Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/Ojd08tQN3nlY8YyE91L-WfWL3AA.roa
File:                     Ojd08tQN3nlY8YyE91L-WfWL3AA.roa (raw, json)
Hash identifier:          7b3phjnkeLYzIaymDEFBYRy//mLcOKqZHsa1Td2QEd8=
Subject key identifier:   3A:37:74:F2:D4:0D:DE:79:58:F1:8C:84:F7:52:FE:59:F5:8B:DC:00
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       01927BAFCF09605C0739AC3EBDCB067C0A10
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/Ojd08tQN3nlY8YyE91L-WfWL3AA.roa
Signing time:             Fri 11 Oct 2024 13:06:12 +0000
ROA not before:           Fri 11 Oct 2024 13:06:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214305
IP address blocks:        45.9.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7b:af:cf:09:60:5c:07:39:ac:3e:bd:cb:06:7c:0a:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Oct 11 13:06:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3a3774f2d40dde7958f18c84f752fe59f58bdc00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:b1:58:14:d5:6b:77:bb:0e:fd:a7:7b:62:1f:
                    f9:d4:89:1e:ea:0a:1c:43:ad:3a:18:1f:d0:e1:b2:
                    2e:87:f5:66:ad:eb:fc:2c:c5:f1:e0:6b:bf:84:8f:
                    d8:ce:d0:62:0f:96:ea:78:79:6a:80:7e:3c:d2:61:
                    2b:32:e6:c9:0a:4a:a2:b4:99:1e:fc:2b:1f:75:ef:
                    95:0f:6d:18:1b:c7:ed:3b:13:a6:d1:2b:b6:88:92:
                    b7:4f:f0:25:07:05:ba:42:42:c7:3b:1a:9f:bd:56:
                    cc:e5:81:ff:65:6b:6f:25:fa:9a:77:8c:a1:f1:55:
                    a7:49:5d:b2:3f:11:34:ae:f4:b8:f3:5a:be:d3:4b:
                    95:5b:d8:fa:9a:0e:dc:60:81:8b:c2:b2:fc:39:4c:
                    5a:b0:1a:6e:fd:be:95:bc:76:be:df:41:ca:b6:2d:
                    e4:be:c7:7e:80:11:a5:26:9b:e3:ce:fc:cf:51:32:
                    1b:1f:50:9f:62:81:5a:9a:24:27:4c:5d:6f:c1:db:
                    fb:7e:8d:42:25:a9:52:19:7e:e5:a5:f0:ca:97:b8:
                    e6:9c:1f:b8:fd:37:0e:4d:d9:5a:78:38:28:34:82:
                    38:c7:96:1e:ed:0c:5a:af:ce:45:c5:9b:f2:0c:34:
                    72:77:fb:03:fc:3f:31:65:dc:d7:cc:48:3b:d7:07:
                    e3:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:37:74:F2:D4:0D:DE:79:58:F1:8C:84:F7:52:FE:59:F5:8B:DC:00
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/Ojd08tQN3nlY8YyE91L-WfWL3AA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2f:f8:ed:e4:52:3a:90:e8:5a:3b:3b:ec:bf:0f:07:e6:35:7a:
         b6:cb:2a:ec:8f:79:df:f9:d2:6e:72:ba:9a:88:d9:68:87:0d:
         42:e9:52:13:44:57:dc:09:31:4c:27:72:80:66:e4:ab:3f:13:
         0b:00:0b:b6:37:32:5c:98:df:15:2d:df:f3:cb:a4:3b:08:ac:
         3a:93:12:9d:cc:40:3e:17:0d:5e:42:95:b7:5e:f3:c8:6c:7b:
         ea:d5:4d:57:11:2d:68:90:de:94:08:94:69:73:01:a5:53:2e:
         dc:c7:bf:bb:aa:bb:52:bf:23:67:a1:8c:9b:cc:0a:e6:66:38:
         66:d6:4f:92:35:67:0d:79:4d:0b:4d:ab:19:da:60:7e:6b:cd:
         de:0c:51:93:4e:7c:b8:84:4d:07:c8:25:9c:92:2c:25:91:fa:
         66:6c:82:5e:74:82:c0:4d:a4:ab:0f:d4:7a:1e:c9:ae:34:7c:
         e3:c4:43:f5:74:1b:2e:22:5f:c3:64:90:b3:60:9f:21:74:ac:
         b3:63:8a:9f:d1:7e:e4:74:fb:9c:18:e8:ac:8b:9b:9a:5d:0c:
         1e:96:57:4a:58:3c:b9:a4:de:a8:a0:0d:9f:3e:56:6f:b0:1f:
         b4:0c:4b:48:09:27:8d:b0:7b:ec:2e:cc:47:a8:48:1c:c5:05:
         c7:e2:3d:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ7r88JYFwHOaw+vcsGfAoQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQxMDExMTMwNjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTM3NzRmMmQ0MGRkZTc5NThmMThjODRmNzUyZmU1OWY1OGJkYzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn7FYFNVrd7sO/ad7Yh/51Ike6goc
Q606GB/Q4bIuh/Vmrev8LMXx4Gu/hI/YztBiD5bqeHlqgH480mErMubJCkqitJke
/Csfde+VD20YG8ftOxOm0Su2iJK3T/AlBwW6QkLHOxqfvVbM5YH/ZWtvJfqad4yh
8VWnSV2yPxE0rvS481q+00uVW9j6mg7cYIGLwrL8OUxasBpu/b6VvHa+30HKti3k
vsd+gBGlJpvjzvzPUTIbH1CfYoFamiQnTF1vwdv7fo1CJalSGX7lpfDKl7jmnB+4
/TcOTdlaeDgoNII4x5Ye7Qxar85FxZvyDDRyd/sD/D8xZdzXzEg71wfjsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDo3dPLUDd55WPGMhPdS/ln1i9wAMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvT2pkMDh0UU4zbmxZOFl5RTkxTC1XZldMM0FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQkeMA0G
CSqGSIb3DQEBCwUAA4IBAQAv+O3kUjqQ6Fo7O+y/DwfmNXq2yyrsj3nf+dJucrqa
iNlohw1C6VITRFfcCTFMJ3KAZuSrPxMLAAu2NzJcmN8VLd/zy6Q7CKw6kxKdzEA+
Fw1eQpW3XvPIbHvq1U1XES1okN6UCJRpcwGlUy7cx7+7qrtSvyNnoYybzArmZjhm
1k+SNWcNeU0LTasZ2mB+a83eDFGTTny4hE0HyCWckiwlkfpmbIJedILATaSrD9R6
HsmuNHzjxEP1dBsuIl/DZJCzYJ8hdKyzY4qf0X7kdPucGOisi5uaXQwelldKWDy5
pN6ooA2fPlZvsB+0DEtICSeNsHvsLsxHqEgcxQXH4j20
-----END CERTIFICATE-----