Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/VaX-bnyKsywGaJlVPSDDKJqz5W8.roa
File:                     VaX-bnyKsywGaJlVPSDDKJqz5W8.roa (raw, json)
Hash identifier:          yrPK0kuLKr/ctpzQ4xyQFy3a/NegRzHfSkhUDHGrOaU=
Subject key identifier:   55:A5:FE:6E:7C:8A:B3:2C:06:68:99:55:3D:20:C3:28:9A:B3:E5:6F
Certificate issuer:       /CN=d8284f18cd44604bdd6d08f4d878dc61456c40fd
Certificate serial:       018F99BB5EC53445771B7091E954D5CA48A3
Authority key identifier: D8:28:4F:18:CD:44:60:4B:DD:6D:08:F4:D8:78:DC:61:45:6C:40:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/VaX-bnyKsywGaJlVPSDDKJqz5W8.roa
Signing time:             Tue 21 May 2024 05:59:04 +0000
ROA not before:           Tue 21 May 2024 05:59:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207821
IP address blocks:        46.252.2.0/24 maxlen: 24
                          46.252.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 26 Jun 2024 20:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:99:bb:5e:c5:34:45:77:1b:70:91:e9:54:d5:ca:48:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8284f18cd44604bdd6d08f4d878dc61456c40fd
        Validity
            Not Before: May 21 05:59:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=55a5fe6e7c8ab32c066899553d20c3289ab3e56f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:cf:9b:7e:27:55:f3:04:91:b1:51:a6:4d:e3:
                    f8:1d:43:77:88:69:7f:32:99:f5:9c:3c:de:0c:5c:
                    06:76:ba:b4:8b:fe:28:b3:a1:65:0c:89:6a:cd:07:
                    3f:ae:6a:84:42:ce:68:4f:41:b0:35:35:ef:01:d9:
                    7a:e6:86:ba:d7:9d:35:ed:42:c6:ee:1d:84:c0:c7:
                    53:f0:4f:ca:c2:44:35:f1:c6:95:3e:38:73:9f:d2:
                    cf:48:3e:5b:4c:9a:3a:c5:d6:f9:9d:50:f4:5c:8f:
                    8b:00:06:1c:d9:b5:01:8c:79:ac:4b:4d:ff:dc:5c:
                    48:90:79:e7:0f:2e:c1:f1:e6:b8:30:53:3f:b9:a7:
                    2b:b2:44:d0:01:a8:1f:a0:d1:34:da:43:7d:b9:77:
                    4d:4b:9f:61:ae:13:fb:46:cc:3c:5b:ec:d7:39:17:
                    d4:1c:80:05:8c:5c:fa:db:7d:66:b6:37:65:e9:d2:
                    6f:9e:27:8e:7c:20:9b:cc:1e:fc:0f:6c:d1:6f:09:
                    d7:66:3c:da:88:27:57:37:c0:50:20:b5:a2:ef:50:
                    f4:14:36:55:43:68:1a:b1:88:a1:ad:bc:b7:27:fb:
                    91:00:75:26:6d:30:00:97:3a:3f:f3:c7:87:4c:5d:
                    a3:2f:66:4f:8d:96:33:00:90:46:c4:29:23:81:4f:
                    b8:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                55:A5:FE:6E:7C:8A:B3:2C:06:68:99:55:3D:20:C3:28:9A:B3:E5:6F
            X509v3 Authority Key Identifier:
                keyid:D8:28:4F:18:CD:44:60:4B:DD:6D:08:F4:D8:78:DC:61:45:6C:40:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2ChPGM1EYEvdbQj02HjcYUVsQP0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/VaX-bnyKsywGaJlVPSDDKJqz5W8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/2652cd-7ecf-49e8-a4f8-c7869128582c/1/2ChPGM1EYEvdbQj02HjcYUVsQP0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.252.2.0/24
