Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/VvfuXcpNt4bArJU6AbkiKy3N1Jc.roa
File:                     VvfuXcpNt4bArJU6AbkiKy3N1Jc.roa (raw, json)
Hash identifier:          OreoKoDR2y3XnZyGcJnpXrZ1kxD4q79L3fE63mPccAU=
Subject key identifier:   56:F7:EE:5D:CA:4D:B7:86:C0:AC:95:3A:01:B9:22:2B:2D:CD:D4:97
Certificate issuer:       /CN=52a5c90ca928313bc70d2683bb0f64d632b273a1
Certificate serial:       018CC8DFB23CB97D67643AC619D34E380FBC
Authority key identifier: 52:A5:C9:0C:A9:28:31:3B:C7:0D:26:83:BB:0F:64:D6:32:B2:73:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/VvfuXcpNt4bArJU6AbkiKy3N1Jc.roa
Signing time:             Tue 02 Jan 2024 06:32:32 +0000
ROA not before:           Tue 02 Jan 2024 06:32:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64396
IP address blocks:        46.229.8.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:b2:3c:b9:7d:67:64:3a:c6:19:d3:4e:38:0f:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=52a5c90ca928313bc70d2683bb0f64d632b273a1
        Validity
            Not Before: Jan  2 06:32:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=56f7ee5dca4db786c0ac953a01b9222b2dcdd497
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:ef:e0:79:7c:32:33:77:fb:67:c3:c6:0a:bc:
                    cc:ab:26:ef:ed:10:68:bc:39:2e:d5:17:91:16:de:
                    7f:3e:26:1c:96:4d:d3:7c:6a:67:52:ca:7a:c3:4c:
                    94:b6:0e:80:bf:4d:97:7e:f8:60:d3:68:28:f8:65:
                    f4:a5:f9:98:13:46:ab:c7:5c:31:7c:6d:16:64:e0:
                    24:6f:67:78:6b:71:a7:78:85:8b:d3:31:93:b6:82:
                    c7:13:8e:f0:e3:9e:76:63:cd:31:0a:b7:09:c1:3b:
                    01:9e:10:54:eb:50:2d:d9:99:a0:ce:88:02:94:a4:
                    c1:de:8b:0b:dd:a9:4b:c0:95:3d:f6:c9:ad:86:9e:
                    1b:38:23:c7:ee:ef:55:8f:ea:a8:a2:ed:44:e1:05:
                    58:cf:49:b6:81:ce:19:5f:c8:d9:be:84:6c:15:4d:
                    44:d1:b7:f9:61:9b:64:d5:3f:a9:55:29:d8:2c:ac:
                    68:27:9e:80:c3:3a:c0:31:70:4e:71:a7:fc:8f:cf:
                    23:a8:99:a9:0b:24:b6:22:b6:68:c3:a0:db:81:4b:
                    27:26:7d:b5:44:03:74:5f:0c:fe:16:83:76:01:7b:
                    c2:fd:b9:5b:d0:3e:b5:5e:24:0a:d8:25:ca:7c:d7:
                    6f:26:69:e8:88:56:ed:d4:10:e2:90:b2:ab:6b:69:
                    a5:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:F7:EE:5D:CA:4D:B7:86:C0:AC:95:3A:01:B9:22:2B:2D:CD:D4:97
            X509v3 Authority Key Identifier:
                keyid:52:A5:C9:0C:A9:28:31:3B:C7:0D:26:83:BB:0F:64:D6:32:B2:73:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UqXJDKkoMTvHDSaDuw9k1jKyc6E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/VvfuXcpNt4bArJU6AbkiKy3N1Jc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/c4b7a0-1e50-403c-b24e-13ed633f922a/1/UqXJDKkoMTvHDSaDuw9k1jKyc6E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.229.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5e:ea:25:ef:61:00:a2:ce:2e:21:65:21:d5:34:7f:c6:72:ef:
