Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/OWq128cBmz0CgRQqr4H7luzTkEQ.roa
File:                     OWq128cBmz0CgRQqr4H7luzTkEQ.roa (raw, json)
Hash identifier:          B8wZsPMws+MOMNzSeFu6HvyEZgYvJWZP7a0Mja+b94Q=
Subject key identifier:   39:6A:B5:DB:C7:01:9B:3D:02:81:14:2A:AF:81:FB:96:EC:D3:90:44
Certificate issuer:       /CN=2719412918a6627f99cce55c7aca139057b8574e
Certificate serial:       018CC3B6DDE91821A170DF5A92A35C4D3FF0
Authority key identifier: 27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/OWq128cBmz0CgRQqr4H7luzTkEQ.roa
Signing time:             Mon 01 Jan 2024 06:29:50 +0000
ROA not before:           Mon 01 Jan 2024 06:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204316
IP address blocks:        45.149.60.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:dd:e9:18:21:a1:70:df:5a:92:a3:5c:4d:3f:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2719412918a6627f99cce55c7aca139057b8574e
        Validity
            Not Before: Jan  1 06:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=396ab5dbc7019b3d0281142aaf81fb96ecd39044
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:11:d6:7b:90:d0:fa:09:86:5d:0f:61:13:ff:
                    23:31:5a:b5:6d:5a:e4:83:f9:85:f4:15:c8:2e:bc:
                    87:b1:18:13:22:fd:78:5e:0f:8f:df:65:46:65:ce:
                    db:3f:b6:24:0d:df:72:73:a2:e9:1e:2a:10:72:62:
                    c0:0c:ee:6e:83:1b:ec:58:ca:33:9d:a9:12:88:16:
                    be:19:31:a0:57:55:62:31:8f:eb:fb:11:d9:18:c9:
                    ed:17:25:34:50:6a:15:75:a7:0e:b0:4d:df:f7:8b:
                    99:62:24:d0:35:1b:72:77:a8:33:92:c3:3c:ec:29:
                    aa:1a:5e:26:91:a6:00:64:4d:e7:30:87:fc:62:d6:
                    1c:9e:c4:ca:ad:2f:6a:4e:27:9e:2c:72:a9:28:60:
                    e7:a2:6a:a8:b9:ca:11:eb:34:47:de:cd:8c:b2:ae:
                    bd:b4:5e:06:45:de:29:e2:76:5b:79:1c:77:ad:40:
                    aa:8d:a0:3e:e9:0a:94:f8:da:24:ad:e5:61:76:c4:
                    a5:00:0e:cd:5e:4e:40:04:fb:73:50:5a:fe:19:3a:
                    79:08:54:cd:e7:94:d4:a9:a4:88:ba:ee:ea:14:3b:
                    a1:b3:70:76:dd:c8:b0:e7:d7:90:5d:20:dc:75:e2:
                    f6:fb:ca:ef:82:8d:57:c6:21:62:08:fa:80:f3:39:
                    d6:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:6A:B5:DB:C7:01:9B:3D:02:81:14:2A:AF:81:FB:96:EC:D3:90:44
            X509v3 Authority Key Identifier:
