Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/kXplFP6gUF52i6wVPMghV1C0EhU.roa
File:                     kXplFP6gUF52i6wVPMghV1C0EhU.roa (raw, json)
Hash identifier:          sPcx3UnYKqpwUXyNwMIARKTwimyUf18TlzdlM0hj3C8=
Subject key identifier:   91:7A:65:14:FE:A0:50:5E:76:8B:AC:15:3C:C8:21:57:50:B4:12:15
Certificate issuer:       /CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
Certificate serial:       018F6963277851F9B9BE2A814FF5B14EFBB4
Authority key identifier: E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/kXplFP6gUF52i6wVPMghV1C0EhU.roa
Signing time:             Sat 11 May 2024 20:40:56 +0000
ROA not before:           Sat 11 May 2024 20:40:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        45.147.68.0/23 maxlen: 23
                          45.147.70.0/24 maxlen: 24
                          45.147.71.0/24 maxlen: 24
                          88.218.104.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:69:63:27:78:51:f9:b9:be:2a:81:4f:f5:b1:4e:fb:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e76d0dab347a38e2b87b5a22a2f7c9e21c18c9bc
        Validity
            Not Before: May 11 20:40:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=917a6514fea0505e768bac153cc8215750b41215
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:45:b6:09:e1:11:6b:ee:a6:82:cb:a1:2c:4e:
                    58:6c:1e:3b:e1:24:8a:f8:ec:f4:41:ba:43:8f:aa:
                    65:72:bd:d5:45:6e:be:ed:65:a3:65:7c:f0:08:44:
                    09:0a:80:e2:8c:d7:9f:9e:c9:d1:19:95:47:1b:4f:
                    fa:d4:7b:d8:5e:4b:00:0f:ce:72:96:55:12:c2:fa:
                    c9:b8:bd:9e:9d:57:b7:55:46:ba:77:d1:77:24:7a:
                    c9:6d:55:36:0a:9c:f7:97:ee:68:0c:9e:e0:75:b0:
                    e2:65:60:cf:21:f4:b4:df:d6:f7:2c:3a:c9:c8:19:
                    c1:6c:97:a9:58:3c:19:25:fe:6a:86:7a:71:4b:a2:
                    2d:5c:4c:2d:cc:1c:74:03:9b:bc:4f:7c:93:da:ea:
                    81:d6:3b:89:93:e9:73:77:e6:a5:1e:6e:aa:4e:0d:
                    5b:66:7c:97:8d:0f:3c:64:f0:d5:de:f0:c2:5b:07:
                    51:ea:7b:4c:be:e3:70:38:bb:bd:da:76:08:04:63:
                    c1:19:1a:7a:53:27:0e:cf:70:51:f1:7f:ce:b3:80:
                    e6:6b:06:d6:68:db:4b:97:8e:13:52:87:16:52:c6:
                    64:32:89:23:ae:3a:6d:c7:66:4c:b8:6c:1f:3a:38:
                    0b:5d:92:39:ae:19:52:4f:38:34:92:26:e2:03:dd:
                    c4:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:7A:65:14:FE:A0:50:5E:76:8B:AC:15:3C:C8:21:57:50:B4:12:15
            X509v3 Authority Key Identifier:
                keyid:E7:6D:0D:AB:34:7A:38:E2:B8:7B:5A:22:A2:F7:C9:E2:1C:18:C9:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/520NqzR6OOK4e1oiovfJ4hwYybw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/kXplFP6gUF52i6wVPMghV1C0EhU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/3dbb3d-f328-4b27-95d9-bd3bfc99bda9/1/520NqzR6OOK4e1oiovfJ4hwYybw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.68.0/22
                  88.218.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         af:da:53:9f:c5:51:b4:a5:7d:3f:52:74:d7:1f:de:a9:c9:f8:
         74:d2:e3:d2:f3:d8:6f:a0:7f:af:cb:af:4b:95:a5:93:a2:68:
         a9:e5:a1:9a:77:2e:b1:5d:59:ee:8a:30:21:78:1f:d1:6f:92:
         9f:e0:4d:64:cb:25:3a:9d:ad:6d:2c:ae:b7:ad:17:28:fc:a3:
         b5:7e:b5:81:29:64:6b:63:a5:64:a9:5b:12:5b:74:4e:64:79:
         bd:87:f7:c2:77:e9:af:c2:9e:9c:2a:9d:d9:b8:bd:8e:79:ae:
         f4:04:31:7f:52:40:b7:af:b4:b1:3c:17:9e:e8:43:fe:2f:a1:
         47:c3:47:2d:e1:ba:3a:76:86:76:1d:7b:8e:a6:4c:73:43:a0:
         9d:93:d2:fd:b4:f1:be:3f:b3:2e:fe:e2:01:46:dc:a7:ff:49:
         50:2e:14:f0:20:9b:41:88:88:c9:d7:2a:81:3b:79:c0:8e:b5:
         aa:ca:29:54:f6:f9:1a:30:5d:66:29:f7:05:a3:bf:ad:49:93:
         29:ef:64:b3:2e:68:69:f3:2c:29:1c:15:b2:30:96:43:ef:10:
         1b:14:48:81:7d:b2:5c:01:d7:90:5e:9a:50:90:e5:b3:08:e4:
         b6:db:94:0b:d3:5a:f4:80:5a:2d:4c:5b:2e:f1:b0:5c:67:a2:
         3e:33:2e:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY9pYyd4Ufm5viqBT/WxTvu0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NmQwZGFiMzQ3YTM4ZTJiODdiNWEyMmEyZjdjOWUyMWMx
OGM5YmMwHhcNMjQwNTExMjA0MDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTdhNjUxNGZlYTA1MDVlNzY4YmFjMTUzY2M4MjE1NzUwYjQxMjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEW2CeERa+6mgsuhLE5YbB474SSK
+Oz0QbpDj6plcr3VRW6+7WWjZXzwCEQJCoDijNefnsnRGZVHG0/61HvYXksAD85y
llUSwvrJuL2enVe3VUa6d9F3JHrJbVU2Cpz3l+5oDJ7gdbDiZWDPIfS039b3LDrJ
yBnBbJepWDwZJf5qhnpxS6ItXEwtzBx0A5u8T3yT2uqB1juJk+lzd+alHm6qTg1b
ZnyXjQ88ZPDV3vDCWwdR6ntMvuNwOLu92nYIBGPBGRp6UycOz3BR8X/Os4DmawbW
aNtLl44TUocWUsZkMokjrjptx2ZMuGwfOjgLXZI5rhlSTzg0kibiA93EMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJF6ZRT+oFBedousFTzIIVdQtBIVMB8GA1UdIwQY
MBaAFOdtDas0ejjiuHtaIqL3yeIcGMm8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDkt
YmQzYmZjOTliZGE5LzEva1hwbEZQNmdVRjUyaTZ3VlBNZ2hWMUMwRWhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi8zZGJiM2QtZjMyOC00YjI3LTk1ZDktYmQzYmZjOTliZGE5
LzEvNTIwTnF6UjZPT0s0ZTFvaW92Zko0aHdZeWJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZNEAwQA
WNpoMA0GCSqGSIb3DQEBCwUAA4IBAQCv2lOfxVG0pX0/UnTXH96pyfh00uPS89hv
oH+vy69LlaWTomip5aGady6xXVnuijAheB/Rb5Kf4E1kyyU6na1tLK63rRco/KO1
frWBKWRrY6VkqVsSW3ROZHm9h/fCd+mvwp6cKp3ZuL2Oea70BDF/UkC3r7SxPBee
6EP+L6FHw0ct4bo6doZ2HXuOpkxzQ6Cdk9L9tPG+P7Mu/uIBRtyn/0lQLhTwIJtB
iIjJ1yqBO3nAjrWqyilU9vkaMF1mKfcFo7+tSZMp72SzLmhp8ywpHBWyMJZD7xAb
FEiBfbJcAdeQXppQkOWzCOS225QL01r0gFotTFsu8bBcZ6I+My5R
-----END CERTIFICATE-----