Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/b2vELwvmKmApLOtZpqJHTNkoUCM.roa
File:                     b2vELwvmKmApLOtZpqJHTNkoUCM.roa (raw, json)
Hash identifier:          D6hCYXiUwhHKRlTUvJQQ616woHbo23YUoa8Nr86vU2Y=
Subject key identifier:   6F:6B:C4:2F:0B:E6:2A:60:29:2C:EB:59:A6:A2:47:4C:D9:28:50:23
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018CC86FB14670F7586F222981AFFB042476
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/b2vELwvmKmApLOtZpqJHTNkoUCM.roa
Signing time:             Tue 02 Jan 2024 04:30:12 +0000
ROA not before:           Tue 02 Jan 2024 04:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200223
IP address blocks:        45.131.60.0/24 maxlen: 24
                          2a07:e345:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 03:00:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b1:46:70:f7:58:6f:22:29:81:af:fb:04:24:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 04:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6f6bc42f0be62a60292ceb59a6a2474cd9285023
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:77:2a:31:e9:e6:a5:54:63:8a:9d:6e:6d:6b:
                    0b:c6:43:58:30:1b:18:4d:95:57:ab:2c:e3:8b:24:
                    00:57:26:79:91:67:93:e4:b3:20:98:50:f3:fa:8b:
                    8a:ac:6d:0b:a8:d0:74:c1:3d:96:57:62:ff:4d:20:
                    62:b4:43:8f:c1:a4:4b:68:7c:35:0d:1a:d2:bc:be:
                    eb:66:58:33:d5:16:59:58:e9:d6:27:01:3b:70:83:
                    46:cd:91:41:b6:07:06:78:41:f8:1f:1c:64:83:7c:
                    d9:8b:75:7f:ae:61:b4:04:05:94:7f:a6:ae:bb:1d:
                    1d:96:28:78:fd:38:b3:18:52:9b:e1:7f:f0:80:d4:
                    62:15:42:2a:38:67:68:6b:8c:16:8b:cb:f6:2e:28:
                    04:99:8d:51:bb:93:36:05:e4:c9:56:b5:6e:0d:98:
                    c5:f2:f9:f4:1a:0f:f7:77:9d:90:b5:3f:49:af:b5:
                    66:f0:54:83:00:45:ad:bb:32:c4:fe:4e:ec:a8:6c:
                    83:0c:62:ad:e1:3e:9c:b3:23:bb:e9:2d:fa:7b:b4:
                    52:84:2f:bf:22:3f:2c:25:14:3b:80:96:ce:60:fb:
                    a8:ac:20:f3:01:f5:e2:ce:e8:6f:ca:c7:b0:ac:f1:
                    77:ed:7c:76:9d:1f:b2:15:b2:88:23:ac:0c:e8:ec:
                    1b:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:6B:C4:2F:0B:E6:2A:60:29:2C:EB:59:A6:A2:47:4C:D9:28:50:23
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/b2vELwvmKmApLOtZpqJHTNkoUCM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.60.0/24
                IPv6:
                  2a07:e345:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         06:92:01:56:bc:12:9c:ec:22:4b:eb:c9:f0:fc:19:dd:57:86:
         28:01:48:2b:cb:1f:0b:76:11:b1:e7:20:e5:e3:10:0c:4c:af:
         14:46:93:ce:40:b5:45:ba:5d:15:c8:e8:6a:b2:92:7d:bd:36:
         4e:e7:64:96:fa:52:93:1a:d1:e7:0b:7d:01:11:d2:c4:62:0e:
         6a:8c:7d:57:79:52:02:57:04:1f:4c:fc:1b:83:71:61:73:69:
         ed:62:0e:33:92:b5:70:47:37:fb:df:94:50:16:a9:fb:c0:18:
         cf:0b:72:98:e5:10:df:8b:a0:93:a3:bf:39:34:5f:3f:ce:85:
         b5:fe:76:7f:3a:53:e5:dd:87:dc:e2:67:95:c8:0c:2b:1a:bf:
         29:11:6a:28:b4:1e:bd:f2:57:9b:e0:1b:70:3b:3c:8d:8b:42:
         61:93:a1:9a:a5:3e:d8:62:f4:3f:71:3f:9c:9c:db:d8:5d:7a:
         1c:69:23:a3:ae:06:3a:5f:f9:ee:b1:80:d5:58:ba:df:ca:94:
         75:fd:05:c4:d1:b4:30:96:0c:3c:7f:8b:ba:f7:85:27:fb:59:
         10:67:ba:0c:b7:1a:be:20:62:b4:90:e3:44:7d:78:fe:ff:8c:
         77:a3:7f:3f:7c:50:72:e8:80:67:94:b2:7f:91:de:57:16:2c:
         78:3c:d7:3c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIb7FGcPdYbyIpga/7BCR2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwMTAyMDQzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZjZiYzQyZjBiZTYyYTYwMjkyY2ViNTlhNmEyNDc0Y2Q5Mjg1MDIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsXcqMenmpVRjip1ubWsLxkNYMBsY
TZVXqyzjiyQAVyZ5kWeT5LMgmFDz+ouKrG0LqNB0wT2WV2L/TSBitEOPwaRLaHw1
DRrSvL7rZlgz1RZZWOnWJwE7cINGzZFBtgcGeEH4Hxxkg3zZi3V/rmG0BAWUf6au
ux0dlih4/TizGFKb4X/wgNRiFUIqOGdoa4wWi8v2LigEmY1Ru5M2BeTJVrVuDZjF
8vn0Gg/3d52QtT9Jr7Vm8FSDAEWtuzLE/k7sqGyDDGKt4T6csyO76S36e7RShC+/
Ij8sJRQ7gJbOYPuorCDzAfXizuhvysewrPF37Xx2nR+yFbKII6wM6OwbQwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFG9rxC8L5ipgKSzrWaaiR0zZKFAjMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvYjJ2RUx3dm1LbUFwTE90WnBxSkhUTmtvVUNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALYM8MA8E
AgACMAkDBwAqB+NFAAIwDQYJKoZIhvcNAQELBQADggEBAAaSAVa8EpzsIkvryfD8
Gd1XhigBSCvLHwt2EbHnIOXjEAxMrxRGk85AtUW6XRXI6Gqykn29Nk7nZJb6UpMa
0ecLfQER0sRiDmqMfVd5UgJXBB9M/BuDcWFzae1iDjOStXBHN/vflFAWqfvAGM8L
cpjlEN+LoJOjvzk0Xz/OhbX+dn86U+Xdh9ziZ5XIDCsavykRaii0Hr3yV5vgG3A7
PI2LQmGToZqlPthi9D9xP5yc29hdehxpI6OuBjpf+e6xgNVYut/KlHX9BcTRtDCW
DDx/i7r3hSf7WRBnugy3Gr4gYrSQ40R9eP7/jHejfz98UHLogGeUsn+R3lcWLHg8
1zw=
-----END CERTIFICATE-----