Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/kmS4LPHtGVsYU8-dcO2Au6sv25E.roa
File:                     kmS4LPHtGVsYU8-dcO2Au6sv25E.roa (raw, json)
Hash identifier:          c6SFYbzftGsrhxldszlvip1zHyX6Z0CZJhKY4+DLxh0=
Subject key identifier:   92:64:B8:2C:F1:ED:19:5B:18:53:CF:9D:70:ED:80:BB:AB:2F:DB:91
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       01918A5E034A1A9B1665438F89CCE7A60B22
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/kmS4LPHtGVsYU8-dcO2Au6sv25E.roa
Signing time:             Sun 25 Aug 2024 16:28:22 +0000
ROA not before:           Sun 25 Aug 2024 16:28:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50917
IP address blocks:        45.152.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:8a:5e:03:4a:1a:9b:16:65:43:8f:89:cc:e7:a6:0b:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Aug 25 16:28:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9264b82cf1ed195b1853cf9d70ed80bbab2fdb91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:8f:87:5b:94:8d:fe:e8:c6:1e:b3:45:dc:39:
                    7e:11:ea:d0:8d:5e:2a:38:33:96:e3:9b:33:ae:b3:
                    dd:32:bb:02:5f:68:46:86:e4:53:e2:98:b2:61:5b:
                    ec:5c:1d:a9:ab:87:fb:71:76:78:d8:66:6b:10:51:
                    3b:c2:65:6f:bc:f7:39:02:4e:8c:fe:fc:4d:ac:80:
                    6c:ba:ff:9a:96:bc:4a:32:2a:af:79:2e:56:cd:1a:
                    ee:e7:ff:32:06:a7:5b:2f:41:1f:cf:89:ff:eb:ca:
                    ff:08:a1:66:3f:b9:54:0e:d7:b9:22:4b:5e:55:5a:
                    52:33:a7:e4:29:86:b3:40:46:72:a2:4f:a9:43:e9:
                    fa:46:48:43:f7:15:fe:59:15:d6:86:eb:1b:b1:52:
                    21:5d:fb:63:e9:95:8b:1f:60:0c:25:2f:58:f1:b6:
                    8c:62:c0:6d:1c:73:93:ac:98:0e:10:3f:b8:c3:e3:
                    c2:50:28:39:20:a0:d0:e7:42:d7:cc:01:2e:a9:b5:
                    8f:84:2f:17:cc:c2:9e:99:52:97:37:f0:f3:ec:14:
                    d3:5b:a3:cd:20:05:57:49:1b:49:33:68:13:f8:a5:
                    33:19:87:31:a1:aa:8a:1a:09:fe:3d:ea:c9:6f:45:
                    61:9a:87:c4:cf:d1:15:77:b9:28:4c:43:94:65:b0:
                    81:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:64:B8:2C:F1:ED:19:5B:18:53:CF:9D:70:ED:80:BB:AB:2F:DB:91
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/kmS4LPHtGVsYU8-dcO2Au6sv25E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:f7:04:09:0b:7c:1a:0b:7a:12:e1:3f:e9:ec:43:db:46:fb:
         c8:9b:81:3a:1f:3d:0e:3e:ad:26:70:ed:53:d5:c1:55:42:f5:
         e9:94:0f:38:08:b5:2b:3b:2f:76:96:44:88:5d:bd:ec:da:13:
         78:d9:3e:63:85:64:f5:7d:45:61:cb:0d:c5:3c:cb:24:ef:dc:
         b3:9a:74:ea:51:c2:33:2c:c9:ed:a8:6a:af:8b:20:6e:ca:8d:
         94:97:93:9c:cd:3d:3f:61:87:52:cf:8d:54:04:dd:93:1a:59:
         50:2d:46:cd:d1:3a:cc:36:94:dc:ee:39:e3:51:63:d7:ad:70:
         59:b1:fd:51:7a:66:98:6b:28:83:39:9f:73:79:37:b3:c5:be:
         91:70:f1:98:4d:38:b0:f3:ee:ea:26:05:da:ab:d1:3c:2d:8f:
         1d:e0:a3:7f:40:09:61:ad:fd:49:1e:3b:19:8c:6a:3d:b2:ac:
         9e:aa:a5:6e:4b:1c:fd:51:60:8f:0b:37:3e:3b:e7:f7:d7:f1:
         8b:bf:67:3c:29:df:ed:6b:0b:6e:8c:44:24:b7:39:cc:ef:14:
         57:0b:f9:00:8c:f5:99:40:26:0f:f9:5c:73:2d:fe:b6:59:b1:
         c8:0f:2b:45:ea:f7:29:b4:92:cf:63:8f:51:91:c0:5c:78:51:
         d0:f8:67:e0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGKXgNKGpsWZUOPicznpgsiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjQwODI1MTYyODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjY0YjgyY2YxZWQxOTViMTg1M2NmOWQ3MGVkODBiYmFiMmZkYjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyo+HW5SN/ujGHrNF3Dl+EerQjV4q
ODOW45szrrPdMrsCX2hGhuRT4piyYVvsXB2pq4f7cXZ42GZrEFE7wmVvvPc5Ak6M
/vxNrIBsuv+alrxKMiqveS5WzRru5/8yBqdbL0Efz4n/68r/CKFmP7lUDte5Ikte
VVpSM6fkKYazQEZyok+pQ+n6RkhD9xX+WRXWhusbsVIhXftj6ZWLH2AMJS9Y8baM
YsBtHHOTrJgOED+4w+PCUCg5IKDQ50LXzAEuqbWPhC8XzMKemVKXN/Dz7BTTW6PN
IAVXSRtJM2gT+KUzGYcxoaqKGgn+PerJb0VhmofEz9EVd7koTEOUZbCBQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJJkuCzx7RlbGFPPnXDtgLurL9uRMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEva21TNExQSHRHVnNZVTgtZGNPMkF1NnN2MjVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZgnMA0G
CSqGSIb3DQEBCwUAA4IBAQBU9wQJC3waC3oS4T/p7EPbRvvIm4E6Hz0OPq0mcO1T
1cFVQvXplA84CLUrOy92lkSIXb3s2hN42T5jhWT1fUVhyw3FPMsk79yzmnTqUcIz
LMntqGqviyBuyo2Ul5OczT0/YYdSz41UBN2TGllQLUbN0TrMNpTc7jnjUWPXrXBZ
sf1RemaYayiDOZ9zeTezxb6RcPGYTTiw8+7qJgXaq9E8LY8d4KN/QAlhrf1JHjsZ
jGo9sqyeqqVuSxz9UWCPCzc+O+f31/GLv2c8Kd/tawtujEQktznM7xRXC/kAjPWZ
QCYP+VxzLf62WbHIDytF6vcptJLPY49RkcBceFHQ+Gfg
-----END CERTIFICATE-----