Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/435d88-371e-4f86-a90a-cfbbc14671a3/1/oDPFQQWqjr-Uu8dd_N5hadL_FEk.roa
File:                     oDPFQQWqjr-Uu8dd_N5hadL_FEk.roa (raw, json)
Hash identifier:          CDGfxzy86vr4MlxKU7Gii3NV90F7siFci9Esa7k+7JI=
Subject key identifier:   A0:33:C5:41:05:AA:8E:BF:94:BB:C7:5D:FC:DE:61:69:D2:FF:14:49
Certificate issuer:       /CN=fd0c6b2bd29d3168487c9ec5fde4c3fc42d9cfbe
Certificate serial:       018CC7273A7B53A15D33B9103C3F4EFA5749
Authority key identifier: FD:0C:6B:2B:D2:9D:31:68:48:7C:9E:C5:FD:E4:C3:FC:42:D9:CF:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_QxrK9KdMWhIfJ7F_eTD_ELZz74.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/435d88-371e-4f86-a90a-cfbbc14671a3/1/oDPFQQWqjr-Uu8dd_N5hadL_FEk.roa
Signing time:             Mon 01 Jan 2024 22:31:26 +0000
ROA not before:           Mon 01 Jan 2024 22:31:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198957
IP address blocks:        46.30.136.0/24 maxlen: 24
                          46.30.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/435d88-371e-4f86-a90a-cfbbc14671a3/1/_QxrK9KdMWhIfJ7F_eTD_ELZz74.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/435d88-371e-4f86-a90a-cfbbc14671a3/1/_QxrK9KdMWhIfJ7F_eTD_ELZz74.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_QxrK9KdMWhIfJ7F_eTD_ELZz74.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:3a:7b:53:a1:5d:33:b9:10:3c:3f:4e:fa:57:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd0c6b2bd29d3168487c9ec5fde4c3fc42d9cfbe
        Validity
            Not Before: Jan  1 22:31:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a033c54105aa8ebf94bbc75dfcde6169d2ff1449
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:86:fe:58:e8:28:58:d8:3f:b0:dc:36:6e:90:
                    62:48:b2:36:92:95:0a:75:61:8e:e5:41:44:c0:77:
                    c1:d1:50:76:43:b6:9e:72:89:ee:46:4e:73:a4:bb:
                    08:d3:d9:ef:1f:d5:d0:61:fe:25:84:b5:90:05:8f:
                    be:4b:05:1f:d4:6b:62:8a:04:00:70:34:56:34:8c:
                    0a:ab:7a:5e:ff:e4:a9:84:1c:03:4a:d2:d1:17:54:
                    ce:6c:e2:00:d5:12:19:b4:09:c4:3d:af:38:fb:62:
                    fc:f8:d2:b9:d8:bc:d7:fc:0e:68:ca:38:44:ee:b6:
                    b3:fe:2f:21:14:30:d0:b3:10:3a:6a:f1:74:c0:48:
                    86:ad:a0:bb:b2:3c:1c:3f:ed:70:5a:fe:30:3c:b0:
                    23:ed:4d:2f:81:90:7c:05:0b:a2:7f:79:df:13:73:
                    c1:37:d8:94:a7:2d:1f:cd:b2:1f:b4:2e:5b:77:93:
                    34:ab:6e:0f:5d:32:f7:32:97:e9:85:1a:73:31:01:
                    f6:98:02:f7:c4:59:61:bc:0c:5d:cf:d1:ea:3f:4f:
                    92:47:8b:ae:30:5d:1b:5c:70:e5:73:05:8f:a6:d5:
                    35:71:97:0f:ac:0a:ee:6c:d9:68:77:27:f7:9b:16:
                    a2:a9:23:59:a3:51:4a:e3:7d:2f:cc:ea:64:97:bf:
                    b6:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:33:C5:41:05:AA:8E:BF:94:BB:C7:5D:FC:DE:61:69:D2:FF:14:49
            X509v3 Authority Key Identifier:
                keyid:FD:0C:6B:2B:D2:9D:31:68:48:7C:9E:C5:FD:E4:C3:FC:42:D9:CF:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_QxrK9KdMWhIfJ7F_eTD_ELZz74.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/435d88-371e-4f86-a90a-cfbbc14671a3/1/oDPFQQWqjr-Uu8dd_N5hadL_FEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/435d88-371e-4f86-a90a-cfbbc14671a3/1/_QxrK9KdMWhIfJ7F_eTD_ELZz74.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.30.136.0/24
                  46.30.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:5d:76:89:3d:90:ef:23:b8:27:32:0b:e1:50:cc:82:b4:a2:
         36:4a:89:cb:a3:c0:e4:ff:bc:71:ad:4d:2c:2d:6f:80:f9:e1:
         81:be:de:9c:d6:2a:0a:51:3e:a2:35:3a:a4:4d:85:99:16:6f:
         68:68:bd:46:a4:39:6b:37:7f:9d:f6:e3:4c:1d:5b:1d:17:e0:
         d7:f2:62:5f:20:bd:a6:35:f1:aa:7b:de:7e:67:00:bd:bd:fe:
         63:c9:1d:2f:36:9e:c2:39:74:ca:3e:24:1f:a6:18:41:2b:86:
         8c:13:64:a7:b5:30:40:cd:98:2c:82:22:44:ae:c4:91:6f:3f:
         c1:0a:ec:9a:a2:1c:57:e7:6c:cc:14:be:eb:ac:38:a3:9a:f5:
         6d:93:b3:52:74:f6:b2:8f:2f:04:17:62:b0:9a:3c:2a:cb:ab:
         27:3f:a0:00:70:d0:04:dc:88:8e:e2:3e:84:58:74:8f:aa:e9:
         7b:dd:35:aa:64:9d:ae:7c:2e:cf:be:63:82:21:12:40:32:33:
         d2:55:72:08:43:fa:a6:c7:f0:81:6c:e8:d7:28:f7:a8:b8:5a:
         3e:e7:be:36:a4:6c:f9:d8:f3:80:88:e1:0b:76:dc:f6:3e:36:
         c4:15:ea:a7:a4:c5:de:21:49:57:f7:20:ee:80:42:ea:4d:6d:
         aa:92:8e:60
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJzp7U6FdM7kQPD9O+ldJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkMGM2YjJiZDI5ZDMxNjg0ODdjOWVjNWZkZTRjM2ZjNDJk
OWNmYmUwHhcNMjQwMTAxMjIzMTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDMzYzU0MTA1YWE4ZWJmOTRiYmM3NWRmY2RlNjE2OWQyZmYxNDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ob+WOgoWNg/sNw2bpBiSLI2kpUK
dWGO5UFEwHfB0VB2Q7aeconuRk5zpLsI09nvH9XQYf4lhLWQBY++SwUf1GtiigQA
cDRWNIwKq3pe/+SphBwDStLRF1TObOIA1RIZtAnEPa84+2L8+NK52LzX/A5oyjhE
7raz/i8hFDDQsxA6avF0wEiGraC7sjwcP+1wWv4wPLAj7U0vgZB8BQuif3nfE3PB
N9iUpy0fzbIftC5bd5M0q24PXTL3MpfphRpzMQH2mAL3xFlhvAxdz9HqP0+SR4uu
MF0bXHDlcwWPptU1cZcPrArubNlodyf3mxaiqSNZo1FK430vzOpkl7+2VwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKAzxUEFqo6/lLvHXfzeYWnS/xRJMB8GA1UdIwQY
MBaAFP0MayvSnTFoSHyexf3kw/xC2c++MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1F4cks5S2RNV2hJZko3Rl9lVERfRUxaejc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi80MzVkODgtMzcxZS00Zjg2LWE5MGEt
Y2ZiYmMxNDY3MWEzLzEvb0RQRlFRV3Fqci1VdThkZF9ONWhhZExfRkVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi80MzVkODgtMzcxZS00Zjg2LWE5MGEtY2ZiYmMxNDY3MWEz
LzEvX1F4cks5S2RNV2hJZko3Rl9lVERfRUxaejc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALh6IAwQA
Lh6MMA0GCSqGSIb3DQEBCwUAA4IBAQBdXXaJPZDvI7gnMgvhUMyCtKI2SonLo8Dk
/7xxrU0sLW+A+eGBvt6c1ioKUT6iNTqkTYWZFm9oaL1GpDlrN3+d9uNMHVsdF+DX
8mJfIL2mNfGqe95+ZwC9vf5jyR0vNp7COXTKPiQfphhBK4aME2SntTBAzZgsgiJE
rsSRbz/BCuyaohxX52zMFL7rrDijmvVtk7NSdPayjy8EF2Kwmjwqy6snP6AAcNAE
3IiO4j6EWHSPqul73TWqZJ2ufC7PvmOCIRJAMjPSVXIIQ/qmx/CBbOjXKPeouFo+
5742pGz52POAiOELdtz2PjbEFeqnpMXeIUlX9yDugELqTW2qko5g
-----END CERTIFICATE-----