Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/9E2zRJucUhm453t24HNHSGQloKs.roa
File:                     9E2zRJucUhm453t24HNHSGQloKs.roa (raw, json)
Hash identifier:          CqXQT4QvmJc2TWqc6T+dah9tKYu/F/tcxh5Q/4KRfWg=
Subject key identifier:   F4:4D:B3:44:9B:9C:52:19:B8:E7:7B:76:E0:73:47:48:64:25:A0:AB
Certificate issuer:       /CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
Certificate serial:       018CC56DEA7223AC202211F943FC2950861D
Authority key identifier: AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/9E2zRJucUhm453t24HNHSGQloKs.roa
Signing time:             Mon 01 Jan 2024 14:29:24 +0000
ROA not before:           Mon 01 Jan 2024 14:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208198
IP address blocks:        45.10.149.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 07:03:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:ea:72:23:ac:20:22:11:f9:43:fc:29:50:86:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad0da43b4a5d3db78ba3f774e5b31b77037202d5
        Validity
            Not Before: Jan  1 14:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f44db3449b9c5219b8e77b76e07347486425a0ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:7f:70:6d:a6:2b:a2:c6:ed:d5:95:35:ee:0b:
                    3d:db:cf:9d:5f:ac:ea:05:7e:cc:e6:f8:8e:ec:01:
                    97:15:c0:16:4d:92:32:8b:15:7b:72:78:45:96:1e:
                    c0:56:6a:8c:82:9b:a0:dd:b0:cd:5c:55:de:ad:ec:
                    67:b1:14:ff:f0:67:e0:cc:ff:3a:0a:d7:40:29:a6:
                    e4:76:76:a9:d1:dd:21:54:ec:6a:ec:01:b2:4b:6b:
                    d0:2d:0f:e7:6e:3c:73:20:dc:cc:e3:0d:82:48:ef:
                    6c:41:ad:fb:dd:99:af:78:53:19:80:9e:73:80:d2:
                    64:35:7e:74:90:ca:b3:f1:99:b6:fd:0c:4c:a6:de:
                    ea:f2:93:d0:62:c8:28:84:97:fa:75:83:b3:a3:20:
                    de:d1:dc:62:a1:ff:2a:14:85:f4:1e:a2:33:94:a5:
                    31:55:20:3f:28:64:1f:eb:53:5f:0a:a3:e2:19:22:
                    b0:0e:18:5c:8b:4c:3b:c9:6c:03:0d:04:3d:58:8f:
                    68:3f:23:12:dc:ec:3d:77:62:61:32:44:c6:21:8e:
                    55:86:4f:7e:a0:e5:76:b5:c4:ae:c2:09:26:96:a4:
                    82:12:d4:1d:4d:21:8f:f4:7e:64:ca:44:3b:73:56:
                    1b:cd:df:a0:3f:1b:3e:68:e7:25:2d:9a:39:bb:2b:
                    bd:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:4D:B3:44:9B:9C:52:19:B8:E7:7B:76:E0:73:47:48:64:25:A0:AB
            X509v3 Authority Key Identifier:
