Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/kXjEx0YPTAnwXO5zHZtjT8lRViI.roa
File:                     kXjEx0YPTAnwXO5zHZtjT8lRViI.roa (raw, json)
Hash identifier:          3Tq9HbAl4l4n2bfADTN2bAH7nkhVQqAm4rq7DKvnyi4=
Subject key identifier:   91:78:C4:C7:46:0F:4C:09:F0:5C:EE:73:1D:9B:63:4F:C9:51:56:22
Certificate issuer:       /CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
Certificate serial:       018CC26D2A73E1583D721078B2C8ECF9589D
Authority key identifier: 29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/kXjEx0YPTAnwXO5zHZtjT8lRViI.roa
Signing time:             Mon 01 Jan 2024 00:29:43 +0000
ROA not before:           Mon 01 Jan 2024 00:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8315
IP address blocks:        145.131.0.0/20 maxlen: 24
                          145.131.16.0/20 maxlen: 24
                          145.131.32.0/20 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 03:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2a:73:e1:58:3d:72:10:78:b2:c8:ec:f9:58:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2909fffcd81a66bc98b629d4c0579247645f0fe4
        Validity
            Not Before: Jan  1 00:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9178c4c7460f4c09f05cee731d9b634fc9515622
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c2:ed:16:0f:35:d3:66:38:99:ca:79:da:4f:
                    fb:98:44:da:90:18:dd:5a:9c:0e:18:aa:98:76:f1:
                    60:bc:d0:9b:d2:da:d4:2e:1a:14:dd:2e:41:1b:10:
                    4b:11:1d:c6:df:ff:97:45:dd:62:2e:e4:e3:5b:de:
                    0e:f7:70:e1:84:cc:ac:7b:2b:0a:66:12:9f:39:ab:
                    f2:3e:8f:0d:3b:4b:04:2b:27:34:1f:2a:45:f0:fa:
                    dc:c3:a0:9b:ff:d1:b3:a4:8b:70:84:c0:40:b5:08:
                    62:96:28:ba:58:17:20:82:d8:e8:b7:cb:10:81:cd:
                    b9:ce:af:4f:69:5a:51:d4:25:cc:1e:a0:1b:bd:91:
                    5a:ef:e3:0f:32:56:37:a2:98:b7:24:43:fa:7a:1b:
                    6e:97:ad:8e:68:ea:23:9c:77:42:5f:eb:d4:b6:ad:
                    bd:9d:d9:dd:30:c7:42:21:31:14:2c:52:3e:a4:a8:
                    b8:64:77:d6:11:18:cd:0d:4a:d4:3b:1a:6f:d3:95:
                    a9:be:e8:aa:cd:5a:50:c0:5a:0a:3b:e4:ad:bc:65:
                    98:7a:f6:b5:1d:5a:25:f2:f0:bf:22:2c:d1:32:c8:
                    f4:f2:c9:fd:80:2e:4c:e1:ff:20:23:43:66:9a:3f:
                    e4:5f:a0:cd:fd:f5:d9:d1:6c:ca:d8:b5:1b:f5:f0:
                    d7:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:78:C4:C7:46:0F:4C:09:F0:5C:EE:73:1D:9B:63:4F:C9:51:56:22
            X509v3 Authority Key Identifier:
                keyid:29:09:FF:FC:D8:1A:66:BC:98:B6:29:D4:C0:57:92:47:64:5F:0F:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KQn__NgaZryYtinUwFeSR2RfD-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/kXjEx0YPTAnwXO5zHZtjT8lRViI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/de3041-9536-492e-a9cd-f2ae7bc7ecc5/1/KQn__NgaZryYtinUwFeSR2RfD-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.131.0.0-145.131.47.255

    Signature Algorithm: sha256WithRSAEncryption
         92:d6:16:0f:23:5c:cb:6b:88:9c:11:f2:5e:98:e0:9d:9f:52:
         b0:1d:7a:69:09:0e:53:53:db:08:d5:19:66:27:60:8a:87:2a:
         9d:2f:b0:37:69:22:0f:a9:17:32:03:66:8a:39:eb:95:06:10:
         8e:d9:f9:64:a4:b5:f5:44:6f:c2:19:2a:9c:35:5c:79:7f:1d:
         f8:88:b2:fc:67:94:25:43:c4:8c:5b:e8:f7:b3:8c:70:46:d8:
         12:a4:09:95:55:82:36:8b:05:61:5c:63:ea:e1:9c:f9:0e:dc:
         2a:45:be:73:3e:44:42:b6:52:f1:19:a3:be:05:43:e7:15:f1:
         6f:5f:8c:35:30:82:d7:40:ab:8e:8a:6d:c3:4e:51:d3:da:72:
         29:65:77:ad:eb:59:a7:ae:35:ab:5e:a8:fb:93:d9:13:08:d3:
         ed:4c:c3:ad:9a:a3:c7:5d:fb:d9:ca:a6:63:d9:6a:fb:3e:45:
         39:5d:85:de:4a:94:eb:42:f3:39:d0:9e:a1:7c:e7:0a:c4:97:
         39:ca:32:31:dc:fb:1d:06:28:69:77:b0:d1:6b:57:93:dc:0c:
         b4:1a:1c:f9:8e:c2:95:bd:0e:75:97:aa:28:c4:83:7f:66:61:
         f1:7f:06:8a:99:7f:0f:fb:27:1e:5c:11:a7:1f:1f:73:33:95:
         ff:20:ea:26
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAYzCbSpz4Vg9chB4ssjs+VidMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MDlmZmZjZDgxYTY2YmM5OGI2MjlkNGMwNTc5MjQ3NjQ1
ZjBmZTQwHhcNMjQwMTAxMDAyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTc4YzRjNzQ2MGY0YzA5ZjA1Y2VlNzMxZDliNjM0ZmM5NTE1NjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8LtFg8102Y4mcp52k/7mETakBjd
WpwOGKqYdvFgvNCb0trULhoU3S5BGxBLER3G3/+XRd1iLuTjW94O93DhhMyseysK
ZhKfOavyPo8NO0sEKyc0HypF8Prcw6Cb/9GzpItwhMBAtQhilii6WBcggtjot8sQ
gc25zq9PaVpR1CXMHqAbvZFa7+MPMlY3opi3JEP6ehtul62OaOojnHdCX+vUtq29
ndndMMdCITEULFI+pKi4ZHfWERjNDUrUOxpv05WpvuiqzVpQwFoKO+StvGWYeva1
HVol8vC/IizRMsj08sn9gC5M4f8gI0Nmmj/kX6DN/fXZ0WzK2LUb9fDXbQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFJF4xMdGD0wJ8Fzucx2bY0/JUVYiMB8GA1UdIwQY
MBaAFCkJ//zYGma8mLYp1MBXkkdkXw/kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2Qt
ZjJhZTdiYzdlY2M1LzEva1hqRXgwWVBUQW53WE81ekhadGpUOGxSVmlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi9kZTMwNDEtOTUzNi00OTJlLWE5Y2QtZjJhZTdiYzdlY2M1
LzEvS1FuX19OZ2FacnlZdGluVXdGZVNSMlJmRC1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDAwCRgwME
BJGDIDANBgkqhkiG9w0BAQsFAAOCAQEAktYWDyNcy2uInBHyXpjgnZ9SsB16aQkO
U1PbCNUZZidgiocqnS+wN2kiD6kXMgNmijnrlQYQjtn5ZKS19URvwhkqnDVceX8d
+Iiy/GeUJUPEjFvo97OMcEbYEqQJlVWCNosFYVxj6uGc+Q7cKkW+cz5EQrZS8Rmj
vgVD5xXxb1+MNTCC10Crjoptw05R09pyKWV3retZp641q16o+5PZEwjT7UzDrZqj
x1372cqmY9lq+z5FOV2F3kqU60LzOdCeoXznCsSXOcoyMdz7HQYoaXew0WtXk9wM
tBoc+Y7Clb0OdZeqKMSDf2Zh8X8Gipl/D/snHlwRpx8fczOV/yDqJg==
-----END CERTIFICATE-----