                  46.252.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cd:20:de:b2:41:0f:16:e1:77:c2:d6:e1:77:5a:f3:91:2b:d8:
         33:91:c0:db:f2:91:46:9c:a6:33:10:bf:e5:b9:eb:1f:42:ef:
         f2:44:da:5d:72:0d:01:b7:24:19:c1:8c:07:5d:39:0a:c2:7d:
         98:7f:d7:4e:c9:36:1d:fc:61:d6:5e:d3:d9:bd:da:c9:86:ea:
         fc:e5:aa:a7:4b:14:da:76:4a:e0:92:5b:82:0f:8d:b3:af:2a:
         6f:7a:39:50:ee:55:b7:b8:af:b7:26:cc:01:e6:25:b8:46:d3:
         fa:88:7f:e2:04:43:bb:5c:78:2d:34:5f:ea:56:01:3f:73:63:
         42:23:67:02:ca:e3:48:46:05:b1:20:05:60:b1:3b:99:f9:f2:
         65:e7:6d:d2:49:40:51:ed:c8:09:f8:be:7b:1e:0c:74:32:c7:
         fa:0e:27:b0:01:a6:cf:d9:2c:e3:6f:4d:a6:72:fc:50:b8:7c:
         b2:9b:17:fa:db:76:90:ab:38:e3:af:46:76:aa:ad:03:5d:4c:
         ff:3a:2c:f7:3a:8a:02:00:f4:b5:ae:38:0b:40:80:52:e3:67:
         99:88:67:fa:be:db:8f:ad:0f:42:9d:c0:39:6a:30:7f:8e:71:
         8b:61:b0:c9:ec:c0:99:a2:9d:dd:c0:72:c0:d4:c0:90:b5:3d:
         15:89:4b:bf
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+Zu17FNEV3G3CR6VTVykijMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4Mjg0ZjE4Y2Q0NDYwNGJkZDZkMDhmNGQ4NzhkYzYxNDU2
YzQwZmQwHhcNMjQwNTIxMDU1OTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NWE1ZmU2ZTdjOGFiMzJjMDY2ODk5NTUzZDIwYzMyODlhYjNlNTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8+bfidV8wSRsVGmTeP4HUN3iGl/
Mpn1nDzeDFwGdrq0i/4os6FlDIlqzQc/rmqEQs5oT0GwNTXvAdl65oa615017ULG
7h2EwMdT8E/KwkQ18caVPjhzn9LPSD5bTJo6xdb5nVD0XI+LAAYc2bUBjHmsS03/
3FxIkHnnDy7B8ea4MFM/uacrskTQAagfoNE02kN9uXdNS59hrhP7Rsw8W+zXORfU
HIAFjFz6231mtjdl6dJvnieOfCCbzB78D2zRbwnXZjzaiCdXN8BQILWi71D0FDZV
Q2gasYihrby3J/uRAHUmbTAAlzo/88eHTF2jL2ZPjZYzAJBGxCkjgU+47wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFWl/m58irMsBmiZVT0gwyias+VvMB8GA1UdIwQY
MBaAFNgoTxjNRGBL3W0I9Nh43GFFbED9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkNoUEdNMUVZRXZkYlFqMDJIamNZVVZzUVAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8yNjUyY2QtN2VjZi00OWU4LWE0Zjgt
Yzc4NjkxMjg1ODJjLzEvVmFYLWJueUtzeXdHYUpsVlBTRERLSnF6NVc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8yNjUyY2QtN2VjZi00OWU4LWE0ZjgtYzc4NjkxMjg1ODJj
LzEvMkNoUEdNMUVZRXZkYlFqMDJIamNZVVZzUVAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALvwCAwQA
LvwLMA0GCSqGSIb3DQEBCwUAA4IBAQDNIN6yQQ8W4XfC1uF3WvORK9gzkcDb8pFG
nKYzEL/luesfQu/yRNpdcg0BtyQZwYwHXTkKwn2Yf9dOyTYd/GHWXtPZvdrJhur8
5aqnSxTadkrgkluCD42zrypvejlQ7lW3uK+3JswB5iW4RtP6iH/iBEO7XHgtNF/q
VgE/c2NCI2cCyuNIRgWxIAVgsTuZ+fJl523SSUBR7cgJ+L57Hgx0Msf6DiewAabP
2Szjb02mcvxQuHyymxf623aQqzjjr0Z2qq0DXUz/Oiz3OooCAPS1rjgLQIBS42eZ
iGf6vtuPrQ9CncA5ajB/jnGLYbDJ7MCZop3dwHLA1MCQtT0ViUu/
-----END CERTIFICATE-----