Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/kWtWNPzliUL_qmGO3bcE1TrqS3c.roa
File:                     kWtWNPzliUL_qmGO3bcE1TrqS3c.roa (raw, json)
Hash identifier:          DRMPyKiKmjfNBO0saX/lG7Of5WHA4suWDVGo1BNukLs=
Subject key identifier:   91:6B:56:34:FC:E5:89:42:FF:AA:61:8E:DD:B7:04:D5:3A:EA:4B:77
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       018CC86F3F37BF3F486E0AF5C871DA3D0A68
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/kWtWNPzliUL_qmGO3bcE1TrqS3c.roa
Signing time:             Tue 02 Jan 2024 04:29:42 +0000
ROA not before:           Tue 02 Jan 2024 04:29:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42708
IP address blocks:        45.13.191.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:3f:37:bf:3f:48:6e:0a:f5:c8:71:da:3d:0a:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  2 04:29:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=916b5634fce58942ffaa618eddb704d53aea4b77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:d9:f9:5f:e5:90:24:60:14:ff:b0:4b:31:c2:
                    8b:7b:c5:aa:95:d6:ac:03:7e:ed:e0:2c:25:1f:8d:
                    e4:bf:fb:47:d5:1c:94:74:a6:07:b4:0c:b4:04:a6:
                    20:0c:9f:fd:8c:8b:97:f3:4e:51:e5:ad:dc:28:02:
                    24:85:47:19:bc:d3:fe:73:99:45:1e:52:67:50:68:
                    0d:a5:be:e8:c6:fd:40:eb:c0:b8:f1:0f:03:e9:4e:
                    91:97:71:b2:b1:7a:f8:57:e1:97:38:cb:89:e1:df:
                    56:1e:6a:5f:32:74:c7:dc:6a:4c:9f:85:30:11:cd:
                    64:a6:14:2e:3b:aa:37:68:ff:19:d3:a2:4b:aa:46:
                    b0:7b:91:81:26:e7:8f:22:48:2b:b9:e8:f0:0f:c2:
                    19:55:a6:92:6b:06:50:88:9d:0a:b9:20:cf:61:9c:
                    97:28:25:59:98:82:f9:66:f6:df:23:ed:c3:bc:72:
                    82:86:27:c0:e9:7b:2f:a5:ac:38:6a:14:d0:c5:91:
                    d6:8a:5a:7f:44:16:41:81:c1:67:6b:59:11:8c:f7:
                    de:ed:d4:37:e2:df:1b:bb:90:af:5d:9b:75:2b:0c:
                    59:79:11:09:ee:e2:16:e5:ac:5d:81:8a:bf:30:fb:
                    ca:60:9e:ba:42:19:42:b2:08:f9:95:a3:da:95:76:
                    02:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:6B:56:34:FC:E5:89:42:FF:AA:61:8E:DD:B7:04:D5:3A:EA:4B:77
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/kWtWNPzliUL_qmGO3bcE1TrqS3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:ac:e3:cb:90:0c:12:4d:e0:4c:d1:07:9f:a7:2d:72:d6:1b:
         44:ab:8a:df:f6:db:93:7f:98:4d:82:29:50:f6:54:db:64:83:
         bb:79:e9:43:23:1f:96:5d:ac:2f:59:e7:ed:25:2e:4d:07:a3:
         01:0a:44:9b:26:1b:be:e0:81:0a:13:b8:2a:62:09:4c:c2:68:
         e8:85:f1:1b:77:38:f8:f6:4c:07:7c:8e:d9:b7:3e:e0:09:70:
         01:8b:70:eb:17:9d:30:76:f8:51:bf:81:0d:b1:9d:34:75:0e:
         f7:1b:71:66:05:bd:eb:1d:29:b0:b1:b1:87:66:11:72:28:4e:
         3b:79:51:78:a8:0f:dc:ac:1d:fe:98:92:4e:a3:38:6c:f8:16:
         64:5d:0f:e6:c0:a0:85:38:a3:7f:35:66:83:ce:c2:0c:c9:e7:
         46:e7:50:a8:28:c8:75:8f:fd:7f:6c:17:99:8e:7b:ef:a2:73:
         f2:26:99:4b:d8:2d:ff:e1:90:2c:c8:c2:98:96:eb:fc:65:4f:
         a3:5a:6a:7a:2c:3e:d4:6c:91:79:d6:2b:72:6f:43:b0:5c:fc:
         99:ab:6d:65:2c:b0:fa:06:50:43:c6:0c:d0:b3:31:ca:54:6e:
         b2:27:96:84:96:c4:c5:77:27:32:c9:de:19:8b:12:fe:42:1e:
         6b:d9:94:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIbz83vz9Ibgr1yHHaPQpoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjQwMTAyMDQyOTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTZiNTYzNGZjZTU4OTQyZmZhYTYxOGVkZGI3MDRkNTNhZWE0Yjc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAitn5X+WQJGAU/7BLMcKLe8Wqldas
A37t4CwlH43kv/tH1RyUdKYHtAy0BKYgDJ/9jIuX805R5a3cKAIkhUcZvNP+c5lF
HlJnUGgNpb7oxv1A68C48Q8D6U6Rl3GysXr4V+GXOMuJ4d9WHmpfMnTH3GpMn4Uw
Ec1kphQuO6o3aP8Z06JLqkawe5GBJuePIkgruejwD8IZVaaSawZQiJ0KuSDPYZyX
KCVZmIL5ZvbfI+3DvHKChifA6Xsvpaw4ahTQxZHWilp/RBZBgcFna1kRjPfe7dQ3
4t8bu5CvXZt1KwxZeREJ7uIW5axdgYq/MPvKYJ66QhlCsgj5laPalXYCrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJFrVjT85YlC/6phjt23BNU66kt3MB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEva1d0V05QemxpVUxfcW1HTzNiY0UxVHJxUzNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ2/MA0G
CSqGSIb3DQEBCwUAA4IBAQC4rOPLkAwSTeBM0Qefpy1y1htEq4rf9tuTf5hNgilQ
9lTbZIO7eelDIx+WXawvWeftJS5NB6MBCkSbJhu+4IEKE7gqYglMwmjohfEbdzj4
9kwHfI7Ztz7gCXABi3DrF50wdvhRv4ENsZ00dQ73G3FmBb3rHSmwsbGHZhFyKE47
eVF4qA/crB3+mJJOozhs+BZkXQ/mwKCFOKN/NWaDzsIMyedG51CoKMh1j/1/bBeZ
jnvvonPyJplL2C3/4ZAsyMKYluv8ZU+jWmp6LD7UbJF51ityb0OwXPyZq21lLLD6
BlBDxgzQszHKVG6yJ5aElsTFdycyyd4ZixL+Qh5r2ZRX
-----END CERTIFICATE-----