Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/Ym0exnGJC_HyhpNrRQhuGwBNk2o.roa
File:                     Ym0exnGJC_HyhpNrRQhuGwBNk2o.roa (raw, json)
Hash identifier:          HJ+pDvprSuqsr3eHtnp8DGJqvbIifRSKM+pKt2vpKVg=
Subject key identifier:   62:6D:1E:C6:71:89:0B:F1:F2:86:93:6B:45:08:6E:1B:00:4D:93:6A
Certificate issuer:       /CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
Certificate serial:       018CC34954225FF8C0EDE1D3B6124605F35B
Authority key identifier: A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/Ym0exnGJC_HyhpNrRQhuGwBNk2o.roa
Signing time:             Mon 01 Jan 2024 04:30:11 +0000
ROA not before:           Mon 01 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204549
IP address blocks:        46.229.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:01:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:54:22:5f:f8:c0:ed:e1:d3:b6:12:46:05:f3:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4bcc12afa4f05739f45f605e221c64c3c0d2ed6
        Validity
            Not Before: Jan  1 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=626d1ec671890bf1f286936b45086e1b004d936a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:49:76:99:1d:d3:e9:28:18:c7:15:01:b7:b2:
                    98:d7:09:d5:dd:95:1b:99:de:a0:53:b5:a6:8c:e0:
                    83:69:9d:23:b7:22:03:93:01:f5:8d:70:dd:2b:01:
                    7d:70:c3:4d:d0:f7:e9:62:a8:6c:2e:25:97:62:d2:
                    64:92:79:e4:27:9f:54:36:53:84:7e:d7:78:2f:4f:
                    02:d8:6a:ae:28:5e:6a:ff:a9:ae:ce:0c:42:31:10:
                    02:0e:cb:7b:14:02:d9:ad:20:f4:7f:48:2d:cc:85:
                    c1:ee:ae:90:42:70:96:7e:d8:cf:ca:d0:c4:a2:6a:
                    74:79:92:42:f9:a6:a1:51:bf:24:97:dc:72:6c:46:
                    93:0a:72:81:c5:a0:05:f6:0a:5c:7e:17:3d:74:50:
                    3a:28:00:60:08:d9:ee:7d:f4:0e:a8:7d:d7:04:2b:
                    c4:3c:87:64:8b:26:cc:0a:69:07:0d:16:4a:84:72:
                    e4:6e:18:02:ff:c4:8b:f9:d9:2d:8e:c5:4d:27:68:
                    b6:68:b6:78:2e:64:0e:67:d6:44:75:1e:d6:95:dd:
                    2a:7e:cb:5f:ae:a9:58:b7:eb:72:6d:70:09:d7:51:
                    44:0a:80:8e:84:9c:06:78:a7:34:24:0e:31:71:6e:
                    d9:77:31:d8:e3:bb:44:35:6f:d8:ea:8c:de:1d:df:
                    fc:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:6D:1E:C6:71:89:0B:F1:F2:86:93:6B:45:08:6E:1B:00:4D:93:6A
            X509v3 Authority Key Identifier:
                keyid:A4:BC:C1:2A:FA:4F:05:73:9F:45:F6:05:E2:21:C6:4C:3C:0D:2E:D6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pLzBKvpPBXOfRfYF4iHGTDwNLtY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/Ym0exnGJC_HyhpNrRQhuGwBNk2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/bb140a-2a21-4f5f-bdcc-88b016bbd581/1/pLzBKvpPBXOfRfYF4iHGTDwNLtY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.229.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:4b:95:27:fd:7c:43:bd:84:41:46:b9:70:bb:6c:0e:06:ea:
         27:e0:18:ae:11:24:7f:bb:cf:9b:b7:54:1d:0e:a9:65:7d:b5:
         70:e3:91:0c:e6:c1:97:c7:22:85:90:5c:d1:73:8a:f2:8c:d5:
         53:aa:2d:89:b5:b9:cc:e1:cb:4b:4c:02:84:a6:d2:4d:ab:89:
         92:ea:c5:2b:df:8d:f5:ca:05:f9:5c:ca:cf:00:cc:2d:57:42:
         a5:5d:94:6b:ff:fd:40:e5:60:39:6f:fb:84:d8:0c:e2:bb:17:
         b7:98:44:c1:da:ea:26:89:d8:f4:df:0a:1c:53:0c:89:10:39:
         8f:d8:cc:55:2f:ca:9a:6a:b1:64:8f:91:47:82:54:ae:c2:41:
         da:8c:20:e4:18:3f:59:de:ef:2a:e1:93:b6:67:ed:09:90:59:
         0b:53:c1:80:24:cc:3e:5b:98:a3:3f:4c:41:30:3f:b1:91:bf:
         28:49:80:e7:05:e0:05:eb:51:20:21:50:13:89:68:9a:f5:97:
         81:01:aa:64:4a:3d:23:64:54:0c:e6:af:b4:09:d0:2e:fc:47:
         16:19:75:49:0d:19:34:8d:56:d9:ff:3c:64:06:f1:86:93:3a:
         b4:5d:f5:3c:f1:81:51:6b:87:e1:4a:cf:cc:ef:8f:c5:5d:52:
         8b:d1:0a:53
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVQiX/jA7eHTthJGBfNbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0YmNjMTJhZmE0ZjA1NzM5ZjQ1ZjYwNWUyMjFjNjRjM2Mw
ZDJlZDYwHhcNMjQwMTAxMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjZkMWVjNjcxODkwYmYxZjI4NjkzNmI0NTA4NmUxYjAwNGQ5MzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkl2mR3T6SgYxxUBt7KY1wnV3ZUb
md6gU7WmjOCDaZ0jtyIDkwH1jXDdKwF9cMNN0PfpYqhsLiWXYtJkknnkJ59UNlOE
ftd4L08C2GquKF5q/6muzgxCMRACDst7FALZrSD0f0gtzIXB7q6QQnCWftjPytDE
omp0eZJC+aahUb8kl9xybEaTCnKBxaAF9gpcfhc9dFA6KABgCNnuffQOqH3XBCvE
PIdkiybMCmkHDRZKhHLkbhgC/8SL+dktjsVNJ2i2aLZ4LmQOZ9ZEdR7Wld0qfstf
rqlYt+tybXAJ11FECoCOhJwGeKc0JA4xcW7ZdzHY47tENW/Y6ozeHd/8rQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJtHsZxiQvx8oaTa0UIbhsATZNqMB8GA1UdIwQY
MBaAFKS8wSr6TwVzn0X2BeIhxkw8DS7WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2Mt
ODhiMDE2YmJkNTgxLzEvWW0wZXhuR0pDX0h5aHBOclJRaHVHd0JOazJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9iYjE0MGEtMmEyMS00ZjVmLWJkY2MtODhiMDE2YmJkNTgx
LzEvcEx6Qkt2cFBCWE9mUmZZRjRpSEdURHdOTHRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuU4MA0G
CSqGSIb3DQEBCwUAA4IBAQCvS5Un/XxDvYRBRrlwu2wOBuon4BiuESR/u8+bt1Qd
DqllfbVw45EM5sGXxyKFkFzRc4ryjNVTqi2JtbnM4ctLTAKEptJNq4mS6sUr3431
ygX5XMrPAMwtV0KlXZRr//1A5WA5b/uE2Aziuxe3mETB2uomidj03wocUwyJEDmP
2MxVL8qaarFkj5FHglSuwkHajCDkGD9Z3u8q4ZO2Z+0JkFkLU8GAJMw+W5ijP0xB
MD+xkb8oSYDnBeAF61EgIVATiWia9ZeBAapkSj0jZFQM5q+0CdAu/EcWGXVJDRk0
jVbZ/zxkBvGGkzq0XfU88YFRa4fhSs/M74/FXVKL0QpT
-----END CERTIFICATE-----