Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/84/675704-8d7d-47fa-82e4-afe8cd94a8d9/1/Q4vfk4RDlA8jHA8c9ZTsBWF22Y0.roa
File:                     Q4vfk4RDlA8jHA8c9ZTsBWF22Y0.roa (raw, json)
Hash identifier:          8+0VJZF4siLH6tOJiyx2SUTX6Yk0/8RZ8F6tC4NutCA=
Subject key identifier:   43:8B:DF:93:84:43:94:0F:23:1C:0F:1C:F5:94:EC:05:61:76:D9:8D
Certificate issuer:       /CN=2c6d462d6584e3da1ff251554a345e49c6ad0fb1
Certificate serial:       018CC4253AB1799FD24016F873C23846C7B7
Authority key identifier: 2C:6D:46:2D:65:84:E3:DA:1F:F2:51:55:4A:34:5E:49:C6:AD:0F:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LG1GLWWE49of8lFVSjReScatD7E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/84/675704-8d7d-47fa-82e4-afe8cd94a8d9/1/Q4vfk4RDlA8jHA8c9ZTsBWF22Y0.roa
Signing time:             Mon 01 Jan 2024 08:30:23 +0000
ROA not before:           Mon 01 Jan 2024 08:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35267
IP address blocks:        45.93.198.0/24 maxlen: 24
                          45.93.199.0/24 maxlen: 24
                          45.93.196.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/84/675704-8d7d-47fa-82e4-afe8cd94a8d9/1/LG1GLWWE49of8lFVSjReScatD7E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/84/675704-8d7d-47fa-82e4-afe8cd94a8d9/1/LG1GLWWE49of8lFVSjReScatD7E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LG1GLWWE49of8lFVSjReScatD7E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:3a:b1:79:9f:d2:40:16:f8:73:c2:38:46:c7:b7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c6d462d6584e3da1ff251554a345e49c6ad0fb1
        Validity
            Not Before: Jan  1 08:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=438bdf938443940f231c0f1cf594ec056176d98d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:59:0a:1f:55:49:4f:95:3b:2a:6b:24:31:7f:
                    c8:37:60:5e:93:6b:c0:ab:11:79:0d:86:99:c9:04:
                    e7:13:69:de:40:d9:86:02:d3:c7:e3:3b:9a:4d:0f:
                    8a:e7:50:60:9d:a3:e2:d2:3c:9d:aa:65:ad:3f:4e:
                    69:30:f7:12:4a:e7:85:04:cb:0f:d2:6f:0f:63:71:
                    ce:fd:0e:97:89:11:99:8e:b9:3c:e3:14:3f:4f:21:
                    d7:f5:16:1c:2b:48:a3:43:c0:97:49:98:c7:2c:75:
                    e6:d5:91:9e:fc:50:19:07:88:08:0b:d4:2a:13:ad:
                    a5:f6:82:e4:e9:51:51:55:18:89:91:c4:18:d9:16:
                    55:75:3c:fc:5f:ab:a9:09:67:04:3c:a1:eb:94:e0:
                    9c:0b:0d:c2:53:e4:64:53:75:7a:7e:68:9f:5c:3f:
                    ef:35:ce:3f:ba:e1:99:47:4b:7e:96:07:c9:25:ba:
                    7a:59:90:b1:1f:ee:cd:25:32:c3:d4:0f:59:4a:64:
                    9f:dd:9a:db:30:ed:9f:5d:9d:b0:38:5c:ed:aa:fd:
                    f1:29:81:65:b9:91:a8:7b:72:0f:20:6c:f3:fe:2f:
                    d7:8e:d0:f5:a6:2c:7e:bf:01:03:7d:6e:38:d6:97:
                    8e:50:c1:78:52:db:c0:52:36:52:8c:94:62:d9:80:
                    c8:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:8B:DF:93:84:43:94:0F:23:1C:0F:1C:F5:94:EC:05:61:76:D9:8D
