Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/yHJu0bIt0aBV4ypDRIIsgf0ZaNY.roa
File:                     yHJu0bIt0aBV4ypDRIIsgf0ZaNY.roa (raw, json)
Hash identifier:          pRq5TslhbWVdS6rhtuyBGBanK+iP6zykO/YJXZf4LrA=
Subject key identifier:   C8:72:6E:D1:B2:2D:D1:A0:55:E3:2A:43:44:82:2C:81:FD:19:68:D6
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018F2AB8C4471BF5C27157728A4E645A9C55
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/yHJu0bIt0aBV4ypDRIIsgf0ZaNY.roa
Signing time:             Mon 29 Apr 2024 16:38:22 +0000
ROA not before:           Mon 29 Apr 2024 16:38:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215147
IP address blocks:        45.151.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2a:b8:c4:47:1b:f5:c2:71:57:72:8a:4e:64:5a:9c:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Apr 29 16:38:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c8726ed1b22dd1a055e32a4344822c81fd1968d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:5f:6f:1c:86:20:56:33:72:b8:bd:04:5a:8e:
                    0c:82:e8:0a:73:80:6f:7f:67:34:d8:77:ae:0a:14:
                    78:d3:f5:03:e8:e8:2a:c1:a7:c1:05:e4:67:c7:0a:
                    69:62:0c:af:0a:65:45:cf:9a:11:03:3b:f8:1e:7e:
                    ee:29:8d:a7:23:be:dd:56:2b:14:12:f2:6e:44:81:
                    6e:ca:1b:a3:6a:2d:ae:9b:f7:b3:22:49:89:09:35:
                    57:07:58:dd:72:76:cc:10:83:2a:4e:b6:70:e6:46:
                    fd:6c:bc:a9:a8:76:70:ab:22:59:04:01:f5:65:58:
                    a9:b4:00:ef:47:03:7f:eb:18:0c:26:46:dc:10:13:
                    74:76:16:b0:a5:98:e2:ce:2d:e7:64:d7:6f:e9:3b:
                    9f:95:34:b8:17:fa:20:31:94:43:f8:e1:fa:46:dd:
                    6c:11:28:7a:65:95:12:81:e5:c4:28:3b:27:a9:ab:
                    21:a7:d9:50:af:99:d4:5d:01:9a:a0:e3:44:2a:bf:
                    6b:e9:c5:b8:e2:4f:85:76:3d:de:ff:b7:a8:2d:bb:
                    f9:58:ed:31:d4:9e:87:53:54:72:e4:67:19:dd:53:
                    aa:4c:ba:a9:f3:e6:4f:ec:d1:2d:76:e2:3e:ac:6b:
                    0e:44:3f:c4:e7:1d:f4:3a:f5:45:c0:63:6b:f9:08:
                    26:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:72:6E:D1:B2:2D:D1:A0:55:E3:2A:43:44:82:2C:81:FD:19:68:D6
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/yHJu0bIt0aBV4ypDRIIsgf0ZaNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:8c:d0:20:67:92:53:63:87:e4:64:4a:61:2e:86:c2:7f:6d:
         40:da:12:5e:05:c4:69:5d:c9:a4:66:79:70:a9:a8:a0:c1:c8:
         3a:de:ba:3d:18:ef:8c:0c:60:4c:90:17:a9:4c:e7:2e:81:7e:
         8e:d2:69:8e:f2:05:a5:2e:d7:3f:7c:4d:30:5c:20:f1:bd:7a:
         ed:56:e4:75:86:e1:79:4c:66:f0:be:7b:ee:dc:97:61:a7:8d:
         18:e8:45:3e:9b:d5:75:a7:13:ef:e0:7c:bb:1f:d0:2f:22:5b:
         26:2f:e4:38:d9:dc:d5:ea:59:3f:80:8c:6d:f2:e4:38:55:8d:
         e6:34:09:7d:6b:0c:0a:00:6e:50:57:82:1d:07:0e:39:8d:e2:
         98:4a:ca:7a:96:22:75:1a:ba:10:52:bf:87:1a:90:50:c1:1f:
         81:05:80:ac:cd:25:29:d0:bc:23:e4:27:08:96:06:85:3e:17:
         ca:a1:21:55:8a:20:d1:61:e5:78:06:ca:19:84:cd:2b:58:0e:
         52:6d:f8:b9:67:6d:83:14:90:66:84:34:08:7e:fe:26:90:3e:
         de:8a:db:96:2a:a2:b9:c4:51:59:70:2a:57:ae:39:53:bd:ec:
         0e:57:08:e2:e9:1c:3c:9b:8f:a1:d9:cd:a6:4d:78:04:7e:5b:
         dd:2a:1d:66
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8quMRHG/XCcVdyik5kWpxVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwNDI5MTYzODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODcyNmVkMWIyMmRkMWEwNTVlMzJhNDM0NDgyMmM4MWZkMTk2OGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn19vHIYgVjNyuL0EWo4MgugKc4Bv
f2c02HeuChR40/UD6OgqwafBBeRnxwppYgyvCmVFz5oRAzv4Hn7uKY2nI77dVisU
EvJuRIFuyhujai2um/ezIkmJCTVXB1jdcnbMEIMqTrZw5kb9bLypqHZwqyJZBAH1
ZViptADvRwN/6xgMJkbcEBN0dhawpZjizi3nZNdv6TuflTS4F/ogMZRD+OH6Rt1s
ESh6ZZUSgeXEKDsnqashp9lQr5nUXQGaoONEKr9r6cW44k+Fdj3e/7eoLbv5WO0x
1J6HU1Ry5GcZ3VOqTLqp8+ZP7NEtduI+rGsORD/E5x30OvVFwGNr+QgmCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMhybtGyLdGgVeMqQ0SCLIH9GWjWMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEveUhKdTBiSXQwYUJWNHlwRFJJSXNnZjBaYU5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZc4MA0G
CSqGSIb3DQEBCwUAA4IBAQBujNAgZ5JTY4fkZEphLobCf21A2hJeBcRpXcmkZnlw
qaigwcg63ro9GO+MDGBMkBepTOcugX6O0mmO8gWlLtc/fE0wXCDxvXrtVuR1huF5
TGbwvnvu3Jdhp40Y6EU+m9V1pxPv4Hy7H9AvIlsmL+Q42dzV6lk/gIxt8uQ4VY3m
NAl9awwKAG5QV4IdBw45jeKYSsp6liJ1GroQUr+HGpBQwR+BBYCszSUp0Lwj5CcI
lgaFPhfKoSFViiDRYeV4BsoZhM0rWA5Sbfi5Z22DFJBmhDQIfv4mkD7eituWKqK5
xFFZcCpXrjlTvewOVwji6Rw8m4+h2c2mTXgEflvdKh1m
-----END CERTIFICATE-----