Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/c6a4fe-a760-4c4c-81b0-53ab88c5f2c7/1/pEnb4rAfp1cPd-Q3m_y_Ks7d_dw.roa
File:                     pEnb4rAfp1cPd-Q3m_y_Ks7d_dw.roa (raw, json)
Hash identifier:          08xbKyTdfVfSaJBY1dPcfjv7LfhGlobT5MUsGhFrfjI=
Subject key identifier:   A4:49:DB:E2:B0:1F:A7:57:0F:77:E4:37:9B:FC:BF:2A:CE:DD:FD:DC
Certificate issuer:       /CN=f7f4902d240b25d7eb77f4f02e24f233f44a9a13
Certificate serial:       018CC94D7E9524E97ACEC09BE6B6F749AF67
Authority key identifier: F7:F4:90:2D:24:0B:25:D7:EB:77:F4:F0:2E:24:F2:33:F4:4A:9A:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9_SQLSQLJdfrd_TwLiTyM_RKmhM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/71/c6a4fe-a760-4c4c-81b0-53ab88c5f2c7/1/pEnb4rAfp1cPd-Q3m_y_Ks7d_dw.roa
Signing time:             Tue 02 Jan 2024 08:32:28 +0000
ROA not before:           Tue 02 Jan 2024 08:32:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197441
IP address blocks:        46.23.0.0/20 maxlen: 24
                          2a02:7000::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/71/c6a4fe-a760-4c4c-81b0-53ab88c5f2c7/1/9_SQLSQLJdfrd_TwLiTyM_RKmhM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/71/c6a4fe-a760-4c4c-81b0-53ab88c5f2c7/1/9_SQLSQLJdfrd_TwLiTyM_RKmhM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9_SQLSQLJdfrd_TwLiTyM_RKmhM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 02:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:7e:95:24:e9:7a:ce:c0:9b:e6:b6:f7:49:af:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7f4902d240b25d7eb77f4f02e24f233f44a9a13
        Validity
            Not Before: Jan  2 08:32:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a449dbe2b01fa7570f77e4379bfcbf2aceddfddc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ff:bc:4c:d0:d9:7e:97:80:25:80:f9:ab:23:
                    ad:a4:3c:2c:d1:16:18:a1:c1:6e:cd:65:14:df:a6:
                    f8:a7:10:1f:02:e2:b7:47:59:04:5a:cd:2e:e4:35:
                    a9:a8:e8:49:f1:ec:67:ca:8f:19:36:aa:7e:ea:c7:
                    2e:23:0c:7f:99:4d:f7:cb:fc:f1:67:7e:6c:16:20:
                    dd:a5:9d:9d:98:06:51:02:46:0f:67:ed:b9:f6:f3:
                    56:37:25:ab:ab:29:cb:95:e6:04:d5:37:17:ae:82:
                    52:da:ef:90:58:13:a7:5d:81:9f:3c:54:48:0f:f3:
                    b4:65:88:0a:a4:c2:a0:d3:45:78:42:4b:4f:2d:4b:
                    cf:7d:c0:fa:e5:9b:bf:82:89:0a:6c:aa:1e:bd:7f:
                    a0:65:a7:8f:1e:17:a3:ee:e1:a1:03:64:24:09:5c:
                    bc:06:5a:28:90:38:67:da:4a:e1:aa:51:51:c2:d2:
                    35:0e:f3:ab:3d:ed:35:ab:2c:67:76:67:ca:0e:90:
                    e0:96:a9:5b:64:b5:cd:5b:29:15:0b:df:27:87:0a:
                    0a:52:73:15:9d:ed:19:b4:f7:03:be:14:a2:18:38:
                    cd:2a:75:18:91:96:fc:8c:e2:c1:2b:e6:0c:bb:23:
                    cf:18:d3:97:5e:f6:42:7e:5e:44:85:c1:4f:b9:81:
                    9e:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A4:49:DB:E2:B0:1F:A7:57:0F:77:E4:37:9B:FC:BF:2A:CE:DD:FD:DC
            X509v3 Authority Key Identifier:
                keyid:F7:F4:90:2D:24:0B:25:D7:EB:77:F4:F0:2E:24:F2:33:F4:4A:9A:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9_SQLSQLJdfrd_TwLiTyM_RKmhM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/c6a4fe-a760-4c4c-81b0-53ab88c5f2c7/1/pEnb4rAfp1cPd-Q3m_y_Ks7d_dw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/71/c6a4fe-a760-4c4c-81b0-53ab88c5f2c7/1/9_SQLSQLJdfrd_TwLiTyM_RKmhM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.23.0.0/20
                IPv6:
                  2a02:7000::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:b6:2d:f1:8c:3e:18:a1:ff:55:9d:3b:4b:8e:94:cc:5e:65:
         ca:6a:f7:43:f5:1e:61:c0:41:a8:94:18:5f:b4:6d:e3:29:c7:
         bc:b2:ef:d6:9b:fe:f7:39:1a:15:63:46:e4:19:76:45:3b:a4:
         83:27:60:dc:e1:79:da:b5:5e:1f:f6:18:71:1d:db:9c:58:0c:
         a4:5a:f6:d1:b0:38:03:41:53:24:98:de:42:bb:c5:82:dd:49:
         ed:71:47:30:3a:b2:cb:47:8c:06:08:d0:62:2a:e4:84:2a:a6:
         01:05:49:a2:3f:69:7d:da:52:55:bb:31:3d:88:d5:fa:52:0a:
         fd:8d:05:5f:02:7b:b4:6e:34:41:e1:38:52:01:c2:4f:d2:a8:
         23:eb:a8:c7:79:74:54:57:9d:d1:02:8d:3c:9c:9c:71:bd:ca:
         1c:34:8b:19:27:3e:57:b4:5b:1c:1d:75:a0:ee:cd:f9:88:32:
         de:8d:e2:a5:bb:39:d6:3f:79:5a:94:b6:2c:66:9d:b5:3c:56:
         8a:9e:c5:ed:a5:d0:67:09:61:17:ec:9a:39:11:bb:0e:ea:71:
         24:1d:6d:5e:59:a2:84:f3:a1:2d:95:4d:68:81:b9:61:a8:5d:
         0f:9a:9e:74:b9:c8:a9:a8:00:2f:47:96:7e:6c:d9:33:46:d3:
         71:b0:43:77
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTX6VJOl6zsCb5rb3Sa9nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3ZjQ5MDJkMjQwYjI1ZDdlYjc3ZjRmMDJlMjRmMjMzZjQ0
YTlhMTMwHhcNMjQwMTAyMDgzMjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDQ5ZGJlMmIwMWZhNzU3MGY3N2U0Mzc5YmZjYmYyYWNlZGRmZGRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzP+8TNDZfpeAJYD5qyOtpDws0RYY
ocFuzWUU36b4pxAfAuK3R1kEWs0u5DWpqOhJ8exnyo8ZNqp+6scuIwx/mU33y/zx
Z35sFiDdpZ2dmAZRAkYPZ+259vNWNyWrqynLleYE1TcXroJS2u+QWBOnXYGfPFRI
D/O0ZYgKpMKg00V4QktPLUvPfcD65Zu/gokKbKoevX+gZaePHhej7uGhA2QkCVy8
BlookDhn2krhqlFRwtI1DvOrPe01qyxndmfKDpDglqlbZLXNWykVC98nhwoKUnMV
ne0ZtPcDvhSiGDjNKnUYkZb8jOLBK+YMuyPPGNOXXvZCfl5EhcFPuYGepQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKRJ2+KwH6dXD3fkN5v8vyrO3f3cMB8GA1UdIwQY
MBaAFPf0kC0kCyXX63f08C4k8jP0SpoTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOV9TUUxTUUxKZGZyZF9Ud0xpVHlNX1JLbWhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS9jNmE0ZmUtYTc2MC00YzRjLTgxYjAt
NTNhYjg4YzVmMmM3LzEvcEVuYjRyQWZwMWNQZC1RM21feV9LczdkX2R3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS9jNmE0ZmUtYTc2MC00YzRjLTgxYjAtNTNhYjg4YzVmMmM3
LzEvOV9TUUxTUUxKZGZyZF9Ud0xpVHlNX1JLbWhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQELhcAMA0E
AgACMAcDBQAqAnAAMA0GCSqGSIb3DQEBCwUAA4IBAQApti3xjD4Yof9VnTtLjpTM
XmXKavdD9R5hwEGolBhftG3jKce8su/Wm/73ORoVY0bkGXZFO6SDJ2Dc4XnatV4f
9hhxHducWAykWvbRsDgDQVMkmN5Cu8WC3UntcUcwOrLLR4wGCNBiKuSEKqYBBUmi
P2l92lJVuzE9iNX6Ugr9jQVfAnu0bjRB4ThSAcJP0qgj66jHeXRUV53RAo08nJxx
vcocNIsZJz5XtFscHXWg7s35iDLejeKluznWP3lalLYsZp21PFaKnsXtpdBnCWEX
7Jo5EbsO6nEkHW1eWaKE86EtlU1ogblhqF0Pmp50ucipqAAvR5Z+bNkzRtNxsEN3
-----END CERTIFICATE-----