Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/OqiUKfVyJ4NSRRmBj-Tpnm0JywA.roa
File:                     OqiUKfVyJ4NSRRmBj-Tpnm0JywA.roa (raw, json)
Hash identifier:          GGJPeH4zNhMp5YhXdLVvX8V1LOoWtJ7C1cLvyT0rvmo=
Subject key identifier:   3A:A8:94:29:F5:72:27:83:52:45:19:81:8F:E4:E9:9E:6D:09:CB:00
Certificate issuer:       /CN=c105adc5c4262dff6b3f3e606830c7f971d766ce
Certificate serial:       018CC3B6D88F4574A25B8955488B13B4C9E3
Authority key identifier: C1:05:AD:C5:C4:26:2D:FF:6B:3F:3E:60:68:30:C7:F9:71:D7:66:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/OqiUKfVyJ4NSRRmBj-Tpnm0JywA.roa
Signing time:             Mon 01 Jan 2024 06:29:49 +0000
ROA not before:           Mon 01 Jan 2024 06:29:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25498
IP address blocks:        46.232.232.0/23 maxlen: 23
                          195.22.130.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:d8:8f:45:74:a2:5b:89:55:48:8b:13:b4:c9:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c105adc5c4262dff6b3f3e606830c7f971d766ce
        Validity
            Not Before: Jan  1 06:29:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3aa89429f5722783524519818fe4e99e6d09cb00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:b4:39:a2:3f:65:8e:74:2b:21:d4:69:48:0c:
                    1c:40:9a:af:be:c3:cc:38:8a:c9:20:76:a7:a9:5d:
                    34:d7:61:08:54:df:a8:cd:8d:60:2f:98:ea:38:6b:
                    32:15:7e:b3:81:fb:88:e4:99:f8:80:3f:a1:c9:46:
                    e1:ea:b6:0c:e8:c9:c3:65:69:43:1e:ab:3a:58:86:
                    8e:60:80:a9:06:52:15:d3:82:72:ec:3d:5d:ff:e3:
                    dd:6e:58:ed:a7:60:d5:0c:be:cc:b7:ce:83:af:df:
                    2e:aa:3d:a4:92:b0:08:79:bb:2f:8e:d9:88:24:a8:
                    ac:0e:fb:49:13:b4:98:c4:b9:d8:07:16:b0:f8:d7:
                    e6:b2:ef:be:71:41:53:b2:2b:78:64:9a:48:a3:d4:
                    ce:d7:2f:ca:cb:35:5e:2e:13:ac:b8:db:ae:cb:53:
                    63:07:c0:02:8a:cd:a7:06:11:d9:68:c7:0d:2d:86:
                    0a:56:4e:b9:53:93:53:40:a4:d2:fb:4c:9a:91:7e:
                    96:34:42:55:dd:a3:e2:7b:86:eb:5a:aa:58:54:37:
                    40:82:41:7b:19:6b:bd:8b:80:96:e1:bb:69:a3:b8:
                    31:aa:9a:cd:cb:27:ab:fc:a6:77:8d:4c:bc:aa:40:
                    3a:90:bb:8c:c3:06:f2:bc:e7:1b:e8:aa:76:cd:cd:
                    b1:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:A8:94:29:F5:72:27:83:52:45:19:81:8F:E4:E9:9E:6D:09:CB:00
            X509v3 Authority Key Identifier:
                keyid:C1:05:AD:C5:C4:26:2D:FF:6B:3F:3E:60:68:30:C7:F9:71:D7:66:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wQWtxcQmLf9rPz5gaDDH-XHXZs4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/OqiUKfVyJ4NSRRmBj-Tpnm0JywA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c49172-f8da-4128-8689-515845e6c317/1/wQWtxcQmLf9rPz5gaDDH-XHXZs4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.232.232.0/23
