Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Z0CBdu4pEvPGKaJ6BtEaRwAYrfs.roa
File:                     Z0CBdu4pEvPGKaJ6BtEaRwAYrfs.roa (raw, json)
Hash identifier:          VmL9yi52oDmKFWdXPfpXYm8cZvMS42cE5aKp9foDDUM=
Subject key identifier:   67:40:81:76:EE:29:12:F3:C6:29:A2:7A:06:D1:1A:47:00:18:AD:FB
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018F4EB552B1F0C20FB96D496D4AF082C70E
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Z0CBdu4pEvPGKaJ6BtEaRwAYrfs.roa
Signing time:             Mon 06 May 2024 16:20:56 +0000
ROA not before:           Mon 06 May 2024 16:20:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209155
IP address blocks:        45.156.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 14:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4e:b5:52:b1:f0:c2:0f:b9:6d:49:6d:4a:f0:82:c7:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: May  6 16:20:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67408176ee2912f3c629a27a06d11a470018adfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0a:07:ca:2c:7d:87:f6:42:b4:44:c4:51:16:
                    6b:95:3f:cf:4d:56:cd:84:40:d1:ac:ed:3a:ee:44:
                    4d:21:ec:6d:f8:a6:ad:b5:b0:e0:45:9c:05:d4:95:
                    5a:49:60:5b:6d:18:99:2b:4c:b5:1b:f8:d2:7a:df:
                    de:f9:e7:83:e2:94:9d:b2:42:91:4d:c4:d8:e8:4f:
                    1f:26:55:b6:af:ff:d1:76:c0:d0:61:c4:e4:11:69:
                    bd:0d:c9:b2:9f:42:dd:64:f1:8e:02:6a:71:fe:81:
                    fe:cb:ae:d1:6f:ae:f4:30:a8:68:1d:fe:01:ba:77:
                    13:aa:e6:aa:1b:42:d0:50:ca:5d:6c:21:6f:35:f1:
                    a7:12:34:43:7f:3e:17:dd:00:de:6b:05:6c:38:39:
                    86:81:e4:50:71:20:55:35:7f:36:c2:51:34:ec:47:
                    39:16:71:ed:f5:8a:f7:22:00:56:9d:9f:b8:2c:18:
                    eb:d9:e4:85:e6:82:a1:bb:8e:fa:82:86:8b:aa:77:
                    62:a5:4a:68:ec:d5:8a:f7:65:53:f5:c0:51:2f:6e:
                    24:56:05:12:04:8d:06:b3:02:26:71:13:40:a9:35:
                    2b:82:46:b8:76:fb:89:50:c2:4a:e2:83:8e:fb:7e:
                    6b:5d:b1:9f:51:d4:91:a1:65:27:d4:ee:7f:80:b3:
                    7e:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:40:81:76:EE:29:12:F3:C6:29:A2:7A:06:D1:1A:47:00:18:AD:FB
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/Z0CBdu4pEvPGKaJ6BtEaRwAYrfs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:72:cd:8a:33:86:61:6a:33:62:eb:c4:80:81:0b:38:6b:bd:
         47:91:35:5d:a0:ce:22:2a:f3:29:95:48:a5:b3:7d:fd:91:4b:
         40:65:9b:1d:cc:36:fd:d0:b1:b8:58:67:c8:2a:d6:66:30:8e:
         69:89:bc:15:9f:6f:9e:90:16:65:99:e7:d2:15:ef:9c:59:fe:
         a3:bb:fa:dc:db:50:8d:0f:b9:86:80:1e:7e:ea:92:98:c4:fb:
         a6:14:00:99:c5:7a:6c:3b:d4:86:97:53:e6:17:cc:2e:64:fc:
         1c:fc:bd:d7:e8:42:56:44:ca:c2:11:18:84:36:67:d3:b9:83:
         63:66:92:66:e2:cd:38:76:08:40:cc:98:e2:3a:24:0f:c7:ef:
         9e:e8:0d:a1:75:9d:46:49:eb:bf:90:4f:58:4c:cd:f2:ff:3f:
         82:de:9d:6b:86:c2:53:99:12:83:1e:05:7b:bb:83:80:43:56:
         39:94:27:d2:21:16:6f:8d:c8:61:1f:f4:fe:f1:dd:5c:05:ab:
         65:77:e8:34:ab:94:6c:bc:eb:d3:3b:81:b0:23:4f:3b:d6:5e:
         72:2d:da:43:a8:b2:24:cf:06:52:66:c4:b6:77:37:78:dc:a1:
         27:32:d7:af:09:97:54:ff:dd:6f:da:a8:ad:e6:6d:a2:41:83:
         82:e2:88:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9OtVKx8MIPuW1JbUrwgscOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwNTA2MTYyMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzQwODE3NmVlMjkxMmYzYzYyOWEyN2EwNmQxMWE0NzAwMThhZGZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAoHyix9h/ZCtETEURZrlT/PTVbN
hEDRrO067kRNIext+KattbDgRZwF1JVaSWBbbRiZK0y1G/jSet/e+eeD4pSdskKR
TcTY6E8fJlW2r//RdsDQYcTkEWm9Dcmyn0LdZPGOAmpx/oH+y67Rb670MKhoHf4B
uncTquaqG0LQUMpdbCFvNfGnEjRDfz4X3QDeawVsODmGgeRQcSBVNX82wlE07Ec5
FnHt9Yr3IgBWnZ+4LBjr2eSF5oKhu476goaLqndipUpo7NWK92VT9cBRL24kVgUS
BI0GswImcRNAqTUrgka4dvuJUMJK4oOO+35rXbGfUdSRoWUn1O5/gLN+iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGdAgXbuKRLzximiegbRGkcAGK37MB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvWjBDQmR1NHBFdlBHS2FKNkJ0RWFSd0FZcmZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZyeMA0G
CSqGSIb3DQEBCwUAA4IBAQBEcs2KM4ZhajNi68SAgQs4a71HkTVdoM4iKvMplUil
s339kUtAZZsdzDb90LG4WGfIKtZmMI5pibwVn2+ekBZlmefSFe+cWf6ju/rc21CN
D7mGgB5+6pKYxPumFACZxXpsO9SGl1PmF8wuZPwc/L3X6EJWRMrCERiENmfTuYNj
ZpJm4s04dghAzJjiOiQPx++e6A2hdZ1GSeu/kE9YTM3y/z+C3p1rhsJTmRKDHgV7
u4OAQ1Y5lCfSIRZvjchhH/T+8d1cBatld+g0q5RsvOvTO4GwI0871l5yLdpDqLIk
zwZSZsS2dzd43KEnMtevCZdU/91v2qit5m2iQYOC4oj2
-----END CERTIFICATE-----