Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/zhA79qWaLxO5M4tdovQumClxjfQ.roa
File:                     zhA79qWaLxO5M4tdovQumClxjfQ.roa (raw, json)
Hash identifier:          SYwyNn3jfCc+9/0abtGhFEOF5EF2ffK+syXBjLNXI48=
Subject key identifier:   CE:10:3B:F6:A5:9A:2F:13:B9:33:8B:5D:A2:F4:2E:98:29:71:8D:F4
Certificate issuer:       /CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
Certificate serial:       018CC26CFF7BE1233D1FC26709A45F80E68C
Authority key identifier: F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/zhA79qWaLxO5M4tdovQumClxjfQ.roa
Signing time:             Mon 01 Jan 2024 00:29:32 +0000
ROA not before:           Mon 01 Jan 2024 00:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        45.251.60.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 04:37:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:ff:7b:e1:23:3d:1f:c2:67:09:a4:5f:80:e6:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f5fb32d2266b1f9bce57cac98bc0247f2c9197f2
        Validity
            Not Before: Jan  1 00:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ce103bf6a59a2f13b9338b5da2f42e9829718df4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:fc:79:68:82:85:c8:2e:71:09:9f:b9:cb:7d:
                    29:fb:9f:e3:6d:ee:d5:96:13:a5:4d:f9:3e:32:25:
                    f4:36:cf:c5:c5:02:91:c2:9a:24:c3:64:7b:6c:e9:
                    b6:86:e3:e8:83:53:0b:1d:da:76:43:2a:13:f5:59:
                    6f:c6:06:e5:fe:37:c0:c4:db:24:48:cf:09:2f:e9:
                    70:e7:48:a1:17:ab:ce:57:5f:2e:dd:2f:c7:04:df:
                    b0:de:23:0b:2b:ef:0b:20:cb:c5:38:95:ff:f6:47:
                    d6:2f:5d:d3:8a:44:cf:e6:89:97:7c:d4:84:4d:a4:
                    a2:5f:35:b9:f0:c5:48:d5:4a:08:e6:2b:2c:77:a3:
                    a2:49:e6:15:54:48:bd:6b:f2:04:00:fe:5c:87:98:
                    b5:16:25:7a:38:e0:f1:33:4b:69:85:23:6d:0c:2d:
                    77:1e:8b:09:b2:48:e0:59:d4:4f:d5:fd:f0:ae:9a:
                    93:8a:0a:00:7a:f1:db:5e:0b:54:f0:88:82:f4:1b:
                    6c:9e:52:71:ce:ef:8c:83:44:a5:b4:b0:ed:11:d8:
                    b7:c0:33:33:1a:be:6a:56:a3:5d:39:52:82:b5:c5:
                    d2:7f:c7:ed:e1:e9:89:89:4a:05:d9:5f:70:d4:aa:
                    d9:de:99:57:e8:16:03:36:31:22:be:4e:78:ed:8b:
                    1b:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:10:3B:F6:A5:9A:2F:13:B9:33:8B:5D:A2:F4:2E:98:29:71:8D:F4
            X509v3 Authority Key Identifier:
