Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/b1mjXNUy_kbilXeI6bW9MLF_rQw.roa
File:                     b1mjXNUy_kbilXeI6bW9MLF_rQw.roa (raw, json)
Hash identifier:          yQUul9KH/Fdpw+pT7gzj+SM0iyDJH7zHdeaQQ+b3/9w=
Subject key identifier:   6F:59:A3:5C:D5:32:FE:46:E2:95:77:88:E9:B5:BD:30:B1:7F:AD:0C
Certificate issuer:       /CN=1e514098a5a9736cda4303e0495e94652390aa91
Certificate serial:       019156644E01D528BEA81490ABD70051E9BC
Authority key identifier: 1E:51:40:98:A5:A9:73:6C:DA:43:03:E0:49:5E:94:65:23:90:AA:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/b1mjXNUy_kbilXeI6bW9MLF_rQw.roa
Signing time:             Thu 15 Aug 2024 14:14:59 +0000
ROA not before:           Thu 15 Aug 2024 14:14:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        46.232.210.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:56:64:4e:01:d5:28:be:a8:14:90:ab:d7:00:51:e9:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e514098a5a9736cda4303e0495e94652390aa91
        Validity
            Not Before: Aug 15 14:14:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f59a35cd532fe46e2957788e9b5bd30b17fad0c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:df:dc:f8:f5:b7:16:89:2d:e9:ba:1e:ad:83:
                    54:80:46:97:59:7b:73:a7:0e:91:62:c8:6a:ea:54:
                    58:f0:44:28:c3:0c:18:a6:ba:15:ce:6d:1b:7e:f5:
                    cf:f4:88:35:a5:8e:74:e8:dd:97:b4:b1:07:cb:d2:
                    03:0e:49:b7:25:9f:19:f2:5b:98:10:be:ce:7c:2e:
                    2f:32:02:23:90:69:01:6f:0d:0f:45:3d:dc:bb:a4:
                    2c:36:d4:61:eb:eb:df:04:46:04:59:ed:a4:a0:85:
                    2a:e5:56:38:35:99:13:ae:a8:ec:e4:1f:f7:fe:d2:
                    d6:f6:a9:de:f0:a6:11:ac:c2:69:5d:f1:f7:1b:c7:
                    e8:b5:4d:14:46:0f:a8:eb:1a:7a:bf:65:7d:98:a6:
                    5f:1a:6f:fe:90:aa:a4:02:02:1b:ad:c2:a6:fd:0d:
                    af:f6:de:0e:08:89:58:a0:ec:ff:8a:f6:3d:30:f2:
                    d5:c6:50:18:d3:eb:0f:c8:57:4e:67:1f:56:32:e6:
                    eb:04:a2:3e:cb:81:4d:3c:ef:61:99:1c:29:ec:bb:
                    0b:a9:40:52:4e:94:99:3f:1a:b4:ef:40:8a:ab:c2:
                    28:9b:73:8b:1c:5b:b6:42:ee:01:b5:f6:ea:48:b8:
                    85:97:dc:50:94:21:8e:d3:79:99:00:24:02:d9:f1:
                    f8:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:59:A3:5C:D5:32:FE:46:E2:95:77:88:E9:B5:BD:30:B1:7F:AD:0C
            X509v3 Authority Key Identifier:
                keyid:1E:51:40:98:A5:A9:73:6C:DA:43:03:E0:49:5E:94:65:23:90:AA:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlFAmKWpc2zaQwPgSV6UZSOQqpE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/b1mjXNUy_kbilXeI6bW9MLF_rQw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d3/35dfcb-d92d-48fe-9dad-854381686c7b/1/HlFAmKWpc2zaQwPgSV6UZSOQqpE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.232.210.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:52:8c:c7:0f:e5:78:30:9d:2c:1e:ce:bf:e8:57:ec:15:37:
