Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/0b55ab-acc8-41da-9c80-e8f20aadde99/1/oyehTC9fC3RxVNTxQ-3Nace4xCo.roa
File:                     oyehTC9fC3RxVNTxQ-3Nace4xCo.roa (raw, json)
Hash identifier:          6amsBM8Jkzid3Hbf3NCrvWV5lgaxarQNmZ7omOl4H1Y=
Subject key identifier:   A3:27:A1:4C:2F:5F:0B:74:71:54:D4:F1:43:ED:CD:69:C7:B8:C4:2A
Certificate issuer:       /CN=dd158a0da03266df144c89a7b6e35a761c4998f7
Certificate serial:       01966C24C20EAAD0CDBE4DA82A62B6BD7F86
Authority key identifier: DD:15:8A:0D:A0:32:66:DF:14:4C:89:A7:B6:E3:5A:76:1C:49:98:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3RWKDaAyZt8UTImntuNadhxJmPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/0b55ab-acc8-41da-9c80-e8f20aadde99/1/oyehTC9fC3RxVNTxQ-3Nace4xCo.roa
Signing time:             Fri 25 Apr 2025 08:51:10 +0000
ROA not before:           Fri 25 Apr 2025 08:51:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20649
IP address blocks:        46.36.200.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/0b55ab-acc8-41da-9c80-e8f20aadde99/1/3RWKDaAyZt8UTImntuNadhxJmPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/0b55ab-acc8-41da-9c80-e8f20aadde99/1/3RWKDaAyZt8UTImntuNadhxJmPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3RWKDaAyZt8UTImntuNadhxJmPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 09:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6c:24:c2:0e:aa:d0:cd:be:4d:a8:2a:62:b6:bd:7f:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd158a0da03266df144c89a7b6e35a761c4998f7
        Validity
            Not Before: Apr 25 08:51:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a327a14c2f5f0b747154d4f143edcd69c7b8c42a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:8d:a6:b2:79:fe:4b:24:5d:7f:b9:35:9c:86:
                    00:27:57:06:a1:61:14:d3:01:95:ac:ad:87:3b:37:
                    fe:cb:db:39:1b:14:40:d0:bc:4c:8a:61:ea:5d:6d:
                    17:bd:0e:a2:57:31:38:a6:cb:ec:c0:7e:d5:14:f0:
                    e5:28:99:ff:82:7f:59:ae:ce:4c:57:c2:d7:a9:c6:
                    aa:06:41:ed:9b:d5:68:63:ab:83:c7:e1:69:79:da:
                    09:0a:43:c3:99:38:a6:e2:8d:f6:0c:f1:98:1d:be:
                    1d:71:6f:7c:78:f5:fb:2e:54:4e:5c:c2:bd:6d:94:
                    78:c8:f3:c4:c5:c4:03:e0:cd:7a:5f:f6:5e:56:34:
                    87:05:94:c9:5f:7e:a6:80:c8:eb:fa:27:2e:40:44:
                    ce:0e:e9:e9:bb:6f:30:36:af:30:60:ee:a9:ce:7c:
                    6b:b3:b4:6d:ab:d6:45:d0:d7:4e:b3:c8:4e:0d:f0:
                    8c:5e:7e:69:fc:8a:fe:72:a8:18:46:26:89:e9:61:
                    c1:80:29:c7:c1:04:5d:b4:a8:52:80:d7:17:af:d1:
                    5a:76:df:2c:38:e8:f4:e9:9e:ba:b7:51:02:5c:f0:
                    ef:bc:5d:49:ed:96:1f:9b:62:52:91:ca:80:b4:c6:
                    bc:28:57:e7:92:e2:05:70:a5:45:de:09:6e:44:9d:
                    b5:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:27:A1:4C:2F:5F:0B:74:71:54:D4:F1:43:ED:CD:69:C7:B8:C4:2A
            X509v3 Authority Key Identifier:
