Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/Oi5y3oR-zAeDQVQqnqlub4mxZBY.roa
File:                     Oi5y3oR-zAeDQVQqnqlub4mxZBY.roa (raw, json)
Hash identifier:          wiW5g0XVDHNy1QPGb/8FJ3EhNGUt4wPgRz1ROLxdqCE=
Subject key identifier:   3A:2E:72:DE:84:7E:CC:07:83:41:54:2A:9E:A9:6E:6F:89:B1:64:16
Certificate issuer:       /CN=9d989b3998e19fc00f8670cf6c9d7401715cf34f
Certificate serial:       01967C6E14D14A09719FCA403CB06E068CFE
Authority key identifier: 9D:98:9B:39:98:E1:9F:C0:0F:86:70:CF:6C:9D:74:01:71:5C:F3:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/Oi5y3oR-zAeDQVQqnqlub4mxZBY.roa
Signing time:             Mon 28 Apr 2025 12:45:11 +0000
ROA not before:           Mon 28 Apr 2025 12:45:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213752
IP address blocks:        46.231.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 11:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:6e:14:d1:4a:09:71:9f:ca:40:3c:b0:6e:06:8c:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d989b3998e19fc00f8670cf6c9d7401715cf34f
        Validity
            Not Before: Apr 28 12:45:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3a2e72de847ecc078341542a9ea96e6f89b16416
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:82:4f:2b:3e:ea:1e:fc:e4:ba:d8:44:3d:ac:
                    29:9a:0a:cd:80:8f:0b:6c:44:bf:a1:f6:b6:bb:fa:
                    1b:7c:70:7e:45:a9:1f:39:b0:21:f1:fb:30:02:69:
                    94:c6:f3:85:9e:ec:a8:6f:25:79:ce:fc:a8:cb:d7:
                    30:38:27:4c:a9:68:8c:eb:54:23:77:48:3d:f7:28:
                    8d:7e:21:31:5d:01:62:0d:e6:fc:86:46:31:3b:f3:
                    f2:c4:3d:4a:06:a7:8f:a8:eb:da:79:aa:98:59:fe:
                    e8:b3:6d:8b:94:25:29:2c:95:0b:d6:94:89:8f:66:
                    ce:d9:8c:f2:81:65:7f:3c:a8:70:7c:83:e3:82:0d:
                    c3:9c:c0:de:22:a8:05:ec:60:81:b5:b9:d1:87:b7:
                    cd:b9:17:b0:3a:b4:c3:d3:c6:22:d9:a9:92:52:34:
                    b7:f6:8a:7c:0c:a5:e1:e7:b7:48:46:81:32:06:68:
                    ec:ed:5a:53:85:3b:04:35:a6:8b:d1:f4:76:d8:85:
                    fc:d8:0a:b0:95:0d:39:18:d8:dc:e3:84:0c:7e:f7:
                    e7:da:98:09:ed:45:c1:d1:5b:fe:03:f5:78:72:ec:
                    1f:b5:24:a3:17:bb:3e:39:92:72:53:b1:ee:3f:c1:
                    86:e1:83:47:68:a6:27:e9:71:00:0c:f1:88:0e:df:
                    68:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:2E:72:DE:84:7E:CC:07:83:41:54:2A:9E:A9:6E:6F:89:B1:64:16
            X509v3 Authority Key Identifier:
