Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/du0codsi_ShHixPyDEs7mT3LHiE.roa
File:                     du0codsi_ShHixPyDEs7mT3LHiE.roa (raw, json)
Hash identifier:          ZSa9EZo4d03OCHpRgd+JWmIvrcPzpE4mCu6dIC75odQ=
Subject key identifier:   76:ED:1C:A1:DB:22:FD:28:47:8B:13:F2:0C:4B:3B:99:3D:CB:1E:21
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018F9558EEB9EB5EABF67AD0DD39B8578C3F
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/du0codsi_ShHixPyDEs7mT3LHiE.roa
Signing time:             Mon 20 May 2024 09:33:04 +0000
ROA not before:           Mon 20 May 2024 09:33:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199631
IP address blocks:        45.155.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 01 Jul 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:95:58:ee:b9:eb:5e:ab:f6:7a:d0:dd:39:b8:57:8c:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: May 20 09:33:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=76ed1ca1db22fd28478b13f20c4b3b993dcb1e21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:0e:cf:9c:f6:3e:28:8f:04:75:4c:0a:f3:9f:
                    98:8f:d3:2e:c5:d5:e7:48:31:35:32:84:d8:0a:24:
                    43:02:d0:5f:18:45:ce:cb:6f:11:72:29:69:f9:70:
                    cc:d0:88:d8:5c:2c:93:13:e3:3e:92:f0:49:e3:3c:
                    c8:8f:1c:98:e0:df:c9:e9:fe:44:dc:4c:be:7d:ab:
                    6d:1d:3f:da:6f:9f:1c:9d:df:d4:25:be:26:38:e2:
                    09:ac:ed:c3:13:08:cb:70:cc:dd:53:cf:9b:9a:06:
                    e7:5f:5a:b1:9c:9d:45:e3:b9:01:91:1e:e4:bd:06:
                    20:f9:67:ab:67:00:13:5d:54:6d:bf:43:9d:a0:28:
                    5f:38:17:0f:da:15:c2:64:78:0e:8b:d9:31:24:c0:
                    1b:a9:14:02:c8:4a:4f:89:e3:a5:5f:92:43:98:a3:
                    83:52:d2:22:1d:f8:02:18:42:50:b4:ba:fa:4b:be:
                    e9:c6:15:1a:74:1e:42:25:39:cd:31:6e:46:64:e2:
                    00:74:86:7a:a3:94:e3:e7:f9:b1:1c:86:7e:83:20:
                    60:b6:6e:4a:95:8e:30:91:37:24:61:91:d5:e3:0e:
                    f6:95:e7:42:38:60:42:41:af:13:ac:db:9f:12:60:
                    c2:a5:85:50:55:61:b8:82:21:66:a9:87:63:b8:d1:
                    aa:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:ED:1C:A1:DB:22:FD:28:47:8B:13:F2:0C:4B:3B:99:3D:CB:1E:21
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/du0codsi_ShHixPyDEs7mT3LHiE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:ac:27:76:f3:ed:cc:34:02:cf:07:78:ad:d7:63:7c:ea:42:
         fc:93:76:1f:5e:83:92:8a:e1:03:c5:fe:43:d6:73:78:83:41:
         0a:4a:66:d3:2c:c5:8f:98:21:b7:e0:42:fa:26:6f:a9:14:f3:
         c1:98:72:30:42:40:a2:9b:c0:fd:25:71:2c:64:ec:53:21:de:
         e3:03:88:4a:41:b8:3e:45:f6:4a:24:63:9c:3e:ab:59:94:29:
         ba:f9:e8:24:12:27:a9:4e:35:11:de:5c:5f:e2:c5:56:70:21:
         74:e9:a2:31:91:d2:5b:bf:76:78:5b:f9:e7:a0:1e:97:e1:bf:
         6b:a2:99:48:f6:f1:b6:c1:b9:71:c6:b4:2f:59:46:a1:47:6b:
         f4:bb:44:1b:71:6c:82:f9:38:e4:07:66:e7:1f:bc:c4:33:4f:
         5d:ff:40:1a:39:7b:53:5e:4f:91:90:1c:96:49:6e:cd:e1:3d:
         af:ba:12:cd:37:18:76:8c:0c:75:d0:1f:02:e5:96:40:81:fd:
         c8:3f:9b:66:b7:3a:88:cb:1e:2b:eb:95:63:bb:c8:5f:0d:ac:
         7f:2a:93:c8:03:3c:10:2f:93:c1:c5:42:a0:10:89:df:0b:2f:
         b9:f3:6a:80:18:cc:f1:c3:36:1f:f9:f6:37:da:2c:85:99:22:
         27:56:5c:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY+VWO65616r9nrQ3Tm4V4w/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwNTIwMDkzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmVkMWNhMWRiMjJmZDI4NDc4YjEzZjIwYzRiM2I5OTNkY2IxZTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmw7PnPY+KI8EdUwK85+Yj9MuxdXn
SDE1MoTYCiRDAtBfGEXOy28Rcilp+XDM0IjYXCyTE+M+kvBJ4zzIjxyY4N/J6f5E
3Ey+fattHT/ab58cnd/UJb4mOOIJrO3DEwjLcMzdU8+bmgbnX1qxnJ1F47kBkR7k
vQYg+WerZwATXVRtv0OdoChfOBcP2hXCZHgOi9kxJMAbqRQCyEpPieOlX5JDmKOD
UtIiHfgCGEJQtLr6S77pxhUadB5CJTnNMW5GZOIAdIZ6o5Tj5/mxHIZ+gyBgtm5K
lY4wkTckYZHV4w72ledCOGBCQa8TrNufEmDCpYVQVWG4giFmqYdjuNGqxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHbtHKHbIv0oR4sT8gxLO5k9yx4hMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvZHUwY29kc2lfU2hIaXhQeURFczdtVDNMSGlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZt7MA0G
CSqGSIb3DQEBCwUAA4IBAQCFrCd28+3MNALPB3it12N86kL8k3YfXoOSiuEDxf5D
1nN4g0EKSmbTLMWPmCG34EL6Jm+pFPPBmHIwQkCim8D9JXEsZOxTId7jA4hKQbg+
RfZKJGOcPqtZlCm6+egkEiepTjUR3lxf4sVWcCF06aIxkdJbv3Z4W/nnoB6X4b9r
oplI9vG2wblxxrQvWUahR2v0u0QbcWyC+TjkB2bnH7zEM09d/0AaOXtTXk+RkByW
SW7N4T2vuhLNNxh2jAx10B8C5ZZAgf3IP5tmtzqIyx4r65Vju8hfDax/KpPIAzwQ
L5PBxUKgEInfCy+582qAGMzxwzYf+fY32iyFmSInVlyj
-----END CERTIFICATE-----