         7e:8f:8e:1f:91:74:8d:76:46:72:24:bc:30:38:08:ec:ee:16:
         36:3d:96:ec:c9:be:49:5d:e2:ac:e6:32:2e:7e:b8:27:1a:fd:
         a3:38:42:0d:c8:92:fc:03:dc:38:e1:fe:bb:90:c5:ef:43:5b:
         fd:21:88:ce:1e:37:48:a2:04:e3:e3:7a:b8:18:8a:e4:f5:cc:
         c7:8c:71:86:24:49:1c:d1:33:12:de:84:71:6d:50:02:ff:34:
         cc:82:9b:f1:9b:7d:49:20:f3:f4:19:0a:08:09:78:5b:cf:7b:
         e2:38:8a:e8:9a:d4:7c:b3:32:10:0c:a8:6c:c7:7c:16:14:04:
         b7:09:0e:cd:40:4e:42:27:80:0b:fa:78:b4:fb:44:bd:1e:99:
         bb:96:a7:87:a2:fb:ea:ae:44:52:3c:50:7a:50:49:1f:79:8f:
         f0:18:54:36:a2:fa:cd:fa:9f:39:e2:01:f8:e2:d2:d1:11:ce:
         40:ed:c4:13:5c:24:ed:84:93:f8:49:b4:d5:b5:28:c2:cc:7b:
         52:ee:c1:c7:a3:bb:30:ab:a0:ac:a8:34:d0:81:5f:99:a4:3f:
         0e:9f:cd:f3:d1:32:c2:f4:b3:0d:be:4a:0a:84:90:ab:04:72:
         80:8e:c9:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI37I8uX1nZDrGGdNOOA+8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyYTVjOTBjYTkyODMxM2JjNzBkMjY4M2JiMGY2NGQ2MzJi
MjczYTEwHhcNMjQwMTAyMDYzMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NmY3ZWU1ZGNhNGRiNzg2YzBhYzk1M2EwMWI5MjIyYjJkY2RkNDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+/geXwyM3f7Z8PGCrzMqybv7RBo
vDku1ReRFt5/PiYclk3TfGpnUsp6w0yUtg6Av02Xfvhg02go+GX0pfmYE0arx1wx
fG0WZOAkb2d4a3GneIWL0zGTtoLHE47w4552Y80xCrcJwTsBnhBU61At2ZmgzogC
lKTB3osL3alLwJU99smthp4bOCPH7u9Vj+qoou1E4QVYz0m2gc4ZX8jZvoRsFU1E
0bf5YZtk1T+pVSnYLKxoJ56AwzrAMXBOcaf8j88jqJmpCyS2IrZow6DbgUsnJn21
RAN0Xwz+FoN2AXvC/blb0D61XiQK2CXKfNdvJmnoiFbt1BDikLKra2mlsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFb37l3KTbeGwKyVOgG5IistzdSXMB8GA1UdIwQY
MBaAFFKlyQypKDE7xw0mg7sPZNYysnOhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXFYSkRLa29NVHZIRFNhRHV3OWsxakt5YzZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9jNGI3YTAtMWU1MC00MDNjLWIyNGUt
MTNlZDYzM2Y5MjJhLzEvVnZmdVhjcE50NGJBckpVNkFia2lLeTNOMUpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9jNGI3YTAtMWU1MC00MDNjLWIyNGUtMTNlZDYzM2Y5MjJh
LzEvVXFYSkRLa29NVHZIRFNhRHV3OWsxakt5YzZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLuUIMA0G
CSqGSIb3DQEBCwUAA4IBAQBe6iXvYQCizi4hZSHVNH/Gcu9+j44fkXSNdkZyJLww
OAjs7hY2PZbsyb5JXeKs5jIufrgnGv2jOEINyJL8A9w44f67kMXvQ1v9IYjOHjdI
ogTj43q4GIrk9czHjHGGJEkc0TMS3oRxbVAC/zTMgpvxm31JIPP0GQoICXhbz3vi
OIromtR8szIQDKhsx3wWFAS3CQ7NQE5CJ4AL+ni0+0S9Hpm7lqeHovvqrkRSPFB6
UEkfeY/wGFQ2ovrN+p854gH44tLREc5A7cQTXCTthJP4SbTVtSjCzHtS7sHHo7sw
q6CsqDTQgV+ZpD8On83z0TLC9LMNvkoKhJCrBHKAjsnR
-----END CERTIFICATE-----