Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/ymHEOOwyWVzV_CpKsQVa4HcE12k.roa
File:                     ymHEOOwyWVzV_CpKsQVa4HcE12k.roa (raw, json)
Hash identifier:          8sWk8x8UOzr93L+wTHhq4t/AQek5KFg1tr1Y4NvleyA=
Subject key identifier:   CA:61:C4:38:EC:32:59:5C:D5:FC:2A:4A:B1:05:5A:E0:77:04:D7:69
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       018CC94E6D53512734C9BAA7510221A437BC
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/ymHEOOwyWVzV_CpKsQVa4HcE12k.roa
Signing time:             Tue 02 Jan 2024 08:33:29 +0000
ROA not before:           Tue 02 Jan 2024 08:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59436
IP address blocks:        46.3.242.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 13:02:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6d:53:51:27:34:c9:ba:a7:51:02:21:a4:37:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  2 08:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ca61c438ec32595cd5fc2a4ab1055ae07704d769
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:27:50:b2:16:c5:35:27:4d:cb:18:f5:ef:06:
                    5a:21:5f:8d:ef:1e:35:b0:78:08:bb:03:c2:6a:02:
                    1d:63:4a:ee:c8:80:a7:1e:df:9f:d4:61:7a:9d:c2:
                    73:83:90:59:5f:ad:18:2d:18:19:59:8a:96:ab:fd:
                    75:b1:a4:c9:10:83:b3:35:23:88:fb:b9:8e:98:cc:
                    62:aa:0a:13:28:af:56:35:68:1e:52:d2:c2:63:09:
                    9f:12:49:a6:2f:e8:a4:3f:13:99:e7:0d:27:e5:9d:
                    f9:0a:12:2d:5c:25:61:5a:25:29:7e:24:40:e9:7b:
                    35:29:5a:52:b0:62:af:9b:d5:3f:c1:11:61:7a:56:
                    3d:1b:e9:3b:12:4c:ef:28:74:7c:94:b4:df:98:d5:
                    db:b7:8b:00:59:ba:f6:eb:b4:8d:77:aa:df:06:5a:
                    d6:61:5a:ff:ba:b0:a4:7b:66:07:b8:63:ee:16:f9:
                    9d:6d:ec:c2:d5:53:4b:0a:4a:e4:7f:e2:7e:b2:8f:
                    54:2b:6b:5f:49:9a:32:cc:f3:e5:6d:b2:44:80:43:
                    f6:3a:cb:18:36:2f:bf:59:a2:7a:27:52:15:61:f4:
                    9c:9e:3b:47:0e:20:0e:13:f8:5d:75:ca:49:6c:c4:
                    3d:cb:2a:c9:b1:4e:82:b4:ab:40:b4:2b:1f:32:dc:
                    62:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:61:C4:38:EC:32:59:5C:D5:FC:2A:4A:B1:05:5A:E0:77:04:D7:69
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/ymHEOOwyWVzV_CpKsQVa4HcE12k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:07:fe:40:c7:f5:c2:f2:ca:65:00:b4:72:86:76:60:19:95:
         32:9d:37:04:32:68:7a:34:ee:0d:38:ae:cc:0f:cc:69:0e:6e:
         13:1c:6b:2b:64:15:dd:ad:a4:bd:81:6c:00:3e:5a:1b:2c:66:
         9e:6b:c1:c8:8c:c6:fc:37:12:af:0d:12:9a:27:05:cf:93:f0:
         1b:2c:c7:73:da:aa:81:c1:42:87:08:be:63:56:37:9d:e8:9f:
         c2:55:7a:06:d6:14:83:b5:21:77:9e:29:a4:f3:6a:12:a5:68:
         58:7b:68:5f:ff:64:35:d0:05:9a:e0:8d:8e:bf:d2:66:bf:f3:
         00:b8:4b:90:ac:fd:a5:b1:36:0d:28:34:f7:b0:a9:07:aa:21:
         bc:6f:2b:e6:a6:2b:fe:fd:b6:9d:50:b5:47:82:26:cb:b7:d0:
         04:96:95:16:98:5e:e6:40:70:0b:32:79:29:75:fe:e0:98:70:
         d8:0d:ae:30:aa:2b:e3:15:7b:20:df:3b:1b:39:0f:2a:ca:a9:
         e9:2c:ef:82:81:45:34:66:b3:5a:fc:75:7e:45:51:d5:da:40:
         bc:aa:32:e6:00:8c:ed:eb:a3:5d:42:bd:38:45:6e:6a:ab:4b:
         dd:45:e6:a4:7b:0d:59:8f:1d:6f:8b:61:21:5a:19:27:e8:92:
         91:8d:23:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTm1TUSc0ybqnUQIhpDe8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjQwMTAyMDgzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTYxYzQzOGVjMzI1OTVjZDVmYzJhNGFiMTA1NWFlMDc3MDRkNzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiidQshbFNSdNyxj17wZaIV+N7x41
sHgIuwPCagIdY0ruyICnHt+f1GF6ncJzg5BZX60YLRgZWYqWq/11saTJEIOzNSOI
+7mOmMxiqgoTKK9WNWgeUtLCYwmfEkmmL+ikPxOZ5w0n5Z35ChItXCVhWiUpfiRA
6Xs1KVpSsGKvm9U/wRFhelY9G+k7EkzvKHR8lLTfmNXbt4sAWbr267SNd6rfBlrW
YVr/urCke2YHuGPuFvmdbezC1VNLCkrkf+J+so9UK2tfSZoyzPPlbbJEgEP2OssY
Ni+/WaJ6J1IVYfScnjtHDiAOE/hddcpJbMQ9yyrJsU6CtKtAtCsfMtxigwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMphxDjsMllc1fwqSrEFWuB3BNdpMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEveW1IRU9Pd3lXVnpWX0NwS3NRVmE0SGNFMTJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLgPyMA0G
CSqGSIb3DQEBCwUAA4IBAQBhB/5Ax/XC8splALRyhnZgGZUynTcEMmh6NO4NOK7M
D8xpDm4THGsrZBXdraS9gWwAPlobLGaea8HIjMb8NxKvDRKaJwXPk/AbLMdz2qqB
wUKHCL5jVjed6J/CVXoG1hSDtSF3nimk82oSpWhYe2hf/2Q10AWa4I2Ov9Jmv/MA
uEuQrP2lsTYNKDT3sKkHqiG8byvmpiv+/badULVHgibLt9AElpUWmF7mQHALMnkp
df7gmHDYDa4wqivjFXsg3zsbOQ8qyqnpLO+CgUU0ZrNa/HV+RVHV2kC8qjLmAIzt
66NdQr04RW5qq0vdReakew1Zjx1vi2EhWhkn6JKRjSM9
-----END CERTIFICATE-----