Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/bloNylIHC4VE2h97lnNT2pCUoxc.roa
File:                     bloNylIHC4VE2h97lnNT2pCUoxc.roa (raw, json)
Hash identifier:          OndsONs9A2J7CeRcbrn03HzcOYYDgkJ2LqgTCmGLlUc=
Subject key identifier:   6E:5A:0D:CA:52:07:0B:85:44:DA:1F:7B:96:73:53:DA:90:94:A3:17
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       01918E1713E63ED06A950FBEE441AD9E13D9
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/bloNylIHC4VE2h97lnNT2pCUoxc.roa
Signing time:             Mon 26 Aug 2024 09:49:22 +0000
ROA not before:           Mon 26 Aug 2024 09:49:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201426
IP address blocks:        46.31.68.0/24 maxlen: 24
                          195.184.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8e:17:13:e6:3e:d0:6a:95:0f:be:e4:41:ad:9e:13:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Aug 26 09:49:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6e5a0dca52070b8544da1f7b967353da9094a317
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:0a:ba:ec:82:f0:a3:b8:83:ee:8e:21:73:97:
                    39:53:79:70:a3:8e:90:56:82:62:6f:51:4a:d8:91:
                    18:28:2c:d1:b5:d0:2f:ff:d1:30:43:52:a2:37:f7:
                    26:e7:be:c9:13:15:81:1f:7e:f9:11:51:f4:f0:21:
                    80:43:20:6c:a7:82:03:60:54:f1:20:9f:88:d8:41:
                    0e:8e:4f:b6:ed:01:b0:c7:3b:d4:84:4e:f7:61:95:
                    49:b9:9e:de:f2:17:e4:f1:b2:f0:c1:32:31:13:c8:
                    92:26:97:6f:d7:e7:63:c7:07:8a:ac:41:d9:77:17:
                    2a:0f:0a:ad:63:04:a8:20:a6:29:02:c5:59:19:34:
                    59:28:1c:f5:13:c3:aa:6e:d1:02:43:72:1c:8d:b8:
                    ee:2f:3c:de:1f:de:90:1e:d0:42:3c:f7:c3:36:e2:
                    a8:c9:ef:0f:a4:f4:d2:8e:d2:ec:51:b3:b7:55:94:
                    36:9c:c2:ac:f2:81:8b:fb:d8:97:d9:8e:89:b6:b7:
                    63:5c:b3:37:56:6c:0f:b1:0a:f0:b1:54:3b:a7:0c:
                    bd:29:c4:f8:4f:9c:0f:ff:77:67:8e:84:2f:99:a9:
                    fd:73:84:37:b6:5f:08:27:5d:3f:19:4f:9a:f3:55:
                    13:f4:bb:ab:08:c6:af:44:d1:72:6f:30:e5:68:f6:
                    2b:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:5A:0D:CA:52:07:0B:85:44:DA:1F:7B:96:73:53:DA:90:94:A3:17
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/bloNylIHC4VE2h97lnNT2pCUoxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.31.68.0/24
                  195.184.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:68:88:50:92:38:29:9a:74:69:07:68:4a:56:06:f9:2f:bf:
         3e:2d:10:07:f4:f5:ea:64:7a:ae:c8:a0:c1:d4:08:37:2a:d1:
         32:8e:d4:27:bd:c4:95:57:fb:b1:c0:e3:66:36:83:8d:59:0b:
         f0:47:8e:ab:52:00:40:60:fb:40:ef:4f:55:09:6f:23:91:5f:
         6a:c6:0c:94:c8:a4:53:48:a3:13:96:dc:be:0a:3a:8c:c0:58:
         9b:ea:20:5f:fe:8c:22:b0:b0:0c:77:f9:49:51:63:0e:1d:97:
         eb:e7:57:c0:c0:20:af:41:e6:f1:69:b8:83:53:09:e9:30:38:
         1a:38:28:b4:6f:d9:e4:1c:17:73:d3:1b:a8:b2:db:98:17:eb:
         dc:d3:dd:60:0a:c9:7b:dc:04:66:e1:2e:94:d6:8a:d8:4c:61:
         17:12:52:fe:ed:be:24:53:ac:45:50:ff:cb:d0:aa:84:f6:e5:
         ea:ec:f9:fa:bc:a6:90:c6:6b:73:a3:5b:84:a7:3c:57:f6:35:
         5c:4b:8d:88:1e:4e:85:66:db:0c:d7:4e:82:40:3e:c0:ae:5b:
         ef:96:bd:c8:68:f1:de:c6:75:2d:52:30:78:42:74:ab:99:f9:
         cf:bb:dc:bf:5a:0a:c2:d0:cf:53:e4:8d:fd:1f:75:5f:20:42:
         a9:11:0d:54
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZGOFxPmPtBqlQ++5EGtnhPZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwODI2MDk0OTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTVhMGRjYTUyMDcwYjg1NDRkYTFmN2I5NjczNTNkYTkwOTRhMzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQq67ILwo7iD7o4hc5c5U3lwo46Q
VoJib1FK2JEYKCzRtdAv/9EwQ1KiN/cm577JExWBH375EVH08CGAQyBsp4IDYFTx
IJ+I2EEOjk+27QGwxzvUhE73YZVJuZ7e8hfk8bLwwTIxE8iSJpdv1+djxweKrEHZ
dxcqDwqtYwSoIKYpAsVZGTRZKBz1E8OqbtECQ3IcjbjuLzzeH96QHtBCPPfDNuKo
ye8PpPTSjtLsUbO3VZQ2nMKs8oGL+9iX2Y6JtrdjXLM3VmwPsQrwsVQ7pwy9KcT4
T5wP/3dnjoQvman9c4Q3tl8IJ10/GU+a81UT9LurCMavRNFybzDlaPYr/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG5aDcpSBwuFRNofe5ZzU9qQlKMXMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvYmxvTnlsSUhDNFZFMmg5N2xuTlQycENVb3hjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALh9EAwQA
w7hJMA0GCSqGSIb3DQEBCwUAA4IBAQBPaIhQkjgpmnRpB2hKVgb5L78+LRAH9PXq
ZHquyKDB1Ag3KtEyjtQnvcSVV/uxwONmNoONWQvwR46rUgBAYPtA709VCW8jkV9q
xgyUyKRTSKMTlty+CjqMwFib6iBf/owisLAMd/lJUWMOHZfr51fAwCCvQebxabiD
UwnpMDgaOCi0b9nkHBdz0xuostuYF+vc091gCsl73ARm4S6U1orYTGEXElL+7b4k
U6xFUP/L0KqE9uXq7Pn6vKaQxmtzo1uEpzxX9jVcS42IHk6FZtsM106CQD7Arlvv
lr3IaPHexnUtUjB4QnSrmfnPu9y/WgrC0M9T5I39H3VfIEKpEQ1U
-----END CERTIFICATE-----