Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/_dpaFqw9-yaQAVuivu5DlKz1CM4.roa
File:                     _dpaFqw9-yaQAVuivu5DlKz1CM4.roa (raw, json)
Hash identifier:          3RvAFBE1jxxi9OWfRBqaGZ/QIs3xTqXP2A7qYLjosJE=
Subject key identifier:   FD:DA:5A:16:AC:3D:FB:26:90:01:5B:A2:BE:EE:43:94:AC:F5:08:CE
Certificate issuer:       /CN=f7cb14a41f8d9e628dae88f4752822fc77dfec02
Certificate serial:       018CC5DC6988414C57AB716AA2EFCEBA566C
Authority key identifier: F7:CB:14:A4:1F:8D:9E:62:8D:AE:88:F4:75:28:22:FC:77:DF:EC:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/_dpaFqw9-yaQAVuivu5DlKz1CM4.roa
Signing time:             Mon 01 Jan 2024 16:30:05 +0000
ROA not before:           Mon 01 Jan 2024 16:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208064
IP address blocks:        45.157.132.0/22 maxlen: 24
                          2a0f:4280::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 04:00:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:69:88:41:4c:57:ab:71:6a:a2:ef:ce:ba:56:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7cb14a41f8d9e628dae88f4752822fc77dfec02
        Validity
            Not Before: Jan  1 16:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fdda5a16ac3dfb2690015ba2beee4394acf508ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:f7:5d:8d:f1:55:56:05:c4:64:0c:1b:39:e4:
                    cf:8d:92:8b:03:7b:fd:11:c4:19:b7:6e:9e:27:ac:
                    d0:8f:0b:49:bc:ac:6d:00:e6:14:95:aa:b3:05:8a:
                    33:e7:ee:4d:f9:5a:0d:bb:6b:a5:15:5a:8a:85:70:
                    8c:d5:99:90:68:54:82:14:d9:6d:67:f1:97:f5:9d:
                    58:e9:97:9a:19:b8:62:76:7d:15:7b:b2:d2:87:51:
                    0a:5f:51:9f:ef:56:ab:82:6f:17:2c:1a:ed:8e:39:
                    d1:be:6a:ef:77:88:69:c1:b0:c1:d2:15:bb:0d:09:
                    bd:97:4d:8b:98:bd:97:52:20:d6:8c:fa:46:ac:86:
                    33:b5:48:f1:a4:65:d6:ec:fc:e6:74:df:9c:99:3a:
                    c6:d9:89:f5:e2:74:fe:7c:37:97:61:49:a9:bc:d7:
                    12:7e:ca:fa:c4:19:58:bd:bc:a5:f2:f6:03:ea:8a:
                    57:83:93:9a:cb:f0:1b:4d:fa:07:78:c7:95:34:3e:
                    e4:03:37:cc:71:e6:09:a3:3e:d0:36:f9:54:40:9f:
                    e0:5e:32:26:f7:db:3b:61:2a:0f:26:28:b1:dc:80:
                    14:f4:8b:e0:3a:f6:14:94:3c:55:99:65:35:cd:29:
                    40:e4:cf:83:03:9d:26:e7:09:e1:e1:fd:93:1a:6e:
                    aa:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:DA:5A:16:AC:3D:FB:26:90:01:5B:A2:BE:EE:43:94:AC:F5:08:CE
            X509v3 Authority Key Identifier:
                keyid:F7:CB:14:A4:1F:8D:9E:62:8D:AE:88:F4:75:28:22:FC:77:DF:EC:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/98sUpB-NnmKNroj0dSgi_Hff7AI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/_dpaFqw9-yaQAVuivu5DlKz1CM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/88/890311-48ee-486d-9359-e7ee4e75d3af/1/98sUpB-NnmKNroj0dSgi_Hff7AI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.132.0/22
