Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/yzYqKYnZnlooSEdjhS9TyUR5gEE.roa
File:                     yzYqKYnZnlooSEdjhS9TyUR5gEE.roa (raw, json)
Hash identifier:          3w2JVaJZ4U6+14/h5Ye1Gi3c5hzX3RpzzgHVUDG0uKo=
Subject key identifier:   CB:36:2A:29:89:D9:9E:5A:28:48:47:63:85:2F:53:C9:44:79:80:41
Certificate issuer:       /CN=5588f197f97e8900755544e810cddef9d90fbc41
Certificate serial:       018CC94E6D22CE1026ED5B83746C4905BF74
Authority key identifier: 55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/yzYqKYnZnlooSEdjhS9TyUR5gEE.roa
Signing time:             Tue 02 Jan 2024 08:33:29 +0000
ROA not before:           Tue 02 Jan 2024 08:33:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54197
IP address blocks:        46.3.80.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6d:22:ce:10:26:ed:5b:83:74:6c:49:05:bf:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5588f197f97e8900755544e810cddef9d90fbc41
        Validity
            Not Before: Jan  2 08:33:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cb362a2989d99e5a28484763852f53c944798041
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:47:4f:a6:1c:3b:32:0f:45:ed:f1:a9:32:46:
                    7a:dc:a3:95:32:ac:0e:05:93:52:24:24:b7:03:05:
                    4c:ab:b9:17:a7:bd:32:09:09:a5:61:26:03:28:44:
                    86:bf:1e:ad:2e:d1:ec:ee:ec:d3:7b:52:40:78:e4:
                    40:89:c0:9d:30:4d:26:ad:62:53:64:44:fe:f0:f7:
                    b7:8a:f2:8d:3f:f8:0b:38:07:88:0a:31:c0:8f:24:
                    b6:79:ab:45:a2:21:f0:f6:98:f3:18:fd:f2:b0:59:
                    6a:52:d4:e2:46:a3:55:b9:85:19:93:80:61:f1:f2:
                    42:2f:9a:39:b9:ab:c1:78:ad:b4:eb:46:cc:95:b0:
                    0b:eb:0d:29:9a:ac:9b:b2:c1:4e:3f:dc:04:56:8f:
                    d7:64:c8:5b:f2:e6:b5:86:8f:96:c8:02:10:7b:b2:
                    08:33:94:11:94:a2:67:ae:b9:87:87:eb:1a:2f:cf:
                    c4:5f:a4:ab:79:14:27:79:35:0a:68:e9:80:cc:bb:
                    e2:2b:2f:68:33:b7:89:09:75:79:07:d7:0a:94:3a:
                    8f:bc:5b:27:7f:0e:ec:12:81:23:ee:52:16:1f:68:
                    7a:67:dd:dd:e3:f9:c2:55:a1:2f:1a:1d:6f:74:46:
                    fe:a5:76:1a:e7:54:cc:ee:ec:77:a4:02:3c:de:8d:
                    44:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:36:2A:29:89:D9:9E:5A:28:48:47:63:85:2F:53:C9:44:79:80:41
            X509v3 Authority Key Identifier:
                keyid:55:88:F1:97:F9:7E:89:00:75:55:44:E8:10:CD:DE:F9:D9:0F:BC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VYjxl_l-iQB1VUToEM3e-dkPvEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/yzYqKYnZnlooSEdjhS9TyUR5gEE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/622981-9650-4271-92ca-7cfef4276a0f/1/VYjxl_l-iQB1VUToEM3e-dkPvEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.3.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         7b:f0:88:9b:ce:bb:04:cf:40:c3:e2:82:b6:cd:01:8d:61:ad:
         98:a0:62:01:0f:41:e6:16:f7:3c:b6:d9:d3:06:c9:7f:d6:a8:
         57:dd:7a:56:a4:14:82:2d:6e:04:f7:19:ab:52:19:13:7e:21:
         b8:8e:9a:f9:83:9a:f9:c2:2f:2e:ab:79:a0:f6:ca:2d:2a:bd:
         79:2c:af:88:0a:16:0b:7b:a6:de:89:ee:9f:c8:d9:0d:02:4d:
         46:e5:07:0d:4a:95:ac:c8:de:69:e1:92:70:eb:51:bb:f3:2f:
         b6:62:a4:c3:38:99:dc:f2:37:e0:fa:29:df:57:7c:bf:6c:f7:
         da:44:fb:f4:df:eb:4f:50:0a:03:8f:10:78:a1:ab:dc:00:43:
         7e:0d:71:dd:e8:00:64:a9:b3:9b:3c:94:ac:d7:7a:f2:ed:cd:
         8b:e3:07:12:b7:87:ad:ba:29:4d:b8:a2:5a:2b:78:c1:fa:41:
         8a:ff:96:76:9a:81:07:80:a4:a3:bf:b3:4b:4b:cb:97:9a:21:
         3c:21:e0:55:87:33:1d:58:c3:21:6d:73:f8:3e:a1:7e:0e:53:
         70:28:8b:f5:06:c8:74:17:71:fd:d9:bc:1c:15:79:81:7a:9c:
         f8:f2:ed:77:ad:88:22:b3:13:db:6f:f3:c6:1d:d7:6a:92:6c:
         b3:bf:30:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTm0izhAm7VuDdGxJBb90MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ODhmMTk3Zjk3ZTg5MDA3NTU1NDRlODEwY2RkZWY5ZDkw
ZmJjNDEwHhcNMjQwMTAyMDgzMzI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjM2MmEyOTg5ZDk5ZTVhMjg0ODQ3NjM4NTJmNTNjOTQ0Nzk4MDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkdPphw7Mg9F7fGpMkZ63KOVMqwO
BZNSJCS3AwVMq7kXp70yCQmlYSYDKESGvx6tLtHs7uzTe1JAeORAicCdME0mrWJT
ZET+8Pe3ivKNP/gLOAeICjHAjyS2eatFoiHw9pjzGP3ysFlqUtTiRqNVuYUZk4Bh
8fJCL5o5uavBeK2060bMlbAL6w0pmqybssFOP9wEVo/XZMhb8ua1ho+WyAIQe7II
M5QRlKJnrrmHh+saL8/EX6SreRQneTUKaOmAzLviKy9oM7eJCXV5B9cKlDqPvFsn
fw7sEoEj7lIWH2h6Z93d4/nCVaEvGh1vdEb+pXYa51TM7ux3pAI83o1EcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMs2KimJ2Z5aKEhHY4UvU8lEeYBBMB8GA1UdIwQY
MBaAFFWI8Zf5fokAdVVE6BDN3vnZD7xBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2Et
N2NmZWY0Mjc2YTBmLzEveXpZcUtZblpubG9vU0VkamhTOVR5VVI1Z0VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi82MjI5ODEtOTY1MC00MjcxLTkyY2EtN2NmZWY0Mjc2YTBm
LzEvVllqeGxfbC1pUUIxVlVUb0VNM2UtZGtQdkVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLgNQMA0G
CSqGSIb3DQEBCwUAA4IBAQB78IibzrsEz0DD4oK2zQGNYa2YoGIBD0HmFvc8ttnT
Bsl/1qhX3XpWpBSCLW4E9xmrUhkTfiG4jpr5g5r5wi8uq3mg9sotKr15LK+IChYL
e6beie6fyNkNAk1G5QcNSpWsyN5p4ZJw61G78y+2YqTDOJnc8jfg+infV3y/bPfa
RPv03+tPUAoDjxB4oavcAEN+DXHd6ABkqbObPJSs13ry7c2L4wcSt4etuilNuKJa
K3jB+kGK/5Z2moEHgKSjv7NLS8uXmiE8IeBVhzMdWMMhbXP4PqF+DlNwKIv1Bsh0
F3H92bwcFXmBepz48u13rYgisxPbb/PGHddqkmyzvzDH
-----END CERTIFICATE-----