                keyid:AD:0D:A4:3B:4A:5D:3D:B7:8B:A3:F7:74:E5:B3:1B:77:03:72:02:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rQ2kO0pdPbeLo_d05bMbdwNyAtU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/9E2zRJucUhm453t24HNHSGQloKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0d/dd8096-14cc-488d-9257-c515f354cc5a/1/rQ2kO0pdPbeLo_d05bMbdwNyAtU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:9b:78:2d:8c:47:ae:9f:a1:7e:d1:a9:db:0d:1b:26:8c:d9:
         a8:db:ed:bf:8d:c4:25:23:36:95:3c:df:00:b0:3b:0d:0a:c0:
         f6:73:ac:aa:0a:87:1d:c6:81:34:1f:f1:47:a3:88:1a:96:e7:
         12:b2:84:5d:49:3a:2d:f0:fd:63:57:12:52:e8:1c:6d:6c:e5:
         5c:61:ba:ee:64:39:44:2e:32:7d:5b:ef:6a:6b:42:f8:82:ca:
         40:e5:9b:23:a7:15:22:d9:84:37:e7:57:8f:44:af:08:ce:41:
         77:63:72:f4:63:9c:76:83:f3:95:72:0f:7b:26:95:91:70:36:
         ca:91:9f:b0:38:e2:3c:1e:08:f1:43:3c:45:b8:a0:29:9b:85:
         6d:db:ca:6d:d6:85:1b:c2:19:75:e8:2d:8f:77:c3:2f:b0:84:
         5d:ec:cf:e2:ec:d6:a3:61:26:a1:bf:04:01:b1:ec:d6:77:ee:
         d5:84:fe:06:77:19:96:ac:5d:f6:cd:fc:25:29:a0:bb:a9:4a:
         e5:b3:73:e5:44:28:b0:95:80:24:c1:8b:08:9d:26:aa:92:c1:
         92:07:36:af:bf:01:55:1c:26:c1:68:da:6a:80:d2:41:86:fe:
         2c:fd:30:ec:11:af:fd:fe:82:1f:4e:8b:68:bc:5a:84:5c:06:
         f5:5a:88:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbepyI6wgIhH5Q/wpUIYdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkMGRhNDNiNGE1ZDNkYjc4YmEzZjc3NGU1YjMxYjc3MDM3
MjAyZDUwHhcNMjQwMTAxMTQyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNDRkYjM0NDliOWM1MjE5YjhlNzdiNzZlMDczNDc0ODY0MjVhMGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3n9wbaYrosbt1ZU17gs928+dX6zq
BX7M5viO7AGXFcAWTZIyixV7cnhFlh7AVmqMgpug3bDNXFXerexnsRT/8GfgzP86
CtdAKabkdnap0d0hVOxq7AGyS2vQLQ/nbjxzINzM4w2CSO9sQa373ZmveFMZgJ5z
gNJkNX50kMqz8Zm2/QxMpt7q8pPQYsgohJf6dYOzoyDe0dxiof8qFIX0HqIzlKUx
VSA/KGQf61NfCqPiGSKwDhhci0w7yWwDDQQ9WI9oPyMS3Ow9d2JhMkTGIY5Vhk9+
oOV2tcSuwgkmlqSCEtQdTSGP9H5kykQ7c1Ybzd+gPxs+aOclLZo5uyu9oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPRNs0SbnFIZuOd7duBzR0hkJaCrMB8GA1UdIwQY
MBaAFK0NpDtKXT23i6P3dOWzG3cDcgLVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTct
YzUxNWYzNTRjYzVhLzEvOUUyelJKdWNVaG00NTN0MjRITkhTR1Fsb0tzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZC9kZDgwOTYtMTRjYy00ODhkLTkyNTctYzUxNWYzNTRjYzVh
LzEvclEya08wcGRQYmVMb19kMDViTWJkd055QXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQqVMA0G
CSqGSIb3DQEBCwUAA4IBAQCwm3gtjEeun6F+0anbDRsmjNmo2+2/jcQlIzaVPN8A
sDsNCsD2c6yqCocdxoE0H/FHo4galucSsoRdSTot8P1jVxJS6BxtbOVcYbruZDlE
LjJ9W+9qa0L4gspA5ZsjpxUi2YQ351ePRK8IzkF3Y3L0Y5x2g/OVcg97JpWRcDbK
kZ+wOOI8HgjxQzxFuKApm4Vt28pt1oUbwhl16C2Pd8MvsIRd7M/i7NajYSahvwQB
sezWd+7VhP4GdxmWrF32zfwlKaC7qUrls3PlRCiwlYAkwYsInSaqksGSBzavvwFV
HCbBaNpqgNJBhv4s/TDsEa/9/oIfTotovFqEXAb1WogW
-----END CERTIFICATE-----