Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/G6WQSbqA338IRT9afNxDuqhRGzI.roa
File:                     G6WQSbqA338IRT9afNxDuqhRGzI.roa (raw, json)
Hash identifier:          lyG2ALUnfhCFxQz5XmV9VdU18hgAAGDfRlru9zCSuXw=
Subject key identifier:   1B:A5:90:49:BA:80:DF:7F:08:45:3F:5A:7C:DC:43:BA:A8:51:1B:32
Certificate issuer:       /CN=c89c2cc489ebe48f490584ac866fe362c4117e75
Certificate serial:       018E31209E735A4BC677B2128CCC01C566DF
Authority key identifier: C8:9C:2C:C4:89:EB:E4:8F:49:05:84:AC:86:6F:E3:62:C4:11:7E:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yJwsxInr5I9JBYSshm_jYsQRfnU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/G6WQSbqA338IRT9afNxDuqhRGzI.roa
Signing time:             Tue 12 Mar 2024 05:26:45 +0000
ROA not before:           Tue 12 Mar 2024 05:26:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        46.148.40.0/24 maxlen: 24
                          46.148.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/yJwsxInr5I9JBYSshm_jYsQRfnU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/yJwsxInr5I9JBYSshm_jYsQRfnU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yJwsxInr5I9JBYSshm_jYsQRfnU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:31:20:9e:73:5a:4b:c6:77:b2:12:8c:cc:01:c5:66:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c89c2cc489ebe48f490584ac866fe362c4117e75
        Validity
            Not Before: Mar 12 05:26:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1ba59049ba80df7f08453f5a7cdc43baa8511b32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e3:d3:2d:45:09:af:80:33:7e:a3:31:52:fe:
                    4a:60:f8:50:52:9d:bc:4d:c9:a5:ba:cc:93:88:f5:
                    b8:9b:cf:0c:ef:f4:8c:a4:93:74:1a:a2:b5:f1:14:
                    6a:f5:d8:63:02:46:dd:31:14:ee:03:18:d8:99:de:
                    66:42:d4:3c:fc:5f:98:67:6c:4e:17:5b:ec:71:32:
                    5d:dd:95:40:cf:5c:59:18:eb:e8:18:50:8d:68:cc:
                    1c:20:a5:a8:0b:5e:55:11:a1:17:30:59:f1:39:fe:
                    f3:03:71:d9:da:9c:5b:3d:d0:ff:78:1f:29:2a:bc:
                    86:20:7b:0e:28:cb:78:cc:4d:5c:40:15:51:90:c6:
                    92:69:e4:a5:e7:7d:37:71:40:f6:fa:ba:b0:3c:3b:
                    d7:ba:e0:8b:45:78:72:5f:0d:50:ec:48:06:00:38:
                    7c:05:b6:e3:90:2f:61:60:47:a6:b8:6e:ac:20:38:
                    1e:44:fc:ff:43:f9:25:69:d7:b2:30:40:c0:e0:d4:
                    0f:bb:9c:eb:2f:6f:6e:f7:88:ba:38:78:4c:ce:96:
                    ba:c1:4e:59:e2:3c:5e:40:f5:30:ef:8d:69:87:1d:
                    d4:ff:c2:09:cd:35:ff:bc:57:1d:b6:d0:5f:26:af:
                    c5:f1:ba:09:a0:80:69:db:f2:14:38:ff:89:89:51:
                    cc:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:A5:90:49:BA:80:DF:7F:08:45:3F:5A:7C:DC:43:BA:A8:51:1B:32
            X509v3 Authority Key Identifier:
                keyid:C8:9C:2C:C4:89:EB:E4:8F:49:05:84:AC:86:6F:E3:62:C4:11:7E:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yJwsxInr5I9JBYSshm_jYsQRfnU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/G6WQSbqA338IRT9afNxDuqhRGzI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/a00be2-877d-40e7-8a8a-af2cfa622d18/1/yJwsxInr5I9JBYSshm_jYsQRfnU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.148.40.0/24
                  46.148.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c3:74:e9:7b:5d:ce:ad:a1:72:9e:e2:3b:eb:1b:59:17:fd:9d:
         2a:c4:91:74:e6:20:5c:ef:2b:51:52:e7:90:16:48:6e:b7:93:
         43:52:b2:8b:cc:cc:bd:03:a9:a1:25:02:c8:57:69:fe:86:63:
         80:b6:ad:1f:9d:2d:c7:c5:75:5d:26:47:52:16:2d:19:6d:fb:
         9f:0a:ad:92:84:ab:b8:9b:a0:eb:1d:01:7d:a5:93:da:88:f3:
         d3:54:34:1a:26:d9:b8:8a:4f:d1:a8:29:3b:92:64:e3:ea:6d:
         4e:a9:91:1a:5f:0c:c4:74:16:3a:15:50:46:7c:74:c1:56:4c:
         42:30:6e:b7:3a:a9:eb:2a:73:ec:f3:27:57:1f:c6:c7:de:6b:
         ac:f6:35:48:a9:e2:f6:37:cd:4f:76:0a:ff:1e:47:07:8f:05:
         b7:9e:31:1a:f1:d3:c3:3c:5d:53:86:0b:ec:78:2a:50:9a:69:
         04:8b:72:3f:ff:fd:75:02:31:14:b7:bc:a9:70:9a:dd:04:7a:
         fc:2c:de:9c:66:87:d7:bc:42:df:2c:bd:f8:95:d6:34:7c:83:
         15:09:a5:2f:a5:05:f5:e4:fc:cd:67:97:5f:3e:5e:49:54:76:
         c9:b1:46:88:d9:b2:88:e8:c8:53:f0:ee:01:ba:81:1d:07:2a:
         98:22:25:8e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY4xIJ5zWkvGd7ISjMwBxWbfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4OWMyY2M0ODllYmU0OGY0OTA1ODRhYzg2NmZlMzYyYzQx
MTdlNzUwHhcNMjQwMzEyMDUyNjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmE1OTA0OWJhODBkZjdmMDg0NTNmNWE3Y2RjNDNiYWE4NTExYjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvePTLUUJr4AzfqMxUv5KYPhQUp28
TcmlusyTiPW4m88M7/SMpJN0GqK18RRq9dhjAkbdMRTuAxjYmd5mQtQ8/F+YZ2xO
F1vscTJd3ZVAz1xZGOvoGFCNaMwcIKWoC15VEaEXMFnxOf7zA3HZ2pxbPdD/eB8p
KryGIHsOKMt4zE1cQBVRkMaSaeSl5303cUD2+rqwPDvXuuCLRXhyXw1Q7EgGADh8
BbbjkC9hYEemuG6sIDgeRPz/Q/kladeyMEDA4NQPu5zrL29u94i6OHhMzpa6wU5Z
4jxeQPUw741phx3U/8IJzTX/vFcdttBfJq/F8boJoIBp2/IUOP+JiVHMIwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBulkEm6gN9/CEU/WnzcQ7qoURsyMB8GA1UdIwQY
MBaAFMicLMSJ6+SPSQWErIZv42LEEX51MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUp3c3hJbnI1STlKQllTc2htX2pZc1FSZm5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC9hMDBiZTItODc3ZC00MGU3LThhOGEt
YWYyY2ZhNjIyZDE4LzEvRzZXUVNicUEzMzhJUlQ5YWZOeER1cWhSR3pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC9hMDBiZTItODc3ZC00MGU3LThhOGEtYWYyY2ZhNjIyZDE4
LzEveUp3c3hJbnI1STlKQllTc2htX2pZc1FSZm5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALpQoAwQA
LpQrMA0GCSqGSIb3DQEBCwUAA4IBAQDDdOl7Xc6toXKe4jvrG1kX/Z0qxJF05iBc
7ytRUueQFkhut5NDUrKLzMy9A6mhJQLIV2n+hmOAtq0fnS3HxXVdJkdSFi0Zbfuf
Cq2ShKu4m6DrHQF9pZPaiPPTVDQaJtm4ik/RqCk7kmTj6m1OqZEaXwzEdBY6FVBG
fHTBVkxCMG63OqnrKnPs8ydXH8bH3mus9jVIqeL2N81Pdgr/HkcHjwW3njEa8dPD
PF1ThgvseCpQmmkEi3I///11AjEUt7ypcJrdBHr8LN6cZofXvELfLL34ldY0fIMV
CaUvpQX15PzNZ5dfPl5JVHbJsUaI2bKI6MhT8O4BuoEdByqYIiWO
-----END CERTIFICATE-----