Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/aVs2BnVNpEpLOOdd0xOHhMXTmIw.roa
File:                     aVs2BnVNpEpLOOdd0xOHhMXTmIw.roa (raw, json)
Hash identifier:          IY0GIPccNbENrxIQOgucFFoAfXPMOar+5H2FbM43Lxc=
Subject key identifier:   69:5B:36:06:75:4D:A4:4A:4B:38:E7:5D:D3:13:87:84:C5:D3:98:8C
Certificate issuer:       /CN=92253353ba649debee927998ba02c8614399f961
Certificate serial:       018DF49EDD0A5A6B5DFB29223B3E66747852
Authority key identifier: 92:25:33:53:BA:64:9D:EB:EE:92:79:98:BA:02:C8:61:43:99:F9:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kiUzU7pknevuknmYugLIYUOZ-WE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/aVs2BnVNpEpLOOdd0xOHhMXTmIw.roa
Signing time:             Thu 29 Feb 2024 11:27:48 +0000
ROA not before:           Thu 29 Feb 2024 11:27:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57043
IP address blocks:        46.102.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/kiUzU7pknevuknmYugLIYUOZ-WE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/kiUzU7pknevuknmYugLIYUOZ-WE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kiUzU7pknevuknmYugLIYUOZ-WE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f4:9e:dd:0a:5a:6b:5d:fb:29:22:3b:3e:66:74:78:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92253353ba649debee927998ba02c8614399f961
        Validity
            Not Before: Feb 29 11:27:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=695b3606754da44a4b38e75dd3138784c5d3988c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:59:fa:6d:80:a0:99:e1:72:cc:6a:6e:b8:da:
                    9e:f9:09:95:bd:b6:46:e2:2c:4a:e9:68:22:df:a3:
                    53:2a:a6:1d:7d:2a:83:e4:07:7d:19:5b:20:5e:88:
                    0d:08:7a:25:43:14:fb:f6:1e:52:bc:a2:97:1f:fb:
                    18:eb:49:45:bd:84:5b:70:1f:30:70:23:7e:21:b7:
                    8b:cc:a9:7f:14:ef:0d:9d:2b:96:f9:63:04:79:2c:
                    8d:60:59:97:79:da:43:54:f3:37:e3:70:1d:24:eb:
                    7f:aa:f4:d5:d8:31:2a:32:8b:5b:c4:3f:38:c6:f9:
                    47:6a:f9:4e:8e:86:e3:20:ae:9a:11:ef:f3:5e:9c:
                    40:73:4a:14:72:e7:d8:9a:4e:6f:95:ae:e1:6c:19:
                    ab:23:ac:44:8e:40:9c:92:95:ff:54:72:62:21:fd:
                    66:89:f4:f3:65:1c:01:6e:54:25:55:f7:dd:fe:22:
                    72:49:63:b0:29:b2:1f:1b:41:f4:24:ad:21:99:14:
                    2d:35:c5:76:2c:38:a3:eb:f3:40:11:31:18:93:8e:
                    06:bd:3d:56:12:bc:46:e4:b2:76:2e:58:1a:bf:7f:
                    17:e4:7b:79:df:40:40:5b:71:c1:8f:75:6f:9f:7b:
                    ab:b5:fc:5f:00:aa:21:e9:8a:7b:62:dd:b3:a9:de:
                    fc:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:5B:36:06:75:4D:A4:4A:4B:38:E7:5D:D3:13:87:84:C5:D3:98:8C
            X509v3 Authority Key Identifier:
                keyid:92:25:33:53:BA:64:9D:EB:EE:92:79:98:BA:02:C8:61:43:99:F9:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kiUzU7pknevuknmYugLIYUOZ-WE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/aVs2BnVNpEpLOOdd0xOHhMXTmIw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/453ae3-f227-4e0d-bd06-6997b2579a34/1/kiUzU7pknevuknmYugLIYUOZ-WE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.102.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:5a:f1:b0:b0:02:a3:5f:aa:14:61:cb:25:ef:dc:fc:fb:aa:
         2f:f1:d7:8f:3e:04:9b:bf:1a:eb:52:e0:ad:75:c3:af:56:07:
         66:49:ab:cc:07:f1:b1:cb:b4:16:53:21:0c:c0:e4:42:30:66:
         a5:a8:c7:f4:7a:28:8e:c5:0c:d9:07:20:72:4b:ed:4f:fa:87:
         ac:e1:a8:51:b6:21:e1:f3:cc:cf:c3:a1:7e:a4:47:28:83:b5:
         d9:62:42:0a:02:23:f6:64:76:50:c2:3c:b4:ac:c2:9c:b4:e6:
         ba:8c:9f:c0:a5:26:e8:77:cf:7c:39:23:fa:4d:8e:8e:b2:de:
         eb:92:12:d8:5a:39:67:ea:0a:83:6c:90:04:ba:4b:4b:34:4e:
         56:1d:23:f2:8d:a3:e8:0e:d8:02:91:ab:13:31:55:57:86:24:
         61:03:02:8d:fa:21:11:5e:80:9f:75:a9:15:23:cf:1b:79:13:
         02:42:a4:f9:88:d9:d2:0c:22:3c:b8:ab:5b:3e:c6:00:1d:ec:
         ef:87:74:45:e5:66:9c:07:70:0b:ea:8a:80:c7:bb:a8:99:8e:
         ee:03:e5:9c:a1:c2:cd:6f:26:31:23:1b:53:97:8e:e5:a4:4c:
         bd:14:ca:cb:a1:4f:ce:f5:42:3d:19:b4:5b:84:fe:9d:a3:df:
         8b:f8:c8:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY30nt0KWmtd+ykiOz5mdHhSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMjUzMzUzYmE2NDlkZWJlZTkyNzk5OGJhMDJjODYxNDM5
OWY5NjEwHhcNMjQwMjI5MTEyNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OTViMzYwNjc1NGRhNDRhNGIzOGU3NWRkMzEzODc4NGM1ZDM5ODhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk1n6bYCgmeFyzGpuuNqe+QmVvbZG
4ixK6Wgi36NTKqYdfSqD5Ad9GVsgXogNCHolQxT79h5SvKKXH/sY60lFvYRbcB8w
cCN+IbeLzKl/FO8NnSuW+WMEeSyNYFmXedpDVPM343AdJOt/qvTV2DEqMotbxD84
xvlHavlOjobjIK6aEe/zXpxAc0oUcufYmk5vla7hbBmrI6xEjkCckpX/VHJiIf1m
ifTzZRwBblQlVffd/iJySWOwKbIfG0H0JK0hmRQtNcV2LDij6/NAETEYk44GvT1W
ErxG5LJ2Llgav38X5Ht530BAW3HBj3Vvn3urtfxfAKoh6Yp7Yt2zqd78rwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGlbNgZ1TaRKSzjnXdMTh4TF05iMMB8GA1UdIwQY
MBaAFJIlM1O6ZJ3r7pJ5mLoCyGFDmflhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2lVelU3cGtuZXZ1a25tWXVnTElZVU9aLVdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80NTNhZTMtZjIyNy00ZTBkLWJkMDYt
Njk5N2IyNTc5YTM0LzEvYVZzMkJuVk5wRXBMT09kZDB4T0hoTVhUbUl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80NTNhZTMtZjIyNy00ZTBkLWJkMDYtNjk5N2IyNTc5YTM0
LzEva2lVelU3cGtuZXZ1a25tWXVnTElZVU9aLVdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALmauMA0G
CSqGSIb3DQEBCwUAA4IBAQAkWvGwsAKjX6oUYcsl79z8+6ov8dePPgSbvxrrUuCt
dcOvVgdmSavMB/Gxy7QWUyEMwORCMGalqMf0eiiOxQzZByByS+1P+oes4ahRtiHh
88zPw6F+pEcog7XZYkIKAiP2ZHZQwjy0rMKctOa6jJ/ApSbod898OSP6TY6Ost7r
khLYWjln6gqDbJAEuktLNE5WHSPyjaPoDtgCkasTMVVXhiRhAwKN+iERXoCfdakV
I88beRMCQqT5iNnSDCI8uKtbPsYAHezvh3RF5WacB3AL6oqAx7uomY7uA+WcocLN
byYxIxtTl47lpEy9FMrLoU/O9UI9GbRbhP6do9+L+Mg7
-----END CERTIFICATE-----