Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hA7PguRrHquyewHHouVcsqXq0kg.roa
File:                     hA7PguRrHquyewHHouVcsqXq0kg.roa (raw, json)
Hash identifier:          THrPMRdJzBEXnhQVh++GjxZTEfMwM951pcHA2snZaeU=
Subject key identifier:   84:0E:CF:82:E4:6B:1E:AB:B2:7B:01:C7:A2:E5:5C:B2:A5:EA:D2:48
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       018E0E73EBF5A20AA7C170A75A88E7893243
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hA7PguRrHquyewHHouVcsqXq0kg.roa
Signing time:             Tue 05 Mar 2024 11:51:01 +0000
ROA not before:           Tue 05 Mar 2024 11:51:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206003
IP address blocks:        45.141.158.0/24 maxlen: 24
                          87.121.124.0/23 maxlen: 24
                          87.121.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 02:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0e:73:eb:f5:a2:0a:a7:c1:70:a7:5a:88:e7:89:32:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Mar  5 11:51:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=840ecf82e46b1eabb27b01c7a2e55cb2a5ead248
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:2b:96:cf:18:ea:47:0b:2a:59:53:32:09:a7:
                    7f:47:45:4a:9b:e3:6c:25:28:73:3b:7f:75:c8:da:
                    ad:b6:f9:9c:7b:80:d1:ad:7d:80:4e:6e:95:62:b1:
                    f0:c7:2d:a1:78:29:da:9d:3c:70:4d:cd:bb:f0:f1:
                    22:70:c5:cb:b7:fe:85:cb:4f:52:e6:0b:94:4c:1b:
                    05:a4:2f:80:01:a4:ed:86:d9:cd:91:b9:5b:a9:74:
                    5c:de:9f:76:68:b0:d0:b8:ff:ac:b4:10:14:af:d2:
                    33:1f:80:ec:e7:2c:51:3c:5e:27:ae:fe:d1:de:8e:
                    f3:07:10:cf:de:05:bc:f1:b1:07:37:cf:96:3f:31:
                    a8:46:dc:91:6a:38:26:81:5b:55:e0:f2:26:5b:95:
                    00:2a:3d:af:1e:81:5f:f1:6d:4c:ad:82:47:9e:1d:
                    1e:5b:a4:d6:42:d8:76:c0:aa:31:fa:1c:3f:9c:98:
                    0f:2b:bb:b3:db:1a:b5:81:af:21:8c:ac:c6:f2:ad:
                    b4:08:fa:8c:fb:fa:0a:4a:92:99:5e:4f:26:54:38:
                    08:a7:0f:54:bd:18:68:70:c6:04:fd:f1:03:09:51:
                    21:d4:92:4e:fb:f1:15:5d:fa:3d:4d:c7:19:a3:0c:
                    ce:33:07:56:f0:d0:a1:7e:c6:1c:f4:ab:df:60:62:
                    ff:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:0E:CF:82:E4:6B:1E:AB:B2:7B:01:C7:A2:E5:5C:B2:A5:EA:D2:48
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hA7PguRrHquyewHHouVcsqXq0kg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.158.0/24
                  87.121.124.0/23
                  87.121.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:50:5a:6f:70:e0:d4:e2:a1:e2:d3:c6:b7:e1:f9:92:a6:95:
         f8:6c:7c:86:98:ca:07:37:67:ff:de:6e:11:3f:f9:f3:0d:8c:
         41:3c:6c:73:b7:c8:89:09:99:cb:3e:06:90:40:76:0e:88:05:
         6f:8b:f5:0c:a8:e2:57:de:55:ca:3a:b6:b5:2d:bd:58:a8:36:
         0a:43:df:c7:09:5b:d4:c2:86:32:ed:20:59:ec:ad:65:67:dd:
         74:e1:b5:2e:79:e5:69:f3:ab:6d:9d:cc:6d:7d:38:fc:71:1e:
         9c:5e:4c:bf:5f:32:4f:77:28:f8:c8:f3:38:37:45:34:e2:c1:
         74:91:be:dd:e7:c9:45:8c:50:a6:8e:0e:1d:7d:31:94:c5:84:
         ac:7b:90:54:df:7d:74:b8:b7:1e:a5:60:15:1d:74:29:74:3b:
         04:17:7e:c9:20:be:a4:70:d5:e8:50:f9:34:0e:63:94:3d:1e:
         20:55:8b:82:c4:07:33:65:d7:dd:85:cc:fd:ec:7b:ad:da:03:
         78:49:6c:1c:38:75:4c:4c:30:bb:5f:49:90:5b:68:f6:50:6e:
         e9:1d:97:3b:d4:4b:44:e4:19:77:b6:d4:01:13:7a:25:f9:6b:
         79:64:61:bb:23:3f:da:c5:45:7f:a9:66:4e:d4:44:85:25:8b:
         72:83:15:81
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY4Oc+v1ogqnwXCnWojniTJDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzA1MTE1MTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDBlY2Y4MmU0NmIxZWFiYjI3YjAxYzdhMmU1NWNiMmE1ZWFkMjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSuWzxjqRwsqWVMyCad/R0VKm+Ns
JShzO391yNqttvmce4DRrX2ATm6VYrHwxy2heCnanTxwTc278PEicMXLt/6Fy09S
5guUTBsFpC+AAaTthtnNkblbqXRc3p92aLDQuP+stBAUr9IzH4Ds5yxRPF4nrv7R
3o7zBxDP3gW88bEHN8+WPzGoRtyRajgmgVtV4PImW5UAKj2vHoFf8W1MrYJHnh0e
W6TWQth2wKox+hw/nJgPK7uz2xq1ga8hjKzG8q20CPqM+/oKSpKZXk8mVDgIpw9U
vRhocMYE/fEDCVEh1JJO+/EVXfo9TccZowzOMwdW8NChfsYc9KvfYGL/DwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIQOz4Lkax6rsnsBx6LlXLKl6tJIMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaEE3UGd1UnJIcXV5ZXdISG91VmNzcVhxMGtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALY2eAwQB
V3l8AwQAV3miMA0GCSqGSIb3DQEBCwUAA4IBAQCqUFpvcODU4qHi08a34fmSppX4
bHyGmMoHN2f/3m4RP/nzDYxBPGxzt8iJCZnLPgaQQHYOiAVvi/UMqOJX3lXKOra1
Lb1YqDYKQ9/HCVvUwoYy7SBZ7K1lZ9104bUueeVp86ttncxtfTj8cR6cXky/XzJP
dyj4yPM4N0U04sF0kb7d58lFjFCmjg4dfTGUxYSse5BU3310uLcepWAVHXQpdDsE
F37JIL6kcNXoUPk0DmOUPR4gVYuCxAczZdfdhcz97Hut2gN4SWwcOHVMTDC7X0mQ
W2j2UG7pHZc71EtE5Bl3ttQBE3ol+Wt5ZGG7Iz/axUV/qWZO1ESFJYtygxWB
-----END CERTIFICATE-----