Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/1Vt7w1q-fJHtTa4bQgMlckDMSMY.roa
File:                     1Vt7w1q-fJHtTa4bQgMlckDMSMY.roa (raw, json)
Hash identifier:          7ImvuEHuv8Y9NIWynRfEC5LGcbRRO4k/uGY9VzMwIdI=
Subject key identifier:   D5:5B:7B:C3:5A:BE:7C:91:ED:4D:AE:1B:42:03:25:72:40:CC:48:C6
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       018CC94E69D7C25C2BB34BD4971BFC57ADAC
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/1Vt7w1q-fJHtTa4bQgMlckDMSMY.roa
Signing time:             Tue 02 Jan 2024 08:33:28 +0000
ROA not before:           Tue 02 Jan 2024 08:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18464
IP address blocks:        46.232.56.0/21 maxlen: 24
                          46.3.96.0/20 maxlen: 24
                          46.232.48.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:69:d7:c2:5c:2b:b3:4b:d4:97:1b:fc:57:ad:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  2 08:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d55b7bc35abe7c91ed4dae1b4203257240cc48c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:ec:cf:2a:f9:76:f2:4a:fb:ec:18:ae:ae:e4:
                    80:43:dc:85:e8:aa:a8:a0:02:b4:16:54:a1:91:a6:
                    81:1b:6b:82:7f:56:3a:e2:63:71:75:50:eb:ab:25:
                    a4:f5:a8:5f:cf:15:4b:1e:32:a7:f4:ca:08:9c:d9:
                    0e:8a:fe:3c:ba:d5:25:53:bb:ef:b0:e4:51:39:3e:
                    c7:45:ee:46:d2:86:b8:00:f6:da:79:1e:87:7d:3f:
                    26:64:63:fd:75:84:ea:f4:f3:42:42:ee:92:fa:56:
                    20:92:d7:06:4a:2e:43:99:c8:52:a8:c5:55:d2:8f:
                    86:c4:e1:ae:03:6c:7e:bb:11:98:63:3d:2c:bf:d8:
                    dc:ad:5b:8f:93:36:4d:c8:6c:52:0e:e2:2f:4f:90:
                    36:e8:f4:2c:da:23:32:2e:7a:5a:96:00:58:8a:23:
                    ad:db:44:ea:54:b1:7b:c2:91:c6:bc:9f:da:87:66:
                    0c:47:7b:c1:cc:5f:42:21:b7:3f:b2:f9:b9:79:dd:
                    5a:2e:b6:c2:bc:73:4f:a9:00:80:e5:ee:8f:fb:ad:
                    f4:2b:ef:d2:3a:28:fe:6f:9a:c1:01:e2:65:e1:67:
                    72:6d:9c:08:1b:e6:d5:83:f6:23:b7:eb:cc:59:50:
                    12:ff:87:2e:03:57:ac:14:24:ec:4f:52:18:80:d0:
                    1c:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:5B:7B:C3:5A:BE:7C:91:ED:4D:AE:1B:42:03:25:72:40:CC:48:C6
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/1Vt7w1q-fJHtTa4bQgMlckDMSMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.96.0/20
                  46.232.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         00:25:70:e9:74:78:a0:bb:10:3e:93:f9:3a:70:ae:ee:9e:97:
         9c:e1:a5:63:3e:6a:4c:07:92:a9:d5:3f:c0:1a:7e:f8:77:b6:
         ff:96:8b:69:a0:6a:58:22:67:88:3a:c6:8e:ca:3e:6d:86:d5:
         a5:6b:71:cd:a5:e7:3f:de:2f:e1:20:0d:b6:cf:3b:7c:c7:09:
         ff:fd:f7:0c:9b:21:76:12:74:2c:9a:3c:87:95:84:d0:d0:d6:
         3d:59:c8:14:25:14:ea:e8:87:52:e5:b4:7b:72:64:ac:30:f9:
         ea:54:5d:c8:b2:ee:d1:6b:61:0b:c0:cd:fe:26:c3:6f:73:7d:
         f5:a5:b4:7b:e1:34:a9:3f:fb:ff:50:3a:47:20:8c:ed:a9:4d:
         26:cb:f0:96:3d:b4:28:f1:ee:22:f2:ab:fd:c7:12:ea:b0:99:
         dd:bb:41:ef:37:f0:5f:5e:dc:3e:89:75:91:12:b0:76:0f:42:
         e2:4a:a6:e2:34:57:47:ef:34:5c:ed:d6:6f:d9:91:f3:84:8b:
         cf:c9:73:49:56:77:b0:52:e4:26:f8:38:64:b3:e4:0f:32:2d:
         62:9c:82:85:cf:0d:93:16:2f:c2:c6:73:e4:90:fe:43:f3:06:
         47:d3:b5:c0:af:25:b5:27:c7:70:98:21:c3:99:ec:9f:5a:d9:
         85:5a:61:ad
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTmnXwlwrs0vUlxv8V62sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjQwMTAyMDgzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTViN2JjMzVhYmU3YzkxZWQ0ZGFlMWI0MjAzMjU3MjQwY2M0OGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAguzPKvl28kr77BiuruSAQ9yF6Kqo
oAK0FlShkaaBG2uCf1Y64mNxdVDrqyWk9ahfzxVLHjKn9MoInNkOiv48utUlU7vv
sORROT7HRe5G0oa4APbaeR6HfT8mZGP9dYTq9PNCQu6S+lYgktcGSi5DmchSqMVV
0o+GxOGuA2x+uxGYYz0sv9jcrVuPkzZNyGxSDuIvT5A26PQs2iMyLnpalgBYiiOt
20TqVLF7wpHGvJ/ah2YMR3vBzF9CIbc/svm5ed1aLrbCvHNPqQCA5e6P+630K+/S
Oij+b5rBAeJl4WdybZwIG+bVg/Yjt+vMWVAS/4cuA1esFCTsT1IYgNAcfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNVbe8NavnyR7U2uG0IDJXJAzEjGMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvMVZ0N3cxcS1mSkh0VGE0YlFnTWxja0RNU01ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQELgNgAwQE
LugwMA0GCSqGSIb3DQEBCwUAA4IBAQAAJXDpdHiguxA+k/k6cK7unpec4aVjPmpM
B5Kp1T/AGn74d7b/lotpoGpYImeIOsaOyj5thtWla3HNpec/3i/hIA22zzt8xwn/
/fcMmyF2EnQsmjyHlYTQ0NY9WcgUJRTq6IdS5bR7cmSsMPnqVF3Isu7Ra2ELwM3+
JsNvc331pbR74TSpP/v/UDpHIIztqU0my/CWPbQo8e4i8qv9xxLqsJndu0HvN/Bf
Xtw+iXWRErB2D0LiSqbiNFdH7zRc7dZv2ZHzhIvPyXNJVnewUuQm+Dhks+QPMi1i
nIKFzw2TFi/CxnPkkP5D8wZH07XAryW1J8dwmCHDmeyfWtmFWmGt
-----END CERTIFICATE-----