Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/w-wkMXcsZb2KeHYI2vkocwiTPac.roa
File:                     w-wkMXcsZb2KeHYI2vkocwiTPac.roa (raw, json)
Hash identifier:          puy9LFDQXh1I2ob9j2i/NtQr3f9GmFQ486RbLqgKPRQ=
Subject key identifier:   C3:EC:24:31:77:2C:65:BD:8A:78:76:08:DA:F9:28:73:08:93:3D:A7
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       018CC94E713DDFDD0ED40075A4530871AC6B
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/w-wkMXcsZb2KeHYI2vkocwiTPac.roa
Signing time:             Tue 02 Jan 2024 08:33:30 +0000
ROA not before:           Tue 02 Jan 2024 08:33:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     397423
IP address blocks:        46.3.160.0/22 maxlen: 24
                          46.3.208.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 04:03:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:71:3d:df:dd:0e:d4:00:75:a4:53:08:71:ac:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  2 08:33:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3ec2431772c65bd8a787608daf9287308933da7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:41:b9:2a:05:60:13:5d:d5:1f:b0:7a:16:e5:
                    6d:e2:d4:24:e0:5d:cf:2c:30:84:bc:cf:b4:45:ea:
                    47:d4:24:b3:4b:1b:4b:ce:f4:12:ec:d3:55:66:d7:
                    57:57:e1:4c:b9:94:a9:5a:f5:d9:7c:cb:0b:0e:39:
                    35:17:47:7b:c3:1d:13:12:dc:53:bb:a4:12:df:98:
                    c2:4f:fd:58:27:bc:13:5e:af:33:cb:fd:57:e1:da:
                    44:f3:72:e2:e0:5c:e3:24:a1:63:b9:95:12:74:5f:
                    df:9f:44:a0:e4:6a:03:a4:f6:87:f2:40:a6:55:df:
                    0f:9c:b9:fb:33:87:34:df:c3:ef:9e:2c:a3:05:72:
                    83:08:20:98:a0:3c:50:78:05:53:7c:b9:4e:a7:e8:
                    ca:d5:c7:c9:59:53:dd:dd:06:c6:dc:8a:3f:36:94:
                    ac:d4:58:af:0e:71:fa:0b:65:94:bc:7d:2d:c3:15:
                    0e:4f:e8:73:c3:d1:e6:fa:34:20:50:6a:f8:b4:b4:
                    48:2d:4f:68:5b:28:fd:45:5a:34:60:ec:9f:42:d3:
                    e6:8d:b3:80:d0:7e:57:dc:77:7c:16:5b:d9:32:cc:
                    a5:62:56:bb:ba:88:7c:f9:5b:79:31:c1:45:4a:c7:
                    4d:f1:be:fd:49:00:f2:2f:82:ce:ee:4c:82:da:c1:
                    71:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:EC:24:31:77:2C:65:BD:8A:78:76:08:DA:F9:28:73:08:93:3D:A7
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/w-wkMXcsZb2KeHYI2vkocwiTPac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.160.0/22
                  46.3.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         7b:cf:9d:66:bf:ac:84:87:eb:a0:93:bf:98:5e:99:b5:25:d1:
         7a:69:2b:d8:3e:da:70:72:c9:5f:50:f1:59:63:9c:b9:e9:5b:
         c5:01:c1:15:b1:ec:da:89:19:c8:cc:a9:2f:61:28:13:c1:f6:
         91:1a:44:89:7b:b2:89:f5:ea:f3:02:6c:d2:09:e3:c6:9e:b0:
         e0:68:2e:69:3a:a2:25:00:c5:03:6c:1d:f1:70:0d:8f:39:98:
         e2:c5:a5:bf:70:f8:a4:3b:06:ce:89:de:33:9e:2a:9b:9d:2f:
         2d:e8:7a:51:b0:24:cb:c2:08:38:c0:7e:29:03:94:94:20:07:
         2a:f3:c8:f0:57:7d:3d:16:5c:ed:5e:7f:5c:f2:61:14:68:25:
         38:42:03:f1:41:83:e4:ea:75:98:cc:97:1b:05:c4:d4:2b:80:
         de:fb:74:73:53:0d:2d:49:9f:ca:3c:86:be:a7:3d:fc:0b:b8:
         3d:db:a0:b4:7f:e4:e6:98:11:e9:98:89:9a:43:a2:df:df:97:
         06:ec:ea:55:b2:af:3d:14:e7:e6:50:90:6d:e7:50:8e:de:52:
         e7:98:51:27:7d:90:3d:ba:d2:e8:0a:e0:30:f7:6c:5d:d1:cb:
         5a:45:7a:0f:26:65:0e:6d:d0:64:c2:e0:9e:af:53:d3:45:7a:
         66:ec:82:08
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJTnE9390O1AB1pFMIcaxrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjQwMTAyMDgzMzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2VjMjQzMTc3MmM2NWJkOGE3ODc2MDhkYWY5Mjg3MzA4OTMzZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0G5KgVgE13VH7B6FuVt4tQk4F3P
LDCEvM+0RepH1CSzSxtLzvQS7NNVZtdXV+FMuZSpWvXZfMsLDjk1F0d7wx0TEtxT
u6QS35jCT/1YJ7wTXq8zy/1X4dpE83Li4FzjJKFjuZUSdF/fn0Sg5GoDpPaH8kCm
Vd8PnLn7M4c038PvniyjBXKDCCCYoDxQeAVTfLlOp+jK1cfJWVPd3QbG3Io/NpSs
1FivDnH6C2WUvH0twxUOT+hzw9Hm+jQgUGr4tLRILU9oWyj9RVo0YOyfQtPmjbOA
0H5X3Hd8FlvZMsylYla7uoh8+Vt5McFFSsdN8b79SQDyL4LO7kyC2sFxYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMPsJDF3LGW9inh2CNr5KHMIkz2nMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEvdy13a01YY3NaYjJLZUhZSTJ2a29jd2lUUGFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLgOgAwQD
LgPQMA0GCSqGSIb3DQEBCwUAA4IBAQB7z51mv6yEh+ugk7+YXpm1JdF6aSvYPtpw
cslfUPFZY5y56VvFAcEVsezaiRnIzKkvYSgTwfaRGkSJe7KJ9erzAmzSCePGnrDg
aC5pOqIlAMUDbB3xcA2POZjixaW/cPikOwbOid4zniqbnS8t6HpRsCTLwgg4wH4p
A5SUIAcq88jwV309FlztXn9c8mEUaCU4QgPxQYPk6nWYzJcbBcTUK4De+3RzUw0t
SZ/KPIa+pz38C7g926C0f+TmmBHpmImaQ6Lf35cG7OpVsq89FOfmUJBt51CO3lLn
mFEnfZA9utLoCuAw92xd0ctaRXoPJmUObdBkwuCer1PTRXpm7III
-----END CERTIFICATE-----