                keyid:27:19:41:29:18:A6:62:7F:99:CC:E5:5C:7A:CA:13:90:57:B8:57:4E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JxlBKRimYn-ZzOVcesoTkFe4V04.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/OWq128cBmz0CgRQqr4H7luzTkEQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/e92c49-bd4a-4e8d-bbf6-4e223917b860/1/JxlBKRimYn-ZzOVcesoTkFe4V04.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:75:a0:87:66:f9:e7:84:d5:81:9e:b5:1f:10:b6:75:45:c4:
         e2:37:76:fe:bc:1f:d7:26:f7:99:bc:6e:83:05:3c:90:a9:7b:
         fa:89:e6:b0:f3:00:41:1c:39:a7:88:e2:b1:b0:0e:2f:f3:da:
         f9:4d:1e:e1:81:e3:be:d8:b8:6b:4a:21:c1:e9:65:e0:d7:61:
         95:93:47:80:16:bb:a9:7c:d7:d6:15:54:af:81:7f:3d:99:7e:
         1b:bc:27:13:22:8d:16:b1:0d:2e:77:be:b4:75:b1:c1:9c:87:
         e1:19:ce:0f:45:f5:67:9a:2d:12:e3:31:65:f2:35:f6:8c:d6:
         8d:9b:47:c9:e6:2b:01:5e:54:16:ab:e8:4a:bb:8e:09:80:e0:
         49:74:49:07:ef:1e:df:d7:0b:17:a9:f8:bf:42:06:8c:ed:62:
         57:54:21:ac:1b:be:db:15:98:ba:d4:b7:f6:e0:07:26:6b:7e:
         d6:9e:83:e6:ab:be:5d:67:55:1a:ea:83:08:b2:4d:b9:2d:8a:
         9f:9c:c1:82:5b:b7:96:0c:15:9c:60:34:96:0d:43:8e:da:a4:
         94:57:d4:e4:fb:72:d6:91:25:f4:b8:53:2e:18:4b:24:50:54:
         ca:bd:1f:50:36:1a:96:ee:d9:b4:7c:34:67:68:26:ad:c9:d8:
         ef:f9:02:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtt3pGCGhcN9akqNcTT/wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3MTk0MTI5MThhNjYyN2Y5OWNjZTU1YzdhY2ExMzkwNTdi
ODU3NGUwHhcNMjQwMTAxMDYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTZhYjVkYmM3MDE5YjNkMDI4MTE0MmFhZjgxZmI5NmVjZDM5MDQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlBHWe5DQ+gmGXQ9hE/8jMVq1bVrk
g/mF9BXILryHsRgTIv14Xg+P32VGZc7bP7YkDd9yc6LpHioQcmLADO5ugxvsWMoz
nakSiBa+GTGgV1ViMY/r+xHZGMntFyU0UGoVdacOsE3f94uZYiTQNRtyd6gzksM8
7CmqGl4mkaYAZE3nMIf8YtYcnsTKrS9qTieeLHKpKGDnomqoucoR6zRH3s2Msq69
tF4GRd4p4nZbeRx3rUCqjaA+6QqU+NokreVhdsSlAA7NXk5ABPtzUFr+GTp5CFTN
55TUqaSIuu7qFDuhs3B23ciw59eQXSDcdeL2+8rvgo1XxiFiCPqA8znWBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlqtdvHAZs9AoEUKq+B+5bs05BEMB8GA1UdIwQY
MBaAFCcZQSkYpmJ/mczlXHrKE5BXuFdOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYt
NGUyMjM5MTdiODYwLzEvT1dxMTI4Y0JtejBDZ1JRcXI0SDdsdXpUa0VRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9lOTJjNDktYmQ0YS00ZThkLWJiZjYtNGUyMjM5MTdiODYw
LzEvSnhsQktSaW1Zbi1aek9WY2Vzb1RrRmU0VjA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZU8MA0G
CSqGSIb3DQEBCwUAA4IBAQAFdaCHZvnnhNWBnrUfELZ1RcTiN3b+vB/XJveZvG6D
BTyQqXv6ieaw8wBBHDmniOKxsA4v89r5TR7hgeO+2LhrSiHB6WXg12GVk0eAFrup
fNfWFVSvgX89mX4bvCcTIo0WsQ0ud760dbHBnIfhGc4PRfVnmi0S4zFl8jX2jNaN
m0fJ5isBXlQWq+hKu44JgOBJdEkH7x7f1wsXqfi/QgaM7WJXVCGsG77bFZi61Lf2
4Acma37WnoPmq75dZ1Ua6oMIsk25LYqfnMGCW7eWDBWcYDSWDUOO2qSUV9Tk+3LW
kSX0uFMuGEskUFTKvR9QNhqW7tm0fDRnaCatydjv+QK+
-----END CERTIFICATE-----