Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/8ZKbnPniu913SnjXvn3kXFXoTm0.roa
File:                     8ZKbnPniu913SnjXvn3kXFXoTm0.roa (raw, json)
Hash identifier:          5HixzWr+kvtOLRKOe0GySJFEoBIN8n7Szdz/SR3iCoA=
Subject key identifier:   F1:92:9B:9C:F9:E2:BB:DD:77:4A:78:D7:BE:7D:E4:5C:55:E8:4E:6D
Certificate issuer:       /CN=4e984a5a4b7808bb4ea32d310bdd07ecc9575113
Certificate serial:       019424B3DD04CAD2A10D71780C4DA2D56254
Authority key identifier: 4E:98:4A:5A:4B:78:08:BB:4E:A3:2D:31:0B:DD:07:EC:C9:57:51:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TphKWkt4CLtOoy0xC90H7MlXURM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/8ZKbnPniu913SnjXvn3kXFXoTm0.roa
Signing time:             Thu 02 Jan 2025 01:49:14 +0000
ROA not before:           Thu 02 Jan 2025 01:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28685
IP address blocks:        46.231.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/TphKWkt4CLtOoy0xC90H7MlXURM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/TphKWkt4CLtOoy0xC90H7MlXURM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TphKWkt4CLtOoy0xC90H7MlXURM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:dd:04:ca:d2:a1:0d:71:78:0c:4d:a2:d5:62:54
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e984a5a4b7808bb4ea32d310bdd07ecc9575113
        Validity
            Not Before: Jan  2 01:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f1929b9cf9e2bbdd774a78d7be7de45c55e84e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:d6:f8:98:bd:96:79:6a:ab:00:2d:20:4e:74:
                    10:06:35:6f:f3:fd:dd:6b:10:f2:c2:5f:cb:80:50:
                    b9:7e:6a:c5:3e:3e:cd:d9:99:55:78:ae:30:35:68:
                    c4:48:c7:01:f7:b7:c8:2c:40:31:7d:b2:4b:10:23:
                    cf:f2:65:d1:08:c0:0e:18:8d:82:e4:5b:ce:3f:a3:
                    60:f8:9e:1b:54:0a:b9:3a:60:b1:cc:91:35:2d:9b:
                    b3:c9:65:f2:62:e6:f3:08:6c:64:16:4e:25:fb:d2:
                    aa:28:c2:cf:1a:94:7b:dc:16:59:e2:44:a7:6a:77:
                    8d:f8:df:33:cb:de:59:3b:c6:bd:99:dc:49:41:cc:
                    ab:cd:61:bf:d8:02:11:0f:38:53:e4:f5:55:5f:ce:
                    d8:81:5a:cc:5d:42:20:29:60:c9:88:f3:05:0c:dc:
                    55:c1:8f:6f:2e:ce:f4:16:4f:4d:ea:c7:3b:9b:b4:
                    e2:93:5f:e5:ac:62:29:91:06:50:ab:3d:95:e2:14:
                    aa:d3:37:48:fc:25:3b:f6:38:62:de:42:19:4a:bf:
                    b1:fe:11:c6:99:a5:bc:6d:b4:c6:71:4c:4a:63:b2:
                    92:ef:73:86:ac:21:aa:6d:ca:5c:10:13:05:17:41:
                    5f:99:56:2e:ca:9d:e9:74:ee:84:02:3d:f0:5e:37:
                    32:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:92:9B:9C:F9:E2:BB:DD:77:4A:78:D7:BE:7D:E4:5C:55:E8:4E:6D
            X509v3 Authority Key Identifier:
                keyid:4E:98:4A:5A:4B:78:08:BB:4E:A3:2D:31:0B:DD:07:EC:C9:57:51:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TphKWkt4CLtOoy0xC90H7MlXURM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/8ZKbnPniu913SnjXvn3kXFXoTm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/41dec1-1eb1-49c7-9d50-ca595e34d5ac/1/TphKWkt4CLtOoy0xC90H7MlXURM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.231.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:45:29:f4:3f:d3:60:11:01:8b:3b:43:8e:62:b2:55:d8:22:
         61:a3:6f:1c:3c:c7:4d:e9:8f:d5:98:b0:1c:1d:db:36:35:25:
         1b:c1:b1:db:51:2b:8a:b1:a1:91:21:96:da:e2:e5:7d:fb:af:
         16:7b:15:bd:2e:f3:c6:4d:ea:d5:57:3d:cb:2e:07:a6:9a:63:
         38:f7:b3:e3:7f:e6:b2:12:16:44:ae:64:9d:dc:43:16:07:0a:
         c9:4e:b3:7b:7a:18:bb:2d:84:ef:6d:8d:b4:bd:d2:50:d2:8d:
         c2:d6:09:34:7e:76:58:48:37:67:8f:4e:62:90:7b:91:77:d7:
         59:6b:76:da:df:1f:f2:31:b6:0c:a4:ea:43:2c:5a:17:6f:b2:
         e3:cb:2a:41:67:1b:ec:a5:c6:80:3e:33:05:03:2a:31:18:30:
         7e:4e:c6:79:bd:02:22:c1:16:dd:df:5e:ac:f1:72:d3:c8:7e:
         7c:8b:85:09:f6:e6:ad:d6:72:43:89:e0:c2:47:f2:18:12:30:
         d2:dc:1e:32:45:ba:66:32:1b:95:46:af:3b:10:d8:75:f4:cc:
         7c:16:74:35:18:af:e6:72:b8:13:93:b6:62:5e:21:ed:5a:4a:
         8b:18:c8:27:60:70:88:56:9e:38:80:75:5c:22:6d:2a:3c:43:
         1d:24:64:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQks90EytKhDXF4DE2i1WJUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlOTg0YTVhNGI3ODA4YmI0ZWEzMmQzMTBiZGQwN2VjYzk1
NzUxMTMwHhcNMjUwMTAyMDE0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTkyOWI5Y2Y5ZTJiYmRkNzc0YTc4ZDdiZTdkZTQ1YzU1ZTg0ZTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9b4mL2WeWqrAC0gTnQQBjVv8/3d
axDywl/LgFC5fmrFPj7N2ZlVeK4wNWjESMcB97fILEAxfbJLECPP8mXRCMAOGI2C
5FvOP6Ng+J4bVAq5OmCxzJE1LZuzyWXyYubzCGxkFk4l+9KqKMLPGpR73BZZ4kSn
aneN+N8zy95ZO8a9mdxJQcyrzWG/2AIRDzhT5PVVX87YgVrMXUIgKWDJiPMFDNxV
wY9vLs70Fk9N6sc7m7Tik1/lrGIpkQZQqz2V4hSq0zdI/CU79jhi3kIZSr+x/hHG
maW8bbTGcUxKY7KS73OGrCGqbcpcEBMFF0FfmVYuyp3pdO6EAj3wXjcyLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPGSm5z54rvdd0p417595FxV6E5tMB8GA1UdIwQY
MBaAFE6YSlpLeAi7TqMtMQvdB+zJV1ETMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHBoS1drdDRDTHRPb3kweEM5MEg3TWxYVVJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC80MWRlYzEtMWViMS00OWM3LTlkNTAt
Y2E1OTVlMzRkNWFjLzEvOFpLYm5Qbml1OTEzU25qWHZuM2tYRlhvVG0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC80MWRlYzEtMWViMS00OWM3LTlkNTAtY2E1OTVlMzRkNWFj
LzEvVHBoS1drdDRDTHRPb3kweEM5MEg3TWxYVVJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuf/MA0G
CSqGSIb3DQEBCwUAA4IBAQAiRSn0P9NgEQGLO0OOYrJV2CJho28cPMdN6Y/VmLAc
Hds2NSUbwbHbUSuKsaGRIZba4uV9+68WexW9LvPGTerVVz3LLgemmmM497Pjf+ay
EhZErmSd3EMWBwrJTrN7ehi7LYTvbY20vdJQ0o3C1gk0fnZYSDdnj05ikHuRd9dZ
a3ba3x/yMbYMpOpDLFoXb7LjyypBZxvspcaAPjMFAyoxGDB+TsZ5vQIiwRbd316s
8XLTyH58i4UJ9uat1nJDieDCR/IYEjDS3B4yRbpmMhuVRq87ENh19Mx8FnQ1GK/m
crgTk7ZiXiHtWkqLGMgnYHCIVp44gHVcIm0qPEMdJGRN
-----END CERTIFICATE-----