                  195.22.130.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:8b:62:f3:7b:ab:14:5e:09:48:6b:3d:51:e5:1e:55:a5:a9:
         ce:a6:3b:b5:6e:48:a3:2e:37:ba:96:80:76:bf:a5:46:23:bf:
         8a:11:78:a7:7b:e3:c5:e2:21:f7:fb:af:2c:14:b5:21:77:6b:
         79:e5:41:0e:ca:51:ce:d2:ab:b1:3e:cc:6e:98:6c:53:17:40:
         86:b7:b7:4d:d2:e5:b5:2e:92:93:df:d5:68:21:2b:fb:d5:89:
         13:b2:66:f6:f9:2e:04:9d:cb:e8:05:5f:61:9b:5e:68:5d:a9:
         6a:85:51:dc:56:aa:77:e3:1a:af:8e:d8:fb:eb:1e:12:d7:8e:
         83:54:1b:53:8d:e6:3c:e8:78:f0:17:64:b3:33:24:6b:a7:7b:
         12:30:f2:db:04:ab:cb:68:93:1e:7a:92:1f:a5:8d:d8:7c:2b:
         8f:aa:7a:ee:5b:c1:7c:12:cb:b4:a0:f4:de:38:04:ed:80:6e:
         09:06:8f:c0:56:98:8c:83:34:6c:fc:93:8b:a4:66:6b:c2:89:
         4d:4b:4d:e2:c7:b7:4e:91:4f:87:0c:88:2e:57:3e:00:7f:66:
         28:e5:13:66:94:ac:10:75:5c:28:bc:92:e2:25:01:da:f1:dc:
         70:e7:01:00:7c:d3:53:60:cf:d4:02:6d:39:68:02:ac:0c:15:
         52:7a:9e:f0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDttiPRXSiW4lVSIsTtMnjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMDVhZGM1YzQyNjJkZmY2YjNmM2U2MDY4MzBjN2Y5NzFk
NzY2Y2UwHhcNMjQwMTAxMDYyOTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWE4OTQyOWY1NzIyNzgzNTI0NTE5ODE4ZmU0ZTk5ZTZkMDljYjAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAirQ5oj9ljnQrIdRpSAwcQJqvvsPM
OIrJIHanqV0012EIVN+ozY1gL5jqOGsyFX6zgfuI5Jn4gD+hyUbh6rYM6MnDZWlD
Hqs6WIaOYICpBlIV04Jy7D1d/+Pdbljtp2DVDL7Mt86Dr98uqj2kkrAIebsvjtmI
JKisDvtJE7SYxLnYBxaw+Nfmsu++cUFTsit4ZJpIo9TO1y/KyzVeLhOsuNuuy1Nj
B8ACis2nBhHZaMcNLYYKVk65U5NTQKTS+0yakX6WNEJV3aPie4brWqpYVDdAgkF7
GWu9i4CW4btpo7gxqprNyyer/KZ3jUy8qkA6kLuMwwbyvOcb6Kp2zc2x2wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDqolCn1cieDUkUZgY/k6Z5tCcsAMB8GA1UdIwQY
MBaAFMEFrcXEJi3/az8+YGgwx/lx12bOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1FXdHhjUW1MZjlyUHo1Z2FEREgtWEhYWnM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9jNDkxNzItZjhkYS00MTI4LTg2ODkt
NTE1ODQ1ZTZjMzE3LzEvT3FpVUtmVnlKNE5TUlJtQmotVHBubTBKeXdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9jNDkxNzItZjhkYS00MTI4LTg2ODktNTE1ODQ1ZTZjMzE3
LzEvd1FXdHhjUW1MZjlyUHo1Z2FEREgtWEhYWnM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLujoAwQB
wxaCMA0GCSqGSIb3DQEBCwUAA4IBAQBqi2Lze6sUXglIaz1R5R5VpanOpju1bkij
Lje6loB2v6VGI7+KEXine+PF4iH3+68sFLUhd2t55UEOylHO0quxPsxumGxTF0CG
t7dN0uW1LpKT39VoISv71YkTsmb2+S4EncvoBV9hm15oXalqhVHcVqp34xqvjtj7
6x4S146DVBtTjeY86HjwF2SzMyRrp3sSMPLbBKvLaJMeepIfpY3YfCuPqnruW8F8
Esu0oPTeOATtgG4JBo/AVpiMgzRs/JOLpGZrwolNS03ix7dOkU+HDIguVz4Af2Yo
5RNmlKwQdVwovJLiJQHa8dxw5wEAfNNTYM/UAm05aAKsDBVSep7w
-----END CERTIFICATE-----