Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/SDEPCeMSweG_nrUplhxOKL0slAs.roa
File:                     SDEPCeMSweG_nrUplhxOKL0slAs.roa (raw, json)
Hash identifier:          Cg8oietfmwG3sL2a3t1TmTVPlM/rln+ai4A5QhZJ73o=
Subject key identifier:   48:31:0F:09:E3:12:C1:E1:BF:9E:B5:29:96:1C:4E:28:BD:2C:94:0B
Certificate issuer:       /CN=9f0743496c7ff3effb870601139cad9d2f271e10
Certificate serial:       018CC500DDC6DB146845477C0A319E916F49
Authority key identifier: 9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/SDEPCeMSweG_nrUplhxOKL0slAs.roa
Signing time:             Mon 01 Jan 2024 12:30:17 +0000
ROA not before:           Mon 01 Jan 2024 12:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9335
IP address blocks:        45.136.236.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:dd:c6:db:14:68:45:47:7c:0a:31:9e:91:6f:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9f0743496c7ff3effb870601139cad9d2f271e10
        Validity
            Not Before: Jan  1 12:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48310f09e312c1e1bf9eb529961c4e28bd2c940b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:27:be:29:c4:4d:d9:2a:aa:25:f3:13:c0:52:
                    8d:8d:ee:62:0d:84:50:5c:38:55:9f:27:90:7e:c5:
                    63:05:d2:c3:93:c2:40:c9:d3:fe:0b:5a:d0:01:93:
                    6b:2a:4b:82:b6:e4:ca:80:6d:76:ba:0f:c1:b2:74:
                    26:a9:c7:f6:79:97:88:80:10:b5:cf:59:18:84:89:
                    3b:d3:45:05:03:21:99:ea:79:84:35:92:3e:22:7e:
                    93:2c:f4:22:17:85:df:ce:91:00:2a:01:ff:9c:ce:
                    c4:5a:e2:2c:16:96:39:6e:3e:e6:8a:c9:32:90:b9:
                    1c:08:58:11:6a:c5:b3:de:ed:20:5f:fa:3f:77:ea:
                    8c:e2:55:a5:50:61:35:ae:6f:55:fe:87:a2:b1:62:
                    6b:90:df:86:af:06:40:b0:43:dd:16:37:8e:cd:15:
                    32:31:db:fc:33:33:7b:81:07:be:e2:48:47:77:48:
                    a9:93:c3:fa:65:26:51:af:42:f2:c4:61:6c:c6:79:
                    f3:c4:a3:66:a8:bf:b5:12:98:d0:3d:98:0e:34:30:
                    8d:8e:f5:1b:4d:59:f3:2c:57:5e:da:47:65:df:70:
                    5f:7c:09:5f:75:40:03:47:c8:e7:10:9d:94:64:2a:
                    c7:25:2e:ba:cd:d9:07:84:fe:3f:c2:f8:ca:f0:ad:
                    ff:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:31:0F:09:E3:12:C1:E1:BF:9E:B5:29:96:1C:4E:28:BD:2C:94:0B
            X509v3 Authority Key Identifier:
                keyid:9F:07:43:49:6C:7F:F3:EF:FB:87:06:01:13:9C:AD:9D:2F:27:1E:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nwdDSWx_8-_7hwYBE5ytnS8nHhA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/SDEPCeMSweG_nrUplhxOKL0slAs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/22b7ab-fc11-407a-bd3c-63411367d90a/1/nwdDSWx_8-_7hwYBE5ytnS8nHhA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:f8:61:5d:73:37:36:86:86:0a:b3:aa:e7:9e:1f:2b:16:b3:
         ef:1c:66:d0:66:3d:2c:21:dc:bc:cd:6f:f7:a5:e6:88:8d:46:
         db:00:31:5f:1d:c3:79:be:11:7f:f3:f1:0d:cc:d8:91:4a:61:
         41:87:1c:ee:2d:f1:a8:68:b2:c6:44:04:96:77:58:9d:07:44:
         dd:60:c5:d7:89:04:ce:58:86:05:31:c5:c2:60:c9:0c:f5:4d:
         cc:f5:ee:2b:c5:84:a2:d4:6e:48:05:27:d6:c4:7d:74:3f:6d:
         f5:33:b9:2c:bd:cb:e4:e0:61:d4:01:a2:2f:f4:57:82:2a:93:
         a7:35:55:d0:d1:64:2d:72:eb:4b:d6:2c:49:ea:2b:b1:82:bc:
         71:b7:ce:64:1c:c9:cc:f3:b2:36:50:04:5c:24:ee:a2:d3:75:
         a7:43:e3:72:16:47:30:a3:d7:16:d8:a8:1e:24:f8:a8:00:ba:
         4d:85:e3:4a:27:c9:04:2c:48:52:3e:76:f3:c0:c3:31:5a:65:
         ff:67:c2:7c:f3:4a:a1:be:c4:64:be:31:a8:39:ef:64:1e:ba:
         e1:43:1c:3f:81:5c:29:60:a6:1c:f7:97:4a:ef:fa:85:34:3a:
         4f:15:18:55:2a:3a:af:d2:3f:78:32:07:96:9f:a2:42:17:5e:
         98:fa:7f:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAN3G2xRoRUd8CjGekW9JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmMDc0MzQ5NmM3ZmYzZWZmYjg3MDYwMTEzOWNhZDlkMmYy
NzFlMTAwHhcNMjQwMTAxMTIzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ODMxMGYwOWUzMTJjMWUxYmY5ZWI1Mjk5NjFjNGUyOGJkMmM5NDBiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqCe+KcRN2SqqJfMTwFKNje5iDYRQ
XDhVnyeQfsVjBdLDk8JAydP+C1rQAZNrKkuCtuTKgG12ug/BsnQmqcf2eZeIgBC1
z1kYhIk700UFAyGZ6nmENZI+In6TLPQiF4XfzpEAKgH/nM7EWuIsFpY5bj7misky
kLkcCFgRasWz3u0gX/o/d+qM4lWlUGE1rm9V/oeisWJrkN+GrwZAsEPdFjeOzRUy
Mdv8MzN7gQe+4khHd0ipk8P6ZSZRr0LyxGFsxnnzxKNmqL+1EpjQPZgONDCNjvUb
TVnzLFde2kdl33BffAlfdUADR8jnEJ2UZCrHJS66zdkHhP4/wvjK8K3/aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEgxDwnjEsHhv561KZYcTii9LJQLMB8GA1UdIwQY
MBaAFJ8HQ0lsf/Pv+4cGAROcrZ0vJx4QMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2Mt
NjM0MTEzNjdkOTBhLzEvU0RFUENlTVN3ZUdfbnJVcGxoeE9LTDBzbEFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yMmI3YWItZmMxMS00MDdhLWJkM2MtNjM0MTEzNjdkOTBh
LzEvbndkRFNXeF84LV83aHdZQkU1eXRuUzhuSGhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYjsMA0G
CSqGSIb3DQEBCwUAA4IBAQA++GFdczc2hoYKs6rnnh8rFrPvHGbQZj0sIdy8zW/3
peaIjUbbADFfHcN5vhF/8/ENzNiRSmFBhxzuLfGoaLLGRASWd1idB0TdYMXXiQTO
WIYFMcXCYMkM9U3M9e4rxYSi1G5IBSfWxH10P231M7ksvcvk4GHUAaIv9FeCKpOn
NVXQ0WQtcutL1ixJ6iuxgrxxt85kHMnM87I2UARcJO6i03WnQ+NyFkcwo9cW2Kge
JPioALpNheNKJ8kELEhSPnbzwMMxWmX/Z8J880qhvsRkvjGoOe9kHrrhQxw/gVwp
YKYc95dK7/qFNDpPFRhVKjqv0j94MgeWn6JCF16Y+n9q
-----END CERTIFICATE-----