Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/47IDj-Ak1jrVSqUp12LdxdbpsXI.roa
File:                     47IDj-Ak1jrVSqUp12LdxdbpsXI.roa (raw, json)
Hash identifier:          QNKYfZboyMSnpOub7YmKDwiRMC1qgA41ElzReZYlJRg=
Subject key identifier:   E3:B2:03:8F:E0:24:D6:3A:D5:4A:A5:29:D7:62:DD:C5:D6:E9:B1:72
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       018CC49246BE282851203F58DDF3CFEB3CFF
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/47IDj-Ak1jrVSqUp12LdxdbpsXI.roa
Signing time:             Mon 01 Jan 2024 10:29:29 +0000
ROA not before:           Mon 01 Jan 2024 10:29:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207046
IP address blocks:        185.232.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:46:be:28:28:51:20:3f:58:dd:f3:cf:eb:3c:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Jan  1 10:29:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e3b2038fe024d63ad54aa529d762ddc5d6e9b172
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:d9:a5:cc:d4:58:f9:58:0d:76:41:df:03:4d:
                    a6:eb:25:b2:f5:3e:7c:52:f1:8e:e7:56:4c:f2:36:
                    a9:78:7d:e3:77:0a:60:e7:4c:36:14:1e:e6:2b:0e:
                    b3:be:5c:cc:5f:a5:62:b6:65:0d:c7:ee:51:ce:20:
                    8d:4a:e9:9c:01:6d:a9:c6:f3:61:76:52:d4:c0:61:
                    bd:e5:26:a8:79:09:f3:66:1d:24:6a:0f:78:85:47:
                    c7:84:d9:9f:f6:0c:08:d4:ab:5e:9f:d0:ec:01:00:
                    b8:6b:f2:1c:6f:b3:ee:42:59:bb:24:ce:28:ec:9f:
                    7c:2f:a3:c7:15:f0:a0:90:d5:66:66:51:be:7b:30:
                    45:7b:27:5a:c0:9b:0f:3d:05:58:fe:af:fd:74:6f:
                    c4:f9:4a:93:55:82:51:76:95:36:14:2c:32:05:dd:
                    bd:48:8a:d3:f3:16:5f:e3:ae:37:89:ad:a2:f2:23:
                    91:98:0b:28:a4:55:22:11:86:69:10:6a:6d:70:fa:
                    f5:2d:b2:29:30:79:56:5c:cc:d1:d7:d5:c1:01:8e:
                    5b:be:8a:97:25:2d:31:45:33:ca:24:4f:87:f2:c0:
                    d6:6f:73:7e:80:e2:db:33:4b:02:69:36:b5:db:21:
                    2d:78:86:0e:dd:80:df:75:c1:f6:81:00:47:e5:e2:
                    76:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:B2:03:8F:E0:24:D6:3A:D5:4A:A5:29:D7:62:DD:C5:D6:E9:B1:72
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/47IDj-Ak1jrVSqUp12LdxdbpsXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:3e:0f:a8:6d:89:7e:66:38:47:c0:20:fb:5f:ad:57:fb:ad:
         0a:d9:2d:2c:83:e0:b3:d0:0c:71:dd:10:52:26:7c:bd:20:3a:
         08:9d:ba:01:44:f5:b7:fa:c3:e6:ff:1f:15:b9:ae:82:aa:bd:
         07:4f:b6:f6:8b:b7:99:05:b4:26:c6:1a:7c:96:26:e7:6f:9f:
         79:d0:ce:8e:81:e5:36:fa:d5:2d:53:fb:35:58:71:c4:7e:95:
         54:a3:db:62:5a:eb:c5:60:46:8d:f3:5b:cf:84:c3:23:9b:6a:
         f0:80:54:f9:db:9f:77:fe:7b:4c:ed:31:b3:7c:2d:27:f0:55:
         8d:13:23:2c:d4:2e:58:82:03:4f:95:7c:17:37:be:01:e5:65:
         88:eb:01:06:b4:de:ed:09:0d:c2:7e:45:5d:fb:7e:3e:2a:1c:
         ac:f0:2a:48:68:5d:a5:8a:02:d7:96:d3:a7:ed:b6:62:75:97:
         a8:aa:49:fb:e3:34:de:94:1f:68:16:92:de:39:5f:b0:45:45:
         d1:b4:32:ff:dd:03:20:55:58:b3:de:7c:79:76:3d:e4:5a:03:
         d1:2d:02:e9:3e:ab:f2:fd:7b:a5:08:2f:90:2e:1f:69:b6:cc:
         32:25:37:f5:61:9d:2f:3c:54:8b:db:34:9a:3d:23:df:2d:31:
         14:ea:7a:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkka+KChRID9Y3fPP6zz/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwMTAxMTAyOTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2IyMDM4ZmUwMjRkNjNhZDU0YWE1MjlkNzYyZGRjNWQ2ZTliMTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9mlzNRY+VgNdkHfA02m6yWy9T58
UvGO51ZM8japeH3jdwpg50w2FB7mKw6zvlzMX6VitmUNx+5RziCNSumcAW2pxvNh
dlLUwGG95SaoeQnzZh0kag94hUfHhNmf9gwI1Kten9DsAQC4a/Icb7PuQlm7JM4o
7J98L6PHFfCgkNVmZlG+ezBFeydawJsPPQVY/q/9dG/E+UqTVYJRdpU2FCwyBd29
SIrT8xZf4643ia2i8iORmAsopFUiEYZpEGptcPr1LbIpMHlWXMzR19XBAY5bvoqX
JS0xRTPKJE+H8sDWb3N+gOLbM0sCaTa12yEteIYO3YDfdcH2gQBH5eJ2BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOOyA4/gJNY61UqlKddi3cXW6bFyMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvNDdJRGotQWsxanJWU3FVcDEyTGR4ZGJwc1hJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuegpMA0G
CSqGSIb3DQEBCwUAA4IBAQAKPg+obYl+ZjhHwCD7X61X+60K2S0sg+Cz0Axx3RBS
Jny9IDoInboBRPW3+sPm/x8Vua6Cqr0HT7b2i7eZBbQmxhp8libnb5950M6OgeU2
+tUtU/s1WHHEfpVUo9tiWuvFYEaN81vPhMMjm2rwgFT52593/ntM7TGzfC0n8FWN
EyMs1C5YggNPlXwXN74B5WWI6wEGtN7tCQ3CfkVd+34+Khys8CpIaF2ligLXltOn
7bZidZeoqkn74zTelB9oFpLeOV+wRUXRtDL/3QMgVViz3nx5dj3kWgPRLQLpPqvy
/XulCC+QLh9ptswyJTf1YZ0vPFSL2zSaPSPfLTEU6no3
-----END CERTIFICATE-----