Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/pyvExR1LrhdsYUv3NnlpAByqFPQ.roa
File:                     pyvExR1LrhdsYUv3NnlpAByqFPQ.roa (raw, json)
Hash identifier:          opfMvN7kRBfwnB0sb42486d5MyFnI0L245A3LYf8+tA=
Subject key identifier:   A7:2B:C4:C5:1D:4B:AE:17:6C:61:4B:F7:36:79:69:00:1C:AA:14:F4
Certificate issuer:       /CN=a2f6bc8f163af49c03d9ad69e716b42c5b96ee79
Certificate serial:       018CC34959D8CAAB67775279750A8E4E0126
Authority key identifier: A2:F6:BC:8F:16:3A:F4:9C:03:D9:AD:69:E7:16:B4:2C:5B:96:EE:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ova8jxY69JwD2a1p5xa0LFuW7nk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/pyvExR1LrhdsYUv3NnlpAByqFPQ.roa
Signing time:             Mon 01 Jan 2024 04:30:13 +0000
ROA not before:           Mon 01 Jan 2024 04:30:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        46.19.170.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/ova8jxY69JwD2a1p5xa0LFuW7nk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/ova8jxY69JwD2a1p5xa0LFuW7nk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ova8jxY69JwD2a1p5xa0LFuW7nk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:59:d8:ca:ab:67:77:52:79:75:0a:8e:4e:01:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2f6bc8f163af49c03d9ad69e716b42c5b96ee79
        Validity
            Not Before: Jan  1 04:30:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a72bc4c51d4bae176c614bf7367969001caa14f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:2d:b4:e7:41:1e:ce:89:3b:72:98:4f:a2:2f:
                    7a:47:7e:5f:c8:db:db:17:3a:08:cc:34:65:ed:be:
                    56:35:f2:af:f1:49:f9:4e:1b:91:8a:68:e0:a9:52:
                    4b:6e:26:02:f1:4d:e3:cd:32:8a:72:ce:37:a4:84:
                    41:72:24:aa:e8:5c:8e:5d:3f:04:92:4a:6e:60:32:
                    94:81:c4:de:0d:ea:d9:9f:50:d5:99:9d:aa:5a:a7:
                    f8:29:7f:54:04:28:91:ab:d2:8c:9a:5f:d2:80:75:
                    94:95:ff:34:5b:e0:02:eb:f4:31:f1:f9:a2:3d:83:
                    1a:13:94:4c:4f:c7:04:63:12:b0:99:13:95:5d:a5:
                    c4:5a:53:81:cd:0a:34:16:07:fb:71:88:90:e9:d4:
                    3b:c3:d1:f0:b1:bb:20:55:e6:dd:9c:6c:c3:66:99:
                    8b:b4:a7:b5:ba:61:77:af:54:ea:23:68:ac:c9:b3:
                    c7:b2:74:a3:e7:a9:81:99:6c:b1:4e:22:62:60:48:
                    12:c3:2c:9a:fb:bc:9b:42:ad:c1:8d:4d:cb:9d:83:
                    78:55:28:1b:a7:3e:79:32:0a:36:04:64:d5:04:66:
                    43:fe:9a:72:97:20:d9:ae:e8:4c:e1:9c:f8:9b:81:
                    8c:d0:e0:8c:e5:47:0e:47:06:30:3e:7f:b6:85:36:
                    fa:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:2B:C4:C5:1D:4B:AE:17:6C:61:4B:F7:36:79:69:00:1C:AA:14:F4
            X509v3 Authority Key Identifier:
                keyid:A2:F6:BC:8F:16:3A:F4:9C:03:D9:AD:69:E7:16:B4:2C:5B:96:EE:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ova8jxY69JwD2a1p5xa0LFuW7nk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/pyvExR1LrhdsYUv3NnlpAByqFPQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/2851b6-2e65-4859-9c05-506bb6c679ce/1/ova8jxY69JwD2a1p5xa0LFuW7nk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.19.170.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:8e:f6:1b:55:0e:0b:97:33:5e:86:ba:26:88:f8:16:c5:24:
         41:50:ef:62:7d:11:e4:bb:f9:3b:57:9c:ec:65:fd:ff:cd:44:
         8a:1b:34:1b:4d:14:7d:28:04:03:b5:24:fe:4e:07:75:2c:29:
         73:69:8b:f6:14:d9:52:43:75:dc:c2:19:20:99:90:87:1e:41:
         44:35:1d:0f:da:ae:6d:76:9c:e4:f8:4c:e7:eb:de:3a:e0:55:
         88:87:b0:b3:0e:7d:7c:c3:83:82:6c:34:bc:45:f1:2c:b3:33:
         80:f9:bd:f2:7e:52:ff:6e:38:08:1e:14:83:aa:02:f9:2f:a4:
         db:33:ec:a5:82:42:ed:ea:c4:c2:a6:01:3d:27:f9:66:66:0d:
         67:f5:1c:91:62:03:8a:db:bf:63:75:b0:1c:b0:7e:26:5f:a3:
         45:be:29:8f:9d:8a:db:ef:f7:d8:05:a2:49:c6:b6:83:4a:6b:
         34:9e:b2:c2:c7:6d:64:7d:b3:50:d3:2a:63:c5:9d:7d:74:b6:
         76:26:91:de:3d:8a:04:07:18:53:bc:8a:15:7e:b4:31:98:ce:
         5c:ca:69:25:95:68:73:02:89:b7:2b:86:7a:4c:5b:77:dc:ce:
         61:22:12:ba:61:f7:63:3c:7f:8a:01:25:23:66:bb:0c:15:dd:
         de:0b:19:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSVnYyqtnd1J5dQqOTgEmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyZjZiYzhmMTYzYWY0OWMwM2Q5YWQ2OWU3MTZiNDJjNWI5
NmVlNzkwHhcNMjQwMTAxMDQzMDEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzJiYzRjNTFkNGJhZTE3NmM2MTRiZjczNjc5NjkwMDFjYWExNGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7C2050Eezok7cphPoi96R35fyNvb
FzoIzDRl7b5WNfKv8Un5ThuRimjgqVJLbiYC8U3jzTKKcs43pIRBciSq6FyOXT8E
kkpuYDKUgcTeDerZn1DVmZ2qWqf4KX9UBCiRq9KMml/SgHWUlf80W+AC6/Qx8fmi
PYMaE5RMT8cEYxKwmROVXaXEWlOBzQo0Fgf7cYiQ6dQ7w9HwsbsgVebdnGzDZpmL
tKe1umF3r1TqI2isybPHsnSj56mBmWyxTiJiYEgSwyya+7ybQq3BjU3LnYN4VSgb
pz55Mgo2BGTVBGZD/ppylyDZruhM4Zz4m4GM0OCM5UcORwYwPn+2hTb6VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKcrxMUdS64XbGFL9zZ5aQAcqhT0MB8GA1UdIwQY
MBaAFKL2vI8WOvScA9mtaecWtCxblu55MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3ZhOGp4WTY5SndEMmExcDV4YTBMRnVXN25rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8yODUxYjYtMmU2NS00ODU5LTljMDUt
NTA2YmI2YzY3OWNlLzEvcHl2RXhSMUxyaGRzWVV2M05ubHBBQnlxRlBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8yODUxYjYtMmU2NS00ODU5LTljMDUtNTA2YmI2YzY3OWNl
LzEvb3ZhOGp4WTY5SndEMmExcDV4YTBMRnVXN25rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhOqMA0G
CSqGSIb3DQEBCwUAA4IBAQB2jvYbVQ4LlzNehromiPgWxSRBUO9ifRHku/k7V5zs
Zf3/zUSKGzQbTRR9KAQDtST+Tgd1LClzaYv2FNlSQ3XcwhkgmZCHHkFENR0P2q5t
dpzk+Ezn69464FWIh7CzDn18w4OCbDS8RfEsszOA+b3yflL/bjgIHhSDqgL5L6Tb
M+ylgkLt6sTCpgE9J/lmZg1n9RyRYgOK279jdbAcsH4mX6NFvimPnYrb7/fYBaJJ
xraDSms0nrLCx21kfbNQ0ypjxZ19dLZ2JpHePYoEBxhTvIoVfrQxmM5cymkllWhz
Aom3K4Z6TFt33M5hIhK6YfdjPH+KASUjZrsMFd3eCxmJ
-----END CERTIFICATE-----