Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/747db8-ac57-46a8-b632-6ce3c03a134c/1/cdtMPnrH2APfi081uOJOReLoEZM.roa
File:                     cdtMPnrH2APfi081uOJOReLoEZM.roa (raw, json)
Hash identifier:          TvyOSJl5h1DO7P7pb6UnLPryzhbBCaqAs0vDmGW7AVE=
Subject key identifier:   71:DB:4C:3E:7A:C7:D8:03:DF:8B:4F:35:B8:E2:4E:45:E2:E8:11:93
Certificate issuer:       /CN=28178243a0866b091272d1e1eb451e71e413b99a
Certificate serial:       018FA4F2213D502BEC05F579D138FA8D4620
Authority key identifier: 28:17:82:43:A0:86:6B:09:12:72:D1:E1:EB:45:1E:71:E4:13:B9:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KBeCQ6CGawkSctHh60UeceQTuZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/747db8-ac57-46a8-b632-6ce3c03a134c/1/cdtMPnrH2APfi081uOJOReLoEZM.roa
Signing time:             Thu 23 May 2024 10:14:42 +0000
ROA not before:           Thu 23 May 2024 10:14:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208152
IP address blocks:        45.85.220.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/747db8-ac57-46a8-b632-6ce3c03a134c/1/KBeCQ6CGawkSctHh60UeceQTuZo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/747db8-ac57-46a8-b632-6ce3c03a134c/1/KBeCQ6CGawkSctHh60UeceQTuZo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KBeCQ6CGawkSctHh60UeceQTuZo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 13:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:a4:f2:21:3d:50:2b:ec:05:f5:79:d1:38:fa:8d:46:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28178243a0866b091272d1e1eb451e71e413b99a
        Validity
            Not Before: May 23 10:14:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=71db4c3e7ac7d803df8b4f35b8e24e45e2e81193
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:53:e6:90:f7:f8:bc:a8:32:f1:18:05:5f:bd:
                    64:b7:20:e2:69:39:24:79:1b:2b:df:d2:fc:27:0c:
                    19:b4:0b:57:04:be:56:5f:61:95:ac:e6:1c:e8:09:
                    0f:c5:70:d9:7c:6a:74:f3:10:1d:c3:fa:f1:f0:f5:
                    76:82:2a:9b:b8:a4:33:be:47:4f:a7:1d:2d:80:3a:
                    aa:fc:e6:60:17:53:55:f7:68:51:df:b6:4f:e0:73:
                    17:71:6c:a0:36:e6:d6:d1:42:07:4a:a2:56:b3:43:
                    a1:60:dd:17:f4:f2:15:d8:cb:eb:bc:bb:89:9a:d6:
                    a4:c8:6f:33:4f:86:2f:fa:b0:72:e1:b2:be:c3:b7:
                    23:43:b6:85:60:62:f0:1b:b5:d4:fb:c7:29:df:f5:
                    ad:2b:68:53:ac:e6:4f:23:7d:c2:3d:82:95:be:82:
                    92:63:8c:5a:a1:3c:0d:4b:eb:09:8e:c3:d3:f8:1b:
                    20:a3:b1:ef:64:17:42:44:98:69:13:bc:d0:aa:0c:
                    09:a5:20:1a:8d:64:8d:ad:1c:b8:dc:7f:b0:4f:20:
                    19:06:01:04:57:46:f5:dc:8b:3f:3a:d1:65:b4:4c:
                    bb:c1:d1:64:88:e6:33:b1:62:e3:2e:89:77:ca:8b:
                    4f:2d:d3:6c:ef:c2:5d:47:7a:5b:cf:33:32:91:8d:
                    33:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:DB:4C:3E:7A:C7:D8:03:DF:8B:4F:35:B8:E2:4E:45:E2:E8:11:93
            X509v3 Authority Key Identifier:
                keyid:28:17:82:43:A0:86:6B:09:12:72:D1:E1:EB:45:1E:71:E4:13:B9:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KBeCQ6CGawkSctHh60UeceQTuZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/747db8-ac57-46a8-b632-6ce3c03a134c/1/cdtMPnrH2APfi081uOJOReLoEZM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/747db8-ac57-46a8-b632-6ce3c03a134c/1/KBeCQ6CGawkSctHh60UeceQTuZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.220.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:8a:24:70:98:94:48:82:aa:f2:b8:45:7f:c4:cc:de:40:81:
         45:0d:64:04:ad:a3:1f:f6:a1:e1:e7:81:4a:eb:d1:35:68:65:
         27:7c:de:9c:f9:29:ac:4a:50:6c:d1:0e:31:65:6f:25:ec:33:
         6a:f7:cd:59:0a:e6:ae:63:64:73:e7:94:e6:2e:60:bc:82:08:
         80:7b:ad:aa:62:45:8e:07:55:40:d5:c4:61:3d:6e:13:13:f5:
         3a:90:74:58:8d:e9:7d:70:b7:37:0b:dc:1f:39:be:52:2b:8d:
         40:bc:7e:e3:d0:f4:a5:66:a3:09:be:a6:a8:55:45:cd:74:09:
         7b:a0:7d:50:62:c8:0f:7a:52:0f:37:c0:7c:71:7c:eb:11:4a:
         17:a7:0e:10:c5:18:86:fe:c5:b7:9e:b7:60:82:a5:8a:c9:e4:
         c6:f1:2d:7c:23:40:2f:a5:33:07:31:20:5a:9a:db:37:69:bb:
         23:b9:9a:c5:af:6a:3b:db:9a:1f:f3:32:b0:38:45:31:42:ce:
         b1:55:5c:7c:65:a9:0c:7e:1a:34:93:b5:f8:45:a5:9d:78:e8:
         0f:a5:aa:64:18:60:79:81:42:a4:6a:93:23:f2:17:2a:7b:04:
         77:91:cd:d5:9c:6d:57:57:12:2d:dd:b1:e2:78:cb:2d:af:64:
         4c:00:81:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+k8iE9UCvsBfV50Tj6jUYgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4MTc4MjQzYTA4NjZiMDkxMjcyZDFlMWViNDUxZTcxZTQx
M2I5OWEwHhcNMjQwNTIzMTAxNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MWRiNGMzZTdhYzdkODAzZGY4YjRmMzViOGUyNGU0NWUyZTgxMTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAslPmkPf4vKgy8RgFX71ktyDiaTkk
eRsr39L8JwwZtAtXBL5WX2GVrOYc6AkPxXDZfGp08xAdw/rx8PV2giqbuKQzvkdP
px0tgDqq/OZgF1NV92hR37ZP4HMXcWygNubW0UIHSqJWs0OhYN0X9PIV2MvrvLuJ
mtakyG8zT4Yv+rBy4bK+w7cjQ7aFYGLwG7XU+8cp3/WtK2hTrOZPI33CPYKVvoKS
Y4xaoTwNS+sJjsPT+Bsgo7HvZBdCRJhpE7zQqgwJpSAajWSNrRy43H+wTyAZBgEE
V0b13Is/OtFltEy7wdFkiOYzsWLjLol3yotPLdNs78JdR3pbzzMykY0zbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHHbTD56x9gD34tPNbjiTkXi6BGTMB8GA1UdIwQY
MBaAFCgXgkOghmsJEnLR4etFHnHkE7maMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0JlQ1E2Q0dhd2tTY3RIaDYwVWVjZVFUdVpvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS83NDdkYjgtYWM1Ny00NmE4LWI2MzIt
NmNlM2MwM2ExMzRjLzEvY2R0TVBuckgyQVBmaTA4MXVPSk9SZUxvRVpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS83NDdkYjgtYWM1Ny00NmE4LWI2MzItNmNlM2MwM2ExMzRj
LzEvS0JlQ1E2Q0dhd2tTY3RIaDYwVWVjZVFUdVpvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVXcMA0G
CSqGSIb3DQEBCwUAA4IBAQAviiRwmJRIgqryuEV/xMzeQIFFDWQEraMf9qHh54FK
69E1aGUnfN6c+SmsSlBs0Q4xZW8l7DNq981ZCuauY2Rz55TmLmC8ggiAe62qYkWO
B1VA1cRhPW4TE/U6kHRYjel9cLc3C9wfOb5SK41AvH7j0PSlZqMJvqaoVUXNdAl7
oH1QYsgPelIPN8B8cXzrEUoXpw4QxRiG/sW3nrdggqWKyeTG8S18I0AvpTMHMSBa
mts3absjuZrFr2o725of8zKwOEUxQs6xVVx8ZakMfho0k7X4RaWdeOgPpapkGGB5
gUKkapMj8hcqewR3kc3VnG1XVxIt3bHieMstr2RMAIET
-----END CERTIFICATE-----