Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/e-XXGheDpNkVvz4NYEDqkKoLwts.roa
File:                     e-XXGheDpNkVvz4NYEDqkKoLwts.roa (raw, json)
Hash identifier:          RQWAo1CrM4JRFr9J9mQ2O9ONDhwgQMYOgPbwdMgTwCU=
Subject key identifier:   7B:E5:D7:1A:17:83:A4:D9:15:BF:3E:0D:60:40:EA:90:AA:0B:C2:DB
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       0192244D75E15A98279C96106A45026020E4
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/e-XXGheDpNkVvz4NYEDqkKoLwts.roa
Signing time:             Tue 24 Sep 2024 13:51:49 +0000
ROA not before:           Tue 24 Sep 2024 13:51:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212238
IP address blocks:        45.13.189.0/24 maxlen: 24
                          195.211.189.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:24:4d:75:e1:5a:98:27:9c:96:10:6a:45:02:60:20:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Sep 24 13:51:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7be5d71a1783a4d915bf3e0d6040ea90aa0bc2db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:57:e1:61:b3:33:48:5c:83:cb:f7:b9:84:c9:
                    d2:77:5f:0e:16:91:a5:ef:e1:71:cc:81:19:64:41:
                    37:e4:78:7a:be:41:51:ed:76:7d:db:d4:f7:21:04:
                    71:e2:7d:9c:bd:0f:8c:83:2c:2c:83:0d:4a:63:36:
                    31:69:74:ed:b7:36:71:5a:fb:c4:ff:0b:24:b7:c9:
                    63:b9:20:1c:8d:cb:67:f2:19:b2:4d:a6:0e:02:60:
                    59:4e:33:bf:90:9b:e7:7c:94:4b:75:cb:84:9c:76:
                    ba:f6:04:eb:c3:d4:43:92:b3:5b:31:72:4f:6b:5b:
                    d5:21:82:56:5a:9a:35:ea:9a:45:fe:20:22:ea:e0:
                    f0:da:0c:88:f3:3d:2e:85:b2:f4:50:21:4d:37:77:
                    c9:46:b9:7b:04:be:11:99:9a:9f:d1:c1:39:9e:73:
                    ce:dd:59:18:82:b5:28:65:7f:46:92:5b:bf:78:95:
                    fb:6a:3e:5a:b1:4a:8c:b4:6a:ee:a1:bd:23:da:f2:
                    a2:e0:d9:da:44:7e:39:08:10:53:08:5d:85:e9:55:
                    2c:97:cf:e2:e1:4b:6a:ff:2a:94:bf:7d:a4:fd:0d:
                    7f:c6:91:cf:22:8f:d5:09:6f:9d:f1:ff:2c:68:48:
                    ee:7e:b8:85:07:8d:2d:72:71:e9:cd:06:5f:72:fd:
                    59:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:E5:D7:1A:17:83:A4:D9:15:BF:3E:0D:60:40:EA:90:AA:0B:C2:DB
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/e-XXGheDpNkVvz4NYEDqkKoLwts.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.189.0/24
                  195.211.189.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:b4:c6:02:e6:37:25:89:20:b5:c5:02:c1:3f:ec:b4:d4:ad:
         c6:d0:08:d1:95:8b:fa:6d:d5:69:f2:31:95:ed:d4:c4:0f:02:
         55:0a:2b:5b:fc:a7:b3:67:86:35:50:a7:af:02:5a:23:57:a6:
         49:3b:d0:9c:51:48:e2:98:28:5d:75:20:d5:1b:be:74:35:2a:
         4c:7b:aa:5d:6d:bd:98:5d:43:e1:78:35:ea:de:86:70:ec:81:
         e9:e1:dc:6f:bc:25:c7:03:62:7c:d7:48:46:ef:36:27:30:f2:
         9b:68:07:96:58:4b:ad:a5:68:3d:44:ff:37:f9:3e:65:1d:77:
         12:0e:03:57:4e:90:0b:d1:c5:3a:1b:fb:0d:a1:42:3a:d0:d2:
         cf:c9:bc:ce:23:d6:a8:e7:d7:40:53:72:94:b9:a4:6c:18:26:
         d8:4a:f4:e3:4e:4f:84:20:b0:bc:ab:12:74:ae:ab:83:62:1d:
         3e:3d:17:12:97:2c:5e:93:31:99:36:80:69:43:32:53:40:19:
         ce:f1:b1:f4:be:a7:06:10:9e:54:4c:64:ec:8d:a3:0c:e5:8e:
         aa:cc:57:79:5e:6f:9a:e5:1e:23:12:b2:a9:c9:41:df:96:92:
         8f:05:8c:cf:e2:51:8a:74:82:fe:aa:37:54:b7:10:ff:cf:4d:
         7d:a0:ed:c6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZIkTXXhWpgnnJYQakUCYCDkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwOTI0MTM1MTQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmU1ZDcxYTE3ODNhNGQ5MTViZjNlMGQ2MDQwZWE5MGFhMGJjMmRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxVfhYbMzSFyDy/e5hMnSd18OFpGl
7+FxzIEZZEE35Hh6vkFR7XZ929T3IQRx4n2cvQ+Mgywsgw1KYzYxaXTttzZxWvvE
/wskt8ljuSAcjctn8hmyTaYOAmBZTjO/kJvnfJRLdcuEnHa69gTrw9RDkrNbMXJP
a1vVIYJWWpo16ppF/iAi6uDw2gyI8z0uhbL0UCFNN3fJRrl7BL4RmZqf0cE5nnPO
3VkYgrUoZX9Gklu/eJX7aj5asUqMtGruob0j2vKi4NnaRH45CBBTCF2F6VUsl8/i
4Utq/yqUv32k/Q1/xpHPIo/VCW+d8f8saEjufriFB40tcnHpzQZfcv1ZPQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHvl1xoXg6TZFb8+DWBA6pCqC8LbMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvZS1YWEdoZURwTmtWdno0TllFRHFrS29Md3RzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQ29AwQA
w9O9MA0GCSqGSIb3DQEBCwUAA4IBAQAztMYC5jcliSC1xQLBP+y01K3G0AjRlYv6
bdVp8jGV7dTEDwJVCitb/KezZ4Y1UKevAlojV6ZJO9CcUUjimChddSDVG750NSpM
e6pdbb2YXUPheDXq3oZw7IHp4dxvvCXHA2J810hG7zYnMPKbaAeWWEutpWg9RP83
+T5lHXcSDgNXTpAL0cU6G/sNoUI60NLPybzOI9ao59dAU3KUuaRsGCbYSvTjTk+E
ILC8qxJ0rquDYh0+PRcSlyxekzGZNoBpQzJTQBnO8bH0vqcGEJ5UTGTsjaMM5Y6q
zFd5Xm+a5R4jErKpyUHflpKPBYzP4lGKdIL+qjdUtxD/z019oO3G
-----END CERTIFICATE-----