Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS46844.roa
File:                     AS46844.roa (raw, json)
Hash identifier:          2zrPJiZtrrQh1AzChtS1ZlQReddgX26wlv40Rguz8ow=
Subject key identifier:   AE:F3:52:F3:59:40:8B:1E:D9:A5:BD:0A:CA:BB:B4:BC:20:91:07:5A
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3C1E0CA8C2A319F75216588522B43C207157A0A9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS46844.roa
Signing time:             Sat 17 Feb 2024 05:05:12 +0000
ROA not before:           Sat 17 Feb 2024 05:00:12 +0000
ROA not after:            Sat 15 Feb 2025 05:05:12 +0000
asID:                     46844
IP address blocks:        191.101.48.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            3c:1e:0c:a8:c2:a3:19:f7:52:16:58:85:22:b4:3c:20:71:57:a0:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Feb 17 05:00:12 2024 GMT
            Not After : Feb 15 05:05:12 2025 GMT
        Subject: CN=AEF352F359408B1ED9A5BD0ACABBB4BC2091075A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:8d:82:18:08:29:93:44:fd:a7:68:9a:84:92:
                    d7:92:56:d1:e2:66:d1:2f:fc:5a:98:07:19:c8:4f:
                    26:a3:18:05:fb:74:64:03:17:73:96:e4:0b:70:2e:
                    44:2b:be:c1:c7:c7:e3:5d:d0:61:92:16:cf:7d:75:
                    93:3c:a8:36:00:e6:d9:cc:84:9c:73:f9:14:47:bc:
                    fe:39:41:81:23:83:5f:91:39:cd:46:16:e0:1d:bc:
                    9b:95:06:e1:e0:d7:49:f0:fd:9e:f5:0d:0a:9b:10:
                    e5:f7:09:a3:9f:fd:30:25:3a:cd:0d:85:6e:d7:7f:
                    27:f6:ed:97:e6:b3:7e:b2:b4:01:09:4b:73:ee:66:
                    97:b0:9e:49:56:40:12:df:f0:71:0d:17:b6:26:18:
                    36:58:00:b4:bf:ce:f1:12:d1:51:7a:f4:df:b4:dd:
                    c3:d7:11:59:4d:90:b1:25:c2:d4:06:d2:22:ca:91:
                    c8:c5:50:1d:f3:9f:52:91:66:24:86:3a:68:69:0d:
                    e1:16:aa:36:9f:03:a4:38:eb:d4:40:0f:80:79:93:
                    79:3d:a3:83:01:c6:c2:85:20:b5:3d:87:33:db:ea:
                    90:65:0d:8a:da:1d:2b:f2:2c:3b:f4:e5:e7:60:7b:
                    37:06:f2:6f:93:f7:73:ef:e5:e8:0c:5c:f6:42:8b:
                    ea:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:F3:52:F3:59:40:8B:1E:D9:A5:BD:0A:CA:BB:B4:BC:20:91:07:5A
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS46844.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.48.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:85:d8:dc:b2:cf:7a:52:6d:d1:09:15:d0:84:27:30:1a:b6:
         a2:0f:bc:9d:56:16:21:b2:f0:02:e1:09:e1:47:0f:b9:2a:67:
         6b:60:73:ea:c4:be:03:02:d1:10:92:ab:6a:fd:6b:da:cb:bb:
         5a:c5:83:3a:92:f3:99:17:7a:1f:da:41:a9:d0:2c:7c:5a:fa:
         04:90:44:49:64:22:d2:5e:78:47:46:2f:49:35:4d:a7:8d:ae:
         0d:80:d9:c2:90:73:af:24:26:39:f5:9d:f8:ce:78:f6:55:ba:
         6c:ab:89:b0:28:79:cd:6d:58:0e:c6:82:91:4a:f2:43:bd:1b:
         e0:aa:65:da:60:2a:c7:2c:e9:fc:d9:17:82:87:a6:a4:9a:38:
         cc:72:d7:88:88:bd:92:ad:54:aa:8d:c3:66:57:30:f4:35:97:
         37:0d:66:e9:da:5d:9a:9f:20:5e:50:2f:7c:53:90:68:e4:6f:
         0b:4a:1d:b7:43:a9:8e:55:7d:53:39:ca:23:fe:81:c3:d4:8b:
         54:4b:80:f0:ae:a7:88:88:af:65:00:24:b0:ea:b9:a1:b1:7e:
         e7:2c:91:16:23:83:0a:ef:60:82:a8:11:40:ae:7c:60:cc:74:
         17:70:64:bb:a7:ff:0c:9f:c6:c3:3b:88:b5:ce:57:4c:bd:40:
         84:07:8a:5b
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUPB4MqMKjGfdSFliFIrQ8IHFXoKkwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yNDAyMTcwNTAwMTJaFw0yNTAyMTUwNTA1MTJaMDMxMTAvBgNV
BAMTKEFFRjM1MkYzNTk0MDhCMUVEOUE1QkQwQUNBQkJCNEJDMjA5MTA3NUEwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCfjYIYCCmTRP2naJqEkteSVtHi
ZtEv/FqYBxnITyajGAX7dGQDF3OW5AtwLkQrvsHHx+Nd0GGSFs99dZM8qDYA5tnM
hJxz+RRHvP45QYEjg1+ROc1GFuAdvJuVBuHg10nw/Z71DQqbEOX3CaOf/TAlOs0N
hW7Xfyf27Zfms36ytAEJS3PuZpewnklWQBLf8HENF7YmGDZYALS/zvES0VF69N+0
3cPXEVlNkLElwtQG0iLKkcjFUB3zn1KRZiSGOmhpDeEWqjafA6Q469RAD4B5k3k9
o4MBxsKFILU9hzPb6pBlDYraHSvyLDv05edgezcG8m+T93Pv5egMXPZCi+oDAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQUrvNS81lAix7Zpb0Kyru0vCCRB1owHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNDY4NDQucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/ZTAw
DQYJKoZIhvcNAQELBQADggEBAHiF2Nyyz3pSbdEJFdCEJzAatqIPvJ1WFiGy8ALh
CeFHD7kqZ2tgc+rEvgMC0RCSq2r9a9rLu1rFgzqS85kXeh/aQanQLHxa+gSQRElk
ItJeeEdGL0k1TaeNrg2A2cKQc68kJjn1nfjOePZVumyribAoec1tWA7GgpFK8kO9
G+CqZdpgKscs6fzZF4KHpqSaOMxy14iIvZKtVKqNw2ZXMPQ1lzcNZunaXZqfIF5Q
L3xTkGjkbwtKHbdDqY5VfVM5yiP+gcPUi1RLgPCup4iIr2UAJLDquaGxfucskRYj
gwrvYIKoEUCufGDMdBdwZLun/wyfxsM7iLXOV0y9QIQHils=
-----END CERTIFICATE-----