Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/jCIUj7qOQZfz0tf4FoHDNo5F3RA.roa
File:                     jCIUj7qOQZfz0tf4FoHDNo5F3RA.roa (raw, json)
Hash identifier:          Tr8mlyhhfvjwW2f2b1HksPaY0PJCrOkj6tHzWMy7bUg=
Subject key identifier:   8C:22:14:8F:BA:8E:41:97:F3:D2:D7:F8:16:81:C3:36:8E:45:DD:10
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       018CC5003F5B19E6D77806131D07F0A413A9
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/jCIUj7qOQZfz0tf4FoHDNo5F3RA.roa
Signing time:             Mon 01 Jan 2024 12:29:36 +0000
ROA not before:           Mon 01 Jan 2024 12:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61344
IP address blocks:        45.66.250.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 29 Jun 2024 16:26:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:3f:5b:19:e6:d7:78:06:13:1d:07:f0:a4:13:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Jan  1 12:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8c22148fba8e4197f3d2d7f81681c3368e45dd10
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:f1:16:2b:91:79:cd:db:a6:cb:63:eb:c7:5e:
                    0e:43:8e:fd:21:d5:95:ca:cf:05:eb:79:c9:3a:8b:
                    68:92:60:0c:7f:77:3d:74:86:5a:20:66:86:6a:18:
                    f2:1c:33:3c:05:91:d6:7b:bc:1a:39:b4:db:bd:8a:
                    cb:53:8e:d4:c1:41:9c:b3:5a:dd:96:75:e6:00:aa:
                    56:89:1c:05:08:a0:db:5e:ca:d4:56:03:84:5d:90:
                    90:c0:b0:2b:2b:3f:de:af:1a:84:42:35:d8:ca:b7:
                    00:53:b5:98:78:52:f5:1a:15:76:cd:6f:9e:72:80:
                    6c:2d:13:40:b5:73:3b:16:52:8e:98:b9:6c:52:80:
                    af:07:94:f7:c8:6a:a9:88:54:83:e5:b6:1a:82:ca:
                    ff:d4:1a:56:9d:ef:47:15:26:f2:5e:ac:05:c2:af:
                    6d:d1:7c:ea:e9:84:50:0d:7e:b2:ec:45:a9:72:9f:
                    0d:19:04:01:d2:6c:5c:0c:08:c5:0d:c2:3c:4f:e1:
                    c0:e1:d7:f7:f3:e7:a8:8f:64:a9:a6:35:22:5d:70:
                    fe:59:e1:4c:8e:ae:73:48:19:88:d1:cd:9b:3d:71:
                    bb:a9:55:60:37:5f:5a:c3:b8:2a:0a:ca:f7:a2:3d:
                    52:17:81:0a:6c:a5:71:e0:c2:c9:78:fb:52:c2:39:
                    40:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:22:14:8F:BA:8E:41:97:F3:D2:D7:F8:16:81:C3:36:8E:45:DD:10
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/jCIUj7qOQZfz0tf4FoHDNo5F3RA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         27:a1:bb:dd:70:89:97:c1:17:e4:0b:5c:7b:36:ef:7f:80:ee:
         d2:3e:3a:71:e8:80:34:e2:c7:b8:81:67:c5:23:e2:86:b2:b2:
         ee:02:e6:21:73:1d:27:e1:f5:7d:45:03:17:d8:13:40:ce:c6:
         34:5d:a2:a6:c5:de:a4:79:f7:19:21:1b:9c:41:07:59:96:c8:
         7b:2f:a1:a1:f7:1a:ff:bd:66:33:8c:24:c2:10:47:df:46:3b:
         d7:d4:83:ac:88:e6:a2:5c:67:fe:d9:53:b9:2f:98:3f:11:16:
         e6:06:5e:21:d2:b7:47:0a:bb:f6:95:39:13:19:cc:40:e6:1f:
         76:09:b4:4b:2f:78:53:e9:b9:20:f6:52:74:bb:7f:61:d6:d5:
         3b:07:c3:b4:31:b1:9e:2b:3b:ab:b9:f3:4e:44:03:e0:18:96:
         11:2b:36:71:05:84:7e:d6:18:f4:87:37:15:7e:68:ed:11:12:
         71:b4:64:25:6f:c4:7b:86:be:74:72:11:f5:80:6c:8d:fb:51:
         b7:b7:d3:6a:8f:8e:53:ad:13:95:87:8a:9d:6a:29:53:f9:7f:
         d9:a9:b5:b9:9c:31:1c:88:1b:35:1a:5e:52:d2:68:4e:24:06:
         b4:4a:1c:a5:06:ad:10:ce:d4:fc:81:9f:3f:62:6a:37:4f:09:
         a4:e7:b8:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAD9bGebXeAYTHQfwpBOpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjQwMTAxMTIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzIyMTQ4ZmJhOGU0MTk3ZjNkMmQ3ZjgxNjgxYzMzNjhlNDVkZDEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/EWK5F5zdumy2Prx14OQ479IdWV
ys8F63nJOotokmAMf3c9dIZaIGaGahjyHDM8BZHWe7waObTbvYrLU47UwUGcs1rd
lnXmAKpWiRwFCKDbXsrUVgOEXZCQwLArKz/erxqEQjXYyrcAU7WYeFL1GhV2zW+e
coBsLRNAtXM7FlKOmLlsUoCvB5T3yGqpiFSD5bYagsr/1BpWne9HFSbyXqwFwq9t
0Xzq6YRQDX6y7EWpcp8NGQQB0mxcDAjFDcI8T+HA4df38+eoj2SppjUiXXD+WeFM
jq5zSBmI0c2bPXG7qVVgN19aw7gqCsr3oj1SF4EKbKVx4MLJePtSwjlAKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIwiFI+6jkGX89LX+BaBwzaORd0QMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvakNJVWo3cU9RWmZ6MHRmNEZvSERObzVGM1JBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLUL6MA0G
CSqGSIb3DQEBCwUAA4IBAQAnobvdcImXwRfkC1x7Nu9/gO7SPjpx6IA04se4gWfF
I+KGsrLuAuYhcx0n4fV9RQMX2BNAzsY0XaKmxd6kefcZIRucQQdZlsh7L6Gh9xr/
vWYzjCTCEEffRjvX1IOsiOaiXGf+2VO5L5g/ERbmBl4h0rdHCrv2lTkTGcxA5h92
CbRLL3hT6bkg9lJ0u39h1tU7B8O0MbGeKzurufNORAPgGJYRKzZxBYR+1hj0hzcV
fmjtERJxtGQlb8R7hr50chH1gGyN+1G3t9Nqj45TrROVh4qdailT+X/ZqbW5nDEc
iBs1Gl5S0mhOJAa0ShylBq0QztT8gZ8/Ymo3Twmk57hG
-----END CERTIFICATE-----