Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Rvx9tIvouoN0CaDl583QyQ1t4JA.roa
File:                     Rvx9tIvouoN0CaDl583QyQ1t4JA.roa (raw, json)
Hash identifier:          QVqgZusKlKsv601v6IKtZ4wnSPcpfQntDfb4tHXrvqU=
Subject key identifier:   46:FC:7D:B4:8B:E8:BA:83:74:09:A0:E5:E7:CD:D0:C9:0D:6D:E0:90
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018FEE112C645F1B0BFACC55C6EF070EB2BA
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Rvx9tIvouoN0CaDl583QyQ1t4JA.roa
Signing time:             Thu 06 Jun 2024 15:00:53 +0000
ROA not before:           Thu 06 Jun 2024 15:00:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        176.125.248.0/24 maxlen: 24
                          185.251.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:ee:11:2c:64:5f:1b:0b:fa:cc:55:c6:ef:07:0e:b2:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jun  6 15:00:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=46fc7db48be8ba837409a0e5e7cdd0c90d6de090
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:69:45:04:74:12:14:1e:c7:fa:3e:48:ea:9e:
                    c6:35:01:9a:1a:14:1a:78:b0:69:7c:4a:90:18:ee:
                    df:a8:6a:80:8d:c8:53:b8:a4:14:f1:2f:93:2d:7f:
                    d7:e2:7f:b1:d0:4b:7c:df:ab:63:d6:c9:ea:1a:cf:
                    d0:2b:e7:5d:54:18:4a:6a:58:5f:d1:5e:28:8e:bd:
                    80:00:9b:ea:47:d9:ca:c0:78:66:09:de:40:8b:69:
                    ae:a6:30:69:f6:28:6c:9d:b4:d8:51:85:83:6b:36:
                    35:cb:7c:02:8a:ce:94:b8:0b:01:6c:dd:11:32:cc:
                    ba:18:cc:46:c2:a4:76:27:c9:29:60:86:c8:7e:17:
                    7b:0d:6f:92:ca:85:33:d1:39:e4:0c:8c:72:af:d0:
                    b1:e3:bd:e5:52:36:6e:d0:74:bd:e7:f1:03:08:9c:
                    5a:00:ac:ae:7a:08:0e:e0:60:bb:d3:89:d6:57:75:
                    d4:3e:12:40:26:00:ae:2e:90:56:30:88:3b:8a:c1:
                    30:b3:07:73:52:cc:a9:73:34:2a:53:82:94:3b:e3:
                    da:8d:77:be:be:db:10:a1:47:93:4d:fc:0f:65:bb:
                    50:dc:03:b8:90:f1:5d:43:9d:2f:c0:58:5b:99:41:
                    13:db:21:1d:cb:c0:c8:4f:ff:85:5b:84:ca:b1:e9:
                    95:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:FC:7D:B4:8B:E8:BA:83:74:09:A0:E5:E7:CD:D0:C9:0D:6D:E0:90
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/Rvx9tIvouoN0CaDl583QyQ1t4JA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.125.248.0/24
                  185.251.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:4b:54:d7:8f:2e:fc:2d:07:d3:bb:db:6f:92:0d:30:a6:78:
         98:a9:b2:0e:2d:3b:0b:e0:ef:9e:2b:e4:8b:85:f8:55:3e:db:
         ef:3a:eb:ff:74:b1:12:c4:9c:09:99:4c:38:78:50:2a:db:80:
         34:57:d0:8b:3f:64:d8:93:57:dd:1d:ee:2b:f3:67:23:0b:1b:
         90:f3:2a:85:f7:3f:8c:4b:ac:78:60:e9:7b:6a:80:26:3d:a1:
         d0:f0:3f:f3:ff:59:c9:b7:6f:2e:48:5d:20:a4:62:8b:62:da:
         90:5a:1b:80:90:ae:c9:87:02:4d:5e:2e:e9:2c:44:ae:13:4a:
         ba:86:37:94:f3:5c:3b:8d:80:07:00:2e:f0:5c:1f:de:b1:5d:
         50:09:0c:46:b5:2d:8e:2e:a6:1d:56:22:76:3b:85:a3:e4:06:
         16:e3:bd:87:e1:c5:d1:6f:fb:4b:a4:d2:ce:a5:2d:8b:1d:ee:
         cf:d7:62:71:ae:ea:ad:58:09:89:0c:f1:de:80:34:97:80:9e:
         e6:f9:d2:22:b5:0b:e1:4e:9c:a4:e1:cb:73:5b:be:1d:da:dc:
         0b:6e:73:38:88:ed:f9:ff:98:55:7b:9b:29:08:4e:07:22:4a:
         51:dd:b9:de:ca:8e:69:e5:12:3f:09:56:92:62:4b:6e:9c:9a:
         6e:6d:e9:0a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY/uESxkXxsL+sxVxu8HDrK6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwNjA2MTUwMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmZjN2RiNDhiZThiYTgzNzQwOWEwZTVlN2NkZDBjOTBkNmRlMDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGlFBHQSFB7H+j5I6p7GNQGaGhQa
eLBpfEqQGO7fqGqAjchTuKQU8S+TLX/X4n+x0Et836tj1snqGs/QK+ddVBhKalhf
0V4ojr2AAJvqR9nKwHhmCd5Ai2mupjBp9ihsnbTYUYWDazY1y3wCis6UuAsBbN0R
Msy6GMxGwqR2J8kpYIbIfhd7DW+SyoUz0TnkDIxyr9Cx473lUjZu0HS95/EDCJxa
AKyueggO4GC704nWV3XUPhJAJgCuLpBWMIg7isEwswdzUsypczQqU4KUO+PajXe+
vtsQoUeTTfwPZbtQ3AO4kPFdQ50vwFhbmUET2yEdy8DIT/+FW4TKsemVQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEb8fbSL6LqDdAmg5efN0MkNbeCQMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvUnZ4OXRJdm91b04wQ2FEbDU4M1F5UTF0NEpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAsH34AwQA
ufvnMA0GCSqGSIb3DQEBCwUAA4IBAQB2S1TXjy78LQfTu9tvkg0wpniYqbIOLTsL
4O+eK+SLhfhVPtvvOuv/dLESxJwJmUw4eFAq24A0V9CLP2TYk1fdHe4r82cjCxuQ
8yqF9z+MS6x4YOl7aoAmPaHQ8D/z/1nJt28uSF0gpGKLYtqQWhuAkK7JhwJNXi7p
LESuE0q6hjeU81w7jYAHAC7wXB/esV1QCQxGtS2OLqYdViJ2O4Wj5AYW472H4cXR
b/tLpNLOpS2LHe7P12JxruqtWAmJDPHegDSXgJ7m+dIitQvhTpyk4ctzW74d2twL
bnM4iO35/5hVe5spCE4HIkpR3bneyo5p5RI/CVaSYktunJpubekK
-----END CERTIFICATE-----