Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/znoaFyuYMQ5xC9RwGFXYnq_2Qzo.roa
File:                     znoaFyuYMQ5xC9RwGFXYnq_2Qzo.roa (raw, json)
Hash identifier:          2Yu9BTiaAIU2K7j4Unk6U6fT5IviFDz3Aw7du7s0Lc4=
Subject key identifier:   CE:7A:1A:17:2B:98:31:0E:71:0B:D4:70:18:55:D8:9E:AF:F6:43:3A
Certificate issuer:       /CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
Certificate serial:       018CC348FB88A3D4FECD6E6C9B50CE80D43A
Authority key identifier: 46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/znoaFyuYMQ5xC9RwGFXYnq_2Qzo.roa
Signing time:             Mon 01 Jan 2024 04:29:49 +0000
ROA not before:           Mon 01 Jan 2024 04:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49053
IP address blocks:        185.62.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:fb:88:a3:d4:fe:cd:6e:6c:9b:50:ce:80:d4:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=46ba3f80039b9e784cfb24bf2c7ddb24e1900a76
        Validity
            Not Before: Jan  1 04:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce7a1a172b98310e710bd4701855d89eaff6433a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:3b:76:d7:38:fb:a8:d5:d0:c5:d8:ba:69:0c:
                    00:c1:87:fb:70:75:50:d1:b6:e1:0c:f4:59:54:de:
                    b1:d8:5f:ae:09:c6:26:db:8a:f6:ea:2e:c4:c6:3a:
                    21:5a:34:af:01:f5:ea:da:d5:77:a8:12:2c:fd:48:
                    1a:b4:41:62:84:6e:13:2c:b9:e0:61:c1:96:01:75:
                    5b:e2:93:33:29:75:34:a9:8c:78:0b:5c:4c:81:50:
                    3a:a1:f1:c0:79:8e:a9:c7:2f:3f:46:5b:2c:08:e0:
                    4e:95:84:91:a9:c9:c4:89:2d:6e:4f:7d:f2:14:2f:
                    28:f9:c3:7c:47:af:ce:37:6c:b7:dc:26:90:ce:cf:
                    5a:82:dd:87:84:47:4a:ad:bd:8c:23:57:fc:16:66:
                    92:ae:be:a0:2c:24:33:68:99:f6:36:24:54:f0:b7:
                    06:1d:af:75:eb:90:6a:1f:95:ca:19:f1:37:8c:13:
                    10:a6:20:21:ef:f1:c9:70:ec:a9:5e:05:e7:fb:3a:
                    6c:83:dd:d2:97:47:de:f6:f6:59:17:2b:b3:9f:6b:
                    fc:1d:be:3b:50:a8:81:db:93:c6:2c:ee:c9:96:ae:
                    5e:87:5c:e6:b1:43:90:fa:4d:02:08:3d:a0:d5:ec:
                    9a:68:b5:90:92:92:cd:f2:b1:71:d8:05:d6:d6:76:
                    89:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:7A:1A:17:2B:98:31:0E:71:0B:D4:70:18:55:D8:9E:AF:F6:43:3A
            X509v3 Authority Key Identifier:
                keyid:46:BA:3F:80:03:9B:9E:78:4C:FB:24:BF:2C:7D:DB:24:E1:90:0A:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rro_gAObnnhM-yS_LH3bJOGQCnY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/znoaFyuYMQ5xC9RwGFXYnq_2Qzo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/cfa2ae-e524-4bd0-875b-89ace38220fb/1/Rro_gAObnnhM-yS_LH3bJOGQCnY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.62.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:a3:af:bb:b1:72:0b:ac:df:b5:61:7e:66:fe:24:07:61:7a:
         99:86:1c:87:bb:59:f5:ed:7d:5e:01:5d:ef:1f:d9:43:98:b5:
         9f:3c:ce:b3:27:e8:de:db:f1:1e:52:b4:36:0c:ff:11:0c:65:
         a0:ce:df:bb:d3:28:57:30:e0:83:47:09:e7:2e:51:d6:ab:2a:
         bb:b9:20:25:9f:8c:72:c7:54:f4:b6:55:f6:49:6c:53:25:6c:
         00:1d:60:e4:fe:76:8a:2d:3b:19:b3:8a:64:d8:f4:38:57:ab:
         8c:7b:2c:44:09:e3:35:1a:6e:e5:5e:83:d2:8a:b2:4b:f8:82:
         88:31:7b:9b:0d:44:70:c8:b5:b3:26:29:72:8d:cf:66:c5:09:
         dd:6c:ce:77:54:66:67:e0:67:23:b2:b9:74:39:f7:7d:70:47:
         94:3e:25:a7:7e:04:b6:94:9e:25:4a:af:25:79:b2:c8:3c:ff:
         9c:14:93:84:d5:33:77:6c:72:4a:47:cb:32:2e:2a:fd:fa:05:
         77:0c:df:86:7f:4f:24:b2:85:8c:83:b0:d1:1b:47:2c:52:50:
         a3:c3:db:79:16:54:06:21:34:47:5a:61:17:a0:01:2c:64:bf:
         be:59:6d:c0:f2:2f:50:d6:09:f5:07:72:f5:a8:67:3d:39:12:
         8d:d6:b8:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSPuIo9T+zW5sm1DOgNQ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2YmEzZjgwMDM5YjllNzg0Y2ZiMjRiZjJjN2RkYjI0ZTE5
MDBhNzYwHhcNMjQwMTAxMDQyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTdhMWExNzJiOTgzMTBlNzEwYmQ0NzAxODU1ZDg5ZWFmZjY0MzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2zt21zj7qNXQxdi6aQwAwYf7cHVQ
0bbhDPRZVN6x2F+uCcYm24r26i7ExjohWjSvAfXq2tV3qBIs/UgatEFihG4TLLng
YcGWAXVb4pMzKXU0qYx4C1xMgVA6ofHAeY6pxy8/RlssCOBOlYSRqcnEiS1uT33y
FC8o+cN8R6/ON2y33CaQzs9agt2HhEdKrb2MI1f8FmaSrr6gLCQzaJn2NiRU8LcG
Ha9165BqH5XKGfE3jBMQpiAh7/HJcOypXgXn+zpsg93Sl0fe9vZZFyuzn2v8Hb47
UKiB25PGLO7Jlq5eh1zmsUOQ+k0CCD2g1eyaaLWQkpLN8rFx2AXW1naJXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM56GhcrmDEOcQvUcBhV2J6v9kM6MB8GA1UdIwQY
MBaAFEa6P4ADm554TPskvyx92yThkAp2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWIt
ODlhY2UzODIyMGZiLzEvem5vYUZ5dVlNUTV4QzlSd0dGWFlucV8yUXpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9jZmEyYWUtZTUyNC00YmQwLTg3NWItODlhY2UzODIyMGZi
LzEvUnJvX2dBT2JubmhNLXlTX0xIM2JKT0dRQ25ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuT7LMA0G
CSqGSIb3DQEBCwUAA4IBAQCgo6+7sXILrN+1YX5m/iQHYXqZhhyHu1n17X1eAV3v
H9lDmLWfPM6zJ+je2/EeUrQ2DP8RDGWgzt+70yhXMOCDRwnnLlHWqyq7uSAln4xy
x1T0tlX2SWxTJWwAHWDk/naKLTsZs4pk2PQ4V6uMeyxECeM1Gm7lXoPSirJL+IKI
MXubDURwyLWzJilyjc9mxQndbM53VGZn4Gcjsrl0Ofd9cEeUPiWnfgS2lJ4lSq8l
ebLIPP+cFJOE1TN3bHJKR8syLir9+gV3DN+Gf08ksoWMg7DRG0csUlCjw9t5FlQG
ITRHWmEXoAEsZL++WW3A8i9Q1gn1B3L1qGc9ORKN1rgP
-----END CERTIFICATE-----