Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/7f997c-07cf-44c2-bdf0-66a329b6afad/1/qrsgFv1N400x51e1ZNYcrcMfTxs.roa
File:                     qrsgFv1N400x51e1ZNYcrcMfTxs.roa (raw, json)
Hash identifier:          5de49eBTbFVfaT0uxbbTyXdGAgW1af7n/xHyYtM31us=
Subject key identifier:   AA:BB:20:16:FD:4D:E3:4D:31:E7:57:B5:64:D6:1C:AD:C3:1F:4F:1B
Certificate issuer:       /CN=6d7701d5850491f50299ef93f2d7409b78cd6c96
Certificate serial:       018CC8DE9D5ED85C35705B9F2C56864F1E3C
Authority key identifier: 6D:77:01:D5:85:04:91:F5:02:99:EF:93:F2:D7:40:9B:78:CD:6C:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bXcB1YUEkfUCme-T8tdAm3jNbJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/7f997c-07cf-44c2-bdf0-66a329b6afad/1/qrsgFv1N400x51e1ZNYcrcMfTxs.roa
Signing time:             Tue 02 Jan 2024 06:31:21 +0000
ROA not before:           Tue 02 Jan 2024 06:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45014
IP address blocks:        46.175.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/7f997c-07cf-44c2-bdf0-66a329b6afad/1/bXcB1YUEkfUCme-T8tdAm3jNbJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/7f997c-07cf-44c2-bdf0-66a329b6afad/1/bXcB1YUEkfUCme-T8tdAm3jNbJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bXcB1YUEkfUCme-T8tdAm3jNbJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 12:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:9d:5e:d8:5c:35:70:5b:9f:2c:56:86:4f:1e:3c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d7701d5850491f50299ef93f2d7409b78cd6c96
        Validity
            Not Before: Jan  2 06:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=aabb2016fd4de34d31e757b564d61cadc31f4f1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c2:a6:b7:b2:8d:ca:41:d3:ec:56:a8:5d:e7:
                    60:eb:35:9e:02:32:39:99:cf:39:dd:7a:47:1e:c9:
                    85:60:6e:e1:c3:bc:51:18:de:ed:ba:a6:90:27:e0:
                    49:6c:5d:66:07:75:c2:9c:b5:41:54:6e:d2:c0:1a:
                    be:76:fb:32:8d:37:0b:06:0e:13:a6:d5:6a:a3:13:
                    26:a1:7c:30:d9:c8:92:07:22:43:ca:27:f2:5a:a9:
                    41:39:82:76:bf:2e:dd:4d:c5:16:2f:fa:9c:49:6b:
                    e3:10:1b:52:e9:d5:7e:02:ab:0f:e0:70:a4:31:84:
                    6a:fa:43:ba:ee:93:80:5a:26:12:01:f7:60:db:f3:
                    ed:60:08:d3:35:1c:45:73:66:8a:a7:ac:f9:fd:2a:
                    dd:f2:f9:08:b6:0a:fd:dd:41:c3:3c:90:bb:31:47:
                    e6:7a:64:b5:38:fa:a5:0e:b6:2a:d4:a4:ca:e7:fe:
                    f5:f9:10:72:55:a9:81:84:18:58:e6:45:07:df:09:
                    88:a3:a7:50:84:f0:da:7e:68:ad:39:9b:95:ed:68:
                    ea:13:50:9c:87:6e:b6:6d:87:f4:38:50:45:87:78:
                    8a:c1:a7:a3:2f:34:ba:41:30:81:02:af:73:9c:6c:
                    35:71:3f:9a:08:3b:20:0c:94:16:c8:52:06:84:3d:
                    9e:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:BB:20:16:FD:4D:E3:4D:31:E7:57:B5:64:D6:1C:AD:C3:1F:4F:1B
            X509v3 Authority Key Identifier:
                keyid:6D:77:01:D5:85:04:91:F5:02:99:EF:93:F2:D7:40:9B:78:CD:6C:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXcB1YUEkfUCme-T8tdAm3jNbJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/7f997c-07cf-44c2-bdf0-66a329b6afad/1/qrsgFv1N400x51e1ZNYcrcMfTxs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/7f997c-07cf-44c2-bdf0-66a329b6afad/1/bXcB1YUEkfUCme-T8tdAm3jNbJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.175.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:fa:f7:01:41:3d:b9:d6:d5:bf:ca:7f:b1:fa:58:9d:be:60:
         04:4a:62:4e:18:6d:7d:89:25:7c:6f:d9:75:36:94:49:b5:04:
         6d:f2:38:11:e3:a1:a5:81:e1:f6:76:42:f5:48:76:e6:35:32:
         d8:73:c8:7a:fb:aa:1c:07:73:ef:60:df:26:cc:5f:e8:b5:be:
         2a:de:ac:ad:cd:d3:22:9c:52:c3:b9:4c:a8:ae:90:12:d2:7d:
         a0:17:b7:06:01:1c:13:05:7a:cb:4e:53:00:2e:4d:43:b6:58:
         ce:57:7a:87:1f:f3:cd:ba:d2:5b:b4:44:72:32:17:3d:35:a5:
         b1:87:7b:1c:c4:7b:51:3e:82:24:17:40:9b:45:88:53:ad:6d:
         d4:3a:f6:2c:61:ad:12:22:b5:59:2f:1d:c0:58:97:1f:ff:7b:
         2b:59:07:31:bc:6c:13:35:52:eb:0c:f7:39:5b:81:b9:db:81:
         99:d8:ea:71:36:79:91:cd:88:a0:97:f3:a0:63:6d:b7:23:0d:
         c6:13:00:71:d2:7b:36:a0:55:4d:7b:47:e0:65:9d:ff:10:7a:
         35:9b:65:22:49:6f:d5:79:9a:f9:7d:2f:37:a4:9b:0b:c8:80:
         35:8e:6d:53:9e:5f:e1:9c:b1:68:6c:30:45:4f:83:89:02:ee:
         7d:92:24:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3p1e2Fw1cFufLFaGTx48MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzcwMWQ1ODUwNDkxZjUwMjk5ZWY5M2YyZDc0MDliNzhj
ZDZjOTYwHhcNMjQwMTAyMDYzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWJiMjAxNmZkNGRlMzRkMzFlNzU3YjU2NGQ2MWNhZGMzMWY0ZjFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMKmt7KNykHT7FaoXedg6zWeAjI5
mc853XpHHsmFYG7hw7xRGN7tuqaQJ+BJbF1mB3XCnLVBVG7SwBq+dvsyjTcLBg4T
ptVqoxMmoXww2ciSByJDyifyWqlBOYJ2vy7dTcUWL/qcSWvjEBtS6dV+AqsP4HCk
MYRq+kO67pOAWiYSAfdg2/PtYAjTNRxFc2aKp6z5/Srd8vkItgr93UHDPJC7MUfm
emS1OPqlDrYq1KTK5/71+RByVamBhBhY5kUH3wmIo6dQhPDafmitOZuV7WjqE1Cc
h262bYf0OFBFh3iKwaejLzS6QTCBAq9znGw1cT+aCDsgDJQWyFIGhD2exwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKq7IBb9TeNNMedXtWTWHK3DH08bMB8GA1UdIwQY
MBaAFG13AdWFBJH1Apnvk/LXQJt4zWyWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhjQjFZVUVrZlVDbWUtVDh0ZEFtM2pOYkpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi83Zjk5N2MtMDdjZi00NGMyLWJkZjAt
NjZhMzI5YjZhZmFkLzEvcXJzZ0Z2MU40MDB4NTFlMVpOWWNyY01mVHhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi83Zjk5N2MtMDdjZi00NGMyLWJkZjAtNjZhMzI5YjZhZmFk
LzEvYlhjQjFZVUVrZlVDbWUtVDh0ZEFtM2pOYkpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALq8NMA0G
CSqGSIb3DQEBCwUAA4IBAQAD+vcBQT251tW/yn+x+lidvmAESmJOGG19iSV8b9l1
NpRJtQRt8jgR46GlgeH2dkL1SHbmNTLYc8h6+6ocB3PvYN8mzF/otb4q3qytzdMi
nFLDuUyorpAS0n2gF7cGARwTBXrLTlMALk1DtljOV3qHH/PNutJbtERyMhc9NaWx
h3scxHtRPoIkF0CbRYhTrW3UOvYsYa0SIrVZLx3AWJcf/3srWQcxvGwTNVLrDPc5
W4G524GZ2OpxNnmRzYigl/OgY223Iw3GEwBx0ns2oFVNe0fgZZ3/EHo1m2UiSW/V
eZr5fS83pJsLyIA1jm1Tnl/hnLFobDBFT4OJAu59kiQr
-----END CERTIFICATE-----