                keyid:DD:15:8A:0D:A0:32:66:DF:14:4C:89:A7:B6:E3:5A:76:1C:49:98:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3RWKDaAyZt8UTImntuNadhxJmPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/0b55ab-acc8-41da-9c80-e8f20aadde99/1/oyehTC9fC3RxVNTxQ-3Nace4xCo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/0b55ab-acc8-41da-9c80-e8f20aadde99/1/3RWKDaAyZt8UTImntuNadhxJmPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:de:69:b7:2b:8b:8c:de:d3:b6:90:95:c3:2c:de:e2:36:a2:
         3c:48:54:2d:95:ba:5a:46:8c:12:32:45:79:d5:77:a9:d4:a9:
         17:81:5a:04:9e:6f:2e:b0:d9:74:71:30:b0:c8:72:5a:ee:de:
         5f:8b:55:9e:39:13:74:ed:5d:23:d1:20:c4:f1:87:83:4a:ce:
         08:67:62:e9:24:a5:94:14:52:ef:22:6d:58:82:1a:ce:14:66:
         92:1a:0d:85:58:7a:77:ac:dd:01:cc:31:04:0c:a9:27:c1:a8:
         7a:6f:4f:27:52:8c:fe:c2:fd:bd:36:2b:15:c4:a5:56:c8:a3:
         a0:5a:9b:43:4f:c3:09:f3:46:50:cc:c3:4d:18:62:e6:e7:d3:
         1c:ef:50:59:55:0f:30:f6:2d:54:f9:ed:16:f0:11:e6:29:00:
         8a:d7:76:4e:46:6b:d9:bf:11:97:c7:1f:eb:e8:32:e6:24:9c:
         eb:d4:2d:b7:59:8c:a2:23:da:84:b6:84:d7:d1:f4:51:3d:1e:
         f9:39:fc:6b:d3:77:4a:99:cb:93:ab:ea:d3:6b:ed:d7:cf:c7:
         22:37:35:9d:81:ef:20:9a:a4:26:5a:33:f0:7b:11:53:bc:b3:
         74:80:62:96:79:5a:11:97:fa:60:a3:7e:3a:c5:31:62:54:5e:
         8c:ec:b6:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZsJMIOqtDNvk2oKmK2vX+GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkMTU4YTBkYTAzMjY2ZGYxNDRjODlhN2I2ZTM1YTc2MWM0
OTk4ZjcwHhcNMjUwNDI1MDg1MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzI3YTE0YzJmNWYwYjc0NzE1NGQ0ZjE0M2VkY2Q2OWM3YjhjNDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo42msnn+SyRdf7k1nIYAJ1cGoWEU
0wGVrK2HOzf+y9s5GxRA0LxMimHqXW0XvQ6iVzE4psvswH7VFPDlKJn/gn9Zrs5M
V8LXqcaqBkHtm9VoY6uDx+FpedoJCkPDmTim4o32DPGYHb4dcW98ePX7LlROXMK9
bZR4yPPExcQD4M16X/ZeVjSHBZTJX36mgMjr+icuQETODunpu28wNq8wYO6pznxr
s7Rtq9ZF0NdOs8hODfCMXn5p/Ir+cqgYRiaJ6WHBgCnHwQRdtKhSgNcXr9Fadt8s
OOj06Z66t1ECXPDvvF1J7ZYfm2JSkcqAtMa8KFfnkuIFcKVF3gluRJ21rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKMnoUwvXwt0cVTU8UPtzWnHuMQqMB8GA1UdIwQY
MBaAFN0Vig2gMmbfFEyJp7bjWnYcSZj3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1JXS0RhQXladDhVVEltbnR1TmFkaHhKbVBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS8wYjU1YWItYWNjOC00MWRhLTljODAt
ZThmMjBhYWRkZTk5LzEvb3llaFRDOWZDM1J4Vk5UeFEtM05hY2U0eENvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS8wYjU1YWItYWNjOC00MWRhLTljODAtZThmMjBhYWRkZTk5
LzEvM1JXS0RhQXladDhVVEltbnR1TmFkaHhKbVBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiTIMA0G
CSqGSIb3DQEBCwUAA4IBAQAI3mm3K4uM3tO2kJXDLN7iNqI8SFQtlbpaRowSMkV5
1Xep1KkXgVoEnm8usNl0cTCwyHJa7t5fi1WeORN07V0j0SDE8YeDSs4IZ2LpJKWU
FFLvIm1YghrOFGaSGg2FWHp3rN0BzDEEDKknwah6b08nUoz+wv29NisVxKVWyKOg
WptDT8MJ80ZQzMNNGGLm59Mc71BZVQ8w9i1U+e0W8BHmKQCK13ZORmvZvxGXxx/r
6DLmJJzr1C23WYyiI9qEtoTX0fRRPR75Ofxr03dKmcuTq+rTa+3Xz8ciNzWdge8g
mqQmWjPwexFTvLN0gGKWeVoRl/pgo346xTFiVF6M7LY/
-----END CERTIFICATE-----