Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/3LMEW9SoiD4nPF-QjSJbbYp5C7s.roa
File:                     3LMEW9SoiD4nPF-QjSJbbYp5C7s.roa (raw, json)
Hash identifier:          Eeq5uCFVHPVXML77iH9+iN2MVS6LNkdAdgb5LQ1LMIk=
Subject key identifier:   DC:B3:04:5B:D4:A8:88:3E:27:3C:5F:90:8D:22:5B:6D:8A:79:0B:BB
Certificate issuer:       /CN=c6cfa94f6134e3960ea5f318846a30cf3e922dd7
Certificate serial:       018CC5013675567D73F70AB0ADCA1214CFD2
Authority key identifier: C6:CF:A9:4F:61:34:E3:96:0E:A5:F3:18:84:6A:30:CF:3E:92:2D:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xs-pT2E045YOpfMYhGowzz6SLdc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/3LMEW9SoiD4nPF-QjSJbbYp5C7s.roa
Signing time:             Mon 01 Jan 2024 12:30:40 +0000
ROA not before:           Mon 01 Jan 2024 12:30:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58154
IP address blocks:        45.131.220.0/22 maxlen: 24
                          2a0e:6340::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/xs-pT2E045YOpfMYhGowzz6SLdc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/xs-pT2E045YOpfMYhGowzz6SLdc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xs-pT2E045YOpfMYhGowzz6SLdc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 12:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:36:75:56:7d:73:f7:0a:b0:ad:ca:12:14:cf:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c6cfa94f6134e3960ea5f318846a30cf3e922dd7
        Validity
            Not Before: Jan  1 12:30:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dcb3045bd4a8883e273c5f908d225b6d8a790bbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:5a:59:09:80:78:c2:44:7f:7b:4f:70:78:f8:
                    9f:82:c3:36:fb:cd:58:a3:5f:e9:d0:b7:1a:fc:6d:
                    9c:e3:7d:18:5d:bb:44:4b:24:01:1c:ec:f3:e7:f3:
                    e5:5c:0c:a7:30:4a:57:4e:c4:79:2f:a3:6b:7e:db:
                    f1:cc:62:0f:d6:13:16:b2:2b:14:19:88:e3:29:69:
                    56:d2:b7:e0:83:f9:28:3a:6f:3d:98:18:03:70:c7:
                    f7:73:9a:44:2d:34:66:c2:51:76:48:b9:d6:07:8d:
                    35:f0:8a:33:6f:fe:5e:56:9b:6d:d5:eb:4d:39:67:
                    2c:c2:80:2d:8a:ce:3b:4b:9c:f2:f2:18:6f:fe:b3:
                    3e:61:91:33:8d:c4:f0:b1:64:0b:dc:3e:dc:d7:a3:
                    2a:6e:2b:d0:37:f8:e0:87:0f:be:cb:3e:f8:37:fc:
                    58:5d:c3:bf:a8:59:56:97:18:2c:22:56:3b:5e:98:
                    e2:c7:90:45:32:ff:97:c2:fa:b5:cd:52:5c:2d:46:
                    cc:ff:30:d8:88:2f:07:05:27:01:00:ec:de:83:ff:
                    1f:3b:a6:6f:c2:e8:9a:cc:02:c1:35:a5:74:11:6d:
                    fa:7e:d7:32:b5:1e:9a:b7:2d:84:73:59:2e:4b:c1:
                    9a:7a:bd:84:ee:a1:74:6b:7c:93:d0:30:ba:04:35:
                    dc:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:B3:04:5B:D4:A8:88:3E:27:3C:5F:90:8D:22:5B:6D:8A:79:0B:BB
            X509v3 Authority Key Identifier:
