Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/q_IW4UwmW6jV5MVpl_Q_umn1t7M.roa
File:                     q_IW4UwmW6jV5MVpl_Q_umn1t7M.roa (raw, json)
Hash identifier:          eU7iuKx3PX/ZckZU6V6E4AFYYLhnd0fdMVvDd+sZ3Yo=
Subject key identifier:   AB:F2:16:E1:4C:26:5B:A8:D5:E4:C5:69:97:F4:3F:BA:69:F5:B7:B3
Certificate issuer:       /CN=5e8d07b45f7d83124c9f8c0fac03bec02468b37e
Certificate serial:       018CC86EFF8573708C496B7D47A728F913A5
Authority key identifier: 5E:8D:07:B4:5F:7D:83:12:4C:9F:8C:0F:AC:03:BE:C0:24:68:B3:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xo0HtF99gxJMn4wPrAO-wCRos34.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/q_IW4UwmW6jV5MVpl_Q_umn1t7M.roa
Signing time:             Tue 02 Jan 2024 04:29:26 +0000
ROA not before:           Tue 02 Jan 2024 04:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        45.15.106.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/Xo0HtF99gxJMn4wPrAO-wCRos34.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/Xo0HtF99gxJMn4wPrAO-wCRos34.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xo0HtF99gxJMn4wPrAO-wCRos34.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6e:ff:85:73:70:8c:49:6b:7d:47:a7:28:f9:13:a5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e8d07b45f7d83124c9f8c0fac03bec02468b37e
        Validity
            Not Before: Jan  2 04:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=abf216e14c265ba8d5e4c56997f43fba69f5b7b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:12:74:ba:93:df:bd:a5:bf:be:13:24:cf:72:
                    11:a4:1b:e7:65:fe:d4:15:94:fe:f4:8c:62:2f:ec:
                    bf:5c:f9:92:94:f8:38:12:73:b6:60:fe:dd:17:71:
                    84:ee:de:c8:91:ee:f3:8f:65:7d:fd:4c:34:b7:ed:
                    37:84:c8:f0:a8:44:13:20:89:27:37:c0:b4:da:a2:
                    08:f3:5d:9b:29:e2:4e:21:14:36:82:59:15:79:85:
                    df:28:a8:ca:44:df:61:ba:4e:fa:29:9b:a4:44:10:
                    19:e1:d0:f9:27:b7:18:47:13:a6:6b:83:8d:be:9e:
                    98:1e:ef:d5:79:15:ed:5a:0f:3f:23:87:f1:96:27:
                    fc:ff:f8:89:83:73:8f:92:06:02:88:f3:40:74:e4:
                    72:a4:dc:de:82:cf:28:6e:85:06:ee:0f:69:db:3c:
                    9d:ee:f8:c7:b9:21:8c:c2:9e:50:7d:7c:7f:33:2a:
                    73:f8:02:2d:2c:14:d0:3e:b7:3e:64:ce:99:5a:c2:
                    57:76:cc:32:f3:ad:09:86:09:16:c8:47:2f:2b:60:
                    10:07:80:9f:16:46:9b:a6:2a:55:7f:ad:59:89:82:
                    a5:01:70:09:af:31:11:6b:05:6f:51:2f:d4:84:67:
                    d6:0e:4b:f4:1a:26:59:32:1c:f0:39:a9:5b:d4:d2:
                    eb:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:F2:16:E1:4C:26:5B:A8:D5:E4:C5:69:97:F4:3F:BA:69:F5:B7:B3
            X509v3 Authority Key Identifier:
