Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/fb073f-6b38-4ecb-b96f-2c2079d916ad/1/s2rqpwumhtmvSEX63lF_jSCCIqI.roa
File:                     s2rqpwumhtmvSEX63lF_jSCCIqI.roa (raw, json)
Hash identifier:          8m00LdhJd4srRCMsExEiNSzzG4jj/QWLsZ3SSDUCdOo=
Subject key identifier:   B3:6A:EA:A7:0B:A6:86:D9:AF:48:45:FA:DE:51:7F:8D:20:82:22:A2
Certificate issuer:       /CN=42560fc1cf6b97466737c3027123fa120b1954d5
Certificate serial:       0194221FB65A5C2E86A03F07D7D4D6A13BB4
Authority key identifier: 42:56:0F:C1:CF:6B:97:46:67:37:C3:02:71:23:FA:12:0B:19:54:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QlYPwc9rl0ZnN8MCcSP6EgsZVNU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/fb073f-6b38-4ecb-b96f-2c2079d916ad/1/s2rqpwumhtmvSEX63lF_jSCCIqI.roa
Signing time:             Wed 01 Jan 2025 13:48:11 +0000
ROA not before:           Wed 01 Jan 2025 13:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203148
IP address blocks:        46.18.32.0/24 maxlen: 24
                          185.59.16.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/fb073f-6b38-4ecb-b96f-2c2079d916ad/1/QlYPwc9rl0ZnN8MCcSP6EgsZVNU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/fb073f-6b38-4ecb-b96f-2c2079d916ad/1/QlYPwc9rl0ZnN8MCcSP6EgsZVNU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QlYPwc9rl0ZnN8MCcSP6EgsZVNU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:b6:5a:5c:2e:86:a0:3f:07:d7:d4:d6:a1:3b:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=42560fc1cf6b97466737c3027123fa120b1954d5
        Validity
            Not Before: Jan  1 13:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b36aeaa70ba686d9af4845fade517f8d208222a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ca:1b:75:75:b6:ba:e7:63:23:44:31:1b:f6:
                    25:3f:79:df:99:e0:8d:e4:04:29:50:99:d0:2a:2c:
                    d6:1b:d7:eb:89:44:28:28:13:32:4c:09:aa:40:8f:
                    47:9f:46:7d:27:f4:52:f4:35:68:be:30:b7:a6:7e:
                    ad:dc:ca:3c:22:dc:00:e4:be:d7:3d:a0:2a:53:2e:
                    3c:2b:7e:20:7b:c3:e5:cb:cd:3e:53:d8:e1:4c:cb:
                    7b:c2:32:e3:3a:d7:5f:87:43:41:0e:c9:30:86:8c:
                    47:0f:87:96:46:57:cb:64:3e:5e:dc:65:3c:8a:9d:
                    55:29:b1:82:2a:a6:f9:74:84:6c:6f:a0:87:c5:49:
                    ab:63:09:cf:2d:67:a4:8a:54:ce:82:ac:33:1b:24:
                    43:2e:b8:ac:47:5c:b7:e8:a7:5a:80:67:76:23:97:
                    da:78:9c:57:3c:84:a0:09:34:be:a3:0f:e3:42:18:
                    1e:2a:e3:76:ec:f8:9c:63:37:0c:82:65:c8:c6:37:
                    20:45:4a:b8:98:42:22:b2:b1:36:0f:2f:00:45:fa:
                    c4:b0:bd:da:4e:53:2e:7a:1f:05:ad:6c:82:56:e1:
                    e6:e7:c6:40:23:fe:c9:d7:8f:59:14:48:ec:2c:94:
                    aa:c6:04:a2:3a:02:a7:60:4a:c6:86:88:c0:06:73:
                    a6:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:6A:EA:A7:0B:A6:86:D9:AF:48:45:FA:DE:51:7F:8D:20:82:22:A2
            X509v3 Authority Key Identifier:
