Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/668345-f5bc-4a3f-b6ff-10df49f65616/1/RfTMWR_909_P121z7dyTUjKazsM.roa
File:                     RfTMWR_909_P121z7dyTUjKazsM.roa (raw, json)
Hash identifier:          WDUX8aZV71c5AMueJIvhNQ/hCkx+cjSM8YjAxb0G1QI=
Subject key identifier:   45:F4:CC:59:1F:FD:D3:DF:CF:D7:6D:73:ED:DC:93:52:32:9A:CE:C3
Certificate issuer:       /CN=a2f974efb50e729c9e015a8bc2b6c2b0619dfc84
Certificate serial:       018CC726E0004C27DC1000F5DD7AB614F495
Authority key identifier: A2:F9:74:EF:B5:0E:72:9C:9E:01:5A:8B:C2:B6:C2:B0:61:9D:FC:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ovl077UOcpyeAVqLwrbCsGGd_IQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/668345-f5bc-4a3f-b6ff-10df49f65616/1/RfTMWR_909_P121z7dyTUjKazsM.roa
Signing time:             Mon 01 Jan 2024 22:31:02 +0000
ROA not before:           Mon 01 Jan 2024 22:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39480
IP address blocks:        46.182.72.0/21 maxlen: 21
                          195.225.204.0/23 maxlen: 23
                          195.225.206.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/668345-f5bc-4a3f-b6ff-10df49f65616/1/ovl077UOcpyeAVqLwrbCsGGd_IQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/668345-f5bc-4a3f-b6ff-10df49f65616/1/ovl077UOcpyeAVqLwrbCsGGd_IQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ovl077UOcpyeAVqLwrbCsGGd_IQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:e0:00:4c:27:dc:10:00:f5:dd:7a:b6:14:f4:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2f974efb50e729c9e015a8bc2b6c2b0619dfc84
        Validity
            Not Before: Jan  1 22:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45f4cc591ffdd3dfcfd76d73eddc9352329acec3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:3d:73:2c:9b:cc:b4:bb:a2:e6:97:7f:8f:3c:
                    f0:c0:2b:d6:50:df:99:e7:2b:4b:f3:8f:3e:96:37:
                    28:10:36:f8:40:59:ee:cc:54:ac:f9:46:aa:96:70:
                    d7:0f:2c:9f:a8:92:9b:05:90:3b:a4:65:6b:b2:f4:
                    ae:a3:1a:07:91:6a:24:95:96:cf:5c:22:d3:31:6d:
                    d1:02:ed:2a:a7:d8:98:0a:74:cc:a4:67:b3:a4:87:
                    5e:43:d5:5d:06:19:a1:dc:a6:0e:7d:75:a6:9f:e1:
                    de:6e:e0:08:2b:da:71:0a:a4:ba:a4:ea:28:14:c8:
                    ff:6b:d4:de:90:80:e0:ff:83:47:c7:54:5c:de:4d:
                    17:79:bb:f3:ca:bd:a0:0d:9d:34:77:d4:87:9e:66:
                    4c:b3:b5:50:b6:8c:1c:03:3e:fe:d5:98:9d:8b:08:
                    a6:99:0d:dc:f1:a8:66:45:3c:31:64:34:64:ac:7c:
                    80:4d:f3:db:e9:85:de:fe:a0:5b:57:81:0f:84:6b:
                    49:29:38:fe:ff:6c:37:f4:c3:9f:df:39:c7:5e:f5:
                    9b:dd:c3:4e:d6:b7:09:6a:89:b6:5e:b6:e9:fd:d4:
                    47:00:19:2d:ef:b4:08:00:64:21:54:56:8f:67:f7:
                    a4:54:57:fa:30:51:cd:0a:f6:fe:20:b0:e7:81:23:
                    a8:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:F4:CC:59:1F:FD:D3:DF:CF:D7:6D:73:ED:DC:93:52:32:9A:CE:C3
            X509v3 Authority Key Identifier:
                keyid:A2:F9:74:EF:B5:0E:72:9C:9E:01:5A:8B:C2:B6:C2:B0:61:9D:FC:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ovl077UOcpyeAVqLwrbCsGGd_IQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/668345-f5bc-4a3f-b6ff-10df49f65616/1/RfTMWR_909_P121z7dyTUjKazsM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/668345-f5bc-4a3f-b6ff-10df49f65616/1/ovl077UOcpyeAVqLwrbCsGGd_IQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.182.72.0/21
                  195.225.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         45:74:65:d3:03:77:f7:a8:01:a6:a5:8c:0f:35:cc:7f:e7:24:
         65:5d:95:e0:b1:12:e8:40:68:e0:cc:b8:17:c1:14:c8:5c:60:
         ce:b9:1a:d8:c5:39:49:0a:9e:fd:7f:d2:c9:ed:51:c6:db:b1:
         46:81:54:a2:43:b2:9e:58:7f:fd:05:6e:44:7d:2c:dc:ac:69:
         ce:c2:80:32:19:a8:de:8c:7c:c0:dd:99:96:3a:8d:0a:ec:3c:
         24:e8:55:05:12:34:86:43:b5:a3:62:83:6c:8b:99:4a:95:35:
         8e:b6:a6:02:26:16:35:cb:14:b7:40:73:3a:96:7f:71:b4:bb:
         cf:2c:b9:f2:68:f0:45:82:cf:04:48:9d:41:73:a1:f1:d1:d4:
         70:63:1c:d6:38:7c:a3:f6:2e:24:18:6f:8c:4d:2b:59:fb:33:
         e6:2a:99:05:11:1c:bc:db:97:fd:35:29:1f:f9:f4:5f:29:b6:
         91:91:94:09:4b:e0:b4:7f:76:69:b2:6d:50:10:3e:1e:31:cb:
         5e:6e:4a:7d:18:54:b8:6b:3b:33:f9:16:67:60:d1:b3:06:41:
         3e:f8:8f:d7:23:f6:72:7f:b2:75:69:a0:7e:43:4e:47:90:39:
         60:b5:1e:a8:26:0a:59:a7:52:c0:c4:a0:5d:34:96:49:d1:52:
         54:a4:5d:e6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJuAATCfcEAD13Xq2FPSVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyZjk3NGVmYjUwZTcyOWM5ZTAxNWE4YmMyYjZjMmIwNjE5
ZGZjODQwHhcNMjQwMTAxMjIzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWY0Y2M1OTFmZmRkM2RmY2ZkNzZkNzNlZGRjOTM1MjMyOWFjZWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoz1zLJvMtLui5pd/jzzwwCvWUN+Z
5ytL848+ljcoEDb4QFnuzFSs+UaqlnDXDyyfqJKbBZA7pGVrsvSuoxoHkWoklZbP
XCLTMW3RAu0qp9iYCnTMpGezpIdeQ9VdBhmh3KYOfXWmn+HebuAIK9pxCqS6pOoo
FMj/a9TekIDg/4NHx1Rc3k0Xebvzyr2gDZ00d9SHnmZMs7VQtowcAz7+1Zidiwim
mQ3c8ahmRTwxZDRkrHyATfPb6YXe/qBbV4EPhGtJKTj+/2w39MOf3znHXvWb3cNO
1rcJaom2Xrbp/dRHABkt77QIAGQhVFaPZ/ekVFf6MFHNCvb+ILDngSOoKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEX0zFkf/dPfz9dtc+3ck1Iyms7DMB8GA1UdIwQY
MBaAFKL5dO+1DnKcngFai8K2wrBhnfyEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3ZsMDc3VU9jcHllQVZxTHdyYkNzR0dkX0lRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC82NjgzNDUtZjViYy00YTNmLWI2ZmYt
MTBkZjQ5ZjY1NjE2LzEvUmZUTVdSXzkwOV9QMTIxejdkeVRVakthenNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC82NjgzNDUtZjViYy00YTNmLWI2ZmYtMTBkZjQ5ZjY1NjE2
LzEvb3ZsMDc3VU9jcHllQVZxTHdyYkNzR0dkX0lRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDLrZIAwQC
w+HMMA0GCSqGSIb3DQEBCwUAA4IBAQBFdGXTA3f3qAGmpYwPNcx/5yRlXZXgsRLo
QGjgzLgXwRTIXGDOuRrYxTlJCp79f9LJ7VHG27FGgVSiQ7KeWH/9BW5EfSzcrGnO
woAyGajejHzA3ZmWOo0K7Dwk6FUFEjSGQ7WjYoNsi5lKlTWOtqYCJhY1yxS3QHM6
ln9xtLvPLLnyaPBFgs8ESJ1Bc6Hx0dRwYxzWOHyj9i4kGG+MTStZ+zPmKpkFERy8
25f9NSkf+fRfKbaRkZQJS+C0f3Zpsm1QED4eMctebkp9GFS4azsz+RZnYNGzBkE+
+I/XI/Zyf7J1aaB+Q05HkDlgtR6oJgpZp1LAxKBdNJZJ0VJUpF3m
-----END CERTIFICATE-----