Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/ocSaT8oDsygPLanuB-H1O7lCF4k.roa
File:                     ocSaT8oDsygPLanuB-H1O7lCF4k.roa (raw, json)
Hash identifier:          NSBv1AkN8vJZ6r3GHhYFBX2TvwSUy+fx895aO0NiRKc=
Subject key identifier:   A1:C4:9A:4F:CA:03:B3:28:0F:2D:A9:EE:07:E1:F5:3B:B9:42:17:89
Certificate issuer:       /CN=8821a39aed9da4ee3ab6639d244508fa1e8d20f6
Certificate serial:       018EBA1A5EDF62CCE993938F6FB693A9721F
Authority key identifier: 88:21:A3:9A:ED:9D:A4:EE:3A:B6:63:9D:24:45:08:FA:1E:8D:20:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iCGjmu2dpO46tmOdJEUI-h6NIPY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/ocSaT8oDsygPLanuB-H1O7lCF4k.roa
Signing time:             Sun 07 Apr 2024 19:47:54 +0000
ROA not before:           Sun 07 Apr 2024 19:47:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        45.137.128.0/22 maxlen: 22
                          192.144.44.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/iCGjmu2dpO46tmOdJEUI-h6NIPY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/iCGjmu2dpO46tmOdJEUI-h6NIPY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iCGjmu2dpO46tmOdJEUI-h6NIPY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 01:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ba:1a:5e:df:62:cc:e9:93:93:8f:6f:b6:93:a9:72:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8821a39aed9da4ee3ab6639d244508fa1e8d20f6
        Validity
            Not Before: Apr  7 19:47:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1c49a4fca03b3280f2da9ee07e1f53bb9421789
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f5:be:59:4d:23:66:4e:10:28:e0:aa:0a:43:
                    ef:d6:75:46:80:ea:ff:08:cb:80:53:18:9f:82:55:
                    6b:0c:63:c6:c8:83:f2:e6:b6:df:b6:d6:c8:cc:42:
                    05:6c:3a:40:0a:16:a2:d7:ab:1b:71:01:16:aa:1d:
                    5e:5c:07:6c:13:31:81:27:2a:1e:2c:8c:24:53:7c:
                    76:e3:ad:24:29:83:79:c7:e6:b7:3a:34:f2:bc:31:
                    90:9e:87:64:fe:1b:13:26:20:5b:e6:f8:ba:8b:7e:
                    4c:e5:35:8f:8b:0f:29:81:51:79:6b:be:7d:1a:18:
                    9b:d4:f8:5f:70:19:28:da:5f:a7:41:14:56:d9:bb:
                    a5:93:87:49:4b:34:95:e3:49:b9:e5:85:0f:20:42:
                    58:19:64:50:f7:7c:1e:85:15:19:6d:e1:85:12:bd:
                    cc:af:00:d8:73:11:29:d7:2d:2c:53:b9:7f:e5:3a:
                    97:79:26:e8:a0:26:fc:fe:76:32:d0:43:95:55:6f:
                    7d:f4:0d:61:f9:7e:61:0b:ad:09:8b:28:30:45:69:
                    75:77:48:e9:ec:03:75:ac:32:47:06:bd:72:16:1a:
                    02:7a:d1:b0:23:b9:bc:a1:ba:44:9a:11:ea:93:55:
                    79:74:f3:9e:f2:37:cb:6d:bf:eb:00:a7:a7:f7:9f:
                    b2:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:C4:9A:4F:CA:03:B3:28:0F:2D:A9:EE:07:E1:F5:3B:B9:42:17:89
            X509v3 Authority Key Identifier:
                keyid:88:21:A3:9A:ED:9D:A4:EE:3A:B6:63:9D:24:45:08:FA:1E:8D:20:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iCGjmu2dpO46tmOdJEUI-h6NIPY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/ocSaT8oDsygPLanuB-H1O7lCF4k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/04/496773-5018-48dc-a240-f60d6f7182a1/1/iCGjmu2dpO46tmOdJEUI-h6NIPY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.128.0/22
                  192.144.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b3:0f:13:65:dd:eb:cb:1b:df:c4:12:19:16:94:9a:2a:a7:33:
         85:d8:bb:31:24:dd:29:a3:21:15:0a:a5:4e:d4:6d:9e:a5:af:
         6c:dc:66:9e:65:e5:d0:3a:8e:b6:79:80:56:10:2b:86:fb:22:
         e1:a5:fb:d3:af:fe:16:07:57:09:e7:6e:32:89:11:91:b8:91:
         52:6b:40:96:06:af:7b:96:07:c8:5e:59:96:87:dd:3e:df:6c:
         32:c5:c1:6c:ce:ec:09:e6:58:89:24:78:dd:29:98:06:bd:73:
         a2:a2:71:82:a4:7e:59:99:0c:66:62:d1:a8:24:e3:d8:59:0d:
         05:4b:d7:ac:23:38:09:e7:d7:c2:f3:bd:52:fa:ed:84:23:b9:
         7d:64:f0:14:dc:8d:2c:63:d8:d5:a4:7b:d4:8a:5c:ef:7c:11:
         b7:1f:3d:1a:f5:e6:6a:6c:dd:c6:28:33:c3:19:56:0b:7c:cf:
         a1:1a:f8:cc:fe:59:b6:c9:e6:c0:e5:72:9f:d7:58:24:fe:9d:
         d9:91:63:4f:3e:59:b6:19:30:33:d5:32:75:84:a9:85:ff:66:
         43:ce:b0:24:12:6a:17:f1:db:c4:e9:94:0f:ae:21:f1:a1:7c:
         d3:bb:e1:a1:9d:c6:5e:cb:13:24:56:f4:89:75:ca:5b:73:ff:
         8e:36:1f:1f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY66Gl7fYszpk5OPb7aTqXIfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg4MjFhMzlhZWQ5ZGE0ZWUzYWI2NjM5ZDI0NDUwOGZhMWU4
ZDIwZjYwHhcNMjQwNDA3MTk0NzU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWM0OWE0ZmNhMDNiMzI4MGYyZGE5ZWUwN2UxZjUzYmI5NDIxNzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfW+WU0jZk4QKOCqCkPv1nVGgOr/
CMuAUxifglVrDGPGyIPy5rbfttbIzEIFbDpAChai16sbcQEWqh1eXAdsEzGBJyoe
LIwkU3x2460kKYN5x+a3OjTyvDGQnodk/hsTJiBb5vi6i35M5TWPiw8pgVF5a759
Ghib1PhfcBko2l+nQRRW2bulk4dJSzSV40m55YUPIEJYGWRQ93wehRUZbeGFEr3M
rwDYcxEp1y0sU7l/5TqXeSbooCb8/nYy0EOVVW999A1h+X5hC60JiygwRWl1d0jp
7AN1rDJHBr1yFhoCetGwI7m8obpEmhHqk1V5dPOe8jfLbb/rAKen95+y0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKHEmk/KA7MoDy2p7gfh9Tu5QheJMB8GA1UdIwQY
MBaAFIgho5rtnaTuOrZjnSRFCPoejSD2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaUNHam11MmRwTzQ2dG1PZEpFVUktaDZOSVBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNC80OTY3NzMtNTAxOC00OGRjLWEyNDAt
ZjYwZDZmNzE4MmExLzEvb2NTYVQ4b0RzeWdQTGFudUItSDFPN2xDRjRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNC80OTY3NzMtNTAxOC00OGRjLWEyNDAtZjYwZDZmNzE4MmEx
LzEvaUNHam11MmRwTzQ2dG1PZEpFVUktaDZOSVBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLYmAAwQC
wJAsMA0GCSqGSIb3DQEBCwUAA4IBAQCzDxNl3evLG9/EEhkWlJoqpzOF2LsxJN0p
oyEVCqVO1G2epa9s3GaeZeXQOo62eYBWECuG+yLhpfvTr/4WB1cJ524yiRGRuJFS
a0CWBq97lgfIXlmWh90+32wyxcFszuwJ5liJJHjdKZgGvXOionGCpH5ZmQxmYtGo
JOPYWQ0FS9esIzgJ59fC871S+u2EI7l9ZPAU3I0sY9jVpHvUilzvfBG3Hz0a9eZq
bN3GKDPDGVYLfM+hGvjM/lm2yebA5XKf11gk/p3ZkWNPPlm2GTAz1TJ1hKmF/2ZD
zrAkEmoX8dvE6ZQPriHxoXzTu+GhncZeyxMkVvSJdcpbc/+ONh8f
-----END CERTIFICATE-----