                keyid:F5:FB:32:D2:26:6B:1F:9B:CE:57:CA:C9:8B:C0:24:7F:2C:91:97:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9fsy0iZrH5vOV8rJi8AkfyyRl_I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/zhA79qWaLxO5M4tdovQumClxjfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/fb42ec-10b4-4dcf-bef0-2d143d7b853c/1/9fsy0iZrH5vOV8rJi8AkfyyRl_I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.251.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         e7:c6:d9:99:8b:a1:83:2a:e4:94:0e:17:c8:4c:5a:2d:c8:46:
         b7:9d:ca:a2:29:72:13:68:4e:d1:ba:8a:01:a7:f6:ab:8c:cc:
         b6:15:6b:a4:53:6f:be:69:09:93:0b:eb:ad:87:da:1a:8f:d8:
         19:b3:18:22:31:c3:45:8c:57:c5:89:37:52:0d:8f:76:e4:60:
         d6:7a:6d:8e:a6:2f:57:c5:1f:af:b0:32:b5:ce:ba:82:98:8b:
         b6:69:76:1c:a8:74:c3:c9:7e:aa:f9:0d:e7:ec:58:8e:7b:d1:
         86:3b:94:c5:8c:13:42:8c:2e:2b:33:6f:e7:f0:4b:d5:c7:26:
         4c:ee:e8:c9:bc:a1:f1:a7:27:15:e8:37:90:30:32:80:12:21:
         31:42:3d:8c:68:7b:8d:e6:13:89:fd:85:3b:7e:f0:83:b6:0b:
         1d:d0:93:41:7c:44:18:92:f0:4b:e7:22:ee:e4:06:c9:e9:3e:
         dc:87:da:80:2b:22:50:a1:5f:65:5e:df:da:f1:4b:4c:6e:a5:
         5b:fb:8f:5a:d5:58:04:09:c1:7d:fa:ba:2e:22:08:ac:c1:b3:
         82:8c:0b:17:30:68:2c:5a:39:d9:c4:53:4a:8f:f3:66:c5:f7:
         9d:26:bd:ba:64:0c:55:c7:40:92:14:f6:6e:cf:70:9c:df:c1:
         1b:a3:e7:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbP974SM9H8JnCaRfgOaMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY1ZmIzMmQyMjY2YjFmOWJjZTU3Y2FjOThiYzAyNDdmMmM5
MTk3ZjIwHhcNMjQwMTAxMDAyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTEwM2JmNmE1OWEyZjEzYjkzMzhiNWRhMmY0MmU5ODI5NzE4ZGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPx5aIKFyC5xCZ+5y30p+5/jbe7V
lhOlTfk+MiX0Ns/FxQKRwpokw2R7bOm2huPog1MLHdp2QyoT9Vlvxgbl/jfAxNsk
SM8JL+lw50ihF6vOV18u3S/HBN+w3iMLK+8LIMvFOJX/9kfWL13TikTP5omXfNSE
TaSiXzW58MVI1UoI5issd6OiSeYVVEi9a/IEAP5ch5i1FiV6OODxM0tphSNtDC13
HosJskjgWdRP1f3wrpqTigoAevHbXgtU8IiC9BtsnlJxzu+Mg0SltLDtEdi3wDMz
Gr5qVqNdOVKCtcXSf8ft4emJiUoF2V9w1KrZ3plX6BYDNjEivk547YsbaQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM4QO/almi8TuTOLXaL0LpgpcY30MB8GA1UdIwQY
MBaAFPX7MtImax+bzlfKyYvAJH8skZfyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAt
MmQxNDNkN2I4NTNjLzEvemhBNzlxV2FMeE81TTR0ZG92UXVtQ2x4amZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC9mYjQyZWMtMTBiNC00ZGNmLWJlZjAtMmQxNDNkN2I4NTNj
LzEvOWZzeTBpWnJINXZPVjhySmk4QWtmeXlSbF9JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLfs8MA0G
CSqGSIb3DQEBCwUAA4IBAQDnxtmZi6GDKuSUDhfITFotyEa3ncqiKXITaE7RuooB
p/arjMy2FWukU2++aQmTC+uth9oaj9gZsxgiMcNFjFfFiTdSDY925GDWem2Opi9X
xR+vsDK1zrqCmIu2aXYcqHTDyX6q+Q3n7FiOe9GGO5TFjBNCjC4rM2/n8EvVxyZM
7ujJvKHxpycV6DeQMDKAEiExQj2MaHuN5hOJ/YU7fvCDtgsd0JNBfEQYkvBL5yLu
5AbJ6T7ch9qAKyJQoV9lXt/a8UtMbqVb+49a1VgECcF9+rouIgiswbOCjAsXMGgs
WjnZxFNKj/NmxfedJr26ZAxVx0CSFPZuz3Cc38Ebo+eL
-----END CERTIFICATE-----