Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/V_v7kjSpGBxPxEkVXi44rwrw9ZM.roa
File:                     V_v7kjSpGBxPxEkVXi44rwrw9ZM.roa (raw, json)
Hash identifier:          cqMxfLT0V0nZ6nUN7iAFFTBaMvQ4rbAOZACZQpmH4Rg=
Subject key identifier:   57:FB:FB:92:34:A9:18:1C:4F:C4:49:15:5E:2E:38:AF:0A:F0:F5:93
Certificate issuer:       /CN=885b857706dac54e20ca0d11bd6416cb634203b4
Certificate serial:       018CC7941DAF16236CEDDEA23E86D9C9D21C
Authority key identifier: 88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/V_v7kjSpGBxPxEkVXi44rwrw9ZM.roa
Signing time:             Tue 02 Jan 2024 00:30:21 +0000
ROA not before:           Tue 02 Jan 2024 00:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60144
IP address blocks:        46.8.190.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:1d:af:16:23:6c:ed:de:a2:3e:86:d9:c9:d2:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=885b857706dac54e20ca0d11bd6416cb634203b4
        Validity
            Not Before: Jan  2 00:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=57fbfb9234a9181c4fc449155e2e38af0af0f593
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:70:eb:1e:84:c2:68:72:05:51:d6:34:76:32:
                    9f:3b:b6:ed:30:0b:03:7d:32:e9:0b:50:a3:23:8d:
                    61:72:30:1d:4e:d1:53:88:67:c5:cd:04:19:b7:2c:
                    90:c0:44:c7:d5:a9:ee:fe:55:50:29:aa:1a:83:08:
                    48:55:71:35:f4:1e:33:be:61:5a:a2:7d:cb:b1:7f:
                    9e:8e:79:6c:ab:9c:19:0e:92:9a:31:64:8a:89:64:
                    d0:0a:c9:d6:7a:95:45:c8:8f:fa:5d:3d:e9:8d:74:
                    9b:b4:3b:e6:0f:a6:b0:dd:ff:41:65:1c:00:82:60:
                    a9:1d:71:a3:18:df:11:76:99:ae:34:d8:e5:9f:85:
                    e9:3d:f7:f5:30:4f:72:2a:95:92:52:34:16:90:99:
                    bb:a5:26:7a:67:85:e8:c5:87:89:63:bb:83:9c:a8:
                    60:7b:63:d2:ae:b8:ce:66:cd:9e:5c:8c:cc:6d:5e:
                    f6:37:10:09:32:0d:b8:bf:29:20:74:0a:71:09:a3:
                    d1:74:7d:27:40:c7:1a:a5:fb:59:25:b4:7e:e7:d9:
                    5a:99:37:b3:cd:17:33:ef:49:ce:98:9a:d1:f8:90:
                    ab:2f:68:e6:75:09:1a:8a:78:d2:39:50:1a:14:5d:
                    90:06:f4:97:e9:36:78:15:fc:2f:bf:77:7b:45:68:
                    df:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:FB:FB:92:34:A9:18:1C:4F:C4:49:15:5E:2E:38:AF:0A:F0:F5:93
            X509v3 Authority Key Identifier:
                keyid:88:5B:85:77:06:DA:C5:4E:20:CA:0D:11:BD:64:16:CB:63:42:03:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/V_v7kjSpGBxPxEkVXi44rwrw9ZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/321cdc-2143-4b5c-9733-16699c96dd5e/1/iFuFdwbaxU4gyg0RvWQWy2NCA7Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:78:c1:68:a1:06:92:1d:f1:89:d2:78:ba:d0:72:0b:4e:49:
         5b:37:0d:54:92:77:5c:ca:ed:15:68:19:6f:4d:59:92:b3:36:
         dd:92:35:56:48:b2:a8:e5:9e:ac:cd:51:ea:da:81:db:0c:98:
         80:3a:bf:fd:cc:f3:6c:1a:47:e8:31:39:2e:45:b8:1e:fc:92:
         f1:c2:7f:7c:ed:57:77:d6:24:f5:08:b2:29:02:8a:cf:9c:5d:
         c2:43:8b:94:3a:6a:d9:84:c5:0c:20:8c:8c:d9:80:b8:0c:4d:
         24:57:bd:2c:5c:3e:db:e5:26:20:20:9f:ef:14:df:02:2b:3b:
         88:59:02:ad:1d:df:d2:35:73:a9:8f:c7:21:33:db:06:7a:0c:
         0a:5d:35:21:ab:8c:1e:6b:f7:38:33:4f:a5:2f:ce:31:79:84:
         76:79:39:5d:59:bb:dd:73:ac:ab:69:f1:f6:4a:61:73:f5:1c:
         0a:7e:e7:9b:fb:9a:4f:00:92:39:6d:c9:2e:f4:77:73:3b:38:
         76:fb:95:80:60:f4:06:32:e5:fc:f7:94:17:7e:b9:4a:dc:73:
         85:6d:b3:0e:72:68:8e:27:07:d7:79:44:70:84:ad:24:15:a1:
         1b:1b:1b:c7:95:9c:68:64:00:ac:e1:c4:da:99:29:bc:56:c3:
         db:9a:aa:bc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlB2vFiNs7d6iPobZydIcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4NWI4NTc3MDZkYWM1NGUyMGNhMGQxMWJkNjQxNmNiNjM0
MjAzYjQwHhcNMjQwMTAyMDAzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2ZiZmI5MjM0YTkxODFjNGZjNDQ5MTU1ZTJlMzhhZjBhZjBmNTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnnDrHoTCaHIFUdY0djKfO7btMAsD
fTLpC1CjI41hcjAdTtFTiGfFzQQZtyyQwETH1anu/lVQKaoagwhIVXE19B4zvmFa
on3LsX+ejnlsq5wZDpKaMWSKiWTQCsnWepVFyI/6XT3pjXSbtDvmD6aw3f9BZRwA
gmCpHXGjGN8RdpmuNNjln4XpPff1ME9yKpWSUjQWkJm7pSZ6Z4XoxYeJY7uDnKhg
e2PSrrjOZs2eXIzMbV72NxAJMg24vykgdApxCaPRdH0nQMcapftZJbR+59lamTez
zRcz70nOmJrR+JCrL2jmdQkainjSOVAaFF2QBvSX6TZ4Ffwvv3d7RWjf4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFf7+5I0qRgcT8RJFV4uOK8K8PWTMB8GA1UdIwQY
MBaAFIhbhXcG2sVOIMoNEb1kFstjQgO0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMt
MTY2OTljOTZkZDVlLzEvVl92N2tqU3BHQnhQeEVrVlhpNDRyd3J3OVpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS8zMjFjZGMtMjE0My00YjVjLTk3MzMtMTY2OTljOTZkZDVl
LzEvaUZ1RmR3YmF4VTRneWcwUnZXUVd5Mk5DQTdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALgi+MA0G
CSqGSIb3DQEBCwUAA4IBAQAbeMFooQaSHfGJ0ni60HILTklbNw1Ukndcyu0VaBlv
TVmSszbdkjVWSLKo5Z6szVHq2oHbDJiAOr/9zPNsGkfoMTkuRbge/JLxwn987Vd3
1iT1CLIpAorPnF3CQ4uUOmrZhMUMIIyM2YC4DE0kV70sXD7b5SYgIJ/vFN8CKzuI
WQKtHd/SNXOpj8chM9sGegwKXTUhq4wea/c4M0+lL84xeYR2eTldWbvdc6yrafH2
SmFz9RwKfueb+5pPAJI5bcku9HdzOzh2+5WAYPQGMuX895QXfrlK3HOFbbMOcmiO
JwfXeURwhK0kFaEbGxvHlZxoZACs4cTamSm8VsPbmqq8
-----END CERTIFICATE-----