Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/C78Ti4JFpvUtvbYZRs16t5fyhZA.roa
File:                     C78Ti4JFpvUtvbYZRs16t5fyhZA.roa (raw, json)
Hash identifier:          u1oex/VH/vQpAgErMLGGAhoJ4DnnIDC5FTQRYvIKjlk=
Subject key identifier:   0B:BF:13:8B:82:45:A6:F5:2D:BD:B6:19:46:CD:7A:B7:97:F2:85:90
Certificate issuer:       /CN=c2afc14dce450b05ec86c7c53070cd6bb6dbc7ee
Certificate serial:       018CCA2A3AB1F8499CB3E8C494E8CA4A49FD
Authority key identifier: C2:AF:C1:4D:CE:45:0B:05:EC:86:C7:C5:30:70:CD:6B:B6:DB:C7:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wq_BTc5FCwXshsfFMHDNa7bbx-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/C78Ti4JFpvUtvbYZRs16t5fyhZA.roa
Signing time:             Tue 02 Jan 2024 12:33:34 +0000
ROA not before:           Tue 02 Jan 2024 12:33:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207758
IP address blocks:        46.182.0.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/wq_BTc5FCwXshsfFMHDNa7bbx-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/wq_BTc5FCwXshsfFMHDNa7bbx-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wq_BTc5FCwXshsfFMHDNa7bbx-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:3a:b1:f8:49:9c:b3:e8:c4:94:e8:ca:4a:49:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2afc14dce450b05ec86c7c53070cd6bb6dbc7ee
        Validity
            Not Before: Jan  2 12:33:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0bbf138b8245a6f52dbdb61946cd7ab797f28590
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a0:10:b2:ff:0c:9b:15:dc:db:cb:fb:6c:c0:
                    d1:d7:7c:b4:52:85:1d:27:10:d8:66:86:89:09:7d:
                    98:e7:50:b1:03:a2:48:f7:e4:e8:70:50:fe:fa:71:
                    95:22:5d:6b:63:41:b3:a0:66:ea:a3:3a:8d:1e:7e:
                    a8:b2:13:de:d7:85:a9:ce:ff:53:da:d1:17:b7:ff:
                    16:6f:d0:d9:58:27:9d:33:f2:9a:53:52:24:c7:d8:
                    aa:f1:da:5c:0b:47:5b:67:d3:fc:c5:d3:ae:f9:8d:
                    ab:7f:ae:ac:3e:a7:37:82:3f:dd:ff:db:0c:43:f3:
                    8b:fc:5c:25:19:f9:63:64:46:22:ae:3e:81:b3:70:
                    7e:00:3a:ee:72:15:05:34:72:58:3a:fc:59:9b:2c:
                    77:ad:ac:69:89:9b:01:12:9b:02:19:f1:46:63:3a:
                    7d:91:a4:38:1a:e7:37:85:5d:d4:44:a3:ab:ea:10:
                    fd:dd:93:7e:23:28:1e:23:43:4c:d3:d4:b0:d6:1d:
                    bc:bc:f7:4f:00:0f:07:fe:c1:58:fb:a0:be:74:b9:
                    85:05:92:0e:70:4d:bb:7f:0d:3c:9d:11:04:40:61:
                    31:90:46:a0:9f:37:6f:ba:41:d2:bc:46:8f:fa:b6:
                    3d:f6:18:06:54:5b:ba:95:86:7e:0b:4e:52:12:02:
                    c1:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:BF:13:8B:82:45:A6:F5:2D:BD:B6:19:46:CD:7A:B7:97:F2:85:90
            X509v3 Authority Key Identifier:
                keyid:C2:AF:C1:4D:CE:45:0B:05:EC:86:C7:C5:30:70:CD:6B:B6:DB:C7:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wq_BTc5FCwXshsfFMHDNa7bbx-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/C78Ti4JFpvUtvbYZRs16t5fyhZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/28/ec3284-3576-4ee4-93b8-1847cb88e83a/1/wq_BTc5FCwXshsfFMHDNa7bbx-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.182.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         15:5f:42:8d:c7:7c:b9:5a:5e:7c:50:0b:f1:db:5d:9a:86:b5:
         6b:9e:30:b3:1d:a5:ce:a6:20:f9:ee:eb:ba:bb:98:c0:93:fe:
         f5:73:cd:a8:5e:5e:fa:88:4a:99:8a:ea:4b:e5:77:58:8c:11:
         3c:da:a0:c5:e7:ab:7d:6d:e3:c3:1c:66:03:ac:57:f3:4a:bc:
         0d:f9:d7:52:61:bc:72:6d:91:ef:f3:74:98:95:9d:fc:cf:b8:
         17:c1:cd:11:09:8e:82:e4:6a:16:1d:8b:64:6b:e5:48:d4:ea:
         4e:91:ae:c1:26:90:e3:26:ab:78:47:5c:c1:cb:ce:d6:3c:b9:
         54:9c:53:c0:67:22:6f:01:09:f4:d8:99:b1:c3:9a:85:3f:7d:
         62:2e:c6:78:21:b1:93:17:ac:b0:6a:d9:c1:35:49:eb:bd:b7:
         b6:c9:32:b2:0b:28:11:42:9a:31:05:22:31:d7:82:54:2d:dd:
         a9:ac:d8:ba:11:4b:5f:02:ad:ba:dd:8c:cd:e1:cb:0e:a5:e7:
         af:1c:9f:20:ff:86:90:bd:d6:ac:3a:05:a4:4f:a0:d3:dd:99:
         19:0c:d0:85:1c:35:bc:70:5e:d9:05:fe:67:2d:4e:06:25:d2:
         37:23:02:cd:e2:0c:80:ba:5e:5c:36:08:59:6b:ea:4e:69:4f:
         16:e9:91:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKjqx+Emcs+jElOjKSkn9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyYWZjMTRkY2U0NTBiMDVlYzg2YzdjNTMwNzBjZDZiYjZk
YmM3ZWUwHhcNMjQwMTAyMTIzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmJmMTM4YjgyNDVhNmY1MmRiZGI2MTk0NmNkN2FiNzk3ZjI4NTkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKAQsv8MmxXc28v7bMDR13y0UoUd
JxDYZoaJCX2Y51CxA6JI9+TocFD++nGVIl1rY0GzoGbqozqNHn6oshPe14Wpzv9T
2tEXt/8Wb9DZWCedM/KaU1Ikx9iq8dpcC0dbZ9P8xdOu+Y2rf66sPqc3gj/d/9sM
Q/OL/FwlGfljZEYirj6Bs3B+ADruchUFNHJYOvxZmyx3raxpiZsBEpsCGfFGYzp9
kaQ4Guc3hV3URKOr6hD93ZN+IygeI0NM09Sw1h28vPdPAA8H/sFY+6C+dLmFBZIO
cE27fw08nREEQGExkEagnzdvukHSvEaP+rY99hgGVFu6lYZ+C05SEgLBOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAu/E4uCRab1Lb22GUbNereX8oWQMB8GA1UdIwQY
MBaAFMKvwU3ORQsF7IbHxTBwzWu228fuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3FfQlRjNUZDd1hzaHNmRk1IRE5hN2JieC00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC9lYzMyODQtMzU3Ni00ZWU0LTkzYjgt
MTg0N2NiODhlODNhLzEvQzc4VGk0SkZwdlV0dmJZWlJzMTZ0NWZ5aFpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC9lYzMyODQtMzU3Ni00ZWU0LTkzYjgtMTg0N2NiODhlODNh
LzEvd3FfQlRjNUZDd1hzaHNmRk1IRE5hN2JieC00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLrYAMA0G
CSqGSIb3DQEBCwUAA4IBAQAVX0KNx3y5Wl58UAvx212ahrVrnjCzHaXOpiD57uu6
u5jAk/71c82oXl76iEqZiupL5XdYjBE82qDF56t9bePDHGYDrFfzSrwN+ddSYbxy
bZHv83SYlZ38z7gXwc0RCY6C5GoWHYtka+VI1OpOka7BJpDjJqt4R1zBy87WPLlU
nFPAZyJvAQn02Jmxw5qFP31iLsZ4IbGTF6ywatnBNUnrvbe2yTKyCygRQpoxBSIx
14JULd2prNi6EUtfAq263YzN4csOpeevHJ8g/4aQvdasOgWkT6DT3ZkZDNCFHDW8
cF7ZBf5nLU4GJdI3IwLN4gyAul5cNghZa+pOaU8W6ZEi
-----END CERTIFICATE-----