Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/RqG-Jz778Zi9tyoECedsdnUZe1Q.roa
File:                     RqG-Jz778Zi9tyoECedsdnUZe1Q.roa (raw, json)
Hash identifier:          JxqgWeiefmxaKrROuDs0k4n5KB5wn+WpjIB4OWo43PM=
Subject key identifier:   46:A1:BE:27:3E:FB:F1:98:BD:B7:2A:04:09:E7:6C:76:75:19:7B:54
Certificate issuer:       /CN=3b9a251e5d1d3babe4c579c91eb3e0ac37f7bf2a
Certificate serial:       018CC2DB46F5E805A46B2632F9FB25864AF2
Authority key identifier: 3B:9A:25:1E:5D:1D:3B:AB:E4:C5:79:C9:1E:B3:E0:AC:37:F7:BF:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O5olHl0dO6vkxXnJHrPgrDf3vyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/RqG-Jz778Zi9tyoECedsdnUZe1Q.roa
Signing time:             Mon 01 Jan 2024 02:29:59 +0000
ROA not before:           Mon 01 Jan 2024 02:29:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205020
IP address blocks:        94.142.252.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/O5olHl0dO6vkxXnJHrPgrDf3vyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/O5olHl0dO6vkxXnJHrPgrDf3vyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O5olHl0dO6vkxXnJHrPgrDf3vyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 07:02:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:46:f5:e8:05:a4:6b:26:32:f9:fb:25:86:4a:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b9a251e5d1d3babe4c579c91eb3e0ac37f7bf2a
        Validity
            Not Before: Jan  1 02:29:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46a1be273efbf198bdb72a0409e76c7675197b54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:5f:f6:ab:59:8d:65:a0:c6:60:bb:a6:a7:30:
                    b0:62:be:66:f3:d4:b4:80:a1:ca:a2:9d:77:e1:d4:
                    89:5a:46:be:1f:93:f8:45:2a:74:c2:99:81:d7:7a:
                    7f:7e:9c:cc:1e:98:54:aa:17:5b:77:30:74:15:98:
                    cf:82:df:52:18:fe:15:a5:50:cc:f6:17:5e:70:61:
                    2b:91:8d:f9:98:5b:9a:33:cf:be:c5:dd:41:cb:4f:
                    ca:ba:33:70:75:73:66:28:bd:62:e6:d6:06:41:f4:
                    28:8a:9e:50:b4:3d:41:f6:8c:b2:18:b6:24:e4:cc:
                    ce:ea:13:4e:12:c8:96:c6:ab:f4:ba:12:0d:6b:66:
                    08:b1:e9:99:28:8f:42:17:57:9a:1c:18:4f:9c:49:
                    77:ac:f3:6a:bf:a0:4e:3d:07:37:20:7c:bf:f9:be:
                    0f:be:ef:54:cf:ea:17:28:a9:bd:15:ad:12:fd:1c:
                    77:09:71:b7:92:a4:c0:88:61:1a:55:6e:89:18:55:
                    6a:c4:5b:0c:76:9d:d3:0c:03:fa:67:15:7e:ce:af:
                    34:da:2c:28:23:e8:4d:a8:4f:a5:a2:c8:f0:5a:80:
                    11:2a:45:33:62:ee:e2:43:2b:b2:77:96:74:60:f4:
                    e3:cb:07:f2:43:64:0d:a2:fd:21:c5:1d:10:d4:ef:
                    1e:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:A1:BE:27:3E:FB:F1:98:BD:B7:2A:04:09:E7:6C:76:75:19:7B:54
            X509v3 Authority Key Identifier:
                keyid:3B:9A:25:1E:5D:1D:3B:AB:E4:C5:79:C9:1E:B3:E0:AC:37:F7:BF:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O5olHl0dO6vkxXnJHrPgrDf3vyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/RqG-Jz778Zi9tyoECedsdnUZe1Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/0ddff3-9e70-4d63-b5a0-c6632cc014b0/1/O5olHl0dO6vkxXnJHrPgrDf3vyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.142.252.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:66:6a:19:02:e2:df:b9:b4:2b:20:ef:84:ad:f2:cd:66:0e:
         6e:00:ab:d1:c3:e5:83:02:71:36:15:d5:12:d7:2a:f4:8e:aa:
         c4:92:9a:18:4e:be:99:56:99:63:f7:98:d8:c8:db:1f:8d:94:
         85:97:68:dd:99:f0:0a:ba:d7:a7:93:9c:7b:9f:30:21:26:3d:
         51:61:a6:4c:8a:ef:79:04:07:1d:f6:08:5d:c6:c0:2b:8d:fb:
         c9:62:35:a0:10:51:b1:69:6d:84:a1:06:b8:c5:94:e7:49:83:
         7e:18:39:d0:fe:c3:5c:e6:6a:20:6a:00:7a:2f:6a:a8:6e:b9:
         35:28:85:46:13:35:c0:b8:0f:8d:1a:b5:56:60:db:64:1b:95:
         c0:98:48:6e:1c:2f:db:26:62:77:36:73:e7:49:9c:92:62:74:
         70:8e:c8:89:98:4e:e1:6c:3a:34:30:9b:87:c8:33:f5:7a:3f:
         da:07:9e:b7:7d:f8:c9:28:ba:9b:ea:da:69:df:f2:34:c1:2b:
         58:2f:d2:97:b8:c5:49:25:7d:0a:61:31:e2:25:90:9d:ea:95:
         3a:a0:05:6d:cd:66:9b:f2:1b:8e:33:e1:c7:cc:54:76:c3:88:
         80:41:71:a5:60:c5:e8:1a:07:f5:31:aa:91:45:be:ee:af:fa:
         73:23:b7:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC20b16AWkayYy+fslhkryMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiOWEyNTFlNWQxZDNiYWJlNGM1NzljOTFlYjNlMGFjMzdm
N2JmMmEwHhcNMjQwMTAxMDIyOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmExYmUyNzNlZmJmMTk4YmRiNzJhMDQwOWU3NmM3Njc1MTk3YjU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlF/2q1mNZaDGYLumpzCwYr5m89S0
gKHKop134dSJWka+H5P4RSp0wpmB13p/fpzMHphUqhdbdzB0FZjPgt9SGP4VpVDM
9hdecGErkY35mFuaM8++xd1By0/KujNwdXNmKL1i5tYGQfQoip5QtD1B9oyyGLYk
5MzO6hNOEsiWxqv0uhINa2YIsemZKI9CF1eaHBhPnEl3rPNqv6BOPQc3IHy/+b4P
vu9Uz+oXKKm9Fa0S/Rx3CXG3kqTAiGEaVW6JGFVqxFsMdp3TDAP6ZxV+zq802iwo
I+hNqE+losjwWoARKkUzYu7iQyuyd5Z0YPTjywfyQ2QNov0hxR0Q1O8etwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEahvic++/GYvbcqBAnnbHZ1GXtUMB8GA1UdIwQY
MBaAFDuaJR5dHTur5MV5yR6z4Kw3978qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzVvbEhsMGRPNnZreFhuSkhyUGdyRGYzdnlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS8wZGRmZjMtOWU3MC00ZDYzLWI1YTAt
YzY2MzJjYzAxNGIwLzEvUnFHLUp6Nzc4Wmk5dHlvRUNlZHNkblVaZTFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS8wZGRmZjMtOWU3MC00ZDYzLWI1YTAtYzY2MzJjYzAxNGIw
LzEvTzVvbEhsMGRPNnZreFhuSkhyUGdyRGYzdnlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXo78MA0G
CSqGSIb3DQEBCwUAA4IBAQBvZmoZAuLfubQrIO+ErfLNZg5uAKvRw+WDAnE2FdUS
1yr0jqrEkpoYTr6ZVplj95jYyNsfjZSFl2jdmfAKutenk5x7nzAhJj1RYaZMiu95
BAcd9ghdxsArjfvJYjWgEFGxaW2EoQa4xZTnSYN+GDnQ/sNc5mogagB6L2qobrk1
KIVGEzXAuA+NGrVWYNtkG5XAmEhuHC/bJmJ3NnPnSZySYnRwjsiJmE7hbDo0MJuH
yDP1ej/aB563ffjJKLqb6tpp3/I0wStYL9KXuMVJJX0KYTHiJZCd6pU6oAVtzWab
8huOM+HHzFR2w4iAQXGlYMXoGgf1MaqRRb7ur/pzI7cu
-----END CERTIFICATE-----