Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/YkoxKZAxg8DIs6b3n8zyR1v6re4.roa
File:                     YkoxKZAxg8DIs6b3n8zyR1v6re4.roa (raw, json)
Hash identifier:          SN52h5jU1TLHxmvp1a1+KlLgFtashDCSwGSAIH6rUFE=
Subject key identifier:   62:4A:31:29:90:31:83:C0:C8:B3:A6:F7:9F:CC:F2:47:5B:FA:AD:EE
Certificate issuer:       /CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
Certificate serial:       0192F91DF0490DCFC86C688D8C90314F8F99
Authority key identifier: 8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/YkoxKZAxg8DIs6b3n8zyR1v6re4.roa
Signing time:             Mon 04 Nov 2024 21:39:01 +0000
ROA not before:           Mon 04 Nov 2024 21:39:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200195
IP address blocks:        46.151.181.0/24 maxlen: 24
                          46.151.182.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:f9:1d:f0:49:0d:cf:c8:6c:68:8d:8c:90:31:4f:8f:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8eb441dadbbecb6965d4ea1f046cc5c8e28817fc
        Validity
            Not Before: Nov  4 21:39:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=624a3129903183c0c8b3a6f79fccf2475bfaadee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:c0:dd:29:1e:45:07:bc:2f:a9:7a:da:cf:b3:
                    0b:d2:c3:84:43:ca:1d:c1:c9:bd:74:70:00:38:46:
                    22:88:bc:cb:5e:2d:56:f8:b0:82:7e:1f:45:e1:6e:
                    b2:57:21:6c:62:4a:22:28:6a:94:16:21:9d:c2:5a:
                    e5:fe:0b:ad:76:46:3e:fc:bc:79:49:7f:fd:ed:40:
                    71:1b:ad:c0:b6:a2:3f:d0:bc:c0:44:56:3c:00:98:
                    49:3d:da:e0:ee:7c:1d:a0:9d:be:ab:85:a1:01:28:
                    20:06:4f:82:d9:89:b9:d8:a9:2b:86:5d:d4:c5:f5:
                    b8:49:5f:b2:db:31:8f:17:7e:9c:c0:3d:b0:b9:ce:
                    d3:1c:fb:6f:b2:d5:7f:48:b2:11:c0:ec:17:55:a2:
                    b1:22:8a:c3:15:ff:a3:dc:b2:6c:bd:16:d0:e5:0c:
                    95:c6:80:9c:ad:ba:72:65:f9:5a:af:c9:a6:ec:a3:
                    c1:d9:b1:e4:e5:45:16:c3:dd:63:23:97:c0:ed:b7:
                    9a:fb:da:03:60:b0:80:14:6b:c0:9a:81:34:0b:e5:
                    51:92:b3:dc:59:4a:f7:3f:00:d6:2a:fc:e0:a0:20:
                    24:d1:8c:2e:5f:81:54:9a:7a:ed:d6:0a:fe:4e:8c:
                    b3:70:55:30:44:c0:cb:d4:c7:4c:d5:aa:0a:13:a7:
                    56:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:4A:31:29:90:31:83:C0:C8:B3:A6:F7:9F:CC:F2:47:5B:FA:AD:EE
            X509v3 Authority Key Identifier:
                keyid:8E:B4:41:DA:DB:BE:CB:69:65:D4:EA:1F:04:6C:C5:C8:E2:88:17:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jrRB2tu-y2ll1OofBGzFyOKIF_w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/YkoxKZAxg8DIs6b3n8zyR1v6re4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/978d0f-9297-4c71-9cfb-46b949092cbe/1/jrRB2tu-y2ll1OofBGzFyOKIF_w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.151.181.0-46.151.182.255

