Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/3815e3-d3a8-4b3c-a4b2-cb344f1800ed/1/Wx4vwpkNv5_oQpjSM5s3EwPofAE.roa
File:                     Wx4vwpkNv5_oQpjSM5s3EwPofAE.roa (raw, json)
Hash identifier:          5d1ujZWhvo/NF3iPZL/ioTHb608BIyYjJzi6xmVRT4U=
Subject key identifier:   5B:1E:2F:C2:99:0D:BF:9F:E8:42:98:D2:33:9B:37:13:03:E8:7C:01
Certificate issuer:       /CN=d3d4e0da68c1446689419d103711b191ded567f4
Certificate serial:       018CC2DB3BD2BCE866742CC69B536753AB87
Authority key identifier: D3:D4:E0:DA:68:C1:44:66:89:41:9D:10:37:11:B1:91:DE:D5:67:F4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/09Tg2mjBRGaJQZ0QNxGxkd7VZ_Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/3815e3-d3a8-4b3c-a4b2-cb344f1800ed/1/Wx4vwpkNv5_oQpjSM5s3EwPofAE.roa
Signing time:             Mon 01 Jan 2024 02:29:56 +0000
ROA not before:           Mon 01 Jan 2024 02:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31605
IP address blocks:        45.139.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/3815e3-d3a8-4b3c-a4b2-cb344f1800ed/1/09Tg2mjBRGaJQZ0QNxGxkd7VZ_Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/3815e3-d3a8-4b3c-a4b2-cb344f1800ed/1/09Tg2mjBRGaJQZ0QNxGxkd7VZ_Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/09Tg2mjBRGaJQZ0QNxGxkd7VZ_Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 10:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:3b:d2:bc:e8:66:74:2c:c6:9b:53:67:53:ab:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3d4e0da68c1446689419d103711b191ded567f4
        Validity
            Not Before: Jan  1 02:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5b1e2fc2990dbf9fe84298d2339b371303e87c01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:49:24:ad:e8:d4:0b:ee:b3:85:6a:1d:30:0b:
                    27:b1:fa:a9:1c:a7:27:ad:1b:ef:a8:23:af:e5:65:
                    68:a4:33:7d:ce:f9:0c:e6:05:5a:b8:ae:d2:2e:da:
                    e2:50:56:2d:bd:a4:8b:da:69:0c:e6:ef:c1:7f:30:
                    5a:d3:30:37:7f:66:ad:2b:ca:b8:db:9b:b0:ad:c3:
                    2d:ad:7c:dc:34:66:dc:5f:66:e5:c0:e7:a0:38:ce:
                    d2:de:b8:a9:d7:c1:26:5b:55:a0:b3:97:0d:23:d7:
                    14:28:53:51:1c:a0:91:83:1a:2f:27:28:58:03:20:
                    93:f9:a5:b8:5a:fc:ba:1d:b6:86:71:52:de:19:0d:
                    78:ef:1f:84:fe:7f:d6:e5:80:b3:73:6f:05:a7:cb:
                    95:9f:55:a5:44:86:3a:c1:fd:4d:b3:dd:7f:c7:fb:
                    42:f4:bd:02:64:a6:62:d9:5b:62:db:82:8e:67:87:
                    00:3c:0b:b2:d4:81:48:a6:52:51:62:1f:66:ed:51:
                    05:74:e5:43:05:b9:fb:29:91:3b:0a:04:a1:0c:6e:
                    b4:f6:65:64:3f:40:fa:de:d3:af:8c:77:16:42:b3:
                    16:68:7b:89:0a:d5:22:1a:01:b0:50:80:ad:b7:f3:
                    be:63:8a:f3:54:0f:96:a5:0a:6b:7a:6a:e6:ac:e1:
                    1b:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5B:1E:2F:C2:99:0D:BF:9F:E8:42:98:D2:33:9B:37:13:03:E8:7C:01
            X509v3 Authority Key Identifier:
                keyid:D3:D4:E0:DA:68:C1:44:66:89:41:9D:10:37:11:B1:91:DE:D5:67:F4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/09Tg2mjBRGaJQZ0QNxGxkd7VZ_Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/3815e3-d3a8-4b3c-a4b2-cb344f1800ed/1/Wx4vwpkNv5_oQpjSM5s3EwPofAE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/3815e3-d3a8-4b3c-a4b2-cb344f1800ed/1/09Tg2mjBRGaJQZ0QNxGxkd7VZ_Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:ad:02:ae:c2:46:e7:fe:48:3a:8b:56:d3:1b:a9:5d:75:b5:
         ef:3e:f8:e0:c3:58:b9:4d:51:81:ed:d7:23:f3:93:1c:86:71:
         64:89:eb:44:14:64:c0:f9:24:68:a6:7a:33:e2:70:ae:9b:9b:
         00:ba:38:13:a6:53:e2:7d:85:82:6a:38:93:47:7d:4b:55:cb:
         92:89:3d:7d:2e:14:34:b5:0d:1a:6d:2e:9b:27:88:79:32:9d:
         fd:d7:45:d0:86:d8:ee:97:76:04:9d:74:2d:25:f3:2a:94:88:
         25:b6:e0:92:38:0e:41:b9:1c:ec:85:70:83:4f:2c:98:0c:85:
         eb:dc:f1:d8:ca:a6:12:be:3e:1c:c0:2d:78:8b:8f:88:34:ef:
         a4:44:30:14:92:f5:af:2a:11:04:4a:c2:43:e0:30:53:43:90:
         b8:f9:df:54:49:bf:a1:34:0e:1e:a6:5e:8d:45:ff:4c:94:e5:
         8f:c9:bd:31:7d:f5:06:de:ad:a1:19:00:69:c5:ac:92:51:48:
         95:63:9d:ce:c6:a1:2c:d4:a3:6c:e5:0c:96:95:8b:85:24:bc:
         27:df:cd:f2:3f:df:c2:13:ac:f3:ad:09:c6:8f:64:65:e5:4e:
         b7:9b:0a:02:00:ff:9a:e1:cf:ff:12:38:29:80:d6:e3:11:af:
         ca:7e:32:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zvSvOhmdCzGm1NnU6uHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZDRlMGRhNjhjMTQ0NjY4OTQxOWQxMDM3MTFiMTkxZGVk
NTY3ZjQwHhcNMjQwMTAxMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjFlMmZjMjk5MGRiZjlmZTg0Mjk4ZDIzMzliMzcxMzAzZTg3YzAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApUkkrejUC+6zhWodMAsnsfqpHKcn
rRvvqCOv5WVopDN9zvkM5gVauK7SLtriUFYtvaSL2mkM5u/BfzBa0zA3f2atK8q4
25uwrcMtrXzcNGbcX2blwOegOM7S3rip18EmW1Wgs5cNI9cUKFNRHKCRgxovJyhY
AyCT+aW4Wvy6HbaGcVLeGQ147x+E/n/W5YCzc28Fp8uVn1WlRIY6wf1Ns91/x/tC
9L0CZKZi2Vti24KOZ4cAPAuy1IFIplJRYh9m7VEFdOVDBbn7KZE7CgShDG609mVk
P0D63tOvjHcWQrMWaHuJCtUiGgGwUICtt/O+Y4rzVA+WpQpremrmrOEbwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFseL8KZDb+f6EKY0jObNxMD6HwBMB8GA1UdIwQY
MBaAFNPU4NpowURmiUGdEDcRsZHe1Wf0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDlUZzJtakJSR2FKUVowUU54R3hrZDdWWl9RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8zODE1ZTMtZDNhOC00YjNjLWE0YjIt
Y2IzNDRmMTgwMGVkLzEvV3g0dndwa052NV9vUXBqU001czNFd1BvZkFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8zODE1ZTMtZDNhOC00YjNjLWE0YjItY2IzNDRmMTgwMGVk
LzEvMDlUZzJtakJSR2FKUVowUU54R3hrZDdWWl9RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYtrMA0G
CSqGSIb3DQEBCwUAA4IBAQA8rQKuwkbn/kg6i1bTG6lddbXvPvjgw1i5TVGB7dcj
85MchnFkietEFGTA+SRopnoz4nCum5sAujgTplPifYWCajiTR31LVcuSiT19LhQ0
tQ0abS6bJ4h5Mp3910XQhtjul3YEnXQtJfMqlIgltuCSOA5BuRzshXCDTyyYDIXr
3PHYyqYSvj4cwC14i4+INO+kRDAUkvWvKhEESsJD4DBTQ5C4+d9USb+hNA4epl6N
Rf9MlOWPyb0xffUG3q2hGQBpxaySUUiVY53OxqEs1KNs5QyWlYuFJLwn383yP9/C
E6zzrQnGj2Rl5U63mwoCAP+a4c//EjgpgNbjEa/KfjL2
-----END CERTIFICATE-----