            X509v3 Authority Key Identifier:
                keyid:2C:6D:46:2D:65:84:E3:DA:1F:F2:51:55:4A:34:5E:49:C6:AD:0F:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LG1GLWWE49of8lFVSjReScatD7E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/84/675704-8d7d-47fa-82e4-afe8cd94a8d9/1/Q4vfk4RDlA8jHA8c9ZTsBWF22Y0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/84/675704-8d7d-47fa-82e4-afe8cd94a8d9/1/LG1GLWWE49of8lFVSjReScatD7E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         84:b3:21:d9:4e:97:20:52:9a:31:27:dd:0d:b9:37:66:69:37:
         03:0a:f0:86:d6:86:c3:c4:87:0d:5f:e4:ae:25:bc:c4:1d:1e:
         cf:16:52:63:31:d0:e1:ec:85:c3:53:cd:1c:0e:7f:61:e9:43:
         e8:12:c2:12:1d:8b:0b:76:44:a6:e0:ca:b8:ba:1b:06:1c:9f:
         79:65:0d:47:95:97:b8:26:5f:bd:d7:61:16:bd:15:77:8a:bd:
         47:53:ff:83:0b:8d:19:5a:b5:cd:92:0a:25:92:a2:ed:da:24:
         e3:c5:c7:20:be:9d:db:74:d3:1d:a4:51:90:e8:1b:41:35:75:
         96:5f:57:bc:d0:13:d1:c4:db:8d:27:af:12:2b:e9:47:78:eb:
         41:fd:cf:06:4b:56:4e:d1:8e:67:f1:3b:39:55:94:b9:12:01:
         e1:c0:16:38:b6:86:af:f3:6a:2f:67:11:a8:fd:1b:75:89:ec:
         5d:fe:de:51:0b:28:e1:55:1c:d3:d5:7c:af:1c:0a:e5:10:e2:
         f3:ac:4f:00:90:57:41:45:64:5e:5b:43:f9:f0:59:14:f8:c9:
         50:07:d7:6c:d7:01:f1:77:86:4a:cd:e4:09:9a:e4:03:87:1f:
         7e:61:b9:df:49:9e:b6:c2:95:f5:d7:a2:64:eb:0c:7f:44:1e:
         75:e6:f5:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJTqxeZ/SQBb4c8I4Rse3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNmQ0NjJkNjU4NGUzZGExZmYyNTE1NTRhMzQ1ZTQ5YzZh
ZDBmYjEwHhcNMjQwMTAxMDgzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzhiZGY5Mzg0NDM5NDBmMjMxYzBmMWNmNTk0ZWMwNTYxNzZkOThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkVkKH1VJT5U7KmskMX/IN2Bek2vA
qxF5DYaZyQTnE2neQNmGAtPH4zuaTQ+K51BgnaPi0jydqmWtP05pMPcSSueFBMsP
0m8PY3HO/Q6XiRGZjrk84xQ/TyHX9RYcK0ijQ8CXSZjHLHXm1ZGe/FAZB4gIC9Qq
E62l9oLk6VFRVRiJkcQY2RZVdTz8X6upCWcEPKHrlOCcCw3CU+RkU3V6fmifXD/v
Nc4/uuGZR0t+lgfJJbp6WZCxH+7NJTLD1A9ZSmSf3ZrbMO2fXZ2wOFztqv3xKYFl
uZGoe3IPIGzz/i/XjtD1pix+vwEDfW441peOUMF4UtvAUjZSjJRi2YDIgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEOL35OEQ5QPIxwPHPWU7AVhdtmNMB8GA1UdIwQY
MBaAFCxtRi1lhOPaH/JRVUo0XknGrQ+xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEcxR0xXV0U0OW9mOGxGVlNqUmVTY2F0RDdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NC82NzU3MDQtOGQ3ZC00N2ZhLTgyZTQt
YWZlOGNkOTRhOGQ5LzEvUTR2Zms0UkRsQThqSEE4YzlaVHNCV0YyMlkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NC82NzU3MDQtOGQ3ZC00N2ZhLTgyZTQtYWZlOGNkOTRhOGQ5
LzEvTEcxR0xXV0U0OW9mOGxGVlNqUmVTY2F0RDdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLV3EMA0G
CSqGSIb3DQEBCwUAA4IBAQCEsyHZTpcgUpoxJ90NuTdmaTcDCvCG1obDxIcNX+Su
JbzEHR7PFlJjMdDh7IXDU80cDn9h6UPoEsISHYsLdkSm4Mq4uhsGHJ95ZQ1HlZe4
Jl+912EWvRV3ir1HU/+DC40ZWrXNkgolkqLt2iTjxccgvp3bdNMdpFGQ6BtBNXWW
X1e80BPRxNuNJ68SK+lHeOtB/c8GS1ZO0Y5n8Ts5VZS5EgHhwBY4toav82ovZxGo
/Rt1iexd/t5RCyjhVRzT1XyvHArlEOLzrE8AkFdBRWReW0P58FkU+MlQB9ds1wHx
d4ZKzeQJmuQDhx9+YbnfSZ62wpX116Jk6wx/RB515vV0
-----END CERTIFICATE-----