Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/5da375-99a9-4329-9d29-cec8931ce631/1/wReVv2IjiUqNmMEgothp0lnvwBQ.roa
File:                     wReVv2IjiUqNmMEgothp0lnvwBQ.roa (raw, json)
Hash identifier:          /prMZmam7T4IR0iFp7JWZ/RQjmHBDStllRIRUXxjGo8=
Subject key identifier:   C1:17:95:BF:62:23:89:4A:8D:98:C1:20:A2:D8:69:D2:59:EF:C0:14
Certificate issuer:       /CN=ad5c2e74c6d46cc73c98a4c16087a8a3b3a6f759
Certificate serial:       018CC7940F91715904C567670ABEFD9EE3F9
Authority key identifier: AD:5C:2E:74:C6:D4:6C:C7:3C:98:A4:C1:60:87:A8:A3:B3:A6:F7:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rVwudMbUbMc8mKTBYIeoo7Om91k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/5da375-99a9-4329-9d29-cec8931ce631/1/wReVv2IjiUqNmMEgothp0lnvwBQ.roa
Signing time:             Tue 02 Jan 2024 00:30:18 +0000
ROA not before:           Tue 02 Jan 2024 00:30:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211415
IP address blocks:        45.91.32.0/22 maxlen: 22
                          2a0e:ac0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/5da375-99a9-4329-9d29-cec8931ce631/1/rVwudMbUbMc8mKTBYIeoo7Om91k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/5da375-99a9-4329-9d29-cec8931ce631/1/rVwudMbUbMc8mKTBYIeoo7Om91k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rVwudMbUbMc8mKTBYIeoo7Om91k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 16 May 2024 14:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:0f:91:71:59:04:c5:67:67:0a:be:fd:9e:e3:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad5c2e74c6d46cc73c98a4c16087a8a3b3a6f759
        Validity
            Not Before: Jan  2 00:30:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c11795bf6223894a8d98c120a2d869d259efc014
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:9d:ad:dc:90:39:c3:3a:7f:57:73:a7:87:34:
                    e5:41:66:fb:12:ce:ca:d9:31:ff:11:a6:61:85:3e:
                    d6:51:1b:ae:b3:9e:bd:1b:79:8c:6f:54:68:40:39:
                    14:dd:53:ed:5c:0f:a6:c9:ba:d8:29:53:d4:fa:96:
                    e9:4b:cb:9a:ca:7c:81:5a:aa:38:8b:b6:30:e5:c8:
                    64:54:00:de:89:b3:44:b9:f0:16:fb:5d:db:ba:f3:
                    a2:f7:89:3f:22:67:69:d7:a7:dd:13:df:86:e7:16:
                    3a:47:16:94:c7:86:39:6e:16:e6:c8:17:41:3b:35:
                    7f:32:6c:0c:91:6e:ef:f1:31:3c:0b:d2:8c:86:29:
                    73:49:98:46:69:bb:2e:dc:6a:fb:70:58:62:98:59:
                    ab:c9:bb:da:c2:b5:1a:ee:ed:d7:8e:38:f2:6e:0e:
                    85:2a:96:83:8c:b5:1f:50:4a:1e:1b:b5:9d:ab:62:
                    ff:b4:c6:1d:41:19:f1:51:78:b0:1b:a8:71:48:c9:
                    b4:73:e4:3d:a7:c1:7c:61:bf:26:ce:da:f1:aa:ce:
                    47:db:88:4c:9a:85:2f:2a:65:47:53:ba:09:8f:53:
                    3d:c5:17:de:07:6b:1a:e4:ae:e6:bf:9d:f9:ac:8c:
                    06:f4:e3:8f:00:d3:5c:d1:8c:c1:5e:ac:55:9c:99:
                    5b:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:17:95:BF:62:23:89:4A:8D:98:C1:20:A2:D8:69:D2:59:EF:C0:14
            X509v3 Authority Key Identifier:
                keyid:AD:5C:2E:74:C6:D4:6C:C7:3C:98:A4:C1:60:87:A8:A3:B3:A6:F7:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rVwudMbUbMc8mKTBYIeoo7Om91k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/5da375-99a9-4329-9d29-cec8931ce631/1/wReVv2IjiUqNmMEgothp0lnvwBQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/5da375-99a9-4329-9d29-cec8931ce631/1/rVwudMbUbMc8mKTBYIeoo7Om91k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.32.0/22
                IPv6:
                  2a0e:ac0::/29

    Signature Algorithm: sha256WithRSAEncryption
         3c:53:7b:6c:3e:40:3a:95:0f:29:d8:51:9b:7b:5e:6f:9f:57:
         66:ef:6f:89:2d:45:20:c0:bf:43:51:98:cd:43:00:ea:da:e7:
         b8:a1:7b:51:ad:99:4f:81:43:5a:cd:c2:43:1e:38:6e:7b:29:
         3e:14:72:ed:b4:d6:7a:db:3f:96:20:c0:ed:fc:da:f7:24:8f:
         f4:06:1e:b2:76:2a:db:a6:53:be:7d:82:db:e3:1d:b3:bb:9e:
         7d:e9:68:24:ea:1a:56:8c:f9:dc:33:bd:8a:03:d1:47:c5:c8:
         d9:4b:e4:da:0a:9a:78:7f:db:63:06:b1:33:b5:c2:b9:28:4a:
         5d:fa:00:f0:22:90:21:ed:f9:62:19:9b:38:6a:9f:0e:88:f2:
         7b:ad:52:78:88:1b:ec:aa:c1:c4:82:89:45:45:f2:c9:53:2f:
         8b:50:2e:46:7b:ee:55:be:dd:64:41:3a:11:d0:86:89:73:6e:
         b3:29:a1:cf:ff:3e:74:3d:1d:3e:d0:bf:43:39:f3:28:fa:79:
         ee:ac:76:d5:2f:ec:ca:9a:de:a2:ff:90:fb:a1:9d:8f:75:96:
         5f:13:15:09:77:1b:0a:c4:1f:5c:c8:8f:ba:32:e1:3b:b4:db:
         6c:94:25:e9:19:75:f5:55:d1:8d:9a:2a:8c:1c:6c:eb:72:d9:
         43:ae:aa:e4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHlA+RcVkExWdnCr79nuP5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkNWMyZTc0YzZkNDZjYzczYzk4YTRjMTYwODdhOGEzYjNh
NmY3NTkwHhcNMjQwMTAyMDAzMDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTE3OTViZjYyMjM4OTRhOGQ5OGMxMjBhMmQ4NjlkMjU5ZWZjMDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkZ2t3JA5wzp/V3OnhzTlQWb7Es7K
2TH/EaZhhT7WURuus569G3mMb1RoQDkU3VPtXA+mybrYKVPU+pbpS8uaynyBWqo4
i7Yw5chkVADeibNEufAW+13buvOi94k/Imdp16fdE9+G5xY6RxaUx4Y5bhbmyBdB
OzV/MmwMkW7v8TE8C9KMhilzSZhGabsu3Gr7cFhimFmrybvawrUa7u3Xjjjybg6F
KpaDjLUfUEoeG7Wdq2L/tMYdQRnxUXiwG6hxSMm0c+Q9p8F8Yb8mztrxqs5H24hM
moUvKmVHU7oJj1M9xRfeB2sa5K7mv535rIwG9OOPANNc0YzBXqxVnJlbEQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMEXlb9iI4lKjZjBIKLYadJZ78AUMB8GA1UdIwQY
MBaAFK1cLnTG1GzHPJikwWCHqKOzpvdZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclZ3dWRNYlViTWM4bUtUQllJZW9vN09tOTFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC81ZGEzNzUtOTlhOS00MzI5LTlkMjkt
Y2VjODkzMWNlNjMxLzEvd1JlVnYySWppVXFObU1FZ290aHAwbG52d0JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC81ZGEzNzUtOTlhOS00MzI5LTlkMjktY2VjODkzMWNlNjMx
LzEvclZ3dWRNYlViTWM4bUtUQllJZW9vN09tOTFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVsgMA0E
AgACMAcDBQMqDgrAMA0GCSqGSIb3DQEBCwUAA4IBAQA8U3tsPkA6lQ8p2FGbe15v
n1dm72+JLUUgwL9DUZjNQwDq2ue4oXtRrZlPgUNazcJDHjhueyk+FHLttNZ62z+W
IMDt/Nr3JI/0Bh6ydirbplO+fYLb4x2zu5596Wgk6hpWjPncM72KA9FHxcjZS+Ta
Cpp4f9tjBrEztcK5KEpd+gDwIpAh7fliGZs4ap8OiPJ7rVJ4iBvsqsHEgolFRfLJ
Uy+LUC5Ge+5Vvt1kQToR0IaJc26zKaHP/z50PR0+0L9DOfMo+nnurHbVL+zKmt6i
/5D7oZ2PdZZfExUJdxsKxB9cyI+6MuE7tNtslCXpGXX1VdGNmiqMHGzrctlDrqrk
-----END CERTIFICATE-----