Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/8_DpQr3yiPMpeJKSrxYNXItJAQo.roa
File:                     8_DpQr3yiPMpeJKSrxYNXItJAQo.roa (raw, json)
Hash identifier:          kst4BMjyVRU59WGuf3R074SXLR2bAAt6Pnw4Kt2cdck=
Subject key identifier:   F3:F0:E9:42:BD:F2:88:F3:29:78:92:92:AF:16:0D:5C:8B:49:01:0A
Certificate issuer:       /CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
Certificate serial:       018CD2851CB12C85B2FDD6F14D63345473FD
Authority key identifier: 81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/8_DpQr3yiPMpeJKSrxYNXItJAQo.roa
Signing time:             Thu 04 Jan 2024 03:29:48 +0000
ROA not before:           Thu 04 Jan 2024 03:29:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61317
IP address blocks:        45.92.28.0/24 maxlen: 24
                          45.92.28.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 04:03:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:d2:85:1c:b1:2c:85:b2:fd:d6:f1:4d:63:34:54:73:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
        Validity
            Not Before: Jan  4 03:29:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3f0e942bdf288f329789292af160d5c8b49010a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:49:d3:6b:0b:be:6b:99:5c:b3:52:a9:c8:06:
                    12:5b:d1:a1:fc:37:bf:3c:8e:8a:71:05:bc:c8:5e:
                    6f:8c:72:2f:6c:26:0d:78:1b:bd:91:fc:5a:00:95:
                    e6:76:30:fc:ba:92:75:52:9c:a4:8b:00:1c:47:28:
                    78:11:bc:b7:6a:73:12:e2:bd:a4:c9:f0:d5:18:79:
                    85:ce:6a:0b:7d:47:88:01:5c:2e:ea:51:7d:5d:00:
                    54:11:9f:3d:29:89:8c:f9:cf:06:bb:c2:65:db:33:
                    c8:a9:3b:60:4b:36:84:4d:6d:98:66:3e:96:77:a8:
                    cd:58:8d:3a:5d:cf:37:e8:34:a7:ee:c0:d3:d2:8f:
                    d1:c5:ec:12:d1:88:c6:63:cc:0d:78:fd:c9:0f:dd:
                    d4:6d:57:58:c1:cc:aa:aa:b7:32:46:1d:44:a1:56:
                    24:e6:24:80:20:5d:e5:d6:f1:9c:ba:6d:14:42:2c:
                    64:02:41:6e:3c:25:dc:87:07:9a:d1:75:d6:5c:ff:
                    d4:c2:5a:71:56:52:54:32:35:67:ba:b0:3f:3c:f3:
                    bf:91:ff:c5:c3:bd:ec:79:ea:12:6e:2e:20:77:f1:
                    a4:7c:04:65:9f:5b:13:0b:d3:45:9e:6b:c4:53:93:
                    95:0a:7f:01:1d:b8:2a:74:49:ac:d8:f9:8b:99:14:
                    64:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:F0:E9:42:BD:F2:88:F3:29:78:92:92:AF:16:0D:5C:8B:49:01:0A
            X509v3 Authority Key Identifier:
                keyid:81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/8_DpQr3yiPMpeJKSrxYNXItJAQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:e1:5e:e2:4a:d9:98:bc:39:2f:4c:5b:d0:30:84:dc:40:7b:
         fc:e1:cb:3f:be:f7:b7:73:22:7b:9d:98:30:67:28:a9:b7:01:
         c1:93:63:08:56:da:d1:14:71:16:51:e9:2f:8b:3d:d7:40:14:
         c2:ce:df:b5:81:d9:bb:97:37:ee:a6:b0:04:a3:ba:1a:6e:30:
         c1:3a:18:79:22:fe:ce:66:b7:2f:8e:32:bb:1c:13:79:42:1b:
         4b:b3:48:83:76:fd:40:18:2a:e5:f8:e7:95:fa:43:21:39:3b:
         6d:f0:67:10:d8:1b:fd:9d:70:96:07:bc:bb:05:94:28:b4:49:
         4e:79:81:a2:b5:76:0a:04:f3:87:8f:c4:92:87:91:34:10:c5:
         a5:bd:81:56:ec:7b:bf:b9:64:75:19:45:2b:72:20:ae:3b:3e:
         57:34:11:89:85:01:db:47:48:4c:98:c7:29:45:b8:35:97:95:
         a2:d4:21:f5:1c:4e:d9:dd:75:da:7c:54:87:b1:92:ac:df:0b:
         eb:69:a1:ca:78:f2:38:11:3a:35:70:ae:98:2b:13:db:ec:bd:
         c2:9c:73:22:e9:87:f6:43:d8:19:1c:5f:5b:48:af:97:98:47:
         12:fa:c3:f8:27:c1:50:c5:5a:46:58:6d:57:b2:8e:c7:29:f3:
         cd:fd:9e:08
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzShRyxLIWy/dbxTWM0VHP9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYzhiNzNhYjdiZGViNzZmZjQ4YjJjYTA5OTYxNmVkYmU3
MWM0MjYwHhcNMjQwMTA0MDMyOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2YwZTk0MmJkZjI4OGYzMjk3ODkyOTJhZjE2MGQ1YzhiNDkwMTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsknTawu+a5lcs1KpyAYSW9Gh/De/
PI6KcQW8yF5vjHIvbCYNeBu9kfxaAJXmdjD8upJ1UpykiwAcRyh4Eby3anMS4r2k
yfDVGHmFzmoLfUeIAVwu6lF9XQBUEZ89KYmM+c8Gu8Jl2zPIqTtgSzaETW2YZj6W
d6jNWI06Xc836DSn7sDT0o/RxewS0YjGY8wNeP3JD93UbVdYwcyqqrcyRh1EoVYk
5iSAIF3l1vGcum0UQixkAkFuPCXchwea0XXWXP/UwlpxVlJUMjVnurA/PPO/kf/F
w73seeoSbi4gd/GkfARln1sTC9NFnmvEU5OVCn8BHbgqdEms2PmLmRRkZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPPw6UK98ojzKXiSkq8WDVyLSQEKMB8GA1UdIwQY
MBaAFIHItzq3vet2/0iyygmWFu2+ccQmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUt
ZDg0ODhiM2FiNDJmLzEvOF9EcFFyM3lpUE1wZUpLU3J4WU5YSXRKQVFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUtZDg0ODhiM2FiNDJm
LzEvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVwcMA0G
CSqGSIb3DQEBCwUAA4IBAQBP4V7iStmYvDkvTFvQMITcQHv84cs/vve3cyJ7nZgw
ZyiptwHBk2MIVtrRFHEWUekviz3XQBTCzt+1gdm7lzfuprAEo7oabjDBOhh5Iv7O
ZrcvjjK7HBN5QhtLs0iDdv1AGCrl+OeV+kMhOTtt8GcQ2Bv9nXCWB7y7BZQotElO
eYGitXYKBPOHj8SSh5E0EMWlvYFW7Hu/uWR1GUUrciCuOz5XNBGJhQHbR0hMmMcp
Rbg1l5Wi1CH1HE7Z3XXafFSHsZKs3wvraaHKePI4ETo1cK6YKxPb7L3CnHMi6Yf2
Q9gZHF9bSK+XmEcS+sP4J8FQxVpGWG1Xso7HKfPN/Z4I
-----END CERTIFICATE-----