Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/AcNXer91FXN0TtcfCsNTRGHvUDY.roa
File:                     AcNXer91FXN0TtcfCsNTRGHvUDY.roa (raw, json)
Hash identifier:          +/8DGDY+51YSyAFCvrj1T0dk3oMgfvzypTVpB985UdA=
Subject key identifier:   01:C3:57:7A:BF:75:15:73:74:4E:D7:1F:0A:C3:53:44:61:EF:50:36
Certificate issuer:       /CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Certificate serial:       018CCA2A3DC92B25F3F7ED5B5A2C73E1E5D3
Authority key identifier: 46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/AcNXer91FXN0TtcfCsNTRGHvUDY.roa
Signing time:             Tue 02 Jan 2024 12:33:35 +0000
ROA not before:           Tue 02 Jan 2024 12:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210512
IP address blocks:        45.91.65.0/24 maxlen: 24
                          194.187.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:3d:c9:2b:25:f3:f7:ed:5b:5a:2c:73:e1:e5:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=465eba5c1a80f86a4589278edd9304b3f5169f83
        Validity
            Not Before: Jan  2 12:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=01c3577abf751573744ed71f0ac3534461ef5036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d3:cb:5b:5e:fc:cd:74:12:ec:bd:a1:f0:e5:
                    c6:d1:5b:e5:50:77:d5:5e:46:5d:53:16:fa:87:e8:
                    35:6e:38:c8:9f:59:54:78:b3:87:19:ac:2d:5d:50:
                    c5:d7:12:51:e2:f5:8b:90:aa:1a:94:5c:72:a1:a8:
                    ba:4d:33:f2:50:49:a0:43:98:0f:06:08:84:80:7b:
                    21:39:38:17:2c:a2:08:74:2f:27:c8:78:67:7a:ea:
                    f8:01:f6:91:4b:26:70:4f:16:51:35:6c:ea:d5:0f:
                    2a:40:52:b1:e2:74:45:ac:84:4b:d2:0c:81:04:89:
                    9d:fc:6d:ce:a5:a2:b0:c2:83:63:88:22:b1:2a:b5:
                    ee:1d:ab:55:10:eb:17:a7:37:f4:c4:a7:85:4a:3b:
                    0a:41:04:cf:60:0a:fc:95:0e:5b:ad:5e:6b:2d:26:
                    bc:8a:40:1e:af:3e:ac:aa:72:da:a1:c5:6f:9e:73:
                    0d:5a:6a:b7:a1:03:0a:34:49:fe:2a:f6:de:79:75:
                    d2:e0:11:26:bd:23:37:5a:6d:04:44:c2:78:0e:d8:
                    00:5b:14:b4:1b:32:77:2f:4b:18:ce:d2:82:d7:d7:
                    7d:fa:bd:55:a1:05:e8:9c:6e:5e:44:68:53:e8:c5:
                    96:b4:3a:29:64:6e:b7:d4:16:98:2f:66:92:75:d8:
                    ec:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:C3:57:7A:BF:75:15:73:74:4E:D7:1F:0A:C3:53:44:61:EF:50:36
            X509v3 Authority Key Identifier:
                keyid:46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/AcNXer91FXN0TtcfCsNTRGHvUDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.65.0/24
                  194.187.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a9:9f:9b:68:c8:e4:7e:ee:fd:75:35:12:f1:07:08:c0:3d:3b:
         b5:92:43:28:54:22:21:f3:3e:c1:d9:4d:36:1d:ff:91:1e:27:
         bb:41:a8:97:46:78:8e:0d:85:d6:bc:53:18:e8:51:5a:f0:ad:
         81:77:89:f2:2f:e0:be:47:a3:79:fc:15:da:8b:53:52:f6:44:
         88:a8:ee:cd:9f:14:75:20:af:e9:e2:07:c9:25:19:bb:5a:ad:
         6b:e3:5d:5a:4d:c2:4c:78:6d:81:37:a9:4e:fc:96:5b:f8:dc:
         4e:92:12:90:47:d2:03:8f:12:8f:51:58:15:43:1e:bc:0a:77:
         92:aa:7b:26:4a:5f:35:da:7c:ca:b4:44:41:dc:ac:5b:9d:bf:
         40:1d:2a:6f:dd:d4:19:96:e9:97:a0:e8:3c:c2:13:6f:04:6b:
         0b:fe:b2:3f:3a:62:bf:b3:c2:5b:56:e4:59:06:c1:0a:74:df:
         21:42:4f:f2:e6:3f:4b:32:3f:f3:ca:3b:f5:70:0d:4b:03:dd:
         17:3c:ed:d3:c2:20:77:72:01:7a:65:33:bc:40:bd:c1:4d:17:
         5c:a8:3d:ed:ac:e6:e8:a9:cc:eb:db:ff:c6:cf:33:7c:bb:c3:
         60:98:b7:b6:ce:bc:03:68:0b:90:2a:5f:59:e6:08:83:83:25:
         ce:f0:6e:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzKKj3JKyXz9+1bWixz4eXTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWViYTVjMWE4MGY4NmE0NTg5Mjc4ZWRkOTMwNGIzZjUx
NjlmODMwHhcNMjQwMTAyMTIzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWMzNTc3YWJmNzUxNTczNzQ0ZWQ3MWYwYWMzNTM0NDYxZWY1MDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstPLW178zXQS7L2h8OXG0VvlUHfV
XkZdUxb6h+g1bjjIn1lUeLOHGawtXVDF1xJR4vWLkKoalFxyoai6TTPyUEmgQ5gP
BgiEgHshOTgXLKIIdC8nyHhneur4AfaRSyZwTxZRNWzq1Q8qQFKx4nRFrIRL0gyB
BImd/G3OpaKwwoNjiCKxKrXuHatVEOsXpzf0xKeFSjsKQQTPYAr8lQ5brV5rLSa8
ikAerz6sqnLaocVvnnMNWmq3oQMKNEn+KvbeeXXS4BEmvSM3Wm0ERMJ4DtgAWxS0
GzJ3L0sYztKC19d9+r1VoQXonG5eRGhT6MWWtDopZG631BaYL2aSddjsOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAHDV3q/dRVzdE7XHwrDU0Rh71A2MB8GA1UdIwQY
MBaAFEZeulwagPhqRYknjt2TBLP1Fp+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQt
NWM0NzZlMzMyNWY1LzEvQWNOWGVyOTFGWE4wVHRjZkNzTlRSR0h2VURZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQtNWM0NzZlMzMyNWY1
LzEvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVtBAwQA
wrt4MA0GCSqGSIb3DQEBCwUAA4IBAQCpn5toyOR+7v11NRLxBwjAPTu1kkMoVCIh
8z7B2U02Hf+RHie7QaiXRniODYXWvFMY6FFa8K2Bd4nyL+C+R6N5/BXai1NS9kSI
qO7NnxR1IK/p4gfJJRm7Wq1r411aTcJMeG2BN6lO/JZb+NxOkhKQR9IDjxKPUVgV
Qx68CneSqnsmSl812nzKtERB3Kxbnb9AHSpv3dQZlumXoOg8whNvBGsL/rI/OmK/
s8JbVuRZBsEKdN8hQk/y5j9LMj/zyjv1cA1LA90XPO3TwiB3cgF6ZTO8QL3BTRdc
qD3trOboqczr2//GzzN8u8NgmLe2zrwDaAuQKl9Z5giDgyXO8G7e
-----END CERTIFICATE-----