Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/1be8cf-07ec-47cb-8f63-d3a06d1f5b4b/1/A1Kij3UmuqlYPUgtFwkRpc3mYFI.roa
File:                     A1Kij3UmuqlYPUgtFwkRpc3mYFI.roa (raw, json)
Hash identifier:          7eehR/MKaZhrxZxZgGixZL1BWxFDBQrZZYdPEfeskDw=
Subject key identifier:   03:52:A2:8F:75:26:BA:A9:58:3D:48:2D:17:09:11:A5:CD:E6:60:52
Certificate issuer:       /CN=dc849c7369e7e52c7051d21dba7298308be9c428
Certificate serial:       019420D5BB85AD3A0F95790C70E114D91888
Authority key identifier: DC:84:9C:73:69:E7:E5:2C:70:51:D2:1D:BA:72:98:30:8B:E9:C4:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3IScc2nn5SxwUdIdunKYMIvpxCg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/1be8cf-07ec-47cb-8f63-d3a06d1f5b4b/1/A1Kij3UmuqlYPUgtFwkRpc3mYFI.roa
Signing time:             Wed 01 Jan 2025 07:47:45 +0000
ROA not before:           Wed 01 Jan 2025 07:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        46.183.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/1be8cf-07ec-47cb-8f63-d3a06d1f5b4b/1/3IScc2nn5SxwUdIdunKYMIvpxCg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/1be8cf-07ec-47cb-8f63-d3a06d1f5b4b/1/3IScc2nn5SxwUdIdunKYMIvpxCg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3IScc2nn5SxwUdIdunKYMIvpxCg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:bb:85:ad:3a:0f:95:79:0c:70:e1:14:d9:18:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc849c7369e7e52c7051d21dba7298308be9c428
        Validity
            Not Before: Jan  1 07:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0352a28f7526baa9583d482d170911a5cde66052
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:3e:e1:77:7b:45:87:3d:2b:b9:bc:9c:ba:33:
                    5b:ca:48:51:7c:80:45:59:f0:40:28:95:33:99:73:
                    ab:ef:cc:e6:c1:78:02:f8:93:80:32:96:3d:f4:ff:
                    a7:ad:e3:46:ea:d9:da:22:1f:42:45:90:6b:c9:ca:
                    0e:69:80:a9:ef:6e:f1:40:a8:e4:09:3c:86:d2:71:
                    f1:cd:43:c2:5e:a7:83:a6:c8:e1:7f:2d:f9:a3:76:
                    7a:55:4d:c3:88:19:c3:63:ed:0a:a1:21:de:d2:47:
                    f3:2d:d9:8c:26:73:d4:6a:df:e0:25:c6:ef:ea:b2:
                    0a:1f:65:12:19:fb:d6:52:a6:51:97:5e:79:62:5e:
                    64:bc:21:f2:d6:44:14:1c:63:8d:c6:fd:a9:07:a9:
                    5a:bf:3b:0f:67:ce:bb:11:4c:9a:89:99:c1:b9:85:
                    e5:e7:2f:61:71:3e:dd:ab:0f:0c:07:01:c2:82:8a:
                    02:25:4d:a1:60:89:5e:0d:05:86:92:85:21:6e:95:
                    c2:51:e2:de:0d:56:a7:b0:a1:56:ac:d2:86:39:59:
                    b4:60:77:b0:29:09:3b:56:ea:d0:c8:f2:c0:73:96:
                    19:5e:5f:6f:08:44:cd:ce:0b:b1:b0:67:73:31:c3:
                    cc:bc:76:83:04:f2:29:06:36:75:1b:9e:97:f4:5c:
                    a6:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:52:A2:8F:75:26:BA:A9:58:3D:48:2D:17:09:11:A5:CD:E6:60:52
            X509v3 Authority Key Identifier:
                keyid:DC:84:9C:73:69:E7:E5:2C:70:51:D2:1D:BA:72:98:30:8B:E9:C4:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3IScc2nn5SxwUdIdunKYMIvpxCg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1be8cf-07ec-47cb-8f63-d3a06d1f5b4b/1/A1Kij3UmuqlYPUgtFwkRpc3mYFI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/1be8cf-07ec-47cb-8f63-d3a06d1f5b4b/1/3IScc2nn5SxwUdIdunKYMIvpxCg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:3a:11:be:04:3d:b9:30:0c:35:d1:c1:93:7b:0b:5d:6e:81:
         b8:02:58:55:d5:a8:fe:11:82:de:b7:99:40:b1:1a:97:b7:48:
         7d:54:36:d9:98:6e:e2:8d:fa:ca:7a:7b:bd:7e:bb:99:6f:64:
         56:1b:c4:3a:b6:c2:b5:82:53:a8:c6:1b:e0:eb:bf:ee:1f:fd:
         8e:c9:bd:75:62:d9:9a:57:36:cc:ed:6f:1a:01:4b:60:a4:ac:
         67:45:23:cc:d1:a8:d9:ce:66:27:7a:43:4b:96:52:e1:fb:1d:
         55:99:b0:e5:c5:42:b4:08:02:88:22:af:8d:d0:e6:c3:2c:47:
         5f:78:8b:2a:73:16:63:b4:d8:5e:16:a0:7f:ab:7e:0c:d7:44:
         f1:53:8e:b1:c6:7d:19:7a:fa:c3:83:98:a9:5e:c1:93:f6:08:
         53:a4:90:ae:d2:7a:7e:b8:57:37:40:3d:83:5f:28:6e:db:c3:
         8c:3c:19:83:b4:5e:02:54:e6:ff:db:fd:fa:df:4e:5e:70:96:
         8a:5f:b1:8f:32:e3:3a:8f:61:9a:21:04:e0:75:d4:03:68:59:
         00:78:9a:f2:5d:5c:09:df:f7:b8:69:93:75:98:e4:ec:9b:d2:
         c0:f5:5e:75:6f:e5:7b:9f:c2:70:2c:90:38:8a:29:5d:fb:6f:
         cb:e3:a1:fd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1buFrToPlXkMcOEU2RiIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjODQ5YzczNjllN2U1MmM3MDUxZDIxZGJhNzI5ODMwOGJl
OWM0MjgwHhcNMjUwMTAxMDc0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzUyYTI4Zjc1MjZiYWE5NTgzZDQ4MmQxNzA5MTFhNWNkZTY2MDUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArD7hd3tFhz0rubycujNbykhRfIBF
WfBAKJUzmXOr78zmwXgC+JOAMpY99P+nreNG6tnaIh9CRZBrycoOaYCp727xQKjk
CTyG0nHxzUPCXqeDpsjhfy35o3Z6VU3DiBnDY+0KoSHe0kfzLdmMJnPUat/gJcbv
6rIKH2USGfvWUqZRl155Yl5kvCHy1kQUHGONxv2pB6lavzsPZ867EUyaiZnBuYXl
5y9hcT7dqw8MBwHCgooCJU2hYIleDQWGkoUhbpXCUeLeDVansKFWrNKGOVm0YHew
KQk7VurQyPLAc5YZXl9vCETNzguxsGdzMcPMvHaDBPIpBjZ1G56X9Fym+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFANSoo91JrqpWD1ILRcJEaXN5mBSMB8GA1UdIwQY
MBaAFNyEnHNp5+UscFHSHbpymDCL6cQoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0lTY2Mybm41U3h3VWRJZHVuS1lNSXZweENnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8xYmU4Y2YtMDdlYy00N2NiLThmNjMt
ZDNhMDZkMWY1YjRiLzEvQTFLaWozVW11cWxZUFVndEZ3a1JwYzNtWUZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8xYmU4Y2YtMDdlYy00N2NiLThmNjMtZDNhMDZkMWY1YjRi
LzEvM0lTY2Mybm41U3h3VWRJZHVuS1lNSXZweENnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALrcvMA0G
CSqGSIb3DQEBCwUAA4IBAQCoOhG+BD25MAw10cGTewtdboG4AlhV1aj+EYLet5lA
sRqXt0h9VDbZmG7ijfrKenu9fruZb2RWG8Q6tsK1glOoxhvg67/uH/2Oyb11Ytma
VzbM7W8aAUtgpKxnRSPM0ajZzmYnekNLllLh+x1VmbDlxUK0CAKIIq+N0ObDLEdf
eIsqcxZjtNheFqB/q34M10TxU46xxn0ZevrDg5ipXsGT9ghTpJCu0np+uFc3QD2D
Xyhu28OMPBmDtF4CVOb/2/36305ecJaKX7GPMuM6j2GaIQTgddQDaFkAeJryXVwJ
3/e4aZN1mOTsm9LA9V51b+V7n8JwLJA4iild+2/L46H9
-----END CERTIFICATE-----