         35:16:4f:ec:c6:dc:a0:17:7c:76:83:e3:3c:09:59:dc:48:43:
         eb:0c:8b:f2:9b:19:fa:f7:d9:43:a3:ed:51:45:3e:3a:ac:6f:
         9b:9e:52:2e:c5:f7:45:3d:30:fc:4b:95:55:d5:fd:3a:95:e1:
         5f:57:82:97:0d:12:fc:ad:6e:38:72:42:e2:f1:5a:70:a3:2e:
         19:f5:11:e5:9b:23:ae:8f:9b:7b:66:f7:38:9a:f0:8b:4a:72:
         26:21:2b:94:f6:d3:6e:fa:fa:6e:76:4a:1f:cf:a7:ef:38:ab:
         94:6d:28:f7:2d:1e:54:3c:31:39:ad:2e:b1:75:c1:1e:1d:28:
         c1:8b:af:73:1e:99:c4:e3:2d:00:d2:8e:46:28:4e:99:db:8c:
         f3:4d:a0:32:69:38:7e:14:83:91:ef:88:dd:43:90:04:8a:65:
         42:c2:60:ad:8f:2b:8c:da:47:1a:90:11:05:33:25:15:8f:e4:
         c1:82:b5:9d:b0:90:ff:e6:27:a8:6b:56:71:b5:8b:51:a1:57:
         a0:03:9f:ff:09:52:02:39:62:75:ea:0e:6f:f2:4c:8d:53:65:
         ad:a7:b8:13:15:cd:57:55:55:63:d3:d9:bd:53:b2:2b:a0:fa:
         22:c5:97:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZFWZE4B1Si+qBSQq9cAUem8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNTE0MDk4YTVhOTczNmNkYTQzMDNlMDQ5NWU5NDY1MjM5
MGFhOTEwHhcNMjQwODE1MTQxNDU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjU5YTM1Y2Q1MzJmZTQ2ZTI5NTc3ODhlOWI1YmQzMGIxN2ZhZDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwt/c+PW3Fokt6boerYNUgEaXWXtz
pw6RYshq6lRY8EQowwwYproVzm0bfvXP9Ig1pY506N2XtLEHy9IDDkm3JZ8Z8luY
EL7OfC4vMgIjkGkBbw0PRT3cu6QsNtRh6+vfBEYEWe2koIUq5VY4NZkTrqjs5B/3
/tLW9qne8KYRrMJpXfH3G8fotU0URg+o6xp6v2V9mKZfGm/+kKqkAgIbrcKm/Q2v
9t4OCIlYoOz/ivY9MPLVxlAY0+sPyFdOZx9WMubrBKI+y4FNPO9hmRwp7LsLqUBS
TpSZPxq070CKq8Iom3OLHFu2Qu4BtfbqSLiFl9xQlCGO03mZACQC2fH4WwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG9Zo1zVMv5G4pV3iOm1vTCxf60MMB8GA1UdIwQY
MBaAFB5RQJilqXNs2kMD4ElelGUjkKqRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxGQW1LV3BjMnphUXdQZ1NWNlVaU09RcXBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMy8zNWRmY2ItZDkyZC00OGZlLTlkYWQt
ODU0MzgxNjg2YzdiLzEvYjFtalhOVXlfa2JpbFhlSTZiVzlNTEZfclF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMy8zNWRmY2ItZDkyZC00OGZlLTlkYWQtODU0MzgxNjg2Yzdi
LzEvSGxGQW1LV3BjMnphUXdQZ1NWNlVaU09RcXBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLujSMA0G
CSqGSIb3DQEBCwUAA4IBAQBnUozHD+V4MJ0sHs6/6FfsFTc1Fk/sxtygF3x2g+M8
CVncSEPrDIvymxn699lDo+1RRT46rG+bnlIuxfdFPTD8S5VV1f06leFfV4KXDRL8
rW44ckLi8Vpwoy4Z9RHlmyOuj5t7Zvc4mvCLSnImISuU9tNu+vpudkofz6fvOKuU
bSj3LR5UPDE5rS6xdcEeHSjBi69zHpnE4y0A0o5GKE6Z24zzTaAyaTh+FIOR74jd
Q5AEimVCwmCtjyuM2kcakBEFMyUVj+TBgrWdsJD/5ieoa1ZxtYtRoVegA5//CVIC
OWJ16g5v8kyNU2Wtp7gTFc1XVVVj09m9U7IroPoixZcT
-----END CERTIFICATE-----