Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b6f734-c655-43a1-9934-1e71930fcc0f/1/MlHYHZHuxyjeC9DL4NRsSdMMz30.roa
File:                     MlHYHZHuxyjeC9DL4NRsSdMMz30.roa (raw, json)
Hash identifier:          Hfn9u1EiLvlL3085gtCXkT1WgChcs6pfNNP9yuB6+uU=
Subject key identifier:   32:51:D8:1D:91:EE:C7:28:DE:0B:D0:CB:E0:D4:6C:49:D3:0C:CF:7D
Certificate issuer:       /CN=bf8d8547342e2fc9ecfadfcef00cf273ef9d6e90
Certificate serial:       0191C74A054FE1272F07A3C95D45D84A0D7E
Authority key identifier: BF:8D:85:47:34:2E:2F:C9:EC:FA:DF:CE:F0:0C:F2:73:EF:9D:6E:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v42FRzQuL8ns-t_O8Azyc--dbpA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b6f734-c655-43a1-9934-1e71930fcc0f/1/MlHYHZHuxyjeC9DL4NRsSdMMz30.roa
Signing time:             Fri 06 Sep 2024 12:23:22 +0000
ROA not before:           Fri 06 Sep 2024 12:23:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214405
IP address blocks:        212.32.45.0/24 maxlen: 24
                          2a01:fe00::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b6f734-c655-43a1-9934-1e71930fcc0f/1/v42FRzQuL8ns-t_O8Azyc--dbpA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b6f734-c655-43a1-9934-1e71930fcc0f/1/v42FRzQuL8ns-t_O8Azyc--dbpA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v42FRzQuL8ns-t_O8Azyc--dbpA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 03:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:c7:4a:05:4f:e1:27:2f:07:a3:c9:5d:45:d8:4a:0d:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf8d8547342e2fc9ecfadfcef00cf273ef9d6e90
        Validity
            Not Before: Sep  6 12:23:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3251d81d91eec728de0bd0cbe0d46c49d30ccf7d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:f2:1d:45:33:ee:db:01:7a:8e:3d:bd:7d:01:
                    9f:de:9f:42:3c:a7:25:3a:9f:56:ac:37:f7:a3:c3:
                    33:2e:0d:52:3e:8a:f3:ec:be:90:d4:21:a7:32:f8:
                    38:56:5c:42:67:28:87:0f:cf:45:06:b9:9a:e6:d7:
                    64:4f:c4:09:50:70:e2:ff:08:93:33:98:f2:8a:94:
                    62:69:22:41:25:e2:30:d6:f8:28:13:cc:fc:82:17:
                    8c:e0:5e:0f:6f:8e:99:4f:45:21:cb:21:e2:11:87:
                    a6:af:27:e7:71:f4:da:63:30:94:37:91:e4:89:34:
                    a5:2b:76:bb:93:a7:41:b4:a4:60:4f:fd:e5:31:12:
                    43:6a:3d:7e:a2:89:4b:81:23:1c:fe:21:12:30:e7:
                    0d:76:a7:41:34:e2:19:22:76:af:b5:0b:08:d7:3c:
                    44:0e:e2:03:06:ad:40:92:7e:c2:fd:99:96:12:6e:
                    d0:3e:bc:fb:e4:21:c1:fc:6b:14:70:72:2c:e7:0c:
                    62:48:8e:19:4e:26:e9:47:fc:90:40:3d:eb:7a:4d:
                    83:4a:db:26:e8:9e:3a:4a:85:19:9a:43:7a:43:db:
                    8b:a3:20:e2:f4:a4:da:1d:6c:05:4a:6b:23:13:10:
                    0e:56:79:16:20:a9:50:f5:cd:32:64:92:a3:01:fa:
                    2a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:51:D8:1D:91:EE:C7:28:DE:0B:D0:CB:E0:D4:6C:49:D3:0C:CF:7D
            X509v3 Authority Key Identifier:
                keyid:BF:8D:85:47:34:2E:2F:C9:EC:FA:DF:CE:F0:0C:F2:73:EF:9D:6E:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v42FRzQuL8ns-t_O8Azyc--dbpA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b6f734-c655-43a1-9934-1e71930fcc0f/1/MlHYHZHuxyjeC9DL4NRsSdMMz30.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b6f734-c655-43a1-9934-1e71930fcc0f/1/v42FRzQuL8ns-t_O8Azyc--dbpA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.32.45.0/24
                IPv6:
                  2a01:fe00::/48

    Signature Algorithm: sha256WithRSAEncryption
         8f:8c:95:72:fc:e9:3d:00:17:07:fd:ff:65:39:c9:ed:23:77:
         b7:c1:0d:03:2a:6a:ce:13:b7:3b:c4:a6:26:1a:8b:af:e8:7f:
         15:18:ab:10:c5:4b:1f:3f:e7:ba:1c:03:86:a9:e3:ff:e7:20:
         6e:2b:ba:09:14:32:c9:d7:9d:6d:03:11:3b:dc:95:46:34:7f:
         ef:9b:24:a3:11:75:85:6a:85:d9:65:39:71:47:d0:5c:aa:53:
         4f:61:d3:9f:d2:5d:90:99:12:6a:55:d7:2d:3e:b3:2e:42:eb:
         59:31:61:f6:71:54:dc:43:4b:fe:d2:40:57:f9:3d:63:52:81:
         d1:53:85:fa:aa:25:4f:1a:f5:6d:d6:14:11:4e:30:88:bb:02:
         cb:a7:c3:c0:6d:5f:5b:6c:73:db:83:55:21:84:ae:39:32:b1:
         75:08:a1:c8:b0:1f:4f:c4:20:04:32:eb:5b:81:4e:fa:22:30:
         17:64:8e:31:c2:0c:da:cc:1f:35:de:6b:3a:5e:ef:f2:ee:95:
         e9:5e:92:54:11:25:0e:a1:b7:a5:9e:6a:7c:9d:83:64:2a:fe:
         16:83:cc:96:51:a6:8b:18:dc:18:62:b5:49:bc:5d:89:b5:6a:
         95:e9:13:2d:52:98:4e:63:24:15:51:88:54:ff:53:18:d9:9b:
         d2:0f:71:7a
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZHHSgVP4ScvB6PJXUXYSg1+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmOGQ4NTQ3MzQyZTJmYzllY2ZhZGZjZWYwMGNmMjczZWY5
ZDZlOTAwHhcNMjQwOTA2MTIyMzIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjUxZDgxZDkxZWVjNzI4ZGUwYmQwY2JlMGQ0NmM0OWQzMGNjZjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmvIdRTPu2wF6jj29fQGf3p9CPKcl
Op9WrDf3o8MzLg1SPorz7L6Q1CGnMvg4VlxCZyiHD89FBrma5tdkT8QJUHDi/wiT
M5jyipRiaSJBJeIw1vgoE8z8gheM4F4Pb46ZT0UhyyHiEYemryfncfTaYzCUN5Hk
iTSlK3a7k6dBtKRgT/3lMRJDaj1+oolLgSMc/iESMOcNdqdBNOIZInavtQsI1zxE
DuIDBq1Akn7C/ZmWEm7QPrz75CHB/GsUcHIs5wxiSI4ZTibpR/yQQD3rek2DStsm
6J46SoUZmkN6Q9uLoyDi9KTaHWwFSmsjExAOVnkWIKlQ9c0yZJKjAfoqTwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDJR2B2R7sco3gvQy+DUbEnTDM99MB8GA1UdIwQY
MBaAFL+NhUc0Li/J7PrfzvAM8nPvnW6QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjQyRlJ6UXVMOG5zLXRfTzhBenljLS1kYnBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iNmY3MzQtYzY1NS00M2ExLTk5MzQt
MWU3MTkzMGZjYzBmLzEvTWxIWUhaSHV4eWplQzlETDROUnNTZE1NejMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iNmY3MzQtYzY1NS00M2ExLTk5MzQtMWU3MTkzMGZjYzBm
LzEvdjQyRlJ6UXVMOG5zLXRfTzhBenljLS1kYnBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQA1CAtMA8E
AgACMAkDBwAqAf4AAAAwDQYJKoZIhvcNAQELBQADggEBAI+MlXL86T0AFwf9/2U5
ye0jd7fBDQMqas4TtzvEpiYai6/ofxUYqxDFSx8/57ocA4ap4//nIG4rugkUMsnX
nW0DETvclUY0f++bJKMRdYVqhdllOXFH0FyqU09h05/SXZCZEmpV1y0+sy5C61kx
YfZxVNxDS/7SQFf5PWNSgdFThfqqJU8a9W3WFBFOMIi7Asunw8BtX1tsc9uDVSGE
rjkysXUIociwH0/EIAQy61uBTvoiMBdkjjHCDNrMHzXeazpe7/LuleleklQRJQ6h
t6Weanydg2Qq/haDzJZRposY3BhitUm8XYm1apXpEy1SmE5jJBVRiFT/UxjZm9IP
cXo=
-----END CERTIFICATE-----