Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/66ca64-6fce-4b84-8c15-cb868127a9b1/1/pl46FT2ZP1KRarrCdrwXpA8bmN8.roa
File:                     pl46FT2ZP1KRarrCdrwXpA8bmN8.roa (raw, json)
Hash identifier:          f9SpzOybPJ0oSReeSamUbkiu/F/YcnucEO1o38cqVMw=
Subject key identifier:   A6:5E:3A:15:3D:99:3F:52:91:6A:BA:C2:76:BC:17:A4:0F:1B:98:DF
Certificate issuer:       /CN=6eb61057b826541d216cd595cf86c6a06fb2ae11
Certificate serial:       018CC726114ED69EE29BDE54344AA75C82E6
Authority key identifier: 6E:B6:10:57:B8:26:54:1D:21:6C:D5:95:CF:86:C6:A0:6F:B2:AE:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/brYQV7gmVB0hbNWVz4bGoG-yrhE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/66ca64-6fce-4b84-8c15-cb868127a9b1/1/pl46FT2ZP1KRarrCdrwXpA8bmN8.roa
Signing time:             Mon 01 Jan 2024 22:30:09 +0000
ROA not before:           Mon 01 Jan 2024 22:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137
IP address blocks:        192.146.242.0/24 maxlen: 24
                          192.160.156.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/66ca64-6fce-4b84-8c15-cb868127a9b1/1/brYQV7gmVB0hbNWVz4bGoG-yrhE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/66ca64-6fce-4b84-8c15-cb868127a9b1/1/brYQV7gmVB0hbNWVz4bGoG-yrhE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/brYQV7gmVB0hbNWVz4bGoG-yrhE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:11:4e:d6:9e:e2:9b:de:54:34:4a:a7:5c:82:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6eb61057b826541d216cd595cf86c6a06fb2ae11
        Validity
            Not Before: Jan  1 22:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a65e3a153d993f52916abac276bc17a40f1b98df
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:14:d6:9c:fa:3f:4e:2f:81:8c:1e:4c:e0:b5:
                    fe:c5:33:7d:47:d6:f2:94:74:93:48:62:46:85:fb:
                    bc:c7:b2:53:11:e3:0b:b8:00:1b:33:d7:ec:be:45:
                    52:6c:20:8d:87:89:0f:d2:94:01:33:c7:6a:76:4d:
                    a1:30:0f:52:97:9d:8e:a0:75:c5:42:7c:0b:52:4e:
                    54:99:38:52:b2:e8:5c:0a:e7:7c:93:e0:82:b2:4b:
                    30:64:af:fd:ac:ad:60:fb:44:7c:ec:ad:d5:6c:37:
                    bb:4a:41:f6:1a:8d:b1:f3:72:ae:c0:ba:d1:72:34:
                    dc:e0:9a:1c:80:53:f6:62:2e:3e:03:8d:44:cf:04:
                    2d:48:6b:fc:78:4d:34:f4:27:9a:c3:6f:1b:c9:e1:
                    20:ab:f6:11:34:0c:53:5d:cd:4d:d4:5d:e3:66:67:
                    f4:18:e9:43:ab:2e:73:8c:9a:05:17:0f:78:79:d4:
                    8a:81:85:33:0d:14:db:b0:20:ad:73:80:8f:f2:b7:
                    bb:11:91:b6:da:e8:be:22:ed:4f:db:8b:2c:53:df:
                    8e:58:a2:89:8b:0b:5c:bc:d0:ea:10:1c:98:9f:be:
                    57:43:2a:59:92:14:e7:f6:0b:78:07:10:7e:e0:a0:
                    cc:b0:1e:ef:ba:21:94:c4:80:4a:40:9c:1f:21:0c:
                    e1:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:5E:3A:15:3D:99:3F:52:91:6A:BA:C2:76:BC:17:A4:0F:1B:98:DF
            X509v3 Authority Key Identifier:
                keyid:6E:B6:10:57:B8:26:54:1D:21:6C:D5:95:CF:86:C6:A0:6F:B2:AE:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/brYQV7gmVB0hbNWVz4bGoG-yrhE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/66ca64-6fce-4b84-8c15-cb868127a9b1/1/pl46FT2ZP1KRarrCdrwXpA8bmN8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/66ca64-6fce-4b84-8c15-cb868127a9b1/1/brYQV7gmVB0hbNWVz4bGoG-yrhE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.146.242.0/24
                  192.160.156.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:a9:b8:50:4c:a2:ec:5a:38:c6:e4:7e:62:15:0d:89:69:92:
         6a:3d:f5:1d:53:08:5e:e7:9f:a9:c3:57:25:e1:4c:88:03:cf:
         f7:c3:48:e4:08:c6:4f:8a:e7:ab:77:f0:99:07:77:92:2b:24:
         a7:f3:df:3f:bc:1c:6d:15:48:0e:d6:19:2d:18:bf:e6:33:ac:
         aa:75:09:c6:93:86:de:b8:48:0e:3b:79:64:27:81:12:1b:27:
         5a:74:bd:46:fa:da:43:08:1b:60:28:71:97:82:c9:5b:4a:b3:
         c8:2d:41:60:cd:c8:da:f8:b8:05:53:27:fa:30:2b:a5:26:ad:
         41:4b:ec:d3:5b:f4:c5:5b:08:e0:d4:34:53:4f:7c:03:65:7d:
         a7:a7:7c:33:17:62:22:5a:98:d6:52:0b:47:1a:42:b0:1e:11:
         20:07:81:3d:b7:96:b0:6b:d2:e3:04:0c:35:10:ae:04:eb:5e:
         f3:81:c6:a7:18:a5:64:94:49:9c:e7:fc:82:85:d7:f9:de:b5:
         06:48:ac:7e:29:ce:60:5f:c4:a8:07:4e:8a:62:68:a7:33:f7:
         7b:64:b2:19:25:c6:54:59:8c:18:d1:8d:f5:75:8d:bd:4b:99:
         9b:97:b1:d1:95:70:96:13:77:8d:cc:06:f1:71:e7:03:68:46:
         7d:65:ad:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJhFO1p7im95UNEqnXILmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlYjYxMDU3YjgyNjU0MWQyMTZjZDU5NWNmODZjNmEwNmZi
MmFlMTEwHhcNMjQwMTAxMjIzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjVlM2ExNTNkOTkzZjUyOTE2YWJhYzI3NmJjMTdhNDBmMWI5OGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkBTWnPo/Ti+BjB5M4LX+xTN9R9by
lHSTSGJGhfu8x7JTEeMLuAAbM9fsvkVSbCCNh4kP0pQBM8dqdk2hMA9Sl52OoHXF
QnwLUk5UmThSsuhcCud8k+CCskswZK/9rK1g+0R87K3VbDe7SkH2Go2x83KuwLrR
cjTc4JocgFP2Yi4+A41EzwQtSGv8eE009Ceaw28byeEgq/YRNAxTXc1N1F3jZmf0
GOlDqy5zjJoFFw94edSKgYUzDRTbsCCtc4CP8re7EZG22ui+Iu1P24ssU9+OWKKJ
iwtcvNDqEByYn75XQypZkhTn9gt4BxB+4KDMsB7vuiGUxIBKQJwfIQzhZwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKZeOhU9mT9SkWq6wna8F6QPG5jfMB8GA1UdIwQY
MBaAFG62EFe4JlQdIWzVlc+GxqBvsq4RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYnJZUVY3Z21WQjBoYk5XVno0YkdvRy15cmhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My82NmNhNjQtNmZjZS00Yjg0LThjMTUt
Y2I4NjgxMjdhOWIxLzEvcGw0NkZUMlpQMUtSYXJyQ2Ryd1hwQThibU44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My82NmNhNjQtNmZjZS00Yjg0LThjMTUtY2I4NjgxMjdhOWIx
LzEvYnJZUVY3Z21WQjBoYk5XVno0YkdvRy15cmhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwJLyAwQA
wKCcMA0GCSqGSIb3DQEBCwUAA4IBAQA6qbhQTKLsWjjG5H5iFQ2JaZJqPfUdUwhe
55+pw1cl4UyIA8/3w0jkCMZPiuerd/CZB3eSKySn898/vBxtFUgO1hktGL/mM6yq
dQnGk4beuEgOO3lkJ4ESGydadL1G+tpDCBtgKHGXgslbSrPILUFgzcja+LgFUyf6
MCulJq1BS+zTW/TFWwjg1DRTT3wDZX2np3wzF2IiWpjWUgtHGkKwHhEgB4E9t5aw
a9LjBAw1EK4E617zgcanGKVklEmc5/yChdf53rUGSKx+Kc5gX8SoB06KYminM/d7
ZLIZJcZUWYwY0Y31dY29S5mbl7HRlXCWE3eNzAbxcecDaEZ9Za04
-----END CERTIFICATE-----