Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/oAVCYRCmZV9CQoXr66MPKOSRnaw.roa
File:                     oAVCYRCmZV9CQoXr66MPKOSRnaw.roa (raw, json)
Hash identifier:          +iOfcVraU4Mx7gdsusZxop3BaLf+vs+tw3rzIlUqyEw=
Subject key identifier:   A0:05:42:61:10:A6:65:5F:42:42:85:EB:EB:A3:0F:28:E4:91:9D:AC
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       018CC94E6A8BD3E70515006DEDCCEAF5CEB4
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/oAVCYRCmZV9CQoXr66MPKOSRnaw.roa
Signing time:             Tue 02 Jan 2024 08:33:28 +0000
ROA not before:           Tue 02 Jan 2024 08:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35251
IP address blocks:        46.3.112.0/23 maxlen: 24
                          46.3.114.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:03:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6a:8b:d3:e7:05:15:00:6d:ed:cc:ea:f5:ce:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  2 08:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a005426110a6655f424285ebeba30f28e4919dac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:56:37:db:2f:bc:1e:0e:a2:20:2a:de:26:13:
                    ab:c5:40:c6:63:26:af:01:2c:54:6a:9f:9c:99:df:
                    ef:7c:97:e7:02:5b:5a:99:4d:de:11:63:4e:1c:c6:
                    6a:ec:94:4e:94:18:0d:85:d7:f2:bc:71:95:72:d4:
                    e1:de:08:b2:f6:4b:62:27:a6:32:e4:66:bc:22:ab:
                    96:75:4c:90:e8:77:bb:c8:4d:ba:fc:e0:7d:5e:ea:
                    be:6d:68:46:85:a7:dc:ff:a0:c4:45:e7:89:59:06:
                    d1:f0:fb:0d:02:3d:64:45:98:93:10:17:62:fd:99:
                    69:b3:9b:af:b9:f3:be:3c:3b:8d:d2:87:4f:f3:f4:
                    64:b6:43:9d:a0:a0:f5:95:30:f0:2e:17:95:af:42:
                    8d:6d:b6:96:4f:1b:8c:94:a2:15:07:6f:6d:b9:4e:
                    93:0f:8e:6c:12:41:a9:1d:3f:c2:31:e7:e1:12:29:
                    ff:b4:10:82:3d:28:6f:f7:ce:53:4b:c0:b7:93:4a:
                    db:c3:3b:53:db:ea:b9:b1:43:3b:c6:22:07:42:f2:
                    f5:b4:c5:47:ac:2f:0e:df:da:15:df:f5:3c:77:08:
                    80:56:b9:5b:d3:be:a7:2f:d3:d7:56:fc:ca:ad:3d:
                    2f:f6:0c:de:37:2f:84:97:e0:57:82:0a:3f:a5:25:
                    53:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:05:42:61:10:A6:65:5F:42:42:85:EB:EB:A3:0F:28:E4:91:9D:AC
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/oAVCYRCmZV9CQoXr66MPKOSRnaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:0c:a6:1f:3e:41:d3:eb:72:da:48:40:5f:d9:d2:7c:fc:83:
         a9:1d:7b:c2:f0:41:d6:e4:c0:90:1e:dd:de:c9:35:8c:23:81:
         74:48:a9:50:c4:0d:69:69:d5:33:ec:96:8d:17:79:c1:ff:50:
         28:d0:40:33:bc:54:2c:75:b0:54:4b:68:94:c5:83:20:2a:3a:
         d8:ee:c2:36:16:2f:dc:6f:2c:d2:58:97:9f:8b:f9:fa:d9:59:
         2e:44:68:95:88:e0:ad:ec:12:0e:2a:95:bb:ac:3c:9e:e2:ff:
         96:9d:c6:57:93:ee:43:db:e1:ad:29:c3:57:8e:65:b5:f3:42:
         de:61:3f:ab:84:09:05:68:36:0d:f0:16:0e:f7:fb:44:f3:f1:
         24:a6:e0:dd:43:fc:16:4e:87:a4:ed:cd:12:3f:7e:bf:af:d9:
         36:5e:43:1e:f7:4e:fa:02:15:f4:8e:88:e5:46:58:f6:5e:4f:
         48:a7:9e:44:4f:43:06:e6:b9:0d:eb:df:83:a0:e3:6f:f1:3c:
         83:05:c1:b8:55:e7:7a:d5:6d:67:23:f1:9a:66:04:e8:c7:dc:
         75:ad:44:c4:0b:18:d4:e3:f8:83:cd:aa:84:a4:7a:7a:1d:a6:
         65:39:9e:6e:6c:99:a9:1f:08:5b:38:e6:9f:d6:9d:f8:6d:0f:
         16:fa:ed:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmqL0+cFFQBt7czq9c60MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjQwMTAyMDgzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDA1NDI2MTEwYTY2NTVmNDI0Mjg1ZWJlYmEzMGYyOGU0OTE5ZGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArFY32y+8Hg6iICreJhOrxUDGYyav
ASxUap+cmd/vfJfnAltamU3eEWNOHMZq7JROlBgNhdfyvHGVctTh3giy9ktiJ6Yy
5Ga8IquWdUyQ6He7yE26/OB9Xuq+bWhGhafc/6DEReeJWQbR8PsNAj1kRZiTEBdi
/Zlps5uvufO+PDuN0odP8/RktkOdoKD1lTDwLheVr0KNbbaWTxuMlKIVB29tuU6T
D45sEkGpHT/CMefhEin/tBCCPShv985TS8C3k0rbwztT2+q5sUM7xiIHQvL1tMVH
rC8O39oV3/U8dwiAVrlb076nL9PXVvzKrT0v9gzeNy+El+BXggo/pSVT4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKAFQmEQpmVfQkKF6+ujDyjkkZ2sMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvb0FWQ1lSQ21aVjlDUW9YcjY2TVBLT1NSbmF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLgNwMA0G
CSqGSIb3DQEBCwUAA4IBAQCHDKYfPkHT63LaSEBf2dJ8/IOpHXvC8EHW5MCQHt3e
yTWMI4F0SKlQxA1padUz7JaNF3nB/1Ao0EAzvFQsdbBUS2iUxYMgKjrY7sI2Fi/c
byzSWJefi/n62VkuRGiViOCt7BIOKpW7rDye4v+WncZXk+5D2+GtKcNXjmW180Le
YT+rhAkFaDYN8BYO9/tE8/EkpuDdQ/wWToek7c0SP36/r9k2XkMe9076AhX0jojl
Rlj2Xk9Ip55ET0MG5rkN69+DoONv8TyDBcG4Ved61W1nI/GaZgTox9x1rUTECxjU
4/iDzaqEpHp6HaZlOZ5ubJmpHwhbOOaf1p34bQ8W+u18
-----END CERTIFICATE-----