Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/40427e-74fa-4a66-837d-a523bacdc2be/1/q6TQBioALjMXPQzgCq96YXA3o8U.roa
File:                     q6TQBioALjMXPQzgCq96YXA3o8U.roa (raw, json)
Hash identifier:          ioRdjKhyX/3sSogMzrw7r6CfvxJBx2teXaheOTMDwUM=
Subject key identifier:   AB:A4:D0:06:2A:00:2E:33:17:3D:0C:E0:0A:AF:7A:61:70:37:A3:C5
Certificate issuer:       /CN=4def5b8ffbaf7d56af5d39f2f94c946d72f770f3
Certificate serial:       018CC56E49977BC6D19D136786E4B6CABD2F
Authority key identifier: 4D:EF:5B:8F:FB:AF:7D:56:AF:5D:39:F2:F9:4C:94:6D:72:F7:70:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Te9bj_uvfVavXTny-UyUbXL3cPM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/22/40427e-74fa-4a66-837d-a523bacdc2be/1/q6TQBioALjMXPQzgCq96YXA3o8U.roa
Signing time:             Mon 01 Jan 2024 14:29:48 +0000
ROA not before:           Mon 01 Jan 2024 14:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208607
IP address blocks:        45.93.144.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/22/40427e-74fa-4a66-837d-a523bacdc2be/1/Te9bj_uvfVavXTny-UyUbXL3cPM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/22/40427e-74fa-4a66-837d-a523bacdc2be/1/Te9bj_uvfVavXTny-UyUbXL3cPM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Te9bj_uvfVavXTny-UyUbXL3cPM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:49:97:7b:c6:d1:9d:13:67:86:e4:b6:ca:bd:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4def5b8ffbaf7d56af5d39f2f94c946d72f770f3
        Validity
            Not Before: Jan  1 14:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aba4d0062a002e33173d0ce00aaf7a617037a3c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:33:1d:00:6f:30:a3:e0:fc:ef:93:4b:e4:e9:
                    97:dc:b4:52:05:9f:c3:a8:62:bc:09:c4:6e:a7:af:
                    f3:3c:6d:b8:b5:e9:37:8a:d9:6a:a5:31:50:93:ae:
                    a5:ea:bb:c8:b4:f5:3a:0c:01:b9:91:45:0b:f2:bf:
                    0d:fd:a1:eb:b5:ff:47:6a:92:b3:bf:8b:79:c4:4d:
                    2f:95:da:fa:db:0e:f9:0c:15:1f:05:21:76:7d:74:
                    f1:84:4a:0c:cd:73:95:86:3c:1c:53:b5:13:d0:38:
                    d6:24:6e:6d:3d:a9:bd:73:25:c6:49:49:a7:a9:77:
                    73:3e:de:1b:f4:93:5a:da:ce:f1:a4:0f:76:69:c4:
                    85:b5:a8:b5:66:ae:9e:b3:38:b6:17:7a:83:fe:95:
                    18:ea:9d:e6:3e:f1:08:e9:58:25:5e:3f:70:38:c8:
                    aa:17:91:de:f3:bd:9d:f1:78:e5:76:82:cd:1f:0b:
                    83:42:b7:12:bb:eb:01:b4:51:ca:19:9d:21:5e:b0:
                    ea:49:7b:50:af:2f:d4:19:52:d5:57:0f:ce:2e:c3:
                    97:fc:87:69:22:df:bf:db:c0:e9:87:be:1c:a8:80:
                    e6:3f:f6:2f:31:e0:af:96:73:69:0e:87:61:f4:86:
                    89:d5:70:9f:11:0f:b5:88:e2:47:ab:40:b3:80:e7:
                    f9:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:A4:D0:06:2A:00:2E:33:17:3D:0C:E0:0A:AF:7A:61:70:37:A3:C5
            X509v3 Authority Key Identifier:
