Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/jEUFf3pxC8n1zLzOzhWpfcf6zl4.roa
File:                     jEUFf3pxC8n1zLzOzhWpfcf6zl4.roa (raw, json)
Hash identifier:          /kg05YFubmtcvvAsZie5UqBuZgRizmj0Ax6qgP6KaGQ=
Subject key identifier:   8C:45:05:7F:7A:71:0B:C9:F5:CC:BC:CE:CE:15:A9:7D:C7:FA:CE:5E
Certificate issuer:       /CN=333361fba8409174fb3c482b8ca26f235ebd22c2
Certificate serial:       018CCA2B456020D040A3C64D2298AF9DDC5F
Authority key identifier: 33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/jEUFf3pxC8n1zLzOzhWpfcf6zl4.roa
Signing time:             Tue 02 Jan 2024 12:34:42 +0000
ROA not before:           Tue 02 Jan 2024 12:34:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142032
IP address blocks:        45.145.230.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 01:02:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:45:60:20:d0:40:a3:c6:4d:22:98:af:9d:dc:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=333361fba8409174fb3c482b8ca26f235ebd22c2
        Validity
            Not Before: Jan  2 12:34:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c45057f7a710bc9f5ccbccece15a97dc7face5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:53:c2:71:23:15:9c:35:e2:86:03:48:ad:84:
                    ed:c8:cf:b0:c0:d5:7e:75:cb:d7:a3:a1:fe:91:68:
                    9e:23:e2:85:6b:90:70:25:45:05:48:e0:df:bf:39:
                    4b:90:df:ff:58:79:20:86:11:59:69:ae:7e:7e:63:
                    c7:a8:e0:8f:da:54:33:f6:04:57:6d:4e:bf:fa:b6:
                    62:17:0f:52:68:63:40:3c:b2:ec:8f:3e:1e:b2:f6:
                    ba:28:f8:7a:2d:2c:a4:88:ac:67:12:de:2c:10:fa:
                    a6:f5:d4:ae:53:c7:0d:77:c7:58:4e:14:2f:d6:42:
                    5c:fb:fa:21:50:ef:9e:bb:49:2f:62:40:50:1a:a7:
                    ba:88:22:df:76:24:a6:c3:39:c8:39:cd:03:06:13:
                    1c:d2:5f:52:f9:5f:2e:3e:f3:59:60:08:c1:e7:ec:
                    23:a6:d9:f2:da:19:59:f3:4a:24:8d:2e:f3:57:ad:
                    42:06:3f:29:f4:a7:61:01:7a:a2:1b:a3:18:e3:16:
                    51:89:36:e7:8f:8d:26:46:9d:18:8a:fc:14:62:e8:
                    80:04:62:0d:14:8c:b5:37:ff:28:31:99:7e:5b:a8:
                    07:79:df:2a:f1:e1:fa:f6:10:1b:42:d9:43:4b:4c:
                    57:f8:54:04:df:3a:7a:f0:28:78:c0:56:41:ea:e9:
                    51:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:45:05:7F:7A:71:0B:C9:F5:CC:BC:CE:CE:15:A9:7D:C7:FA:CE:5E
            X509v3 Authority Key Identifier:
                keyid:33:33:61:FB:A8:40:91:74:FB:3C:48:2B:8C:A2:6F:23:5E:BD:22:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MzNh-6hAkXT7PEgrjKJvI169IsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/jEUFf3pxC8n1zLzOzhWpfcf6zl4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/11e13f-4cea-44af-81f9-b2cccf0eadab/1/MzNh-6hAkXT7PEgrjKJvI169IsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c0:e7:5b:58:fd:5a:00:2f:36:e5:f9:df:22:f0:4b:4e:72:4f:
         85:91:bb:57:36:89:23:cf:71:0d:e1:08:44:f8:1d:1a:95:74:
         ec:12:99:72:df:57:3a:ee:5c:b6:76:08:19:95:92:40:27:a4:
         c6:5a:10:64:03:84:4f:ec:cf:4e:d8:ae:29:57:2f:44:9d:c5:
         32:15:2a:64:94:56:90:3c:09:ee:fa:98:f9:9d:9c:a9:ec:7b:
         5a:52:6c:e0:0c:06:63:09:73:24:82:33:8e:9e:39:ba:07:c3:
         ad:df:d1:9e:bf:ff:ed:7d:a5:20:57:a5:3a:0d:f9:a3:50:c7:
         65:05:3e:cb:9d:43:ef:62:ba:45:6f:95:1f:8f:5a:1e:b9:7b:
         3f:c9:1c:42:ff:71:e9:ea:78:35:fa:98:d2:6b:03:3b:ed:43:
         04:ae:45:e7:f3:15:cc:ad:89:1d:8d:96:49:a5:9e:19:0e:c5:
         5c:56:4b:dc:63:8a:14:12:73:d0:e6:74:bb:00:93:db:9f:cb:
         e3:b7:23:e6:4e:76:c9:97:f3:7b:c1:95:60:a0:12:71:ea:ca:
         b7:27:22:89:1c:ae:34:19:67:83:19:18:a4:47:53:bb:85:e1:
         2d:7a:cf:a7:dd:9c:29:1d:b7:9a:18:90:11:45:91:b7:e7:64:
         21:e6:5f:f7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK0VgINBAo8ZNIpivndxfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMzM2MWZiYTg0MDkxNzRmYjNjNDgyYjhjYTI2ZjIzNWVi
ZDIyYzIwHhcNMjQwMTAyMTIzNDQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzQ1MDU3ZjdhNzEwYmM5ZjVjY2JjY2VjZTE1YTk3ZGM3ZmFjZTVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1PCcSMVnDXihgNIrYTtyM+wwNV+
dcvXo6H+kWieI+KFa5BwJUUFSODfvzlLkN//WHkghhFZaa5+fmPHqOCP2lQz9gRX
bU6/+rZiFw9SaGNAPLLsjz4esva6KPh6LSykiKxnEt4sEPqm9dSuU8cNd8dYThQv
1kJc+/ohUO+eu0kvYkBQGqe6iCLfdiSmwznIOc0DBhMc0l9S+V8uPvNZYAjB5+wj
ptny2hlZ80okjS7zV61CBj8p9KdhAXqiG6MY4xZRiTbnj40mRp0YivwUYuiABGIN
FIy1N/8oMZl+W6gHed8q8eH69hAbQtlDS0xX+FQE3zp68Ch4wFZB6ulRxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIxFBX96cQvJ9cy8zs4VqX3H+s5eMB8GA1UdIwQY
MBaAFDMzYfuoQJF0+zxIK4yibyNevSLCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjkt
YjJjY2NmMGVhZGFiLzEvakVVRmYzcHhDOG4xekx6T3poV3BmY2Y2emw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8xMWUxM2YtNGNlYS00NGFmLTgxZjktYjJjY2NmMGVhZGFi
LzEvTXpOaC02aEFrWFQ3UEVncmpLSnZJMTY5SXNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZHmMA0G
CSqGSIb3DQEBCwUAA4IBAQDA51tY/VoALzbl+d8i8EtOck+FkbtXNokjz3EN4QhE
+B0alXTsEply31c67ly2dggZlZJAJ6TGWhBkA4RP7M9O2K4pVy9EncUyFSpklFaQ
PAnu+pj5nZyp7HtaUmzgDAZjCXMkgjOOnjm6B8Ot39Gev//tfaUgV6U6DfmjUMdl
BT7LnUPvYrpFb5Ufj1oeuXs/yRxC/3Hp6ng1+pjSawM77UMErkXn8xXMrYkdjZZJ
pZ4ZDsVcVkvcY4oUEnPQ5nS7AJPbn8vjtyPmTnbJl/N7wZVgoBJx6sq3JyKJHK40
GWeDGRikR1O7heEtes+n3ZwpHbeaGJARRZG352Qh5l/3
-----END CERTIFICATE-----