    Signature Algorithm: sha256WithRSAEncryption
         36:43:71:a2:7c:00:e5:7e:42:d6:f5:bd:35:a1:0a:24:64:df:
         cc:d9:fc:6c:b5:28:ed:3d:18:a2:4f:72:1c:c3:ef:b7:c0:10:
         42:51:16:4d:fe:7e:22:5f:39:0e:e8:43:f2:73:34:3b:12:8c:
         b7:37:9a:ae:a6:f1:c7:06:7d:e1:f0:d1:fe:33:c0:31:a1:7b:
         7c:e9:2b:c1:e1:ad:44:a1:db:12:36:8d:5a:07:37:0b:d7:89:
         05:e9:e3:dc:90:95:f9:35:66:bc:9f:bc:7f:99:8f:e6:63:29:
         b6:c9:4c:c5:69:63:3f:2b:fb:27:0a:b5:50:0e:63:74:2c:e5:
         cb:69:7f:fe:18:2d:ea:6d:5d:d9:a6:a3:60:4d:55:8f:31:00:
         1e:91:34:df:a6:05:fa:29:4f:38:90:39:c4:26:9a:81:48:fb:
         1d:82:9b:20:6c:13:73:8d:d9:ea:d4:7a:c9:95:14:e3:c6:bc:
         86:53:9c:1f:81:8d:57:17:2b:eb:09:a8:88:d2:d4:7a:41:7a:
         1f:8c:7d:7a:0d:13:d6:db:d3:79:f5:1f:c3:a5:c6:75:4c:22:
         2b:e8:27:82:26:7b:98:5e:5e:31:1a:af:b2:2f:18:06:ae:8d:
         27:4c:0c:2b:37:33:b4:50:79:9d:05:d3:5f:b8:0a:e0:2c:c1:
         ac:c5:4d:75
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZL5HfBJDc/IbGiNjJAxT4+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlYjQ0MWRhZGJiZWNiNjk2NWQ0ZWExZjA0NmNjNWM4ZTI4
ODE3ZmMwHhcNMjQxMTA0MjEzOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjRhMzEyOTkwMzE4M2MwYzhiM2E2Zjc5ZmNjZjI0NzViZmFhZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvcDdKR5FB7wvqXraz7ML0sOEQ8od
wcm9dHAAOEYiiLzLXi1W+LCCfh9F4W6yVyFsYkoiKGqUFiGdwlrl/gutdkY+/Lx5
SX/97UBxG63AtqI/0LzARFY8AJhJPdrg7nwdoJ2+q4WhASggBk+C2Ym52Kkrhl3U
xfW4SV+y2zGPF36cwD2wuc7THPtvstV/SLIRwOwXVaKxIorDFf+j3LJsvRbQ5QyV
xoCcrbpyZflar8mm7KPB2bHk5UUWw91jI5fA7bea+9oDYLCAFGvAmoE0C+VRkrPc
WUr3PwDWKvzgoCAk0YwuX4FUmnrt1gr+ToyzcFUwRMDL1MdM1aoKE6dWiwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGJKMSmQMYPAyLOm95/M8kdb+q3uMB8GA1UdIwQY
MBaAFI60QdrbvstpZdTqHwRsxcjiiBf8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmIt
NDZiOTQ5MDkyY2JlLzEvWWtveEtaQXhnOERJczZiM244enlSMXY2cmU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS85NzhkMGYtOTI5Ny00YzcxLTljZmItNDZiOTQ5MDkyY2Jl
LzEvanJSQjJ0dS15MmxsMU9vZkJHekZ5T0tJRl93LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAul7UD
BAAul7YwDQYJKoZIhvcNAQELBQADggEBADZDcaJ8AOV+Qtb1vTWhCiRk38zZ/Gy1
KO09GKJPchzD77fAEEJRFk3+fiJfOQ7oQ/JzNDsSjLc3mq6m8ccGfeHw0f4zwDGh
e3zpK8HhrUSh2xI2jVoHNwvXiQXp49yQlfk1ZryfvH+Zj+ZjKbbJTMVpYz8r+ycK
tVAOY3Qs5ctpf/4YLeptXdmmo2BNVY8xAB6RNN+mBfopTziQOcQmmoFI+x2CmyBs
E3ON2erUesmVFOPGvIZTnB+BjVcXK+sJqIjS1HpBeh+MfXoNE9bb03n1H8OlxnVM
IivoJ4Ime5heXjEar7IvGAaujSdMDCs3M7RQeZ0F01+4CuAswazFTXU=
-----END CERTIFICATE-----