                keyid:5E:8D:07:B4:5F:7D:83:12:4C:9F:8C:0F:AC:03:BE:C0:24:68:B3:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xo0HtF99gxJMn4wPrAO-wCRos34.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/q_IW4UwmW6jV5MVpl_Q_umn1t7M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/a168e9-d070-44e0-94a4-6c8fd84bb5f5/1/Xo0HtF99gxJMn4wPrAO-wCRos34.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.15.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:02:70:fc:4c:3e:38:12:61:e0:6a:8a:1c:60:17:39:f4:d1:
         95:0c:e9:48:b3:9a:74:2b:08:13:01:27:d8:cc:02:51:34:8a:
         b7:73:22:b4:39:0f:9c:ea:52:e3:6e:95:3a:8f:c8:cf:fe:2a:
         40:c9:ad:fc:9b:25:dc:46:4e:26:c8:4b:f3:18:ec:00:c1:ce:
         fb:8f:9c:12:1a:f8:26:90:30:48:2f:0f:0a:63:ea:bd:28:2d:
         19:70:13:44:6f:fc:1e:d8:56:89:77:9c:58:c6:44:e7:81:a5:
         68:cd:4b:9d:f3:32:09:40:c8:d9:09:2b:ef:0a:77:9b:a8:e5:
         b7:8b:d5:b8:61:bd:d2:cf:91:99:b9:88:a4:fd:fc:d1:6b:d8:
         d6:6f:bf:a6:63:6e:6c:e8:67:91:15:f9:77:7f:bd:f5:c5:f7:
         86:72:45:48:59:72:b0:32:4d:a2:8a:a4:e1:72:31:c0:9c:e8:
         3f:75:a4:1b:fc:4e:02:c5:ae:cd:72:73:bd:0c:09:b4:2a:f3:
         0a:53:31:1a:38:26:be:70:43:f6:90:1b:44:5c:98:35:8d:8e:
         53:d5:de:df:f1:56:6e:63:e4:1b:56:af:cd:de:c9:d8:e7:ca:
         65:64:a2:31:99:74:40:a7:25:52:13:51:7c:45:0e:c5:4d:ed:
         77:2c:b9:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbv+Fc3CMSWt9R6co+ROlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlOGQwN2I0NWY3ZDgzMTI0YzlmOGMwZmFjMDNiZWMwMjQ2
OGIzN2UwHhcNMjQwMTAyMDQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmYyMTZlMTRjMjY1YmE4ZDVlNGM1Njk5N2Y0M2ZiYTY5ZjViN2IzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAghJ0upPfvaW/vhMkz3IRpBvnZf7U
FZT+9IxiL+y/XPmSlPg4EnO2YP7dF3GE7t7Ike7zj2V9/Uw0t+03hMjwqEQTIIkn
N8C02qII812bKeJOIRQ2glkVeYXfKKjKRN9huk76KZukRBAZ4dD5J7cYRxOma4ON
vp6YHu/VeRXtWg8/I4fxlif8//iJg3OPkgYCiPNAdORypNzegs8oboUG7g9p2zyd
7vjHuSGMwp5QfXx/Mypz+AItLBTQPrc+ZM6ZWsJXdswy860JhgkWyEcvK2AQB4Cf
FkabpipVf61ZiYKlAXAJrzERawVvUS/UhGfWDkv0GiZZMhzwOalb1NLrTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKvyFuFMJluo1eTFaZf0P7pp9bezMB8GA1UdIwQY
MBaAFF6NB7RffYMSTJ+MD6wDvsAkaLN+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWG8wSHRGOTlneEpNbjR3UHJBTy13Q1JvczM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9hMTY4ZTktZDA3MC00NGUwLTk0YTQt
NmM4ZmQ4NGJiNWY1LzEvcV9JVzRVd21XNmpWNU1WcGxfUV91bW4xdDdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9hMTY4ZTktZDA3MC00NGUwLTk0YTQtNmM4ZmQ4NGJiNWY1
LzEvWG8wSHRGOTlneEpNbjR3UHJBTy13Q1JvczM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLQ9qMA0G
CSqGSIb3DQEBCwUAA4IBAQBKAnD8TD44EmHgaoocYBc59NGVDOlIs5p0KwgTASfY
zAJRNIq3cyK0OQ+c6lLjbpU6j8jP/ipAya38myXcRk4myEvzGOwAwc77j5wSGvgm
kDBILw8KY+q9KC0ZcBNEb/we2FaJd5xYxkTngaVozUud8zIJQMjZCSvvCnebqOW3
i9W4Yb3Sz5GZuYik/fzRa9jWb7+mY25s6GeRFfl3f731xfeGckVIWXKwMk2iiqTh
cjHAnOg/daQb/E4Cxa7NcnO9DAm0KvMKUzEaOCa+cEP2kBtEXJg1jY5T1d7f8VZu
Y+QbVq/N3snY58plZKIxmXRApyVSE1F8RQ7FTe13LLms
-----END CERTIFICATE-----