Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/DJBN3BLlvNM7Bt2epMDGMpyF4vI.roa
File:                     DJBN3BLlvNM7Bt2epMDGMpyF4vI.roa (raw, json)
Hash identifier:          kUudPzQ0LE1yyGEVIuzF5qd67JnaLYx+kdElqCvtlWU=
Subject key identifier:   0C:90:4D:DC:12:E5:BC:D3:3B:06:DD:9E:A4:C0:C6:32:9C:85:E2:F2
Certificate issuer:       /CN=8533ef46116fd9d21bfb533e44bde517890c24dc
Certificate serial:       018CC727383CB50559F71734FB5AFF32A649
Authority key identifier: 85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/DJBN3BLlvNM7Bt2epMDGMpyF4vI.roa
Signing time:             Mon 01 Jan 2024 22:31:25 +0000
ROA not before:           Mon 01 Jan 2024 22:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208867
IP address blocks:        45.80.96.0/22 maxlen: 22
                          45.85.128.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:38:3c:b5:05:59:f7:17:34:fb:5a:ff:32:a6:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8533ef46116fd9d21bfb533e44bde517890c24dc
        Validity
            Not Before: Jan  1 22:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0c904ddc12e5bcd33b06dd9ea4c0c6329c85e2f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:69:2f:da:3c:af:6e:0b:2b:3d:28:80:fb:36:
                    57:64:82:fa:a9:54:0e:af:6e:64:93:b1:a2:90:92:
                    34:3c:e7:c7:92:72:27:56:c9:23:e2:b3:99:50:da:
                    56:85:04:82:6b:c6:0e:c0:e1:db:23:72:d5:d9:67:
                    6d:c9:90:20:94:1d:5d:9f:6f:eb:d8:52:86:47:d9:
                    da:ee:41:68:53:d9:5d:df:63:8b:58:ff:39:aa:40:
                    99:73:33:c8:04:a6:cd:11:94:74:59:9a:7f:df:f2:
                    87:95:dc:93:0b:7a:d3:bb:0b:15:1d:44:89:ed:90:
                    16:b2:81:8c:27:12:a7:92:d6:da:c3:13:d1:85:27:
                    a9:23:60:ab:2d:83:df:19:99:57:a3:87:5f:12:8e:
                    2a:19:cb:e6:25:67:53:f2:8e:20:2a:86:85:85:af:
                    8c:7d:5d:9d:ec:94:81:15:7b:d4:39:b6:7a:da:65:
                    20:69:f0:c2:11:b4:75:1e:38:ed:d8:a3:33:c1:99:
                    c0:35:bd:f1:a3:73:7e:86:fe:71:c0:31:8e:ae:8e:
                    f3:99:3f:28:05:c1:b2:7b:8a:dd:54:b3:ba:2d:5a:
                    4b:ab:64:2c:92:4b:71:10:90:a3:a8:94:6b:8c:1e:
                    2f:e8:4e:9a:6f:19:49:b6:96:09:df:10:1f:62:ec:
                    d0:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0C:90:4D:DC:12:E5:BC:D3:3B:06:DD:9E:A4:C0:C6:32:9C:85:E2:F2
            X509v3 Authority Key Identifier:
                keyid:85:33:EF:46:11:6F:D9:D2:1B:FB:53:3E:44:BD:E5:17:89:0C:24:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hTPvRhFv2dIb-1M-RL3lF4kMJNw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/DJBN3BLlvNM7Bt2epMDGMpyF4vI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/e0472a-3adf-43cd-bf30-73923daef114/1/hTPvRhFv2dIb-1M-RL3lF4kMJNw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.80.96.0/22