                keyid:42:56:0F:C1:CF:6B:97:46:67:37:C3:02:71:23:FA:12:0B:19:54:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QlYPwc9rl0ZnN8MCcSP6EgsZVNU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/fb073f-6b38-4ecb-b96f-2c2079d916ad/1/s2rqpwumhtmvSEX63lF_jSCCIqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/fb073f-6b38-4ecb-b96f-2c2079d916ad/1/QlYPwc9rl0ZnN8MCcSP6EgsZVNU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.18.32.0/24
                  185.59.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         14:b4:5b:e0:07:e4:f8:c1:41:1f:ab:0f:43:9e:c7:77:48:ae:
         35:a6:60:94:8e:c7:39:e1:1e:c9:34:51:66:37:e3:15:02:44:
         c4:a4:46:19:42:b3:52:8f:cd:e0:90:b8:ef:c4:b3:4a:3a:8f:
         a8:f3:2d:a5:88:8f:bb:c5:ee:22:e5:7d:ac:ca:62:48:5f:7a:
         d0:91:b2:5f:3d:fa:7c:8f:f7:9f:5e:98:5d:b0:4e:21:e3:07:
         01:80:22:7d:2c:1e:dc:c4:81:a7:d4:1f:8f:4f:4e:37:3f:d0:
         1c:ee:01:69:1c:77:98:0c:3d:ce:69:1a:5f:c4:1e:a2:ef:65:
         9d:97:d0:f3:18:51:0e:f0:f2:2d:63:c4:df:93:97:b0:0f:38:
         2c:5b:a5:bb:19:0e:fb:98:ca:1f:26:91:57:79:b1:4a:00:07:
         e2:70:fa:3f:18:cc:b7:0d:f8:de:86:30:4c:40:b2:a4:ef:74:
         48:45:c2:d9:c1:27:f8:f3:4b:a0:40:ac:65:46:4c:a5:11:7d:
         ca:b3:1e:0c:fe:3e:2b:31:aa:4e:d9:73:db:6b:db:6a:f8:e1:
         32:35:41:31:4c:37:32:20:d8:28:87:50:23:97:51:3a:59:35:
         e2:2b:5f:0b:b1:3e:79:2e:12:41:62:81:4e:4c:5b:6f:a1:53:
         0d:6b:09:50
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH7ZaXC6GoD8H19TWoTu0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNTYwZmMxY2Y2Yjk3NDY2NzM3YzMwMjcxMjNmYTEyMGIx
OTU0ZDUwHhcNMjUwMTAxMTM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzZhZWFhNzBiYTY4NmQ5YWY0ODQ1ZmFkZTUxN2Y4ZDIwODIyMmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsobdXW2uudjI0QxG/YlP3nfmeCN
5AQpUJnQKizWG9friUQoKBMyTAmqQI9Hn0Z9J/RS9DVovjC3pn6t3Mo8ItwA5L7X
PaAqUy48K34ge8Ply80+U9jhTMt7wjLjOtdfh0NBDskwhoxHD4eWRlfLZD5e3GU8
ip1VKbGCKqb5dIRsb6CHxUmrYwnPLWekilTOgqwzGyRDLrisR1y36KdagGd2I5fa
eJxXPISgCTS+ow/jQhgeKuN27PicYzcMgmXIxjcgRUq4mEIisrE2Dy8ARfrEsL3a
TlMueh8FrWyCVuHm58ZAI/7J149ZFEjsLJSqxgSiOgKnYErGhojABnOmKQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLNq6qcLpobZr0hF+t5Rf40ggiKiMB8GA1UdIwQY
MBaAFEJWD8HPa5dGZzfDAnEj+hILGVTVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWxZUHdjOXJsMFpuTjhNQ2NTUDZFZ3NaVk5VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9mYjA3M2YtNmIzOC00ZWNiLWI5NmYt
MmMyMDc5ZDkxNmFkLzEvczJycXB3dW1odG12U0VYNjNsRl9qU0NDSXFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9mYjA3M2YtNmIzOC00ZWNiLWI5NmYtMmMyMDc5ZDkxNmFk
LzEvUWxZUHdjOXJsMFpuTjhNQ2NTUDZFZ3NaVk5VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALhIgAwQC
uTsQMA0GCSqGSIb3DQEBCwUAA4IBAQAUtFvgB+T4wUEfqw9Dnsd3SK41pmCUjsc5
4R7JNFFmN+MVAkTEpEYZQrNSj83gkLjvxLNKOo+o8y2liI+7xe4i5X2symJIX3rQ
kbJfPfp8j/efXphdsE4h4wcBgCJ9LB7cxIGn1B+PT043P9Ac7gFpHHeYDD3OaRpf
xB6i72Wdl9DzGFEO8PItY8Tfk5ewDzgsW6W7GQ77mMofJpFXebFKAAficPo/GMy3
DfjehjBMQLKk73RIRcLZwSf480ugQKxlRkylEX3Ksx4M/j4rMapO2XPba9tq+OEy
NUExTDcyINgoh1Ajl1E6WTXiK18LsT55LhJBYoFOTFtvoVMNawlQ
-----END CERTIFICATE-----