Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/M3Vx5hZFVMOqsZbqB64n3zKM1l4.roa
File:                     M3Vx5hZFVMOqsZbqB64n3zKM1l4.roa (raw, json)
Hash identifier:          Je9mxIbUjpzdpZtZnYCm0gdkd6XaDPU0fCJCGiI1CuY=
Subject key identifier:   33:75:71:E6:16:45:54:C3:AA:B1:96:EA:07:AE:27:DF:32:8C:D6:5E
Certificate issuer:       /CN=d4375814344df0bf6d017733acdc488f002631b2
Certificate serial:       018CC3B6D5B3E7C80B442BD46AE9BB717648
Authority key identifier: D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/M3Vx5hZFVMOqsZbqB64n3zKM1l4.roa
Signing time:             Mon 01 Jan 2024 06:29:48 +0000
ROA not before:           Mon 01 Jan 2024 06:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42926
IP address blocks:        46.8.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 00:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d5:b3:e7:c8:0b:44:2b:d4:6a:e9:bb:71:76:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4375814344df0bf6d017733acdc488f002631b2
        Validity
            Not Before: Jan  1 06:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=337571e6164554c3aab196ea07ae27df328cd65e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:72:b8:6d:5b:10:57:89:15:31:ef:a8:fd:e0:
                    fb:3a:6b:79:29:59:12:16:7d:cb:ed:66:75:52:dc:
                    b1:d0:ec:3d:45:dc:b7:17:42:b9:ba:3a:47:6d:bd:
                    e7:f3:72:6e:4e:c0:da:50:31:3b:06:c0:a6:d9:95:
                    25:16:e4:06:c1:a1:ed:72:6f:e3:66:6b:dc:bf:e1:
                    6c:37:d2:a3:f6:f9:83:38:54:4e:f5:a1:3a:42:d8:
                    14:94:1e:8f:d1:5b:4a:6f:c4:3c:b9:66:87:5d:81:
                    83:ff:0f:2a:1f:dc:63:97:02:68:8d:2b:f2:a1:39:
                    df:6d:5f:92:3a:5f:c1:ed:15:7e:0c:81:8d:f4:a2:
                    a7:14:e9:e1:3c:18:38:df:e5:44:6d:fd:bb:e2:f7:
                    1e:bf:a1:ff:0d:a6:09:fd:5b:5e:e4:8b:3c:67:96:
                    b1:4f:ef:53:86:87:04:b7:c3:bd:2b:4a:e7:7d:2f:
                    b0:f4:55:3a:dd:e2:a5:61:87:68:1c:06:c7:6b:60:
                    8d:56:9a:ce:58:58:e6:67:6b:de:32:bd:cf:aa:7a:
                    54:b0:8e:77:49:b6:4b:1a:70:4f:3f:f2:1e:18:53:
                    39:02:ee:56:ee:69:5c:4a:28:d3:c8:02:53:12:42:
                    90:f3:6d:7d:71:19:60:10:f6:2f:74:8f:68:27:a5:
                    b7:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:75:71:E6:16:45:54:C3:AA:B1:96:EA:07:AE:27:DF:32:8C:D6:5E
            X509v3 Authority Key Identifier:
                keyid:D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/M3Vx5hZFVMOqsZbqB64n3zKM1l4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:41:3f:f8:10:38:56:f4:2d:fe:36:df:d6:c8:1d:91:a0:df:
         4d:7f:9d:c4:b4:e5:a2:77:92:0e:48:55:ab:53:c5:ad:75:16:
         0b:1a:f2:98:c8:96:ae:88:35:35:d9:9f:93:9b:f4:ec:f3:ea:
         4e:ba:7e:36:36:98:b8:3b:a9:eb:61:ad:95:4b:4b:e1:a8:d9:
         cf:d7:d3:07:16:97:3e:bf:05:20:ea:48:38:63:87:67:fb:2b:
         ab:77:2c:8f:2a:78:d9:d2:7f:ef:e8:23:16:05:e8:fa:d8:57:
         44:7e:26:14:1e:c6:42:ca:73:38:d6:5f:0a:bd:94:92:da:47:
         3f:cc:0e:2d:d4:b6:9c:a4:7b:20:96:c6:bf:98:b2:9e:b0:1e:
         48:ac:18:c2:35:1d:f4:43:49:2c:0f:13:94:52:91:b2:de:85:
         1f:53:91:9f:2b:73:26:aa:8b:8a:bb:a4:8c:84:76:d5:da:b1:
         d6:c7:52:ce:8b:bb:3e:c8:c1:a1:00:b4:fe:6e:45:b2:5d:49:
         12:b6:e6:6c:9a:30:f4:61:8f:f9:c8:58:ad:07:74:2d:d1:7d:
         e9:ca:5f:7f:8e:3e:cf:01:58:6a:43:4c:72:c5:db:01:33:97:
         08:00:8c:ea:ff:16:f1:8d:94:b7:4d:74:0a:52:b6:a7:f3:c7:
         94:bb:60:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttWz58gLRCvUaum7cXZIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Mzc1ODE0MzQ0ZGYwYmY2ZDAxNzczM2FjZGM0ODhmMDAy
NjMxYjIwHhcNMjQwMTAxMDYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzc1NzFlNjE2NDU1NGMzYWFiMTk2ZWEwN2FlMjdkZjMyOGNkNjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh3K4bVsQV4kVMe+o/eD7Omt5KVkS
Fn3L7WZ1Utyx0Ow9Rdy3F0K5ujpHbb3n83JuTsDaUDE7BsCm2ZUlFuQGwaHtcm/j
Zmvcv+FsN9Kj9vmDOFRO9aE6QtgUlB6P0VtKb8Q8uWaHXYGD/w8qH9xjlwJojSvy
oTnfbV+SOl/B7RV+DIGN9KKnFOnhPBg43+VEbf274vcev6H/DaYJ/Vte5Is8Z5ax
T+9ThocEt8O9K0rnfS+w9FU63eKlYYdoHAbHa2CNVprOWFjmZ2veMr3PqnpUsI53
SbZLGnBPP/IeGFM5Au5W7mlcSijTyAJTEkKQ8219cRlgEPYvdI9oJ6W36wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDN1ceYWRVTDqrGW6geuJ98yjNZeMB8GA1UdIwQY
MBaAFNQ3WBQ0TfC/bQF3M6zcSI8AJjGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2Yt
MzY3MWQ2N2ViOWY4LzEvTTNWeDVoWkZWTU9xc1picUI2NG4zektNMWw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2YtMzY3MWQ2N2ViOWY4
LzEvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALgjCMA0G
CSqGSIb3DQEBCwUAA4IBAQA+QT/4EDhW9C3+Nt/WyB2RoN9Nf53EtOWid5IOSFWr
U8WtdRYLGvKYyJauiDU12Z+Tm/Ts8+pOun42Npi4O6nrYa2VS0vhqNnP19MHFpc+
vwUg6kg4Y4dn+yurdyyPKnjZ0n/v6CMWBej62FdEfiYUHsZCynM41l8KvZSS2kc/
zA4t1LacpHsglsa/mLKesB5IrBjCNR30Q0ksDxOUUpGy3oUfU5GfK3MmqouKu6SM
hHbV2rHWx1LOi7s+yMGhALT+bkWyXUkStuZsmjD0YY/5yFitB3Qt0X3pyl9/jj7P
AVhqQ0xyxdsBM5cIAIzq/xbxjZS3TXQKUran88eUu2Bf
-----END CERTIFICATE-----