Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/CkCnri3lSaXXbadmcG-6wRv2-PE.roa
File:                     CkCnri3lSaXXbadmcG-6wRv2-PE.roa (raw, json)
Hash identifier:          7JGNKfdPWixf3M5Eqp3bIEevZSNbKaqlgUUW3mjVW/E=
Subject key identifier:   0A:40:A7:AE:2D:E5:49:A5:D7:6D:A7:66:70:6F:BA:C1:1B:F6:F8:F1
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       018CC6B9312B19D69D84CB99B45BF53D97E8
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/CkCnri3lSaXXbadmcG-6wRv2-PE.roa
Signing time:             Mon 01 Jan 2024 20:31:14 +0000
ROA not before:           Mon 01 Jan 2024 20:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8100
IP address blocks:        45.150.224.0/24 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:31:2b:19:d6:9d:84:cb:99:b4:5b:f5:3d:97:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jan  1 20:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0a40a7ae2de549a5d76da766706fbac11bf6f8f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:5a:26:44:12:4c:4b:c7:07:12:99:01:b8:12:
                    51:eb:26:10:92:48:8f:7a:fb:f0:99:e3:fb:33:0a:
                    cd:c2:32:f3:80:3e:d0:fb:67:ba:77:dd:4a:ee:ec:
                    8c:d0:79:a8:c8:6c:cf:21:3e:39:80:9b:b5:2d:c4:
                    fd:7b:ad:0e:dc:d7:a7:d0:2a:bf:d7:88:dc:79:8a:
                    2a:d2:91:68:44:08:b6:3b:4a:f1:6e:f3:7d:1e:41:
                    94:a1:73:3b:1a:aa:22:9c:f7:dc:e8:47:e2:f4:3e:
                    81:27:4b:43:70:06:2d:cb:af:3c:3e:62:61:1c:9e:
                    d3:5e:93:3a:d5:11:f2:89:b7:12:0e:75:03:5d:bd:
                    51:51:ee:b7:3d:2a:ed:b6:11:a7:0e:25:fa:43:3c:
                    8a:56:3e:61:6b:11:44:38:34:57:77:d6:db:12:98:
                    0a:32:5c:a0:3e:15:60:56:76:ab:e4:ba:2a:0b:19:
                    af:b9:e0:4d:e3:a7:01:ea:f7:f4:77:4a:e8:b1:00:
                    d9:10:fa:66:7d:12:10:68:04:d9:38:2c:63:cc:37:
                    4c:56:d9:01:0e:8c:32:4d:ec:5d:1b:c7:74:70:fc:
                    7a:72:fc:d7:18:0d:7a:82:01:fa:99:0b:29:5e:b5:
                    dc:e8:cd:29:2a:56:c2:fd:46:e7:7d:56:35:6d:8d:
                    ea:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:40:A7:AE:2D:E5:49:A5:D7:6D:A7:66:70:6F:BA:C1:1B:F6:F8:F1
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/CkCnri3lSaXXbadmcG-6wRv2-PE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:b0:90:eb:a5:90:76:d3:d7:ff:7e:f4:ca:2e:61:ac:4f:d4:
         7d:9e:56:3f:73:36:9b:5f:1a:59:2c:d3:a3:35:3f:0c:6f:99:
         22:92:31:e1:e6:b5:8d:44:0c:10:13:28:36:4a:6b:32:93:7c:
         9c:4b:73:25:26:5a:87:a2:26:2a:a5:32:05:d4:6a:39:25:c6:
         39:8c:c4:b5:de:91:a1:47:41:2b:cd:0e:f5:32:49:71:9c:73:
         04:e2:58:25:33:72:8a:0f:3e:09:d0:7f:16:63:00:39:cd:f5:
         c9:42:45:5b:b6:48:30:ca:23:c0:c8:33:2f:3b:b6:b9:ef:97:
         b7:84:07:e9:3b:e6:9a:37:98:8e:aa:1a:1b:f3:3d:12:71:1e:
         2a:30:06:0c:3c:ab:c5:2b:a9:ea:a5:9a:fa:6d:f9:37:0e:b8:
         3c:f3:d1:e6:59:38:aa:1b:52:1d:7c:ef:1f:00:b4:21:e4:ef:
         49:b8:17:33:05:7d:39:a3:0d:85:59:f5:63:a8:ce:33:3c:15:
         9b:bc:29:7b:95:d6:4b:38:7c:72:ae:64:35:d4:a1:3f:74:29:
         72:6f:a3:56:02:0d:8d:7f:ba:13:23:7c:46:97:da:fa:b1:24:
         ef:cd:b9:b4:0c:58:8c:4f:59:7b:15:9f:1f:c5:3a:52:3c:88:
         3a:10:a6:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuTErGdadhMuZtFv1PZfoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjQwMTAxMjAzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTQwYTdhZTJkZTU0OWE1ZDc2ZGE3NjY3MDZmYmFjMTFiZjZmOGYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv1omRBJMS8cHEpkBuBJR6yYQkkiP
evvwmeP7MwrNwjLzgD7Q+2e6d91K7uyM0HmoyGzPIT45gJu1LcT9e60O3Nen0Cq/
14jceYoq0pFoRAi2O0rxbvN9HkGUoXM7GqoinPfc6Efi9D6BJ0tDcAYty688PmJh
HJ7TXpM61RHyibcSDnUDXb1RUe63PSrtthGnDiX6QzyKVj5haxFEODRXd9bbEpgK
MlygPhVgVnar5LoqCxmvueBN46cB6vf0d0rosQDZEPpmfRIQaATZOCxjzDdMVtkB
DowyTexdG8d0cPx6cvzXGA16ggH6mQspXrXc6M0pKlbC/UbnfVY1bY3qiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFApAp64t5Uml122nZnBvusEb9vjxMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEvQ2tDbnJpM2xTYVhYYmFkbWNHLTZ3UnYyLVBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZbgMA0G
CSqGSIb3DQEBCwUAA4IBAQChsJDrpZB209f/fvTKLmGsT9R9nlY/czabXxpZLNOj
NT8Mb5kikjHh5rWNRAwQEyg2Smsyk3ycS3MlJlqHoiYqpTIF1Go5JcY5jMS13pGh
R0ErzQ71MklxnHME4lglM3KKDz4J0H8WYwA5zfXJQkVbtkgwyiPAyDMvO7a575e3
hAfpO+aaN5iOqhob8z0ScR4qMAYMPKvFK6nqpZr6bfk3Drg889HmWTiqG1IdfO8f
ALQh5O9JuBczBX05ow2FWfVjqM4zPBWbvCl7ldZLOHxyrmQ11KE/dClyb6NWAg2N
f7oTI3xGl9r6sSTvzbm0DFiMT1l7FZ8fxTpSPIg6EKaJ
-----END CERTIFICATE-----