Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/yNMJPoawRueZ8SM0NqDHoftPO4U.roa
File:                     yNMJPoawRueZ8SM0NqDHoftPO4U.roa (raw, json)
Hash identifier:          RD4k69aqHChlSxzx2EqglwdACQi7qYYuakiOut4LJfo=
Subject key identifier:   C8:D3:09:3E:86:B0:46:E7:99:F1:23:34:36:A0:C7:A1:FB:4F:3B:85
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       018CC94E6FB38F06C1F65147B2D23C4F7183
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/yNMJPoawRueZ8SM0NqDHoftPO4U.roa
Signing time:             Tue 02 Jan 2024 08:33:29 +0000
ROA not before:           Tue 02 Jan 2024 08:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207710
IP address blocks:        46.232.20.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6f:b3:8f:06:c1:f6:51:47:b2:d2:3c:4f:71:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  2 08:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8d3093e86b046e799f1233436a0c7a1fb4f3b85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:c0:bd:48:26:a5:74:37:c7:ce:71:7e:48:79:
                    bc:3d:fb:93:b0:98:6a:a0:d2:89:a2:48:19:40:c2:
                    89:41:e3:8c:98:11:6d:00:88:82:3f:41:3b:e1:d3:
                    f2:ae:7d:6c:61:13:b3:20:c4:c4:1d:42:f2:f8:e3:
                    99:8c:56:76:d7:bc:1a:c8:6d:b3:f3:d5:0a:43:b1:
                    dd:d3:92:be:6c:1c:aa:d1:d5:46:71:91:e3:58:4a:
                    41:b6:2c:58:2c:7f:be:35:37:7d:68:b0:36:1e:97:
                    67:7d:a0:1a:39:94:43:0c:99:c3:73:5d:41:40:9f:
                    df:c9:6a:92:66:57:a7:f1:58:0c:f3:c9:19:8b:b6:
                    3a:4f:5b:ec:13:35:2d:26:c0:62:a5:6e:eb:15:48:
                    58:03:04:d7:9f:ff:63:5f:94:e7:b3:97:6b:e7:3c:
                    84:08:f3:ec:9d:a8:5c:08:00:11:52:1e:f1:d2:95:
                    46:54:47:e9:c3:e2:69:05:23:73:71:d4:ee:f0:de:
                    7c:f9:9f:fa:a0:85:62:28:c1:e8:64:d7:d8:69:21:
                    9b:4c:1d:d7:e5:31:a5:c8:23:95:f9:c4:1a:94:7e:
                    89:5f:6f:2d:3d:d0:91:e0:b5:54:8b:05:54:3b:3a:
                    cd:9c:4a:af:f0:b0:48:14:df:22:f4:4c:ae:7f:b0:
                    89:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:D3:09:3E:86:B0:46:E7:99:F1:23:34:36:A0:C7:A1:FB:4F:3B:85
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/yNMJPoawRueZ8SM0NqDHoftPO4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.232.20.0/22

    Signature Algorithm: sha256WithRSAEncryption
         65:f3:24:1b:58:ad:69:bc:0f:99:26:15:9b:c2:64:90:aa:af:
         5f:5d:e7:cd:0b:ac:88:4b:77:18:50:00:39:fb:e1:76:ec:7a:
         3b:e2:d8:d0:c1:7a:93:9e:5a:5e:23:96:12:28:a1:92:5a:b4:
         aa:48:ef:30:fc:01:75:d5:25:13:14:84:0f:07:f1:03:ad:99:
         c9:28:73:8b:87:91:59:90:84:fe:3f:9d:06:a3:bb:ab:9a:db:
         2b:38:4c:69:35:9e:14:34:97:b1:13:ec:a3:51:f0:13:6b:a6:
         e1:4d:bf:6d:27:32:3d:1c:b3:b0:63:59:43:2e:67:b8:8f:6f:
         90:16:f9:3d:9e:81:dd:e8:25:15:e4:a6:db:e3:52:fc:6c:8c:
         45:7b:88:90:b5:1d:0f:c6:74:77:16:ea:51:46:f6:2a:48:58:
         ec:8f:1a:0c:bc:0d:45:8f:d1:31:86:81:22:3d:23:a3:8a:3e:
         6c:39:4a:1f:73:8b:f4:a5:c2:c1:54:48:85:d7:54:74:c5:76:
         be:c5:58:fa:f0:1b:a0:f4:01:cd:f6:5d:85:b5:bf:76:8e:45:
         4e:71:d7:c0:08:a6:80:d0:7b:c8:d2:2d:31:1c:4b:c3:24:cf:
         60:ec:4e:aa:77:4e:38:22:64:1c:f8:c9:27:b0:7a:8e:18:59:
         4e:c3:86:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTm+zjwbB9lFHstI8T3GDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjQwMTAyMDgzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGQzMDkzZTg2YjA0NmU3OTlmMTIzMzQzNmEwYzdhMWZiNGYzYjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgcC9SCaldDfHznF+SHm8PfuTsJhq
oNKJokgZQMKJQeOMmBFtAIiCP0E74dPyrn1sYROzIMTEHULy+OOZjFZ217wayG2z
89UKQ7Hd05K+bByq0dVGcZHjWEpBtixYLH++NTd9aLA2HpdnfaAaOZRDDJnDc11B
QJ/fyWqSZlen8VgM88kZi7Y6T1vsEzUtJsBipW7rFUhYAwTXn/9jX5Tns5dr5zyE
CPPsnahcCAARUh7x0pVGVEfpw+JpBSNzcdTu8N58+Z/6oIViKMHoZNfYaSGbTB3X
5TGlyCOV+cQalH6JX28tPdCR4LVUiwVUOzrNnEqv8LBIFN8i9Eyuf7CJlwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMjTCT6GsEbnmfEjNDagx6H7TzuFMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEveU5NSlBvYXdSdWVaOFNNME5xREhvZnRQTzRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLugUMA0G
CSqGSIb3DQEBCwUAA4IBAQBl8yQbWK1pvA+ZJhWbwmSQqq9fXefNC6yIS3cYUAA5
++F27Ho74tjQwXqTnlpeI5YSKKGSWrSqSO8w/AF11SUTFIQPB/EDrZnJKHOLh5FZ
kIT+P50Go7urmtsrOExpNZ4UNJexE+yjUfATa6bhTb9tJzI9HLOwY1lDLme4j2+Q
Fvk9noHd6CUV5Kbb41L8bIxFe4iQtR0PxnR3FupRRvYqSFjsjxoMvA1Fj9ExhoEi
PSOjij5sOUofc4v0pcLBVEiF11R0xXa+xVj68Bug9AHN9l2Ftb92jkVOcdfACKaA
0HvI0i0xHEvDJM9g7E6qd044ImQc+MknsHqOGFlOw4bP
-----END CERTIFICATE-----