Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/znqNvYotuKxqYRM9ObzeMI8aBAE.roa
File:                     znqNvYotuKxqYRM9ObzeMI8aBAE.roa (raw, json)
Hash identifier:          m0kF/ZVKSi25jHkmTlL8N7xrxEbAS/b1expSgG1fUdQ=
Subject key identifier:   CE:7A:8D:BD:8A:2D:B8:AC:6A:61:13:3D:39:BC:DE:30:8F:1A:04:01
Certificate issuer:       /CN=b72945f57103153a07854e74e227f2aec1c5f430
Certificate serial:       018CC5007881BC5D4829D1F72863CD23746F
Authority key identifier: B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/znqNvYotuKxqYRM9ObzeMI8aBAE.roa
Signing time:             Mon 01 Jan 2024 12:29:51 +0000
ROA not before:           Mon 01 Jan 2024 12:29:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211705
IP address blocks:        46.38.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:78:81:bc:5d:48:29:d1:f7:28:63:cd:23:74:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b72945f57103153a07854e74e227f2aec1c5f430
        Validity
            Not Before: Jan  1 12:29:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce7a8dbd8a2db8ac6a61133d39bcde308f1a0401
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:1d:7b:ed:bd:0c:3f:30:79:26:03:92:98:73:
                    b3:9a:4f:04:1e:fa:77:79:4c:11:6a:e8:39:e9:f9:
                    73:0c:1a:28:a7:43:1d:99:eb:61:0b:86:06:f4:0e:
                    c5:03:66:77:50:0c:68:34:8b:14:20:16:85:bc:87:
                    28:63:f7:01:f8:3d:93:0b:7b:82:92:bf:59:03:ef:
                    02:b9:2f:ef:f7:d6:fb:67:04:2e:80:19:d8:bd:40:
                    a2:cd:7e:d1:ca:d4:4e:55:3f:8a:8a:d2:1a:4e:5e:
                    94:4c:1a:dd:f6:35:2e:76:2e:51:28:3d:34:a4:d7:
                    f6:a1:34:f4:9e:d8:4a:84:2c:d6:84:df:40:79:c3:
                    92:41:e6:4a:c5:d9:84:9d:eb:71:45:05:af:89:0c:
                    27:03:8c:92:2e:3c:7b:73:d6:ba:88:75:05:f1:7f:
                    77:6a:8d:a0:5a:dc:f9:39:bb:c6:c6:c8:ce:3c:6c:
                    49:1c:71:bd:cc:25:47:84:0d:35:18:92:f1:da:93:
                    05:60:e9:b8:62:70:93:f7:ae:e8:ca:4a:16:1a:7a:
                    0f:aa:4f:29:04:7a:5a:12:1d:00:d3:6a:2e:e4:17:
                    62:05:6d:bf:05:f2:ec:da:aa:9b:37:f1:7f:97:0d:
                    b8:91:af:d9:75:14:13:e9:41:25:40:96:02:4c:ad:
                    fe:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:7A:8D:BD:8A:2D:B8:AC:6A:61:13:3D:39:BC:DE:30:8F:1A:04:01
            X509v3 Authority Key Identifier:
                keyid:B7:29:45:F5:71:03:15:3A:07:85:4E:74:E2:27:F2:AE:C1:C5:F4:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tylF9XEDFToHhU504ifyrsHF9DA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/znqNvYotuKxqYRM9ObzeMI8aBAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/5f6906-3fb0-4dff-8d01-2a09cc53a805/1/tylF9XEDFToHhU504ifyrsHF9DA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.38.159.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:1d:bd:7d:7b:25:a7:8e:42:53:36:42:99:6a:40:a0:4b:c9:
         a1:6f:df:09:35:41:08:38:90:5e:b1:ea:29:51:c1:3d:e8:5f:
         6f:e8:49:dd:cc:96:a5:7d:52:01:ef:85:7e:0c:13:cb:4e:9b:
         d8:f2:15:d7:a4:fe:17:38:e2:05:fe:a5:4a:3b:81:d1:61:65:
         e5:d0:d7:a2:12:d3:65:a7:27:22:78:77:03:36:08:d8:e0:e5:
         3f:ae:31:5a:e1:30:b9:ac:1b:f9:a6:39:a5:ed:9a:69:82:bb:
         d1:49:14:30:e6:08:f7:c8:34:8c:d8:0a:3b:ef:67:a8:cd:d7:
         9e:8c:f1:d0:18:98:b2:22:fa:d5:29:d3:39:88:e7:8a:f0:2c:
         fa:9e:00:08:9b:c6:02:65:9e:c3:7d:38:41:ee:c9:14:df:24:
         e7:65:e3:df:39:2c:94:1f:cb:1c:e0:58:e3:64:e3:49:f1:e5:
         03:9d:05:9c:59:08:f0:c0:5c:74:15:52:34:42:c2:bd:e8:10:
         9c:91:57:36:a5:71:11:83:b7:9e:09:bd:97:71:cd:7f:07:b9:
         7a:07:d9:45:5e:62:c0:03:03:26:a1:df:ba:89:58:96:28:de:
         81:b5:a9:85:b4:94:1a:6e:9f:43:57:e8:27:59:b7:e2:0b:ad:
         03:e7:31:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAHiBvF1IKdH3KGPNI3RvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3Mjk0NWY1NzEwMzE1M2EwNzg1NGU3NGUyMjdmMmFlYzFj
NWY0MzAwHhcNMjQwMTAxMTIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTdhOGRiZDhhMmRiOGFjNmE2MTEzM2QzOWJjZGUzMDhmMWEwNDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqh177b0MPzB5JgOSmHOzmk8EHvp3
eUwRaug56flzDBoop0MdmethC4YG9A7FA2Z3UAxoNIsUIBaFvIcoY/cB+D2TC3uC
kr9ZA+8CuS/v99b7ZwQugBnYvUCizX7RytROVT+KitIaTl6UTBrd9jUudi5RKD00
pNf2oTT0nthKhCzWhN9AecOSQeZKxdmEnetxRQWviQwnA4ySLjx7c9a6iHUF8X93
ao2gWtz5ObvGxsjOPGxJHHG9zCVHhA01GJLx2pMFYOm4YnCT967oykoWGnoPqk8p
BHpaEh0A02ou5BdiBW2/BfLs2qqbN/F/lw24ka/ZdRQT6UElQJYCTK3+PQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM56jb2KLbisamETPTm83jCPGgQBMB8GA1UdIwQY
MBaAFLcpRfVxAxU6B4VOdOIn8q7BxfQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEt
MmEwOWNjNTNhODA1LzEvem5xTnZZb3R1S3hxWVJNOU9iemVNSThhQkFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS81ZjY5MDYtM2ZiMC00ZGZmLThkMDEtMmEwOWNjNTNhODA1
LzEvdHlsRjlYRURGVG9IaFU1MDRpZnlyc0hGOURBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALiafMA0G
CSqGSIb3DQEBCwUAA4IBAQAbHb19eyWnjkJTNkKZakCgS8mhb98JNUEIOJBeseop
UcE96F9v6EndzJalfVIB74V+DBPLTpvY8hXXpP4XOOIF/qVKO4HRYWXl0NeiEtNl
pycieHcDNgjY4OU/rjFa4TC5rBv5pjml7ZppgrvRSRQw5gj3yDSM2Ao772eozdee
jPHQGJiyIvrVKdM5iOeK8Cz6ngAIm8YCZZ7DfThB7skU3yTnZePfOSyUH8sc4Fjj
ZONJ8eUDnQWcWQjwwFx0FVI0QsK96BCckVc2pXERg7eeCb2Xcc1/B7l6B9lFXmLA
AwMmod+6iViWKN6BtamFtJQabp9DV+gnWbfiC60D5zE+
-----END CERTIFICATE-----