                keyid:4D:EF:5B:8F:FB:AF:7D:56:AF:5D:39:F2:F9:4C:94:6D:72:F7:70:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Te9bj_uvfVavXTny-UyUbXL3cPM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/40427e-74fa-4a66-837d-a523bacdc2be/1/q6TQBioALjMXPQzgCq96YXA3o8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/22/40427e-74fa-4a66-837d-a523bacdc2be/1/Te9bj_uvfVavXTny-UyUbXL3cPM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.144.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d4:28:6d:53:5b:3b:07:a8:27:9c:e2:24:2f:24:16:d3:c8:16:
         38:73:e1:8a:6c:65:5a:d6:29:12:b8:8a:60:89:e8:8f:1f:c5:
         cd:5e:98:7c:7c:b2:4a:21:18:09:56:d9:b5:8f:67:d1:8d:98:
         d2:a1:1b:d9:c8:a3:44:f0:a9:3b:c6:ce:9e:5d:6a:7c:48:27:
         40:84:bd:c9:ec:6f:a6:37:e3:6f:38:d3:61:bc:ae:20:59:2b:
         17:a4:e7:64:d4:06:11:75:2a:02:fe:42:87:a9:04:e5:d9:0c:
         86:37:cf:61:a9:22:21:0a:c9:12:77:62:7f:7c:33:33:b2:71:
         e7:71:f3:e5:d7:66:19:53:ed:47:6d:13:15:72:fe:0b:0f:9c:
         c4:bb:33:06:e6:7b:43:b6:26:02:48:57:4d:20:ec:03:60:2c:
         38:9b:bc:48:cb:ed:b7:d6:0a:07:cb:db:ea:78:8e:f7:8d:67:
         64:f7:33:f9:e5:56:9f:cf:31:50:a7:90:de:1f:b4:3b:96:79:
         c2:04:e3:b5:1b:d2:08:48:df:75:81:71:7b:c9:59:e8:21:40:
         73:37:57:e6:69:94:a6:e4:08:fc:ff:6e:f8:a9:12:86:fa:2a:
         2c:66:11:1f:ac:f6:c9:44:5e:16:e9:33:80:11:5d:23:e2:bc:
         f6:00:26:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbkmXe8bRnRNnhuS2yr0vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkZWY1YjhmZmJhZjdkNTZhZjVkMzlmMmY5NGM5NDZkNzJm
NzcwZjMwHhcNMjQwMTAxMTQyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmE0ZDAwNjJhMDAyZTMzMTczZDBjZTAwYWFmN2E2MTcwMzdhM2M1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgzMdAG8wo+D875NL5OmX3LRSBZ/D
qGK8CcRup6/zPG24tek3itlqpTFQk66l6rvItPU6DAG5kUUL8r8N/aHrtf9HapKz
v4t5xE0vldr62w75DBUfBSF2fXTxhEoMzXOVhjwcU7UT0DjWJG5tPam9cyXGSUmn
qXdzPt4b9JNa2s7xpA92acSFtai1Zq6eszi2F3qD/pUY6p3mPvEI6VglXj9wOMiq
F5He872d8XjldoLNHwuDQrcSu+sBtFHKGZ0hXrDqSXtQry/UGVLVVw/OLsOX/Idp
It+/28Dph74cqIDmP/YvMeCvlnNpDodh9IaJ1XCfEQ+1iOJHq0CzgOf5fwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKuk0AYqAC4zFz0M4AqvemFwN6PFMB8GA1UdIwQY
MBaAFE3vW4/7r31Wr1058vlMlG1y93DzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGU5YmpfdXZmVmF2WFRueS1VeVViWEwzY1BNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi80MDQyN2UtNzRmYS00YTY2LTgzN2Qt
YTUyM2JhY2RjMmJlLzEvcTZUUUJpb0FMak1YUFF6Z0NxOTZZWEEzbzhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi80MDQyN2UtNzRmYS00YTY2LTgzN2QtYTUyM2JhY2RjMmJl
LzEvVGU5YmpfdXZmVmF2WFRueS1VeVViWEwzY1BNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV2QMA0G
CSqGSIb3DQEBCwUAA4IBAQDUKG1TWzsHqCec4iQvJBbTyBY4c+GKbGVa1ikSuIpg
ieiPH8XNXph8fLJKIRgJVtm1j2fRjZjSoRvZyKNE8Kk7xs6eXWp8SCdAhL3J7G+m
N+NvONNhvK4gWSsXpOdk1AYRdSoC/kKHqQTl2QyGN89hqSIhCskSd2J/fDMzsnHn
cfPl12YZU+1HbRMVcv4LD5zEuzMG5ntDtiYCSFdNIOwDYCw4m7xIy+231goHy9vq
eI73jWdk9zP55VafzzFQp5DeH7Q7lnnCBOO1G9IISN91gXF7yVnoIUBzN1fmaZSm
5Aj8/274qRKG+iosZhEfrPbJRF4W6TOAEV0j4rz2ACan
-----END CERTIFICATE-----