1a-ec07-4033-b40c-ca24361e7e4d/1/MRhnu6fuzPKwTBIquOws8ecvxeo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/fe3d1a-ec07-4033-b40c-ca24361e7e4d/1/MRhnu6fuzPKwTBIquOws8ecvxeo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MRhnu6fuzPKwTBIquOws8ecvxeo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:44:4c:ae:6c:d0:ff:cb:97:d1:af:5b:7d:b9:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=311867bba7eeccf2b04c122ab8ec2cf1e72fc5ea
        Validity
            Not Before: Jan  1 14:29:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a96ee05e04c3d8e7aa64c01651e2d34113e0cc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:16:ac:9d:fb:8f:0d:be:00:52:58:bd:5a:37:
                    da:fa:0a:74:2a:9e:c7:eb:24:42:eb:31:06:22:58:
                    b1:6d:35:36:60:b9:ba:ea:9f:ba:3a:a5:46:4a:fa:
                    31:c1:6c:ec:93:8b:39:86:33:94:bc:ed:ba:76:29:
                    78:f4:bb:cb:1b:90:c4:5e:c5:07:2c:e8:35:b9:5b:
                    ff:d0:a6:7a:29:22:eb:cb:45:c1:80:95:d6:d6:a3:
                    51:09:11:51:13:da:60:ca:fe:46:21:c9:eb:23:5c:
                    af:2e:28:ff:05:22:51:f5:91:16:65:1e:a8:6d:f2:
                    a7:44:6e:e2:85:56:05:ee:2b:a1:6b:fc:fb:59:a1:
                    09:98:bb:30:aa:c7:6b:56:bc:35:1b:ee:30:7a:40:
                    29:34:34:a8:e3:c8:29:3a:48:06:6d:b8:24:ba:21:
                    b8:53:9b:77:cf:40:7e:40:1e:de:5d:73:7e:8d:98:
                    6a:29:cd:d6:1d:be:6a:69:2d:e2:3c:d6:52:12:e8:
                    14:52:93:c4:a8:07:d7:79:2a:a9:14:9f:e9:81:fb:
                    29:3c:ab:55:68:a6:69:91:fb:40:9e:94:dd:ff:07:
                    a8:ec:b4:48:e5:2d:ff:79:ec:8b:90:60:e2:d0:34:
                    a2:90:24:02:16:39:4e:e6:0e:41:07:19:83:c4:53:
                    99:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:96:EE:05:E0:4C:3D:8E:7A:A6:4C:01:65:1E:2D:34:11:3E:0C:C5
            X509v3 Authority Key Identifier:
                keyid:31:18:67:BB:A7:EE:CC:F2:B0:4C:12:2A:B8:EC:2C:F1:E7:2F:C5:EA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MRhnu6fuzPKwTBIquOws8ecvxeo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/fe3d1a-ec07-4033-b40c-ca24361e7e4d/1/OpbuBeBMPY56pkwBZR4tNBE-DMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/fe3d1a-ec07-4033-b40c-ca24361e7e4d/1/MRhnu6fuzPKwTBIquOws8ecvxeo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.17.8.0-46.17.13.255
                IPv6:
                  2a02:2870::/33

    Signature Algorithm: sha256WithRSAEncryption
         7b:49:d8:db:72:46:ea:0c:95:0c:87:2b:6c:2a:b6:4b:03:81:
         8f:c6:83:8d:a7:c1:5a:56:00:ac:3a:eb:00:b7:28:27:db:dd:
         7e:24:4d:cd:68:0e:bc:b2:83:29:d5:50:8d:a2:fd:33:49:f1:
         04:3a:99:57:90:d7:55:09:66:70:c2:1f:97:4d:db:62:28:4a:
         e0:06:99:9c:38:81:c5:69:ef:f2:7d:53:14:70:45:3a:5a:33:
         6a:80:5d:ac:13:63:75:4e:83:c3:42:05:ce:4d:94:6c:94:10:
         f6:cc:fb:b4:c7:e5:cb:02:7e:03:06:db:4e:6a:c6:7f:52:34:
         df:0e:21:8b:2d:cd:a1:cc:88:35:7c:37:d2:51:b1:24:a5:96:
         dc:f3:16:61:dc:fb:51:c8:d5:6f:c0:ab:96:53:d0:15:16:26:
         a9:5f:b3:9f:25:bd:7a:55:97:fc:d0:c9:3c:d6:57:80:36:40:
         14:60:61:cd:ed:dd:b6:71:26:45:98:30:94:c5:dc:78:75:aa:
         4d:79:b6:7d:14:d2:34:5b:67:41:fd:43:de:df:9f:66:08:a0:
         d7:83:0f:96:8b:7c:d9:11:1c:5d:8c:14:0a:e0:69:a3:19:62:
         e2:a6:9f:93:c7:f3:49:cc:c6:0d:e9:4b:86:6f:36:db:2c:7a:
         1a:2d:17:7a
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYzFbkRMrmzQ/8uX0a9bfbkzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxMTg2N2JiYTdlZWNjZjJiMDRjMTIyYWI4ZWMyY2YxZTcy
ZmM1ZWEwHhcNMjQwMTAxMTQyOTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTk2ZWUwNWUwNGMzZDhlN2FhNjRjMDE2NTFlMmQzNDExM2UwY2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoBasnfuPDb4AUli9Wjfa+gp0Kp7H
6yRC6zEGIlixbTU2YLm66p+6OqVGSvoxwWzsk4s5hjOUvO26dil49LvLG5DEXsUH
LOg1uVv/0KZ6KSLry0XBgJXW1qNRCRFRE9pgyv5GIcnrI1yvLij/BSJR9ZEWZR6o
bfKnRG7ihVYF7iuha/z7WaEJmLswqsdrVrw1G+4wekApNDSo48gpOkgGbbgkuiG4
U5t3z0B+QB7eXXN+jZhqKc3WHb5qaS3iPNZSEugUUpPEqAfXeSqpFJ/pgfspPKtV
aKZpkftAnpTd/weo7LRI5S3/eeyLkGDi0DSikCQCFjlO5g5BBxmDxFOZwwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFDqW7gXgTD2OeqZMAWUeLTQRPgzFMB8GA1UdIwQY
MBaAFDEYZ7un7szysEwSKrjsLPHnL8XqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVJobnU2ZnV6UEt3VEJJcXVPd3M4ZWN2eGVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mZTNkMWEtZWMwNy00MDMzLWI0MGMt
Y2EyNDM2MWU3ZTRkLzEvT3BidUJlQk1QWTU2cGt3QlpSNHROQkUtRE1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mZTNkMWEtZWMwNy00MDMzLWI0MGMtY2EyNDM2MWU3ZTRk
LzEvTVJobnU2ZnV6UEt3VEJJcXVPd3M4ZWN2eGVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAUBAIAATAOMAwDBAMuEQgD
BAEuEQwwDgQCAAIwCAMGByoCKHAAMA0GCSqGSIb3DQEBCwUAA4IBAQB7Sdjbckbq
DJUMhytsKrZLA4GPxoONp8FaVgCsOusAtygn291+JE3NaA68soMp1VCNov0zSfEE
OplXkNdVCWZwwh+XTdtiKErgBpmcOIHFae/yfVMUcEU6WjNqgF2sE2N1ToPDQgXO
TZRslBD2zPu0x+XLAn4DBttOasZ/UjTfDiGLLc2hzIg1fDfSUbEkpZbc8xZh3PtR
yNVvwKuWU9AVFiapX7OfJb16VZf80Mk81leANkAUYGHN7d22cSZFmDCUxdx4dapN
ebZ9FNI0W2dB/UPe359mCKDXgw+Wi3zZERxdjBQK4GmjGWLipp+Tx/NJzMYN6UuG
bzbbLHoaLRd6
-----END CERTIFICATE-----