Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/Xl_gQ2mvj-OK0hTC6bCHCz0omxM.roa
File:                     Xl_gQ2mvj-OK0hTC6bCHCz0omxM.roa (raw, json)
Hash identifier:          SHr41zUFbYFDH/gKZaJyVoUeJ0W7ObUs5WPRsQn9w0E=
Subject key identifier:   5E:5F:E0:43:69:AF:8F:E3:8A:D2:14:C2:E9:B0:87:0B:3D:28:9B:13
Certificate issuer:       /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial:       018CC7948AA2C761035807612976FC7B0A45
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/Xl_gQ2mvj-OK0hTC6bCHCz0omxM.roa
Signing time:             Tue 02 Jan 2024 00:30:49 +0000
ROA not before:           Tue 02 Jan 2024 00:30:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23470
IP address blocks:        45.88.186.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:8a:a2:c7:61:03:58:07:61:29:76:fc:7b:0a:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
        Validity
            Not Before: Jan  2 00:30:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5e5fe04369af8fe38ad214c2e9b0870b3d289b13
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:95:c1:af:d3:ce:6a:81:82:c5:00:0c:8a:48:
                    9e:33:28:ac:2d:fd:fb:1e:89:4a:8e:50:64:b5:e9:
                    7c:97:56:65:73:30:b7:f1:f5:ad:9b:94:f8:3a:0f:
                    da:0e:ba:b2:4d:06:85:5f:04:4b:e1:86:10:c6:48:
                    6b:66:8b:37:c9:8d:9f:5d:4b:43:7e:7d:ec:7f:fb:
                    07:de:67:2f:40:60:bb:f7:a0:4a:c4:06:ca:8a:f4:
                    d4:26:23:4f:03:6f:b1:0c:03:b9:0f:d0:66:b2:7d:
                    39:5e:6e:dd:22:7e:9a:ca:e8:46:bb:f1:02:8b:e3:
                    9e:3b:d2:60:4c:b2:da:72:83:9e:03:32:f1:e8:4d:
                    fc:c3:eb:3b:a4:92:5a:ae:9b:e9:05:8a:d5:de:9d:
                    ab:88:26:78:a1:ef:9c:e9:e3:4a:bb:2a:52:e8:c0:
                    15:fb:18:ac:28:06:72:bd:64:a1:a8:a7:57:4a:30:
                    31:15:e6:aa:e5:34:da:9c:55:4c:4b:a6:d0:a5:f8:
                    5e:fb:a8:a6:cd:cf:23:fc:3b:75:66:04:df:47:17:
                    ce:1d:65:ad:f1:c4:11:c8:90:50:fe:cb:47:ea:cc:
                    a3:83:17:e1:a1:3f:3d:69:f3:42:57:f7:7e:e2:93:
                    1f:85:2c:a7:e3:73:61:30:d8:de:c0:27:aa:13:07:
                    87:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:5F:E0:43:69:AF:8F:E3:8A:D2:14:C2:E9:B0:87:0B:3D:28:9B:13
            X509v3 Authority Key Identifier:
                keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/Xl_gQ2mvj-OK0hTC6bCHCz0omxM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:11:3a:1a:5e:0a:74:10:c5:1c:88:8a:cd:56:70:37:f4:31:
         9e:c8:40:11:b1:a5:c1:dd:ee:55:79:a7:81:7c:62:96:7d:a5:
         f4:b2:a4:ef:69:03:61:e6:97:2f:97:4a:67:c1:77:7f:71:88:
         4b:66:b2:49:fc:4b:2c:a6:dd:79:08:c0:5a:dc:62:1a:71:7f:
         bf:36:42:73:91:59:12:84:fd:29:f6:d3:f4:04:45:9a:d7:39:
         ce:bc:98:4b:e9:cb:c0:b3:29:9f:0a:d1:83:93:2d:d7:fd:62:
         ef:05:20:18:af:da:26:15:c6:c4:42:3e:96:ff:e5:b5:df:77:
         c0:e6:4a:a2:69:f2:df:1b:6e:52:65:7d:fc:3e:de:00:31:ef:
         67:df:18:11:2e:db:b6:e8:7b:2b:31:ba:5b:80:ad:13:6c:9a:
         1b:7d:8e:53:91:2c:cd:9c:ce:f5:14:31:98:4c:57:da:d8:36:
         f8:37:71:c0:2d:cd:3e:95:26:c2:c6:65:b4:83:b1:91:ba:c2:
         cf:b2:5c:27:ed:99:ca:b6:8f:0c:c8:e0:08:f9:5a:4c:ed:27:
         f6:47:1e:60:94:19:cc:0b:95:f8:b4:05:4d:d1:34:5e:b9:c9:
         be:d2:04:4c:f2:3d:e3:88:4e:95:24:bb:af:a9:2c:4a:b1:95:
         87:ea:d2:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlIqix2EDWAdhKXb8ewpFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjQwMTAyMDAzMDQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTVmZTA0MzY5YWY4ZmUzOGFkMjE0YzJlOWIwODcwYjNkMjg5YjEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArJXBr9POaoGCxQAMikieMyisLf37
HolKjlBktel8l1ZlczC38fWtm5T4Og/aDrqyTQaFXwRL4YYQxkhrZos3yY2fXUtD
fn3sf/sH3mcvQGC796BKxAbKivTUJiNPA2+xDAO5D9Bmsn05Xm7dIn6ayuhGu/EC
i+OeO9JgTLLacoOeAzLx6E38w+s7pJJarpvpBYrV3p2riCZ4oe+c6eNKuypS6MAV
+xisKAZyvWShqKdXSjAxFeaq5TTanFVMS6bQpfhe+6imzc8j/Dt1ZgTfRxfOHWWt
8cQRyJBQ/stH6syjgxfhoT89afNCV/d+4pMfhSyn43NhMNjewCeqEweHFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF5f4ENpr4/jitIUwumwhws9KJsTMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvWGxfZ1EybXZqLU9LMGhUQzZiQ0hDejBvbXhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVi6MA0G
CSqGSIb3DQEBCwUAA4IBAQCkEToaXgp0EMUciIrNVnA39DGeyEARsaXB3e5VeaeB
fGKWfaX0sqTvaQNh5pcvl0pnwXd/cYhLZrJJ/Esspt15CMBa3GIacX+/NkJzkVkS
hP0p9tP0BEWa1znOvJhL6cvAsymfCtGDky3X/WLvBSAYr9omFcbEQj6W/+W133fA
5kqiafLfG25SZX38Pt4AMe9n3xgRLtu26HsrMbpbgK0TbJobfY5TkSzNnM71FDGY
TFfa2Db4N3HALc0+lSbCxmW0g7GRusLPslwn7ZnKto8MyOAI+VpM7Sf2Rx5glBnM
C5X4tAVN0TReucm+0gRM8j3jiE6VJLuvqSxKsZWH6tI6
-----END CERTIFICATE-----