Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/wqiNo3UmtCW1e_e9iCA8kGVCQ3Q.roa
File:                     wqiNo3UmtCW1e_e9iCA8kGVCQ3Q.roa (raw, json)
Hash identifier:          BtRvxJdAgL9lCR/HV6RuahxN9+3tduBkl+QMZd+SuxM=
Subject key identifier:   C2:A8:8D:A3:75:26:B4:25:B5:7B:F7:BD:88:20:3C:90:65:42:43:74
Certificate issuer:       /CN=d4375814344df0bf6d017733acdc488f002631b2
Certificate serial:       018CC3B6D66BF5D8387CE0DACF50A0B487D0
Authority key identifier: D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/wqiNo3UmtCW1e_e9iCA8kGVCQ3Q.roa
Signing time:             Mon 01 Jan 2024 06:29:48 +0000
ROA not before:           Mon 01 Jan 2024 06:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     137443
IP address blocks:        46.8.176.0/23 maxlen: 24
                          46.8.178.0/23 maxlen: 24
                          46.8.180.0/22 maxlen: 24
                          46.8.196.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d6:6b:f5:d8:38:7c:e0:da:cf:50:a0:b4:87:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4375814344df0bf6d017733acdc488f002631b2
        Validity
            Not Before: Jan  1 06:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c2a88da37526b425b57bf7bd88203c9065424374
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:89:39:5c:19:d7:dd:51:93:be:9c:e2:1c:98:
                    e5:9b:c8:4b:4f:fb:f2:09:e6:e8:e6:14:a5:52:04:
                    34:01:9d:15:ae:d5:17:21:e9:2e:7c:e9:55:ee:f4:
                    a1:60:61:c2:19:9b:63:51:61:3d:ff:a1:32:2c:8a:
                    ef:59:9b:40:0b:24:89:1e:6d:aa:ce:ec:aa:73:cb:
                    09:bd:52:ed:0f:61:d7:d3:c9:7d:25:f8:6c:a9:57:
                    e4:de:cc:6f:6b:7d:42:ec:13:1f:cc:76:f4:91:63:
                    32:c8:a5:c3:44:38:2b:bc:ce:74:25:4b:36:19:fa:
                    c5:d8:33:67:ca:9c:1c:f8:c8:07:66:5b:95:de:6b:
                    e0:7c:c7:db:8a:96:49:98:e3:19:cf:63:99:2b:a4:
                    3a:e4:08:35:77:93:60:25:4d:57:73:85:16:a6:03:
                    52:e1:5e:c4:ee:f9:e1:23:54:b8:8e:cc:11:c9:a6:
                    c0:6e:76:36:ad:24:84:6b:06:57:1e:a0:0c:41:c3:
                    c3:35:3d:f6:50:41:af:df:b8:58:61:ec:1a:d9:06:
                    1d:70:e3:96:4a:63:19:1a:ee:34:ef:39:24:95:1b:
                    e6:5a:47:82:6e:a5:77:2f:21:2b:63:4b:30:5a:24:
                    3a:e4:82:5f:7d:1a:fa:48:b3:bd:6e:2b:d6:df:76:
                    42:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:A8:8D:A3:75:26:B4:25:B5:7B:F7:BD:88:20:3C:90:65:42:43:74
            X509v3 Authority Key Identifier:
                keyid:D4:37:58:14:34:4D:F0:BF:6D:01:77:33:AC:DC:48:8F:00:26:31:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1DdYFDRN8L9tAXczrNxIjwAmMbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/wqiNo3UmtCW1e_e9iCA8kGVCQ3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/b24b2d-3523-422e-9bcf-3671d67eb9f8/1/1DdYFDRN8L9tAXczrNxIjwAmMbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.8.176.0/21
                  46.8.196.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0b:de:b2:bc:c9:45:71:05:5b:1b:a2:b9:04:a0:f8:24:dd:95:
         aa:72:05:5d:98:28:2c:cd:88:5c:26:39:93:82:58:63:dc:15:
         d0:73:a3:fc:83:5b:15:fd:68:5f:ca:97:2a:92:d7:d9:63:56:
         d1:b7:85:d0:1d:f1:20:f0:91:89:19:db:1f:81:53:f8:4e:49:
         1d:54:0c:86:09:a0:1e:64:d4:bd:fb:6b:1b:6f:1a:7f:5d:dd:
         e6:0a:db:56:7e:dc:ba:99:a9:09:ab:a0:77:43:d0:c4:03:ac:
         33:db:c5:91:d8:f6:b0:5a:a8:33:9b:ba:3b:e6:71:1d:44:de:
         f1:b6:2d:3e:8d:79:80:d1:d6:49:a0:8e:75:49:58:99:b0:17:
         37:4e:9c:b1:2e:5b:5d:94:24:cc:f6:ac:ea:a7:67:bc:cb:83:
         aa:46:80:f6:83:d5:01:38:78:6f:7b:05:8b:fe:46:c5:b6:ea:
         19:76:00:b0:65:f1:14:1d:0e:48:59:7e:3c:14:f4:b5:90:97:
         17:4a:52:94:1b:e4:ba:53:93:f2:81:b8:99:a5:e0:5d:45:52:
         a5:95:4f:fb:74:1b:97:53:41:11:91:fb:0d:62:d8:d7:0a:f5:
         4c:fa:b1:b2:5e:29:ce:cb:bd:2e:03:d1:e4:32:46:eb:a2:22:
         39:4d:7e:cd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDttZr9dg4fODaz1CgtIfQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0Mzc1ODE0MzQ0ZGYwYmY2ZDAxNzczM2FjZGM0ODhmMDAy
NjMxYjIwHhcNMjQwMTAxMDYyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMmE4OGRhMzc1MjZiNDI1YjU3YmY3YmQ4ODIwM2M5MDY1NDI0Mzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYk5XBnX3VGTvpziHJjlm8hLT/vy
Cebo5hSlUgQ0AZ0VrtUXIekufOlV7vShYGHCGZtjUWE9/6EyLIrvWZtACySJHm2q
zuyqc8sJvVLtD2HX08l9JfhsqVfk3sxva31C7BMfzHb0kWMyyKXDRDgrvM50JUs2
GfrF2DNnypwc+MgHZluV3mvgfMfbipZJmOMZz2OZK6Q65Ag1d5NgJU1Xc4UWpgNS
4V7E7vnhI1S4jswRyabAbnY2rSSEawZXHqAMQcPDNT32UEGv37hYYewa2QYdcOOW
SmMZGu407zkklRvmWkeCbqV3LyErY0swWiQ65IJffRr6SLO9bivW33ZCnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMKojaN1JrQltXv3vYggPJBlQkN0MB8GA1UdIwQY
MBaAFNQ3WBQ0TfC/bQF3M6zcSI8AJjGyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2Yt
MzY3MWQ2N2ViOWY4LzEvd3FpTm8zVW10Q1cxZV9lOWlDQThrR1ZDUTNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC9iMjRiMmQtMzUyMy00MjJlLTliY2YtMzY3MWQ2N2ViOWY4
LzEvMURkWUZEUk44TDl0QVhjenJOeElqd0FtTWJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLgiwAwQB
LgjEMA0GCSqGSIb3DQEBCwUAA4IBAQAL3rK8yUVxBVsborkEoPgk3ZWqcgVdmCgs
zYhcJjmTglhj3BXQc6P8g1sV/WhfypcqktfZY1bRt4XQHfEg8JGJGdsfgVP4Tkkd
VAyGCaAeZNS9+2sbbxp/Xd3mCttWfty6makJq6B3Q9DEA6wz28WR2PawWqgzm7o7
5nEdRN7xti0+jXmA0dZJoI51SViZsBc3TpyxLltdlCTM9qzqp2e8y4OqRoD2g9UB
OHhvewWL/kbFtuoZdgCwZfEUHQ5IWX48FPS1kJcXSlKUG+S6U5PygbiZpeBdRVKl
lU/7dBuXU0ERkfsNYtjXCvVM+rGyXinOy70uA9HkMkbroiI5TX7N
-----END CERTIFICATE-----