Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/CEeJUWHLrI3vMfXnJRvy4_C5Yn8.roa
File:                     CEeJUWHLrI3vMfXnJRvy4_C5Yn8.roa (raw, json)
Hash identifier:          a5nBg0XrxbixSuChmUd2UX69hIdJI56Vuybvv6eOBeo=
Subject key identifier:   08:47:89:51:61:CB:AC:8D:EF:31:F5:E7:25:1B:F2:E3:F0:B9:62:7F
Certificate issuer:       /CN=0bf543e23e29fb03748d0939726f30fe9affa19e
Certificate serial:       01909CB880E9720CD563B4B17EE3B42CD401
Authority key identifier: 0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/CEeJUWHLrI3vMfXnJRvy4_C5Yn8.roa
Signing time:             Wed 10 Jul 2024 12:57:35 +0000
ROA not before:           Wed 10 Jul 2024 12:57:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202993
IP address blocks:        45.156.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:9c:b8:80:e9:72:0c:d5:63:b4:b1:7e:e3:b4:2c:d4:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0bf543e23e29fb03748d0939726f30fe9affa19e
        Validity
            Not Before: Jul 10 12:57:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0847895161cbac8def31f5e7251bf2e3f0b9627f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:6c:e6:8d:71:e3:a7:2f:5f:84:f3:8f:eb:41:
                    c6:69:75:53:88:cc:49:10:4d:30:2a:d2:99:17:4d:
                    e7:f8:e5:d7:54:fe:11:6d:7c:39:58:ee:1f:87:58:
                    b9:1d:45:cf:dd:28:34:10:df:4c:d2:91:58:8a:e1:
                    00:50:1d:89:3b:15:8c:b1:3f:29:52:75:d6:a5:86:
                    34:76:48:a5:04:d8:39:b3:03:50:4a:b9:05:43:3c:
                    17:62:91:da:0d:02:56:c7:cd:e0:e4:8c:52:c7:01:
                    77:87:44:19:fd:88:9f:ca:92:86:aa:0b:e5:21:7a:
                    59:cb:f6:3f:22:ac:e6:94:ec:4a:b7:ca:79:fd:2a:
                    58:5e:cd:00:2a:6c:1a:c3:a5:ab:45:6f:39:15:73:
                    58:48:e1:ba:ba:8c:10:69:50:15:08:d1:23:03:51:
                    50:e4:a8:a7:78:c7:f2:d3:3e:75:28:13:19:84:f6:
                    b7:c0:da:c0:30:29:b5:90:58:09:c1:11:64:8e:05:
                    17:f0:cb:83:42:52:93:e8:da:bc:92:4f:12:f3:6e:
                    46:88:1b:e0:a6:2d:d6:6b:15:25:26:8c:85:83:94:
                    9e:d9:84:58:1c:ce:70:4e:f4:01:22:63:9d:95:57:
                    d9:d7:9a:11:a4:b6:da:ba:43:55:cf:2a:4f:36:cc:
                    7a:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:47:89:51:61:CB:AC:8D:EF:31:F5:E7:25:1B:F2:E3:F0:B9:62:7F
            X509v3 Authority Key Identifier:
                keyid:0B:F5:43:E2:3E:29:FB:03:74:8D:09:39:72:6F:30:FE:9A:FF:A1:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/CEeJUWHLrI3vMfXnJRvy4_C5Yn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/afa34c-f3f0-405c-b083-a35fc438d4ca/1/C_VD4j4p-wN0jQk5cm8w_pr_oZ4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:fc:45:08:13:0c:28:7c:ff:b6:0c:b4:0e:6c:06:b9:3f:4c:
         22:2e:8c:04:6d:d9:4f:23:56:25:81:90:eb:10:75:38:a0:b3:
         78:95:93:4e:29:7d:c4:ba:ad:58:f7:4e:4c:db:cd:8f:7a:96:
         e8:a8:d2:ee:c7:8e:60:b2:32:34:68:dd:26:11:12:b3:b4:7d:
         61:d0:c9:d5:68:7e:59:81:57:52:49:7c:65:f2:23:37:62:ee:
         a6:b6:2f:8c:9a:02:84:0b:86:e7:fc:17:c9:63:0c:9c:11:79:
         fa:49:40:69:58:d6:26:57:3d:94:fd:c4:45:de:52:a0:3e:7b:
         16:f3:19:ec:57:89:d6:58:cb:c5:d8:df:e0:ca:13:6b:4f:68:
         66:3c:09:a8:1a:e2:07:af:ab:68:25:fc:fb:85:a8:fb:ec:05:
         6c:ec:52:ca:95:7e:f4:e2:c5:6b:5a:c4:04:9b:c4:94:21:d3:
         ff:40:55:81:8a:3f:00:4e:91:da:cf:20:b2:cd:df:02:c3:bd:
         2f:75:db:0c:a3:c8:d7:77:a7:4a:4e:e0:94:1d:ac:04:21:09:
         62:f5:55:85:af:16:26:c1:1f:39:0e:59:c4:9f:db:ba:f4:5d:
         60:0e:03:b3:50:67:25:ff:04:9e:47:6d:5d:66:bb:f1:a8:d0:
         eb:1e:1d:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZCcuIDpcgzVY7SxfuO0LNQBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiZjU0M2UyM2UyOWZiMDM3NDhkMDkzOTcyNmYzMGZlOWFm
ZmExOWUwHhcNMjQwNzEwMTI1NzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODQ3ODk1MTYxY2JhYzhkZWYzMWY1ZTcyNTFiZjJlM2YwYjk2MjdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0GzmjXHjpy9fhPOP60HGaXVTiMxJ
EE0wKtKZF03n+OXXVP4RbXw5WO4fh1i5HUXP3Sg0EN9M0pFYiuEAUB2JOxWMsT8p
UnXWpYY0dkilBNg5swNQSrkFQzwXYpHaDQJWx83g5IxSxwF3h0QZ/YifypKGqgvl
IXpZy/Y/IqzmlOxKt8p5/SpYXs0AKmwaw6WrRW85FXNYSOG6uowQaVAVCNEjA1FQ
5KineMfy0z51KBMZhPa3wNrAMCm1kFgJwRFkjgUX8MuDQlKT6Nq8kk8S825GiBvg
pi3WaxUlJoyFg5Se2YRYHM5wTvQBImOdlVfZ15oRpLbaukNVzypPNsx6dwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhHiVFhy6yN7zH15yUb8uPwuWJ/MB8GA1UdIwQY
MBaAFAv1Q+I+KfsDdI0JOXJvMP6a/6GeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMt
YTM1ZmM0MzhkNGNhLzEvQ0VlSlVXSExySTN2TWZYbkpSdnk0X0M1WW44LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9hZmEzNGMtZjNmMC00MDVjLWIwODMtYTM1ZmM0MzhkNGNh
LzEvQ19WRDRqNHAtd04walFrNWNtOHdfcHJfb1o0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZxwMA0G
CSqGSIb3DQEBCwUAA4IBAQBs/EUIEwwofP+2DLQObAa5P0wiLowEbdlPI1YlgZDr
EHU4oLN4lZNOKX3Euq1Y905M282PepboqNLux45gsjI0aN0mERKztH1h0MnVaH5Z
gVdSSXxl8iM3Yu6mti+MmgKEC4bn/BfJYwycEXn6SUBpWNYmVz2U/cRF3lKgPnsW
8xnsV4nWWMvF2N/gyhNrT2hmPAmoGuIHr6toJfz7haj77AVs7FLKlX704sVrWsQE
m8SUIdP/QFWBij8ATpHazyCyzd8Cw70vddsMo8jXd6dKTuCUHawEIQli9VWFrxYm
wR85DlnEn9u69F1gDgOzUGcl/wSeR21dZrvxqNDrHh3y
-----END CERTIFICATE-----