Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/dYt0EJxPw6xJr197bWek7Gfn2Mg.roa
File:                     dYt0EJxPw6xJr197bWek7Gfn2Mg.roa (raw, json)
Hash identifier:          o+gIfb6j8UffDLXy4XBj54VWHn7yiIsOmOqzxIvfEos=
Subject key identifier:   75:8B:74:10:9C:4F:C3:AC:49:AF:5F:7B:6D:67:A4:EC:67:E7:D8:C8
Certificate issuer:       /CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
Certificate serial:       018CC56E1D8054F373DB324A0F3FED056B06
Authority key identifier: 05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/dYt0EJxPw6xJr197bWek7Gfn2Mg.roa
Signing time:             Mon 01 Jan 2024 14:29:37 +0000
ROA not before:           Mon 01 Jan 2024 14:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     269729
IP address blocks:        46.29.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:1d:80:54:f3:73:db:32:4a:0f:3f:ed:05:6b:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0534c49fcfa8a45041d95ed4d8d4fc69c727a467
        Validity
            Not Before: Jan  1 14:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=758b74109c4fc3ac49af5f7b6d67a4ec67e7d8c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5f:fd:bd:d3:20:c4:73:9f:21:3e:ab:0f:10:
                    74:e8:8c:c7:f9:62:fb:c9:fa:bf:ea:7b:fb:cc:76:
                    84:ea:f4:2b:17:6e:d1:e2:af:98:71:fb:e2:6b:01:
                    62:b7:51:f7:2b:2f:73:a4:cb:6f:7f:bd:86:31:47:
                    f5:73:45:62:d4:d9:c9:ef:11:62:58:70:0f:b4:90:
                    20:da:ba:48:ef:c4:84:8d:44:4f:df:5a:aa:a4:5b:
                    9b:8b:d8:b3:e9:cc:ee:05:b0:0b:a8:a7:a1:7a:2f:
                    ad:79:1c:fd:b7:58:53:31:90:66:cb:c0:da:d1:e5:
                    d6:b9:cc:67:63:ce:1b:30:cc:43:25:53:9e:30:ef:
                    6a:bb:56:9c:74:9a:99:eb:ba:c3:84:df:a0:c0:3c:
                    c9:e6:e3:fd:06:4f:12:10:df:f5:8b:bc:70:f5:de:
                    3e:da:e5:f4:ec:cf:44:b5:55:d5:31:a4:4b:0a:f8:
                    e8:55:54:e1:d3:2a:97:c0:4a:ed:d0:57:6e:aa:11:
                    36:f8:77:5e:9e:c8:cf:46:77:4c:ec:da:35:9c:f9:
                    b6:8a:ff:bd:f7:19:cd:2c:18:47:56:48:2f:41:ea:
                    02:80:e4:b9:a7:b3:45:78:66:85:0f:ec:2f:17:cf:
                    27:26:9e:79:c5:a7:8c:7c:91:76:fb:9e:2a:14:ae:
                    b5:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:8B:74:10:9C:4F:C3:AC:49:AF:5F:7B:6D:67:A4:EC:67:E7:D8:C8
            X509v3 Authority Key Identifier:
                keyid:05:34:C4:9F:CF:A8:A4:50:41:D9:5E:D4:D8:D4:FC:69:C7:27:A4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BTTEn8-opFBB2V7U2NT8accnpGc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/dYt0EJxPw6xJr197bWek7Gfn2Mg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/0ccbda-d6f1-4527-8106-cd7e06cbb531/1/BTTEn8-opFBB2V7U2NT8accnpGc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.29.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:b0:79:cd:ae:09:51:62:ed:9b:87:3d:36:0e:da:de:91:12:
         30:82:e5:e1:9d:a9:5a:5f:fc:9b:ec:7b:89:92:6d:3f:be:2d:
         be:5d:02:bf:ad:bb:2f:51:d0:cc:5f:a3:94:e9:5b:c1:d7:4d:
         93:0f:aa:ae:ab:db:89:65:9e:5b:47:0b:ee:f6:7f:4e:27:3c:
         9f:33:61:2c:2b:92:e5:d5:28:6e:74:45:cc:71:b4:fc:9a:57:
         73:41:b7:d6:ea:8d:b6:7a:b9:61:83:a2:6b:3c:d2:4a:84:f0:
         63:2e:7c:bc:c9:da:cb:e9:7a:4b:4a:74:c5:19:65:c3:cb:ca:
         53:a6:98:5f:b1:49:11:88:53:fc:80:ac:a4:10:e1:f1:0a:a3:
         4d:58:7e:45:ad:ab:f7:c5:62:ad:fb:16:1b:87:10:57:5f:20:
         f5:14:47:c0:21:23:de:1e:da:14:e4:15:43:8b:f9:5d:d6:fb:
         2b:43:40:56:7a:23:7b:a5:95:00:07:d0:bf:a0:e1:6c:06:09:
         67:7e:23:f0:10:f5:d4:d7:6c:39:28:10:07:a7:0e:4f:55:11:
         6f:15:7c:c6:2c:97:bb:63:cc:88:2b:2e:86:b7:88:bb:cc:d4:
         f5:f5:01:57:66:80:45:bd:31:62:d3:43:76:b9:34:4a:6b:8e:
         b3:d8:e5:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbh2AVPNz2zJKDz/tBWsGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MzRjNDlmY2ZhOGE0NTA0MWQ5NWVkNGQ4ZDRmYzY5Yzcy
N2E0NjcwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NThiNzQxMDljNGZjM2FjNDlhZjVmN2I2ZDY3YTRlYzY3ZTdkOGM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1/9vdMgxHOfIT6rDxB06IzH+WL7
yfq/6nv7zHaE6vQrF27R4q+YcfviawFit1H3Ky9zpMtvf72GMUf1c0Vi1NnJ7xFi
WHAPtJAg2rpI78SEjURP31qqpFubi9iz6czuBbALqKehei+teRz9t1hTMZBmy8Da
0eXWucxnY84bMMxDJVOeMO9qu1acdJqZ67rDhN+gwDzJ5uP9Bk8SEN/1i7xw9d4+
2uX07M9EtVXVMaRLCvjoVVTh0yqXwErt0FduqhE2+HdensjPRndM7No1nPm2iv+9
9xnNLBhHVkgvQeoCgOS5p7NFeGaFD+wvF88nJp55xaeMfJF2+54qFK614wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHWLdBCcT8OsSa9fe21npOxn59jIMB8GA1UdIwQY
MBaAFAU0xJ/PqKRQQdle1NjU/GnHJ6RnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYt
Y2Q3ZTA2Y2JiNTMxLzEvZFl0MEVKeFB3NnhKcjE5N2JXZWs3R2ZuMk1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS8wY2NiZGEtZDZmMS00NTI3LTgxMDYtY2Q3ZTA2Y2JiNTMx
LzEvQlRURW44LW9wRkJCMlY3VTJOVDhhY2NucEdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALh0eMA0G
CSqGSIb3DQEBCwUAA4IBAQA1sHnNrglRYu2bhz02DtrekRIwguXhnalaX/yb7HuJ
km0/vi2+XQK/rbsvUdDMX6OU6VvB102TD6quq9uJZZ5bRwvu9n9OJzyfM2EsK5Ll
1ShudEXMcbT8mldzQbfW6o22erlhg6JrPNJKhPBjLny8ydrL6XpLSnTFGWXDy8pT
pphfsUkRiFP8gKykEOHxCqNNWH5Frav3xWKt+xYbhxBXXyD1FEfAISPeHtoU5BVD
i/ld1vsrQ0BWeiN7pZUAB9C/oOFsBglnfiPwEPXU12w5KBAHpw5PVRFvFXzGLJe7
Y8yIKy6Gt4i7zNT19QFXZoBFvTFi00N2uTRKa46z2OUV
-----END CERTIFICATE-----