                IPv6:
                  2a0f:4280::/29

    Signature Algorithm: sha256WithRSAEncryption
         2c:60:90:37:0a:0d:27:72:c2:f2:84:b2:71:25:93:97:93:d4:
         d0:71:3e:2a:c9:b5:f4:84:12:4a:1f:12:be:9b:b2:b5:d7:db:
         ba:6e:b7:cc:b9:b2:1a:5e:f9:e4:49:a7:d3:25:d0:e0:2c:61:
         60:5b:82:58:5e:f5:c9:a4:b7:9b:c7:df:81:c7:b6:47:d5:d9:
         4f:de:e8:26:d3:df:a1:c9:c5:bd:12:4b:8a:51:a5:1a:c1:eb:
         3b:29:30:e1:50:19:f3:fc:98:94:6f:c3:02:18:65:5b:89:1e:
         d0:fa:f4:83:f0:fd:8b:8c:8b:91:09:18:96:03:1a:34:42:fc:
         8d:52:7d:2f:68:da:8a:8b:00:12:e8:20:84:1e:09:b3:bc:58:
         27:0c:22:7e:cc:9c:15:a3:8b:68:c8:dd:b6:c2:8e:c0:6c:29:
         b5:ec:fb:b9:99:4c:fb:49:40:f1:b2:f3:4d:84:ef:c9:cd:dd:
         d2:2e:4c:00:84:b6:22:78:85:2e:5b:30:15:fb:d4:d9:a9:de:
         d3:5f:fa:00:df:86:ad:f1:72:32:1b:69:17:5a:a9:f4:73:4e:
         05:82:aa:ec:d7:04:ff:29:42:61:58:dd:ec:38:d9:b0:06:2d:
         36:65:97:4e:06:f1:21:d3:2d:e8:7c:d7:9c:cb:73:3d:10:35:
         2a:d4:8b:72
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzF3GmIQUxXq3Fqou/OulZsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3Y2IxNGE0MWY4ZDllNjI4ZGFlODhmNDc1MjgyMmZjNzdk
ZmVjMDIwHhcNMjQwMTAxMTYzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGRhNWExNmFjM2RmYjI2OTAwMTViYTJiZWVlNDM5NGFjZjUwOGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqvddjfFVVgXEZAwbOeTPjZKLA3v9
EcQZt26eJ6zQjwtJvKxtAOYUlaqzBYoz5+5N+VoNu2ulFVqKhXCM1ZmQaFSCFNlt
Z/GX9Z1Y6ZeaGbhidn0Ve7LSh1EKX1Gf71argm8XLBrtjjnRvmrvd4hpwbDB0hW7
DQm9l02LmL2XUiDWjPpGrIYztUjxpGXW7PzmdN+cmTrG2Yn14nT+fDeXYUmpvNcS
fsr6xBlYvbyl8vYD6opXg5Oay/AbTfoHeMeVND7kAzfMceYJoz7QNvlUQJ/gXjIm
99s7YSoPJiix3IAU9IvgOvYUlDxVmWU1zSlA5M+DA50m5wnh4f2TGm6qLQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFP3aWhasPfsmkAFbor7uQ5Ss9QjOMB8GA1UdIwQY
MBaAFPfLFKQfjZ5ija6I9HUoIvx33+wCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOThzVXBCLU5ubUtOcm9qMGRTZ2lfSGZmN0FJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OC84OTAzMTEtNDhlZS00ODZkLTkzNTkt
ZTdlZTRlNzVkM2FmLzEvX2RwYUZxdzkteWFRQVZ1aXZ1NURsS3oxQ000LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OC84OTAzMTEtNDhlZS00ODZkLTkzNTktZTdlZTRlNzVkM2Fm
LzEvOThzVXBCLU5ubUtOcm9qMGRTZ2lfSGZmN0FJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZ2EMA0E
AgACMAcDBQMqD0KAMA0GCSqGSIb3DQEBCwUAA4IBAQAsYJA3Cg0ncsLyhLJxJZOX
k9TQcT4qybX0hBJKHxK+m7K119u6brfMubIaXvnkSafTJdDgLGFgW4JYXvXJpLeb
x9+Bx7ZH1dlP3ugm09+hycW9EkuKUaUawes7KTDhUBnz/JiUb8MCGGVbiR7Q+vSD
8P2LjIuRCRiWAxo0QvyNUn0vaNqKiwAS6CCEHgmzvFgnDCJ+zJwVo4toyN22wo7A
bCm17Pu5mUz7SUDxsvNNhO/Jzd3SLkwAhLYieIUuWzAV+9TZqd7TX/oA34at8XIy
G2kXWqn0c04Fgqrs1wT/KUJhWN3sONmwBi02ZZdOBvEh0y3ofNecy3M9EDUq1Ity
-----END CERTIFICATE-----