Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/f81a66-6706-495b-9e0a-b089d18fc09b/1/rI2y5Pay4Xjo8DxXzpJKRMNTvNQ.roa
File:                     rI2y5Pay4Xjo8DxXzpJKRMNTvNQ.roa (raw, json)
Hash identifier:          L2j+i+nljDzJMJxpXGdSXiZ6IIhkCOK6/JXMUOgqjyQ=
Subject key identifier:   AC:8D:B2:E4:F6:B2:E1:78:E8:F0:3C:57:CE:92:4A:44:C3:53:BC:D4
Certificate issuer:       /CN=576ee02ac605f0bb98bbcd637a9adfae483a6e84
Certificate serial:       018CC56E8B75B4F59E5E5B5239376580C344
Authority key identifier: 57:6E:E0:2A:C6:05:F0:BB:98:BB:CD:63:7A:9A:DF:AE:48:3A:6E:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V27gKsYF8LuYu81jeprfrkg6boQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/f81a66-6706-495b-9e0a-b089d18fc09b/1/rI2y5Pay4Xjo8DxXzpJKRMNTvNQ.roa
Signing time:             Mon 01 Jan 2024 14:30:05 +0000
ROA not before:           Mon 01 Jan 2024 14:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61418
IP address blocks:        46.18.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/f81a66-6706-495b-9e0a-b089d18fc09b/1/V27gKsYF8LuYu81jeprfrkg6boQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/f81a66-6706-495b-9e0a-b089d18fc09b/1/V27gKsYF8LuYu81jeprfrkg6boQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V27gKsYF8LuYu81jeprfrkg6boQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 11:01:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:8b:75:b4:f5:9e:5e:5b:52:39:37:65:80:c3:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=576ee02ac605f0bb98bbcd637a9adfae483a6e84
        Validity
            Not Before: Jan  1 14:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac8db2e4f6b2e178e8f03c57ce924a44c353bcd4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:30:34:3b:b2:d7:f6:d7:56:13:b1:4b:44:55:
                    96:50:ff:b5:0d:73:11:f1:30:b0:4e:cc:b9:d8:4d:
                    de:67:f4:8b:dc:67:82:ef:3e:2f:4c:3b:eb:2b:e5:
                    d5:45:5b:46:60:09:77:62:8a:16:55:e8:05:43:4f:
                    9c:43:91:da:2f:32:0f:89:37:2d:37:0f:2d:b1:d9:
                    73:c6:a1:77:05:f4:5a:e4:76:93:d4:d0:25:df:b5:
                    5d:c9:a6:44:48:77:37:6d:b5:ac:3f:e9:90:9b:b2:
                    4d:72:8d:af:a3:44:7c:a5:58:34:d4:51:c2:c3:c8:
                    dc:28:21:ce:0d:6b:2f:5d:89:1a:22:02:a5:7b:77:
                    3c:42:45:0c:55:92:87:71:e6:0a:e0:ac:25:cc:32:
                    f9:94:ea:90:5e:89:24:af:32:de:e9:ab:70:8e:24:
                    46:7f:05:04:64:c7:ec:ed:2b:0f:81:da:87:59:66:
                    0c:bc:32:db:c0:97:1b:22:4f:ae:7c:c5:8f:09:59:
                    cb:dd:81:a7:9a:93:39:cf:e1:6a:e5:30:cc:45:71:
                    4e:a8:49:1d:51:6f:b6:2f:15:08:b6:a3:a6:52:a3:
                    f2:dd:28:e4:c8:8c:04:44:5b:2b:34:cf:fb:8d:bf:
                    40:e0:af:06:4a:4c:be:0f:09:22:2a:4b:93:8d:fc:
                    8b:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:8D:B2:E4:F6:B2:E1:78:E8:F0:3C:57:CE:92:4A:44:C3:53:BC:D4
            X509v3 Authority Key Identifier:
                keyid:57:6E:E0:2A:C6:05:F0:BB:98:BB:CD:63:7A:9A:DF:AE:48:3A:6E:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V27gKsYF8LuYu81jeprfrkg6boQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/f81a66-6706-495b-9e0a-b089d18fc09b/1/rI2y5Pay4Xjo8DxXzpJKRMNTvNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/f81a66-6706-495b-9e0a-b089d18fc09b/1/V27gKsYF8LuYu81jeprfrkg6boQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7b:d7:61:f7:93:00:eb:8e:55:b8:42:81:4a:a2:e6:8b:cc:dc:
         5e:0f:48:1b:b2:fd:6a:e0:34:fd:56:d6:ae:11:80:71:f3:54:
         88:e4:d1:72:8b:83:57:64:b5:ff:d9:bd:ac:1d:18:aa:92:ed:
         54:69:cb:d5:82:e0:36:4d:6e:5e:01:13:73:9e:dc:f2:e2:43:
         38:e7:86:53:a8:1b:38:35:ff:31:e8:45:fa:52:6d:6e:ea:0c:
         ce:98:16:34:e2:b6:f3:3f:24:3b:16:77:fd:b7:19:1d:31:93:
         59:8d:54:12:b7:79:7d:57:13:c2:c5:8c:8d:83:95:5d:77:22:
         b7:e3:1b:fd:37:0b:bb:da:e4:be:a8:38:ae:a0:99:43:3e:12:
         43:8e:99:9b:fe:8d:87:67:e3:d6:9e:85:4e:b6:c9:25:fc:da:
         e2:c6:de:74:1e:ea:1d:2c:40:8c:c5:fa:30:27:12:32:b4:89:
         71:34:be:f2:2d:b0:64:1a:8e:ab:0c:86:10:e9:6d:43:a5:d3:
         b0:15:a0:1a:7b:14:35:e9:24:ca:ba:d6:9a:5f:99:84:48:47:
         da:c5:12:fd:3f:22:57:78:4f:32:9e:3e:ba:5b:24:d9:fe:b8:
         48:17:e0:d3:d9:80:7b:4d:2b:7f:83:3d:61:de:8b:2f:4d:4b:
         2b:e4:2e:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbot1tPWeXltSOTdlgMNEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3NmVlMDJhYzYwNWYwYmI5OGJiY2Q2MzdhOWFkZmFlNDgz
YTZlODQwHhcNMjQwMTAxMTQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzhkYjJlNGY2YjJlMTc4ZThmMDNjNTdjZTkyNGE0NGMzNTNiY2Q0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7TA0O7LX9tdWE7FLRFWWUP+1DXMR
8TCwTsy52E3eZ/SL3GeC7z4vTDvrK+XVRVtGYAl3YooWVegFQ0+cQ5HaLzIPiTct
Nw8tsdlzxqF3BfRa5HaT1NAl37VdyaZESHc3bbWsP+mQm7JNco2vo0R8pVg01FHC
w8jcKCHODWsvXYkaIgKle3c8QkUMVZKHceYK4KwlzDL5lOqQXokkrzLe6atwjiRG
fwUEZMfs7SsPgdqHWWYMvDLbwJcbIk+ufMWPCVnL3YGnmpM5z+Fq5TDMRXFOqEkd
UW+2LxUItqOmUqPy3SjkyIwERFsrNM/7jb9A4K8GSky+DwkiKkuTjfyLwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKyNsuT2suF46PA8V86SSkTDU7zUMB8GA1UdIwQY
MBaAFFdu4CrGBfC7mLvNY3qa365IOm6EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjI3Z0tzWUY4THVZdTgxamVwcmZya2c2Ym9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9mODFhNjYtNjcwNi00OTViLTllMGEt
YjA4OWQxOGZjMDliLzEvckkyeTVQYXk0WGpvOER4WHpwSktSTU5Udk5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9mODFhNjYtNjcwNi00OTViLTllMGEtYjA4OWQxOGZjMDli
LzEvVjI3Z0tzWUY4THVZdTgxamVwcmZya2c2Ym9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALhJpMA0G
CSqGSIb3DQEBCwUAA4IBAQB712H3kwDrjlW4QoFKouaLzNxeD0gbsv1q4DT9Vtau
EYBx81SI5NFyi4NXZLX/2b2sHRiqku1UacvVguA2TW5eARNzntzy4kM454ZTqBs4
Nf8x6EX6Um1u6gzOmBY04rbzPyQ7Fnf9txkdMZNZjVQSt3l9VxPCxYyNg5VddyK3
4xv9Nwu72uS+qDiuoJlDPhJDjpmb/o2HZ+PWnoVOtskl/Nrixt50HuodLECMxfow
JxIytIlxNL7yLbBkGo6rDIYQ6W1DpdOwFaAaexQ16STKutaaX5mESEfaxRL9PyJX
eE8ynj66WyTZ/rhIF+DT2YB7TSt/gz1h3osvTUsr5C6t
-----END CERTIFICATE-----