Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/293ec2-b144-4bcc-8a48-4bc7034f28d8/1/8E2V2joAQBTX7ypwxcmyGZ4fDLU.roa
File:                     8E2V2joAQBTX7ypwxcmyGZ4fDLU.roa (raw, json)
Hash identifier:          72yj7dV/THwb4KbmDTkLSvlbsB4ZGAmqF8eW0noOSYI=
Subject key identifier:   F0:4D:95:DA:3A:00:40:14:D7:EF:2A:70:C5:C9:B2:19:9E:1F:0C:B5
Certificate issuer:       /CN=ac0984501084a47220c5cccf5478b897c2822c7f
Certificate serial:       019055087F7E55F719DFCC3DB3CC2CBB8968
Authority key identifier: AC:09:84:50:10:84:A4:72:20:C5:CC:CF:54:78:B8:97:C2:82:2C:7F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rAmEUBCEpHIgxczPVHi4l8KCLH8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/293ec2-b144-4bcc-8a48-4bc7034f28d8/1/8E2V2joAQBTX7ypwxcmyGZ4fDLU.roa
Signing time:             Wed 26 Jun 2024 14:52:18 +0000
ROA not before:           Wed 26 Jun 2024 14:52:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31034
IP address blocks:        45.13.120.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/293ec2-b144-4bcc-8a48-4bc7034f28d8/1/rAmEUBCEpHIgxczPVHi4l8KCLH8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/293ec2-b144-4bcc-8a48-4bc7034f28d8/1/rAmEUBCEpHIgxczPVHi4l8KCLH8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rAmEUBCEpHIgxczPVHi4l8KCLH8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:55:08:7f:7e:55:f7:19:df:cc:3d:b3:cc:2c:bb:89:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ac0984501084a47220c5cccf5478b897c2822c7f
        Validity
            Not Before: Jun 26 14:52:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f04d95da3a004014d7ef2a70c5c9b2199e1f0cb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:4f:93:17:84:b1:68:a8:62:61:8d:a3:28:1b:
                    3b:e1:af:17:e7:44:78:2f:3a:43:20:ce:c1:a1:fe:
                    69:77:49:00:f4:ad:b8:ad:a2:53:6c:f8:dd:7e:6e:
                    dc:50:2e:5e:a1:ba:74:e8:43:0c:7e:36:af:e3:02:
                    42:ee:d3:1b:24:6b:08:83:b9:6a:09:17:12:1c:6d:
                    0d:93:b4:50:9c:27:48:23:83:d2:03:cb:76:7d:bf:
                    9d:4a:68:ba:00:a7:70:23:8c:a3:05:ff:1c:55:4d:
                    f4:a2:01:ae:e2:b8:f1:b9:54:18:a8:31:a6:7f:b9:
                    b5:af:05:ae:62:c3:2b:33:dc:2c:b3:84:0c:4b:1d:
                    e7:58:82:9a:5c:81:12:d7:23:24:92:12:48:e1:57:
                    af:6c:2d:c8:e1:3f:22:bc:fa:9e:b9:4d:bc:c9:19:
                    63:81:91:eb:23:7d:01:6c:3e:b1:50:92:00:37:e9:
                    3a:81:2e:a9:fc:8f:40:ea:5d:f5:cf:b2:3e:0c:e6:
                    f0:62:72:5c:bc:93:d1:02:f4:66:dc:ba:b3:5d:3c:
                    33:6a:55:ca:a8:21:22:f4:07:e0:d2:25:8a:63:a4:
                    6b:ec:1d:09:85:de:dd:e8:38:dd:a3:1c:6e:cd:a2:
                    77:34:90:2f:72:55:d4:6b:1b:31:5c:67:7b:a5:8d:
                    cf:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:4D:95:DA:3A:00:40:14:D7:EF:2A:70:C5:C9:B2:19:9E:1F:0C:B5
            X509v3 Authority Key Identifier:
                keyid:AC:09:84:50:10:84:A4:72:20:C5:CC:CF:54:78:B8:97:C2:82:2C:7F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rAmEUBCEpHIgxczPVHi4l8KCLH8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/293ec2-b144-4bcc-8a48-4bc7034f28d8/1/8E2V2joAQBTX7ypwxcmyGZ4fDLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/293ec2-b144-4bcc-8a48-4bc7034f28d8/1/rAmEUBCEpHIgxczPVHi4l8KCLH8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         99:c7:85:e8:1b:a8:6c:f5:4f:6c:df:57:87:74:f7:ef:70:ef:
         b4:25:59:33:57:98:93:ed:7c:61:c8:e7:03:39:97:89:b0:51:
         f0:5e:46:9c:4b:e1:82:de:0b:42:51:c1:1d:b6:f3:03:81:74:
         a3:99:04:8f:35:c7:72:c2:5d:ac:59:c8:c3:55:5a:bd:e8:4d:
         b4:f0:48:7f:de:77:c0:dc:c0:50:5c:bb:b6:7c:44:fb:ab:66:
         b8:d7:f2:21:4e:b0:7a:21:ee:c7:a4:81:70:bb:94:a9:ff:8c:
         8a:2a:cb:81:bf:39:3a:4d:5d:30:57:bc:9d:e3:8d:db:e9:7e:
         e7:3f:7a:26:fb:e8:32:87:dd:26:dd:d1:07:e9:e9:d9:3f:fe:
         1a:8a:a8:fc:fa:3f:cf:a7:46:78:93:6a:1e:e6:c7:4e:1a:27:
         a3:f8:cd:6c:9f:0a:35:8e:d5:13:a2:e4:9a:73:5f:08:46:1a:
         c1:e5:92:ba:9b:77:46:01:6f:47:7c:0f:c5:d6:da:50:2e:16:
         4c:76:b4:21:df:04:6b:4e:e9:ee:49:8b:5c:ce:01:05:97:c2:
         de:16:cb:34:b6:69:0c:50:01:31:e2:db:ad:02:20:c1:ef:db:
         ca:f7:28:2b:54:a1:e1:94:2b:a9:07:cf:e3:9e:20:74:0a:8d:
         11:c0:d7:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBVCH9+VfcZ38w9s8wsu4loMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjMDk4NDUwMTA4NGE0NzIyMGM1Y2NjZjU0NzhiODk3YzI4
MjJjN2YwHhcNMjQwNjI2MTQ1MjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDRkOTVkYTNhMDA0MDE0ZDdlZjJhNzBjNWM5YjIxOTllMWYwY2I1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg0+TF4SxaKhiYY2jKBs74a8X50R4
LzpDIM7Bof5pd0kA9K24raJTbPjdfm7cUC5eobp06EMMfjav4wJC7tMbJGsIg7lq
CRcSHG0Nk7RQnCdII4PSA8t2fb+dSmi6AKdwI4yjBf8cVU30ogGu4rjxuVQYqDGm
f7m1rwWuYsMrM9wss4QMSx3nWIKaXIES1yMkkhJI4VevbC3I4T8ivPqeuU28yRlj
gZHrI30BbD6xUJIAN+k6gS6p/I9A6l31z7I+DObwYnJcvJPRAvRm3LqzXTwzalXK
qCEi9Afg0iWKY6Rr7B0Jhd7d6DjdoxxuzaJ3NJAvclXUaxsxXGd7pY3P/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBNldo6AEAU1+8qcMXJshmeHwy1MB8GA1UdIwQY
MBaAFKwJhFAQhKRyIMXMz1R4uJfCgix/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckFtRVVCQ0VwSElneGN6UFZIaTRsOEtDTEg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8yOTNlYzItYjE0NC00YmNjLThhNDgt
NGJjNzAzNGYyOGQ4LzEvOEUyVjJqb0FRQlRYN3lwd3hjbXlHWjRmRExVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8yOTNlYzItYjE0NC00YmNjLThhNDgtNGJjNzAzNGYyOGQ4
LzEvckFtRVVCQ0VwSElneGN6UFZIaTRsOEtDTEg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ14MA0G
CSqGSIb3DQEBCwUAA4IBAQCZx4XoG6hs9U9s31eHdPfvcO+0JVkzV5iT7XxhyOcD
OZeJsFHwXkacS+GC3gtCUcEdtvMDgXSjmQSPNcdywl2sWcjDVVq96E208Eh/3nfA
3MBQXLu2fET7q2a41/IhTrB6Ie7HpIFwu5Sp/4yKKsuBvzk6TV0wV7yd443b6X7n
P3om++gyh90m3dEH6enZP/4aiqj8+j/Pp0Z4k2oe5sdOGiej+M1snwo1jtUTouSa
c18IRhrB5ZK6m3dGAW9HfA/F1tpQLhZMdrQh3wRrTunuSYtczgEFl8LeFss0tmkM
UAEx4tutAiDB79vK9ygrVKHhlCupB8/jniB0Co0RwNdn
-----END CERTIFICATE-----