Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/36TgQbNXre6gnae3LaN0BcRia40.roa
File:                     36TgQbNXre6gnae3LaN0BcRia40.roa (raw, json)
Hash identifier:          hcR7zeLxvKN+kyZAl/CaL9VDG9wUMwQIzVcwZ074ya0=
Subject key identifier:   DF:A4:E0:41:B3:57:AD:EE:A0:9D:A7:B7:2D:A3:74:05:C4:62:6B:8D
Certificate issuer:       /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial:       018CC56DE87EB08234BB62F1278A52A3F122
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/36TgQbNXre6gnae3LaN0BcRia40.roa
Signing time:             Mon 01 Jan 2024 14:29:23 +0000
ROA not before:           Mon 01 Jan 2024 14:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57844
IP address blocks:        45.10.150.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e8:7e:b0:82:34:bb:62:f1:27:8a:52:a3:f1:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
        Validity
            Not Before: Jan  1 14:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dfa4e041b357adeea09da7b72da37405c4626b8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:97:31:3b:4a:fc:26:10:02:35:fc:d8:ea:16:
                    97:b7:29:92:8c:81:46:23:aa:1b:7b:c5:a8:19:7a:
                    65:74:9c:89:03:9b:33:e3:83:ed:84:1f:31:e4:5d:
                    67:db:9e:41:b5:b6:76:45:57:fa:43:18:d6:8e:94:
                    2e:75:fc:47:62:43:24:18:e8:5d:d3:0c:1a:4b:22:
                    71:06:39:11:8a:61:3e:6c:63:bc:04:07:31:be:79:
                    cf:7c:e9:9e:c7:53:6b:db:9f:98:9d:2f:01:ea:c6:
                    71:a3:6c:d6:c7:98:74:56:94:ac:5f:9c:68:c1:0d:
                    46:5c:45:15:8e:1e:8f:0c:eb:da:68:26:04:b9:56:
                    bf:29:6a:ca:fb:5f:ff:c4:52:d3:4f:ae:f9:64:83:
                    55:18:a7:bc:3f:45:0a:16:f7:94:d4:cc:ba:5e:90:
                    2e:58:51:9c:ae:27:7f:50:98:fa:44:fe:0d:14:92:
                    18:b2:4f:78:35:d7:9a:5c:56:d3:9a:87:b4:bc:b2:
                    89:e3:ce:99:e5:51:cd:da:52:b3:cc:55:54:8f:94:
                    6e:fd:6f:47:23:88:17:32:22:2b:f5:5c:dc:f5:1b:
                    b6:ad:f0:31:c7:99:dc:68:82:d0:11:c5:50:f2:00:
                    19:d6:a8:dc:4e:55:52:65:ec:34:b0:b5:30:6c:7e:
                    8c:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:A4:E0:41:B3:57:AD:EE:A0:9D:A7:B7:2D:A3:74:05:C4:62:6B:8D
            X509v3 Authority Key Identifier:
                keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/36TgQbNXre6gnae3LaN0BcRia40.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:dc:a8:5c:c6:4c:1b:85:48:28:49:5c:67:c9:4c:a1:8a:65:
         2c:f3:4f:b6:ba:41:06:e9:5f:f3:ac:f7:e7:8b:0f:ab:2c:20:
         6c:62:b6:8b:35:fb:4b:1d:de:59:92:a4:03:54:1a:55:14:a5:
         8d:eb:ed:fb:b9:50:20:99:b7:01:92:76:aa:69:90:58:7b:ab:
         7e:47:19:d5:e4:e7:9b:f3:4c:09:a6:98:d8:fc:f0:39:ec:8f:
         99:32:f6:68:99:da:60:b0:9b:ba:8b:16:cd:72:c7:70:5a:e3:
         63:07:d5:24:42:3d:61:6e:0c:43:53:36:09:31:37:9a:35:c8:
         2d:af:46:60:14:a9:96:f0:82:49:ec:76:15:5e:6e:96:6a:79:
         3e:25:15:c6:55:e9:49:fe:6b:d9:c0:77:d5:f6:f3:e3:d8:8d:
         17:f3:a3:de:f2:a9:a0:a0:23:1e:62:88:ad:fb:4e:71:34:ce:
         29:b6:3a:31:80:e3:ba:08:d8:fb:6d:f2:3a:03:85:3f:87:6c:
         4d:e9:b4:d5:22:18:41:7e:d2:80:6b:2f:18:e5:04:8a:bb:1d:
         10:31:2a:7a:7a:bf:41:9c:11:bc:f6:37:5d:55:dd:39:d6:27:
         55:22:93:70:4d:83:e7:c3:6b:57:f0:b7:0c:a9:11:b1:cd:cd:
         f2:fa:ed:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbeh+sII0u2LxJ4pSo/EiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjQwMTAxMTQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZmE0ZTA0MWIzNTdhZGVlYTA5ZGE3YjcyZGEzNzQwNWM0NjI2YjhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhpcxO0r8JhACNfzY6haXtymSjIFG
I6obe8WoGXpldJyJA5sz44PthB8x5F1n255BtbZ2RVf6QxjWjpQudfxHYkMkGOhd
0wwaSyJxBjkRimE+bGO8BAcxvnnPfOmex1Nr25+YnS8B6sZxo2zWx5h0VpSsX5xo
wQ1GXEUVjh6PDOvaaCYEuVa/KWrK+1//xFLTT675ZINVGKe8P0UKFveU1My6XpAu
WFGcrid/UJj6RP4NFJIYsk94NdeaXFbTmoe0vLKJ486Z5VHN2lKzzFVUj5Ru/W9H
I4gXMiIr9Vzc9Ru2rfAxx5ncaILQEcVQ8gAZ1qjcTlVSZew0sLUwbH6M0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN+k4EGzV63uoJ2nty2jdAXEYmuNMB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvMzZUZ1FiTlhyZTZnbmFlM0xhTjBCY1JpYTQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQqWMA0G
CSqGSIb3DQEBCwUAA4IBAQBH3KhcxkwbhUgoSVxnyUyhimUs80+2ukEG6V/zrPfn
iw+rLCBsYraLNftLHd5ZkqQDVBpVFKWN6+37uVAgmbcBknaqaZBYe6t+RxnV5Oeb
80wJppjY/PA57I+ZMvZomdpgsJu6ixbNcsdwWuNjB9UkQj1hbgxDUzYJMTeaNcgt
r0ZgFKmW8IJJ7HYVXm6Wank+JRXGVelJ/mvZwHfV9vPj2I0X86Pe8qmgoCMeYoit
+05xNM4ptjoxgOO6CNj7bfI6A4U/h2xN6bTVIhhBftKAay8Y5QSKux0QMSp6er9B
nBG89jddVd051idVIpNwTYPnw2tX8LcMqRGxzc3y+u2r
-----END CERTIFICATE-----