Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/8464N1oY4rb7L7cRjfWIfGAaDJw.roa
File:                     8464N1oY4rb7L7cRjfWIfGAaDJw.roa (raw, json)
Hash identifier:          ZXBWWBV0ejwCwP5d1YcKke6BoOB3gV0lnqCwVgKGycg=
Subject key identifier:   F3:8E:B8:37:5A:18:E2:B6:FB:2F:B7:11:8D:F5:88:7C:60:1A:0C:9C
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E0D4E2A44665113E86981FD2EEDC8
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/8464N1oY4rb7L7cRjfWIfGAaDJw.roa
Signing time:             Mon 01 Jan 2024 14:29:33 +0000
ROA not before:           Mon 01 Jan 2024 14:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201776
IP address blocks:        46.161.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:0d:4e:2a:44:66:51:13:e8:69:81:fd:2e:ed:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f38eb8375a18e2b6fb2fb7118df5887c601a0c9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:90:ec:18:6c:37:cd:df:c6:4f:0a:e3:61:26:
                    de:f2:a0:5f:5b:f9:23:38:7f:e3:82:d7:4c:ec:65:
                    ca:56:99:f1:1e:08:3b:f9:c3:5d:ab:19:9e:f6:34:
                    9d:c2:65:f2:69:ae:78:f8:34:92:a1:e0:85:41:c2:
                    03:d3:68:bd:c6:ab:41:59:52:cc:40:a0:fa:c5:9f:
                    78:5f:3f:3c:35:49:a9:75:46:92:2f:7f:8a:6b:27:
                    b0:8b:47:da:d5:54:a8:9f:80:0d:3d:24:18:54:b4:
                    02:3a:89:61:7e:c5:c0:3b:fe:a0:d9:f2:9e:d0:76:
                    32:b9:2b:37:47:34:e2:84:25:c2:ba:3f:c2:52:2d:
                    1c:5d:b7:01:d8:65:75:84:f6:50:4d:dd:3d:dd:cc:
                    7c:21:09:35:12:83:e7:c5:c0:d8:f6:7b:a6:07:d5:
                    b8:99:97:d6:2b:a9:1b:05:1a:de:0a:86:99:21:82:
                    f3:ba:98:30:59:2f:6c:7b:b9:40:93:bb:22:84:7c:
                    df:d8:f2:cf:9e:5d:c5:8e:8d:e0:e1:1a:7e:78:0a:
                    05:53:5a:10:27:bd:33:2a:05:5a:23:7f:7c:2b:37:
                    2a:34:95:27:cf:b6:03:78:e5:c1:7d:66:ad:82:dd:
                    c6:bb:02:11:31:c8:e8:94:33:d5:23:bb:ce:11:f0:
                    4d:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:8E:B8:37:5A:18:E2:B6:FB:2F:B7:11:8D:F5:88:7C:60:1A:0C:9C
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/8464N1oY4rb7L7cRjfWIfGAaDJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.161.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:29:02:6e:ea:2a:5b:21:39:65:ab:a7:78:67:50:f8:07:8d:
         60:ed:84:e0:07:b7:4d:09:e7:ff:5d:0e:2b:9c:6c:3c:a1:ee:
         eb:3b:50:4a:02:ac:9a:56:8f:45:91:67:44:36:47:bc:04:29:
         88:75:0b:b2:d3:ff:2b:54:03:60:23:d2:2c:1f:e3:c4:a1:cc:
         7a:0d:59:54:8d:b4:a1:29:f2:ea:74:97:e1:d8:b7:0f:32:b0:
         0c:89:ad:dc:7f:e8:ac:ba:96:2d:24:91:b3:4e:5c:af:cc:e7:
         43:74:9e:c1:4e:14:1c:86:0c:97:ac:29:a7:53:04:65:87:65:
         5f:b2:a8:59:fd:39:55:5c:13:ef:62:b3:15:bc:90:9c:48:05:
         b2:dc:c2:2c:d9:65:6b:12:50:b7:75:d6:3d:85:37:0d:94:1e:
         e8:0b:83:3f:db:71:82:f3:9c:33:86:2d:70:f0:48:94:dc:fd:
         8e:0d:bd:72:56:08:52:35:d9:9c:b8:04:41:ae:7b:2a:30:6c:
         38:2d:2f:7b:99:90:2c:45:c0:da:7f:40:14:a8:48:15:0e:1b:
         6d:27:07:7c:c4:22:98:4f:85:1c:96:6a:d2:72:0a:e2:4a:03:
         5f:46:7b:6a:87:94:cf:6f:89:14:00:2c:c5:e0:e2:4d:5d:d0:
         3f:8c:a5:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbg1OKkRmURPoaYH9Lu3IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzhlYjgzNzVhMThlMmI2ZmIyZmI3MTE4ZGY1ODg3YzYwMWEwYzljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjJDsGGw3zd/GTwrjYSbe8qBfW/kj
OH/jgtdM7GXKVpnxHgg7+cNdqxme9jSdwmXyaa54+DSSoeCFQcID02i9xqtBWVLM
QKD6xZ94Xz88NUmpdUaSL3+Kayewi0fa1VSon4ANPSQYVLQCOolhfsXAO/6g2fKe
0HYyuSs3RzTihCXCuj/CUi0cXbcB2GV1hPZQTd093cx8IQk1EoPnxcDY9numB9W4
mZfWK6kbBRreCoaZIYLzupgwWS9se7lAk7sihHzf2PLPnl3Fjo3g4Rp+eAoFU1oQ
J70zKgVaI398KzcqNJUnz7YDeOXBfWatgt3GuwIRMcjolDPVI7vOEfBN4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPOOuDdaGOK2+y+3EY31iHxgGgycMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvODQ2NE4xb1k0cmI3TDdjUmpmV0lmR0FhREp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALqEJMA0G
CSqGSIb3DQEBCwUAA4IBAQAkKQJu6ipbITllq6d4Z1D4B41g7YTgB7dNCef/XQ4r
nGw8oe7rO1BKAqyaVo9FkWdENke8BCmIdQuy0/8rVANgI9IsH+PEocx6DVlUjbSh
KfLqdJfh2LcPMrAMia3cf+isupYtJJGzTlyvzOdDdJ7BThQchgyXrCmnUwRlh2Vf
sqhZ/TlVXBPvYrMVvJCcSAWy3MIs2WVrElC3ddY9hTcNlB7oC4M/23GC85wzhi1w
8EiU3P2ODb1yVghSNdmcuARBrnsqMGw4LS97mZAsRcDaf0AUqEgVDhttJwd8xCKY
T4UclmrScgriSgNfRntqh5TPb4kUACzF4OJNXdA/jKVa
-----END CERTIFICATE-----