                keyid:C6:CF:A9:4F:61:34:E3:96:0E:A5:F3:18:84:6A:30:CF:3E:92:2D:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xs-pT2E045YOpfMYhGowzz6SLdc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/3LMEW9SoiD4nPF-QjSJbbYp5C7s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1f/959e03-78fc-4589-acde-f9a43709d00b/1/xs-pT2E045YOpfMYhGowzz6SLdc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.220.0/22
                IPv6:
                  2a0e:6340::/29

    Signature Algorithm: sha256WithRSAEncryption
         b1:8a:92:18:fc:24:fd:19:25:45:6d:e5:df:0d:59:3b:34:32:
         bd:60:75:d9:cf:e1:30:57:eb:ce:1f:76:5f:e2:c4:0a:54:23:
         9e:84:12:2b:3a:60:58:7c:f1:6f:d8:c3:b8:0f:ee:ef:ae:8c:
         68:19:1b:f4:03:62:5d:6b:c1:87:05:63:6d:f5:3d:48:eb:2a:
         94:e8:0d:84:52:ba:c6:62:93:5e:72:b7:7b:d3:2b:53:61:b2:
         d0:8c:fb:8b:d9:ea:a7:8e:b7:4e:d8:3b:20:10:f4:23:b2:f4:
         c7:fc:e3:ae:b2:b6:e7:9f:8d:24:2d:20:b9:09:43:da:01:4c:
         6c:70:da:18:9a:30:36:ac:33:b5:32:6f:41:95:53:50:f1:c9:
         c9:f2:e7:83:48:dd:36:9e:b1:d3:62:79:33:35:65:2d:46:ce:
         0d:08:58:5d:f2:d0:b3:a8:f7:88:71:f0:a0:3c:12:f0:73:7c:
         a0:8f:8e:c5:c0:af:fd:22:b1:86:c6:34:44:08:ef:49:01:ba:
         06:49:fe:d4:0e:75:1d:e9:97:8a:40:84:69:e7:0c:01:5e:75:
         2a:20:e5:79:66:10:2d:1d:33:74:91:f2:06:f0:bb:66:84:87:
         df:35:1c:38:2f:eb:4c:a3:ca:30:98:40:51:8c:c7:73:98:ff:
         2b:ba:c2:4e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFATZ1Vn1z9wqwrcoSFM/SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2Y2ZhOTRmNjEzNGUzOTYwZWE1ZjMxODg0NmEzMGNmM2U5
MjJkZDcwHhcNMjQwMTAxMTIzMDQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2IzMDQ1YmQ0YTg4ODNlMjczYzVmOTA4ZDIyNWI2ZDhhNzkwYmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlpZCYB4wkR/e09wePifgsM2+81Y
o1/p0Lca/G2c430YXbtESyQBHOzz5/PlXAynMEpXTsR5L6NrftvxzGIP1hMWsisU
GYjjKWlW0rfgg/koOm89mBgDcMf3c5pELTRmwlF2SLnWB4018Iozb/5eVptt1etN
OWcswoAtis47S5zy8hhv/rM+YZEzjcTwsWQL3D7c16MqbivQN/jghw++yz74N/xY
XcO/qFlWlxgsIlY7Xpjix5BFMv+Xwvq1zVJcLUbM/zDYiC8HBScBAOzeg/8fO6Zv
wuiazALBNaV0EW36ftcytR6aty2Ec1kuS8Gaer2E7qF0a3yT0DC6BDXcxwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNyzBFvUqIg+JzxfkI0iW22KeQu7MB8GA1UdIwQY
MBaAFMbPqU9hNOOWDqXzGIRqMM8+ki3XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveHMtcFQyRTA0NVlPcGZNWWhHb3d6ejZTTGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZi85NTllMDMtNzhmYy00NTg5LWFjZGUt
ZjlhNDM3MDlkMDBiLzEvM0xNRVc5U29pRDRuUEYtUWpTSmJiWXA1QzdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZi85NTllMDMtNzhmYy00NTg5LWFjZGUtZjlhNDM3MDlkMDBi
LzEveHMtcFQyRTA0NVlPcGZNWWhHb3d6ejZTTGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYPcMA0E
AgACMAcDBQMqDmNAMA0GCSqGSIb3DQEBCwUAA4IBAQCxipIY/CT9GSVFbeXfDVk7
NDK9YHXZz+EwV+vOH3Zf4sQKVCOehBIrOmBYfPFv2MO4D+7vroxoGRv0A2Jda8GH
BWNt9T1I6yqU6A2EUrrGYpNecrd70ytTYbLQjPuL2eqnjrdO2DsgEPQjsvTH/OOu
srbnn40kLSC5CUPaAUxscNoYmjA2rDO1Mm9BlVNQ8cnJ8ueDSN02nrHTYnkzNWUt
Rs4NCFhd8tCzqPeIcfCgPBLwc3ygj47FwK/9IrGGxjRECO9JAboGSf7UDnUd6ZeK
QIRp5wwBXnUqIOV5ZhAtHTN0kfIG8LtmhIffNRw4L+tMo8owmEBRjMdzmP8rusJO
-----END CERTIFICATE-----