                keyid:9D:98:9B:39:98:E1:9F:C0:0F:86:70:CF:6C:9D:74:01:71:5C:F3:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/Oi5y3oR-zAeDQVQqnqlub4mxZBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.231.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:a8:d7:88:6a:e2:cb:ac:7e:e5:10:8a:09:f3:8f:9e:5b:d0:
         d5:37:dc:e5:7a:2d:dd:f4:4e:36:80:a2:0d:43:54:4a:0c:eb:
         67:3f:79:0c:34:e1:23:63:31:67:16:6f:c2:36:6f:7f:04:b7:
         70:2a:48:ba:ea:10:48:a1:0b:c8:32:1e:af:26:51:31:b2:d9:
         4c:e6:18:a2:1b:f3:15:df:7a:71:6a:3d:37:2d:05:30:4a:34:
         31:fd:95:13:ca:dd:2f:0f:66:ab:a2:97:98:de:37:40:a7:ac:
         5a:5f:d3:6e:6a:f7:2b:ff:d5:ce:e2:71:67:c4:5d:e9:17:41:
         1f:05:9d:a4:87:b7:ea:f8:67:9c:38:7f:e8:12:33:c7:82:2f:
         58:95:78:9c:64:c3:08:f5:de:ee:5a:97:26:d8:b8:c0:af:8f:
         d8:c5:1c:19:55:14:aa:8c:a5:d6:44:3a:7f:42:16:03:71:72:
         87:85:f2:ec:5b:a9:28:70:96:c3:7a:0f:4b:43:e2:ef:3d:0f:
         e3:02:9e:be:a7:10:e3:57:28:f9:2a:ad:a4:cb:a8:29:9a:e5:
         f8:a0:86:ff:e1:23:c6:76:65:39:45:7b:32:8c:98:1e:f0:71:
         24:ce:be:4e:39:7d:67:c1:03:22:4c:12:12:8c:44:93:6c:6f:
         4a:72:45:7e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ8bhTRSglxn8pAPLBuBoz+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkOTg5YjM5OThlMTlmYzAwZjg2NzBjZjZjOWQ3NDAxNzE1
Y2YzNGYwHhcNMjUwNDI4MTI0NTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTJlNzJkZTg0N2VjYzA3ODM0MTU0MmE5ZWE5NmU2Zjg5YjE2NDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt4JPKz7qHvzkuthEPawpmgrNgI8L
bES/ofa2u/obfHB+RakfObAh8fswAmmUxvOFnuyobyV5zvyoy9cwOCdMqWiM61Qj
d0g99yiNfiExXQFiDeb8hkYxO/PyxD1KBqePqOvaeaqYWf7os22LlCUpLJUL1pSJ
j2bO2YzygWV/PKhwfIPjgg3DnMDeIqgF7GCBtbnRh7fNuRewOrTD08Yi2amSUjS3
9op8DKXh57dIRoEyBmjs7VpThTsENaaL0fR22IX82AqwlQ05GNjc44QMfvfn2pgJ
7UXB0Vv+A/V4cuwftSSjF7s+OZJyU7HuP8GG4YNHaKYn6XEADPGIDt9o9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDouct6EfswHg0FUKp6pbm+JsWQWMB8GA1UdIwQY
MBaAFJ2YmzmY4Z/AD4Zwz2yddAFxXPNPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblppYk9aamhuOEFQaG5EUGJKMTBBWEZjODA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC84YzVmNWEtODA0Yi00ZGY2LTgyN2It
YzdjY2Q3OTQzMTA2LzEvT2k1eTNvUi16QWVEUVZRcW5xbHViNG14WkJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC84YzVmNWEtODA0Yi00ZGY2LTgyN2ItYzdjY2Q3OTQzMTA2
LzEvblppYk9aamhuOEFQaG5EUGJKMTBBWEZjODA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALufnMA0G
CSqGSIb3DQEBCwUAA4IBAQCVqNeIauLLrH7lEIoJ84+eW9DVN9zlei3d9E42gKIN
Q1RKDOtnP3kMNOEjYzFnFm/CNm9/BLdwKki66hBIoQvIMh6vJlExstlM5hiiG/MV
33pxaj03LQUwSjQx/ZUTyt0vD2aropeY3jdAp6xaX9Nuavcr/9XO4nFnxF3pF0Ef
BZ2kh7fq+GecOH/oEjPHgi9YlXicZMMI9d7uWpcm2LjAr4/YxRwZVRSqjKXWRDp/
QhYDcXKHhfLsW6kocJbDeg9LQ+LvPQ/jAp6+pxDjVyj5Kq2ky6gpmuX4oIb/4SPG
dmU5RXsyjJge8HEkzr5OOX1nwQMiTBISjESTbG9KckV+
-----END CERTIFICATE-----