                  45.85.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b1:b5:a7:7d:5b:53:61:88:ee:5d:94:43:91:ce:f8:f5:9f:b5:
         35:20:6d:fe:41:ba:d3:6c:26:a8:f4:2b:50:aa:45:e7:41:e9:
         41:c5:b9:7b:d3:43:f8:60:cf:fe:cf:d6:65:66:5c:2a:df:dd:
         a8:75:a3:05:f7:bd:09:66:39:5b:40:60:97:7d:0e:12:7a:f7:
         fb:9a:e0:32:78:31:53:65:d2:05:86:6e:1b:69:ea:2b:43:d4:
         b4:e1:98:de:98:ec:43:41:b0:fa:e4:1d:e2:b5:e0:93:86:ce:
         45:cb:1c:fe:a5:7c:07:f9:79:b6:06:ca:3d:09:18:4e:0d:7e:
         dc:f7:2e:2c:d4:c5:a5:e9:b3:32:4c:80:d9:f1:db:6b:a8:1f:
         ca:c0:65:8c:45:91:b6:d8:d1:b3:02:73:10:14:08:3a:69:92:
         5e:75:22:61:42:49:c5:c8:24:9f:6b:0f:91:70:bc:24:68:4c:
         1f:91:a4:7b:b0:e2:20:e1:0e:e4:e1:5d:e3:d5:28:c5:e8:c1:
         d0:cb:8c:34:c3:6e:98:16:5b:c5:b6:e6:06:93:0d:2e:1f:51:
         0e:33:47:18:24:53:66:ff:44:96:44:6c:72:cf:2c:d5:b2:1d:
         79:52:8b:47:1d:b0:79:ca:e8:12:a1:09:ae:79:f5:20:65:fa:
         63:ee:28:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJzg8tQVZ9xc0+1r/MqZJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MzNlZjQ2MTE2ZmQ5ZDIxYmZiNTMzZTQ0YmRlNTE3ODkw
YzI0ZGMwHhcNMjQwMTAxMjIzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzkwNGRkYzEyZTViY2QzM2IwNmRkOWVhNGMwYzYzMjljODVlMmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq2kv2jyvbgsrPSiA+zZXZIL6qVQO
r25kk7GikJI0POfHknInVskj4rOZUNpWhQSCa8YOwOHbI3LV2WdtyZAglB1dn2/r
2FKGR9na7kFoU9ld32OLWP85qkCZczPIBKbNEZR0WZp/3/KHldyTC3rTuwsVHUSJ
7ZAWsoGMJxKnktbawxPRhSepI2CrLYPfGZlXo4dfEo4qGcvmJWdT8o4gKoaFha+M
fV2d7JSBFXvUObZ62mUgafDCEbR1Hjjt2KMzwZnANb3xo3N+hv5xwDGOro7zmT8o
BcGye4rdVLO6LVpLq2QskktxEJCjqJRrjB4v6E6abxlJtpYJ3xAfYuzQWQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAyQTdwS5bzTOwbdnqTAxjKcheLyMB8GA1UdIwQY
MBaAFIUz70YRb9nSG/tTPkS95ReJDCTcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAt
NzM5MjNkYWVmMTE0LzEvREpCTjNCTGx2Tk03QnQyZXBNREdNcHlGNHZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9lMDQ3MmEtM2FkZi00M2NkLWJmMzAtNzM5MjNkYWVmMTE0
LzEvaFRQdlJoRnYyZEliLTFNLVJMM2xGNGtNSk53LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLVBgAwQB
LVWAMA0GCSqGSIb3DQEBCwUAA4IBAQCxtad9W1NhiO5dlEORzvj1n7U1IG3+QbrT
bCao9CtQqkXnQelBxbl700P4YM/+z9ZlZlwq392odaMF970JZjlbQGCXfQ4Sevf7
muAyeDFTZdIFhm4baeorQ9S04ZjemOxDQbD65B3iteCThs5Fyxz+pXwH+Xm2Bso9
CRhODX7c9y4s1MWl6bMyTIDZ8dtrqB/KwGWMRZG22NGzAnMQFAg6aZJedSJhQknF
yCSfaw+RcLwkaEwfkaR7sOIg4Q7k4V3j1SjF6MHQy4w0w26YFlvFtuYGkw0uH1EO
M0cYJFNm/0SWRGxyzyzVsh15UotHHbB5yugSoQmuefUgZfpj7ijC
-----END CERTIFICATE-----