Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/u1MO4w4KT-IFx_e0oif2WW8rvac.roa
File:                     u1MO4w4KT-IFx_e0oif2WW8rvac.roa (raw, json)
Hash identifier:          02DUz/QcQQdG0ZYUaJlm/cz7OSpAZWJJgdleaj8t178=
Subject key identifier:   BB:53:0E:E3:0E:0A:4F:E2:05:C7:F7:B4:A2:27:F6:59:6F:2B:BD:A7
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       018CC94E4176C364673295BBB81686ED7500
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/u1MO4w4KT-IFx_e0oif2WW8rvac.roa
Signing time:             Tue 02 Jan 2024 08:33:18 +0000
ROA not before:           Tue 02 Jan 2024 08:33:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210851
IP address blocks:        45.137.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:41:76:c3:64:67:32:95:bb:b8:16:86:ed:75:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 08:33:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bb530ee30e0a4fe205c7f7b4a227f6596f2bbda7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:fe:3f:93:38:3f:59:89:5b:7b:3b:bb:94:6d:
                    4d:60:e2:58:da:60:14:97:3e:3e:1c:a3:68:9d:0b:
                    dd:a1:2a:a0:19:b9:f6:be:3f:33:f8:05:52:a0:6e:
                    67:ff:43:c7:65:b1:d9:28:40:91:02:53:f4:8d:f8:
                    d1:11:be:50:54:16:76:08:0e:82:5c:3d:35:dd:cd:
                    d0:d0:bb:8c:6a:29:9e:bb:b7:f9:04:dd:90:ac:6a:
                    71:a9:49:6c:e7:50:9b:d3:02:f0:e3:66:03:1a:6d:
                    58:4c:4e:ec:81:75:29:d0:04:f8:48:e6:21:97:87:
                    6f:ec:96:98:af:ed:68:6c:90:db:7a:f7:4e:37:bc:
                    23:bd:27:20:82:fd:67:6a:2b:2e:5a:ca:88:c0:ed:
                    da:99:d8:a0:a3:9e:34:1c:ca:71:b2:56:73:17:75:
                    92:e5:e1:a7:96:51:63:c7:59:82:0b:97:6e:7c:9c:
                    99:76:d8:60:1d:50:d7:59:81:e4:2c:b4:db:52:49:
                    42:18:0c:21:db:1e:71:bc:5d:d2:b6:90:2b:61:84:
                    b0:57:dd:20:7b:8b:1e:9b:de:e1:bc:d9:74:10:eb:
                    60:36:fb:41:13:da:d0:e5:04:b8:e5:2b:87:1c:88:
                    eb:9d:6f:05:0d:d3:64:e5:4a:6e:a8:be:0f:eb:7d:
                    97:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:53:0E:E3:0E:0A:4F:E2:05:C7:F7:B4:A2:27:F6:59:6F:2B:BD:A7
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/u1MO4w4KT-IFx_e0oif2WW8rvac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:e4:18:15:b9:9a:9d:00:cb:82:cf:5f:23:67:55:08:d0:cb:
         18:ec:a2:c8:69:74:21:57:ac:38:e2:7a:4c:56:c8:39:e3:db:
         82:56:c1:17:5c:18:5a:27:14:08:e2:e3:7f:6c:cb:b1:45:2f:
         e5:d5:fa:fe:69:b4:bd:a8:75:3d:d5:40:1e:51:6a:df:4e:61:
         ce:99:c9:22:c4:61:81:28:62:f5:66:7c:f6:7f:3e:d3:4b:95:
         1c:8b:a8:20:fd:59:d5:e0:ec:33:db:cc:e1:d7:67:0a:1a:79:
         cd:c1:05:b4:f5:77:cd:2d:2f:d6:f2:fe:fb:e4:83:df:4f:7b:
         ac:7f:ca:b6:75:05:a1:e8:f7:96:96:56:df:84:15:e5:4e:47:
         d5:ae:e4:8e:d5:c4:09:69:d9:13:b5:cf:28:78:3b:4b:bf:a6:
         42:30:19:c1:a8:79:79:90:10:bb:03:c7:c5:a0:ec:ce:2c:1b:
         b0:ae:03:98:fd:5a:e9:a6:72:5c:13:6c:3e:5e:1b:36:3c:6c:
         02:79:29:c8:d4:09:a8:6f:29:6d:a5:bc:83:72:4b:97:6e:f5:
         6d:65:94:5e:ac:93:5e:6b:2c:d9:c5:e9:79:5d:10:7f:6e:6a:
         27:13:dd:19:83:f5:c1:6e:82:8b:88:32:53:e5:f1:bd:fb:47:
         45:8a:d1:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTkF2w2RnMpW7uBaG7XUAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjQwMTAyMDgzMzE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjUzMGVlMzBlMGE0ZmUyMDVjN2Y3YjRhMjI3ZjY1OTZmMmJiZGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqf4/kzg/WYlbezu7lG1NYOJY2mAU
lz4+HKNonQvdoSqgGbn2vj8z+AVSoG5n/0PHZbHZKECRAlP0jfjREb5QVBZ2CA6C
XD013c3Q0LuMaimeu7f5BN2QrGpxqUls51Cb0wLw42YDGm1YTE7sgXUp0AT4SOYh
l4dv7JaYr+1obJDbevdON7wjvScggv1naisuWsqIwO3amdigo540HMpxslZzF3WS
5eGnllFjx1mCC5dufJyZdthgHVDXWYHkLLTbUklCGAwh2x5xvF3StpArYYSwV90g
e4sem97hvNl0EOtgNvtBE9rQ5QS45SuHHIjrnW8FDdNk5UpuqL4P632XoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLtTDuMOCk/iBcf3tKIn9llvK72nMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvdTFNTzR3NEtULUlGeF9lMG9pZjJXVzhydmFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYnIMA0G
CSqGSIb3DQEBCwUAA4IBAQBy5BgVuZqdAMuCz18jZ1UI0MsY7KLIaXQhV6w44npM
Vsg549uCVsEXXBhaJxQI4uN/bMuxRS/l1fr+abS9qHU91UAeUWrfTmHOmckixGGB
KGL1Znz2fz7TS5Uci6gg/VnV4Owz28zh12cKGnnNwQW09XfNLS/W8v775IPfT3us
f8q2dQWh6PeWllbfhBXlTkfVruSO1cQJadkTtc8oeDtLv6ZCMBnBqHl5kBC7A8fF
oOzOLBuwrgOY/VrppnJcE2w+Xhs2PGwCeSnI1AmobyltpbyDckuXbvVtZZRerJNe
ayzZxel5XRB/bmonE90Zg/XBboKLiDJT5fG9+0dFitGP
-----END CERTIFICATE-----