Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/xFdc0ZgmwYkGh02wMw4pAcAfuII.roa
File:                     xFdc0ZgmwYkGh02wMw4pAcAfuII.roa (raw, json)
Hash identifier:          VqkuhyDfxcFv5S2P51JHP1B2DYp7PjoRmhHeDkdsvfE=
Subject key identifier:   C4:57:5C:D1:98:26:C1:89:06:87:4D:B0:33:0E:29:01:C0:1F:B8:82
Certificate issuer:       /CN=1cee91296c94992d151a232240e6cf3a176d2039
Certificate serial:       01922F4CB35D483EF86ACBC79CD79141AF43
Authority key identifier: 1C:EE:91:29:6C:94:99:2D:15:1A:23:22:40:E6:CF:3A:17:6D:20:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HO6RKWyUmS0VGiMiQObPOhdtIDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/xFdc0ZgmwYkGh02wMw4pAcAfuII.roa
Signing time:             Thu 26 Sep 2024 17:06:48 +0000
ROA not before:           Thu 26 Sep 2024 17:06:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210069
IP address blocks:        46.172.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/HO6RKWyUmS0VGiMiQObPOhdtIDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/HO6RKWyUmS0VGiMiQObPOhdtIDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HO6RKWyUmS0VGiMiQObPOhdtIDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:2f:4c:b3:5d:48:3e:f8:6a:cb:c7:9c:d7:91:41:af:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1cee91296c94992d151a232240e6cf3a176d2039
        Validity
            Not Before: Sep 26 17:06:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4575cd19826c18906874db0330e2901c01fb882
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:e1:59:f8:f2:81:9d:1a:02:48:c2:d8:b4:f0:
                    41:f3:33:6c:90:84:59:9c:76:21:f3:41:f4:4f:dc:
                    27:7c:1f:f8:88:6e:57:ca:d1:43:93:9d:f5:56:45:
                    e7:a4:dc:8c:d1:eb:cf:ce:3f:90:e9:7e:cb:db:f7:
                    40:25:5e:24:b7:dd:38:a5:1b:77:78:f7:d0:21:a0:
                    57:eb:f9:27:62:30:6e:ff:88:0e:5f:82:c6:38:a6:
                    e7:35:94:63:69:09:9d:f1:65:8b:bd:31:db:e1:31:
                    52:6f:e0:2e:bc:6d:81:d4:a3:0d:c6:5c:a9:d7:84:
                    9d:47:b3:88:68:0f:f3:98:e4:eb:63:2e:09:3f:d6:
                    e2:b7:bb:d1:d8:c5:e4:4d:bc:34:a9:83:06:ae:18:
                    3a:7b:79:ec:87:04:2c:34:58:25:2b:fc:e5:98:f0:
                    ba:4d:e8:a8:e4:f2:cd:fa:90:25:a7:cc:04:b0:d8:
                    ca:f8:0f:51:83:72:d9:c4:92:c5:1d:56:95:db:e9:
                    27:39:94:d6:e7:21:d7:16:3f:eb:4a:82:97:1d:9b:
                    3f:a0:ea:a5:0f:8f:ec:93:e9:c9:ed:cc:9b:00:44:
                    6a:4d:ff:a6:f2:1e:b1:2e:40:91:00:89:9e:8f:1d:
                    97:37:5e:f5:8a:77:7c:c1:10:6e:0c:bb:c2:1b:d1:
                    19:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:57:5C:D1:98:26:C1:89:06:87:4D:B0:33:0E:29:01:C0:1F:B8:82
            X509v3 Authority Key Identifier:
                keyid:1C:EE:91:29:6C:94:99:2D:15:1A:23:22:40:E6:CF:3A:17:6D:20:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HO6RKWyUmS0VGiMiQObPOhdtIDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/xFdc0ZgmwYkGh02wMw4pAcAfuII.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/c91ec3-2820-417b-9aad-bacab475e6cc/1/HO6RKWyUmS0VGiMiQObPOhdtIDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.172.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:99:cf:b7:44:bc:e4:5b:d6:af:ac:b8:7c:75:9d:0a:69:c0:
         bc:90:5d:c8:82:e7:f2:11:bf:f8:4b:26:ff:89:8e:a8:2e:a9:
         78:17:69:ca:37:79:ca:63:f1:f7:b1:47:9a:e4:ac:ea:35:c6:
         06:45:64:2c:e4:c8:bb:95:eb:70:d8:42:3d:51:73:da:af:b4:
         94:99:6c:b9:99:48:97:37:b4:ee:bb:77:2e:a4:30:4c:dd:44:
         a0:4c:ca:ab:a6:cf:2f:ec:c0:f6:f0:6b:10:45:29:c6:4f:8a:
         93:7f:e9:8b:07:11:0c:0f:e3:4d:a7:f9:e3:11:b5:eb:92:a3:
         b1:68:b0:89:7e:1a:cf:1a:9d:85:c9:95:a0:9c:92:cf:41:64:
         3b:fa:bd:19:b0:18:3b:47:f7:c6:3d:8f:3c:74:1a:40:ad:92:
         08:08:18:a6:49:dc:ba:b5:6f:b9:fe:3f:cc:42:eb:94:de:70:
         e2:c4:8d:53:f2:18:9c:01:a8:c6:d9:cc:60:cd:9c:2c:b0:19:
         91:57:39:6d:d7:53:ae:35:2a:1a:c7:14:6c:02:2f:cb:a2:4b:
         15:11:a7:56:b9:80:da:8a:c5:54:3e:90:25:8b:34:8d:2d:6e:
         78:05:02:6f:cf:0d:09:ed:d2:3c:b4:53:96:5f:85:61:1f:10:
         46:d9:2f:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZIvTLNdSD74asvHnNeRQa9DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjZWU5MTI5NmM5NDk5MmQxNTFhMjMyMjQwZTZjZjNhMTc2
ZDIwMzkwHhcNMjQwOTI2MTcwNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDU3NWNkMTk4MjZjMTg5MDY4NzRkYjAzMzBlMjkwMWMwMWZiODgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOFZ+PKBnRoCSMLYtPBB8zNskIRZ
nHYh80H0T9wnfB/4iG5XytFDk531VkXnpNyM0evPzj+Q6X7L2/dAJV4kt904pRt3
ePfQIaBX6/knYjBu/4gOX4LGOKbnNZRjaQmd8WWLvTHb4TFSb+AuvG2B1KMNxlyp
14SdR7OIaA/zmOTrYy4JP9bit7vR2MXkTbw0qYMGrhg6e3nshwQsNFglK/zlmPC6
Teio5PLN+pAlp8wEsNjK+A9Rg3LZxJLFHVaV2+knOZTW5yHXFj/rSoKXHZs/oOql
D4/sk+nJ7cybAERqTf+m8h6xLkCRAImejx2XN171ind8wRBuDLvCG9EZBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMRXXNGYJsGJBodNsDMOKQHAH7iCMB8GA1UdIwQY
MBaAFBzukSlslJktFRojIkDmzzoXbSA5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSE82UktXeVVtUzBWR2lNaVFPYlBPaGR0SURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9jOTFlYzMtMjgyMC00MTdiLTlhYWQt
YmFjYWI0NzVlNmNjLzEveEZkYzBaZ213WWtHaDAyd013NHBBY0FmdUlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9jOTFlYzMtMjgyMC00MTdiLTlhYWQtYmFjYWI0NzVlNmNj
LzEvSE82UktXeVVtUzBWR2lNaVFPYlBPaGR0SURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALqxfMA0G
CSqGSIb3DQEBCwUAA4IBAQArmc+3RLzkW9avrLh8dZ0KacC8kF3IgufyEb/4Syb/
iY6oLql4F2nKN3nKY/H3sUea5KzqNcYGRWQs5Mi7letw2EI9UXPar7SUmWy5mUiX
N7Tuu3cupDBM3USgTMqrps8v7MD28GsQRSnGT4qTf+mLBxEMD+NNp/njEbXrkqOx
aLCJfhrPGp2FyZWgnJLPQWQ7+r0ZsBg7R/fGPY88dBpArZIICBimSdy6tW+5/j/M
QuuU3nDixI1T8hicAajG2cxgzZwssBmRVzlt11OuNSoaxxRsAi/LoksVEadWuYDa
isVUPpAlizSNLW54BQJvzw0J7dI8tFOWX4VhHxBG2S/v
-----END CERTIFICATE-----