Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XP552KU-RtQDykB3SBgJlQPTJYY.roa
File:                     XP552KU-RtQDykB3SBgJlQPTJYY.roa (raw, json)
Hash identifier:          Nt9oZNq4yNWorbkfoA1L/Y7epiH+y5fblk/8Xs5Mp18=
Subject key identifier:   5C:FE:79:D8:A5:3E:46:D4:03:CA:40:77:48:18:09:95:03:D3:25:86
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018F52F8A3662CFDB22EC617B94CA8839B5B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XP552KU-RtQDykB3SBgJlQPTJYY.roa
Signing time:             Tue 07 May 2024 12:12:57 +0000
ROA not before:           Tue 07 May 2024 12:12:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211415
IP address blocks:        45.81.240.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 19:51:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:52:f8:a3:66:2c:fd:b2:2e:c6:17:b9:4c:a8:83:9b:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: May  7 12:12:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5cfe79d8a53e46d403ca40774818099503d32586
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:84:3d:18:0d:2d:6d:05:fd:3a:76:48:31:6a:
                    86:cf:6d:a2:79:45:63:b4:86:b0:54:00:b9:a1:60:
                    81:31:1c:4e:f3:72:80:3b:6d:f4:7a:3c:dc:53:d2:
                    40:d5:87:bb:cd:12:af:e3:d5:26:58:22:8e:82:96:
                    f9:83:10:43:df:3d:fb:07:79:33:a3:8a:65:0d:bc:
                    c5:39:fc:b0:d9:e8:be:b0:1b:56:94:01:97:6c:ae:
                    e9:9a:79:ee:94:c6:d8:80:ee:8a:ff:82:f3:7f:84:
                    b2:ba:0a:c7:9d:a0:7b:3e:b0:a9:8a:cc:e4:9d:c8:
                    97:87:da:da:94:73:5c:ca:91:c2:f8:40:fd:47:2b:
                    96:24:9a:89:54:00:d9:9d:34:af:c2:84:91:6b:31:
                    c9:84:c2:86:cb:cc:42:57:65:77:26:97:90:4f:b8:
                    7a:0d:12:f1:c9:09:b1:b8:c7:63:1d:df:96:ef:7f:
                    c9:df:fa:50:b2:fb:43:77:5f:d9:d2:68:2c:e7:b0:
                    3a:0d:ee:9e:11:b3:4a:84:6f:ca:6b:18:a2:a8:81:
                    1c:49:e3:da:e4:97:d0:e3:b2:09:fd:2d:e9:45:a1:
                    1f:ef:ad:fc:b5:6d:b4:a7:50:bc:75:ab:14:36:22:
                    2e:28:cc:23:5c:c4:d7:5f:1c:02:2d:eb:ac:22:fe:
                    64:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:FE:79:D8:A5:3E:46:D4:03:CA:40:77:48:18:09:95:03:D3:25:86
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XP552KU-RtQDykB3SBgJlQPTJYY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:41:26:c4:c5:ac:ff:75:3e:45:e9:b0:b3:7d:4b:3d:7d:2c:
         09:22:79:d5:e1:62:d1:8d:f7:98:7f:3b:5c:4c:3f:a7:4f:a6:
         1d:1a:99:41:6a:c6:1b:69:d1:30:f1:fa:3b:ec:72:b4:37:35:
         f8:35:ad:01:14:17:1e:3e:7b:36:39:a7:51:23:2a:74:e3:dd:
         3d:73:7d:7a:f0:ff:93:f1:96:af:f4:c9:86:c2:bf:76:cf:4e:
         6e:e2:e4:dc:b9:21:79:4e:7c:15:5b:ff:e7:ca:c8:b0:8f:f6:
         0b:74:10:24:ee:06:92:e6:54:0f:92:dd:06:2a:7b:6d:fa:c0:
         63:2f:d9:9b:49:1c:52:0c:ea:13:f9:6c:f0:ed:97:5b:96:eb:
         88:47:d5:ec:ed:f0:fe:80:28:47:20:2e:3a:05:7c:a5:ef:81:
         4d:2b:65:14:bc:70:3b:96:2e:42:40:01:93:ef:d3:ff:39:c0:
         41:21:73:98:75:8a:64:f9:db:2b:18:a8:6f:87:b4:b2:ec:ea:
         9a:91:9f:fc:0d:36:32:43:c7:95:eb:45:d9:c2:aa:45:71:65:
         64:31:7c:77:c6:01:61:46:b6:76:f3:ad:09:ad:de:86:c6:a8:
         e8:ee:87:c3:c5:b1:99:5f:97:af:b5:5f:98:e7:35:ff:19:40:
         c6:5b:a5:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9S+KNmLP2yLsYXuUyog5tbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNTA3MTIxMjU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2ZlNzlkOGE1M2U0NmQ0MDNjYTQwNzc0ODE4MDk5NTAzZDMyNTg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIQ9GA0tbQX9OnZIMWqGz22ieUVj
tIawVAC5oWCBMRxO83KAO230ejzcU9JA1Ye7zRKv49UmWCKOgpb5gxBD3z37B3kz
o4plDbzFOfyw2ei+sBtWlAGXbK7pmnnulMbYgO6K/4Lzf4SyugrHnaB7PrCpiszk
nciXh9ralHNcypHC+ED9RyuWJJqJVADZnTSvwoSRazHJhMKGy8xCV2V3JpeQT7h6
DRLxyQmxuMdjHd+W73/J3/pQsvtDd1/Z0mgs57A6De6eEbNKhG/KaxiiqIEcSePa
5JfQ47IJ/S3pRaEf7638tW20p1C8dasUNiIuKMwjXMTXXxwCLeusIv5kOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFz+edilPkbUA8pAd0gYCZUD0yWGMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWFA1NTJLVS1SdFFEeWtCM1NCZ0psUVBUSllZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVHwMA0G
CSqGSIb3DQEBCwUAA4IBAQCmQSbExaz/dT5F6bCzfUs9fSwJInnV4WLRjfeYfztc
TD+nT6YdGplBasYbadEw8fo77HK0NzX4Na0BFBcePns2OadRIyp04909c3168P+T
8Zav9MmGwr92z05u4uTcuSF5TnwVW//nysiwj/YLdBAk7gaS5lQPkt0GKntt+sBj
L9mbSRxSDOoT+Wzw7ZdbluuIR9Xs7fD+gChHIC46BXyl74FNK2UUvHA7li5CQAGT
79P/OcBBIXOYdYpk+dsrGKhvh7Sy7OqakZ/8DTYyQ8eV60XZwqpFcWVkMXx3xgFh
RrZ2860Jrd6Gxqjo7ofDxbGZX5evtV+Y5zX/GUDGW6Uu
-----END CERTIFICATE-----