Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/qRY0kpKjRbiCnmgE5jz3aqLwNE4.roa
File:                     qRY0kpKjRbiCnmgE5jz3aqLwNE4.roa (raw, json)
Hash identifier:          akY65GIeH0FEtIEaVdnyq4ME6NZ0ajRnvl7GQd9JeaE=
Subject key identifier:   A9:16:34:92:92:A3:45:B8:82:9E:68:04:E6:3C:F7:6A:A2:F0:34:4E
Certificate issuer:       /CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
Certificate serial:       0192D1C2CABC1E9A49817D71F0AEEDA16C88
Authority key identifier: D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/qRY0kpKjRbiCnmgE5jz3aqLwNE4.roa
Signing time:             Mon 28 Oct 2024 06:14:16 +0000
ROA not before:           Mon 28 Oct 2024 06:14:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215350
IP address blocks:        46.36.97.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d1:c2:ca:bc:1e:9a:49:81:7d:71:f0:ae:ed:a1:6c:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d8d662dcc6fe3b81ef3de2fca3cfcedc11ebaa43
        Validity
            Not Before: Oct 28 06:14:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a916349292a345b8829e6804e63cf76aa2f0344e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:06:98:67:26:92:c2:4d:92:24:61:cc:85:24:
                    ae:c9:f2:0a:7a:d2:fe:21:bd:cb:f3:4b:d0:2e:19:
                    3b:7d:07:38:f4:f1:26:f2:5f:05:c3:dd:ae:2e:fc:
                    0f:cc:ae:7a:1f:33:45:6e:d0:cf:6e:fa:52:fa:3e:
                    f6:d7:05:d7:ba:15:3e:e2:47:70:3a:f8:df:79:7b:
                    0b:b9:ea:19:e5:be:a8:c9:68:92:f5:8a:43:5c:56:
                    f5:f3:1d:69:36:ff:fc:2f:cf:08:7f:f4:db:28:c5:
                    7c:e0:1e:df:6a:ac:03:27:b5:76:38:be:cb:07:7b:
                    2f:9e:bb:a9:3b:6e:a2:c5:69:5e:82:0c:58:f9:b3:
                    2e:65:d5:b9:dd:7d:a9:c9:ab:6c:c8:9a:f3:c9:36:
                    cf:f8:eb:f7:1b:fe:8f:1e:94:7d:fa:8d:ed:50:00:
                    4b:f6:17:59:e9:e5:04:40:fa:45:18:ff:6e:37:61:
                    b5:85:9a:b3:51:c4:9f:7b:3f:b6:15:2c:1c:df:12:
                    95:ee:37:39:1a:cf:9d:01:6e:56:bc:35:e1:8b:7b:
                    c3:9d:42:01:2d:49:98:61:03:ec:43:17:08:6c:82:
                    d7:db:38:8c:c8:08:e2:f7:2a:5a:49:e4:e7:f3:0f:
                    33:91:41:74:d3:9f:15:75:dc:e0:b4:74:54:9a:98:
                    b6:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:16:34:92:92:A3:45:B8:82:9E:68:04:E6:3C:F7:6A:A2:F0:34:4E
            X509v3 Authority Key Identifier:
                keyid:D8:D6:62:DC:C6:FE:3B:81:EF:3D:E2:FC:A3:CF:CE:DC:11:EB:AA:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/qRY0kpKjRbiCnmgE5jz3aqLwNE4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88fff5-dfd9-4008-95b7-785e5883644d/1/2NZi3Mb-O4HvPeL8o8_O3BHrqkM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.36.97.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:bf:92:0d:8f:ee:b8:89:7d:5e:32:76:67:51:9a:29:3f:fc:
         a9:a8:e5:05:a0:be:8d:5a:8e:12:d9:46:c1:c8:17:2b:1b:22:
         fb:95:bd:ab:41:f3:c7:a2:f7:47:58:f6:39:c4:00:8b:c1:c8:
         65:7f:d4:2d:89:d1:33:f1:9a:de:00:49:35:b4:1d:33:81:7e:
         3b:5d:e5:ce:c3:9a:5a:af:95:e1:21:4c:45:4d:f5:f4:55:5d:
         14:42:61:26:5d:d2:9d:51:78:14:f2:92:0f:76:23:19:59:aa:
         e3:14:e6:92:a1:e2:ad:ae:8d:40:64:28:83:38:b4:8a:40:95:
         bc:89:89:e8:b7:f5:c6:8d:db:4a:f9:db:a1:66:76:be:7d:ff:
         63:d4:ec:c7:e3:8f:73:26:99:60:3e:b1:78:ff:0b:ed:23:39:
         90:52:eb:44:ff:39:cc:b6:b2:f2:66:1c:c0:7f:0f:a9:b6:36:
         11:8d:78:bc:cb:17:db:d0:9f:25:76:52:f3:75:e3:46:7f:f0:
         01:68:eb:3a:55:7b:c1:de:2d:8d:7f:85:8c:30:90:c1:64:59:
         af:8c:27:98:a2:c5:83:be:9b:c8:f9:09:ff:b2:b3:14:1c:03:
         ca:a6:3f:c0:61:e2:e0:f6:c2:15:da:31:78:66:23:8d:c4:3b:
         18:c5:4b:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLRwsq8HppJgX1x8K7toWyIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4ZDY2MmRjYzZmZTNiODFlZjNkZTJmY2EzY2ZjZWRjMTFl
YmFhNDMwHhcNMjQxMDI4MDYxNDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTE2MzQ5MjkyYTM0NWI4ODI5ZTY4MDRlNjNjZjc2YWEyZjAzNDRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQaYZyaSwk2SJGHMhSSuyfIKetL+
Ib3L80vQLhk7fQc49PEm8l8Fw92uLvwPzK56HzNFbtDPbvpS+j721wXXuhU+4kdw
OvjfeXsLueoZ5b6oyWiS9YpDXFb18x1pNv/8L88If/TbKMV84B7faqwDJ7V2OL7L
B3svnrupO26ixWleggxY+bMuZdW53X2pyatsyJrzyTbP+Ov3G/6PHpR9+o3tUABL
9hdZ6eUEQPpFGP9uN2G1hZqzUcSfez+2FSwc3xKV7jc5Gs+dAW5WvDXhi3vDnUIB
LUmYYQPsQxcIbILX2ziMyAji9ypaSeTn8w8zkUF0058VddzgtHRUmpi2SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKkWNJKSo0W4gp5oBOY892qi8DROMB8GA1UdIwQY
MBaAFNjWYtzG/juB7z3i/KPPztwR66pDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1Yjct
Nzg1ZTU4ODM2NDRkLzEvcVJZMGtwS2pSYmlDbm1nRTVqejNhcUx3TkU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGZmZjUtZGZkOS00MDA4LTk1YjctNzg1ZTU4ODM2NDRk
LzEvMk5aaTNNYi1PNEh2UGVMOG84X08zQkhycWtNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiRhMA0G
CSqGSIb3DQEBCwUAA4IBAQBTv5INj+64iX1eMnZnUZopP/ypqOUFoL6NWo4S2UbB
yBcrGyL7lb2rQfPHovdHWPY5xACLwchlf9QtidEz8ZreAEk1tB0zgX47XeXOw5pa
r5XhIUxFTfX0VV0UQmEmXdKdUXgU8pIPdiMZWarjFOaSoeKtro1AZCiDOLSKQJW8
iYnot/XGjdtK+duhZna+ff9j1OzH449zJplgPrF4/wvtIzmQUutE/znMtrLyZhzA
fw+ptjYRjXi8yxfb0J8ldlLzdeNGf/ABaOs6VXvB3i2Nf4WMMJDBZFmvjCeYosWD
vpvI+Qn/srMUHAPKpj/AYeLg9sIV2jF4ZiONxDsYxUu3
-----END CERTIFICATE-----