Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/3jSdSZDBF7fycHOuYCRhPHYAt18.roa
File:                     3jSdSZDBF7fycHOuYCRhPHYAt18.roa (raw, json)
Hash identifier:          TLFPYlTd93y08Sm4SA8Nuc7F0qEX0vBF3RoDvXqk3nk=
Subject key identifier:   DE:34:9D:49:90:C1:17:B7:F2:70:73:AE:60:24:61:3C:76:00:B7:5F
Certificate issuer:       /CN=5c61dcd3eb50c83d68060bcba4af152204193503
Certificate serial:       018E4886E9B46F6A37E4FF4BB33DAC9CDD29
Authority key identifier: 5C:61:DC:D3:EB:50:C8:3D:68:06:0B:CB:A4:AF:15:22:04:19:35:03
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XGHc0-tQyD1oBgvLpK8VIgQZNQM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/3jSdSZDBF7fycHOuYCRhPHYAt18.roa
Signing time:             Sat 16 Mar 2024 18:29:44 +0000
ROA not before:           Sat 16 Mar 2024 18:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208570
IP address blocks:        45.128.120.0/22 maxlen: 24
                          45.128.120.0/24 maxlen: 24
                          45.128.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/XGHc0-tQyD1oBgvLpK8VIgQZNQM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/XGHc0-tQyD1oBgvLpK8VIgQZNQM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XGHc0-tQyD1oBgvLpK8VIgQZNQM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 08:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:48:86:e9:b4:6f:6a:37:e4:ff:4b:b3:3d:ac:9c:dd:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c61dcd3eb50c83d68060bcba4af152204193503
        Validity
            Not Before: Mar 16 18:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=de349d4990c117b7f27073ae6024613c7600b75f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:39:43:92:bb:45:2e:ba:b0:20:3b:99:17:b8:
                    a9:bc:e9:2e:da:c0:a1:5f:f8:61:80:aa:15:95:b5:
                    aa:9b:ea:e0:fb:b0:e0:1a:f9:b6:25:99:c9:d0:6a:
                    5a:d4:2a:f4:30:7e:cb:35:88:7d:d8:f9:d1:c9:44:
                    d6:30:82:19:88:09:76:3f:6f:a2:54:92:b5:fb:54:
                    9a:39:5d:e8:00:eb:44:ff:cb:58:93:eb:44:ad:a8:
                    7b:a8:9f:61:22:37:98:b9:01:79:b3:3d:18:c1:3c:
                    b6:f8:ff:5a:a2:39:79:70:54:82:4b:aa:f8:d8:fc:
                    0b:45:83:e9:2d:49:38:28:b3:2d:d3:f7:8d:17:c6:
                    dd:dd:1c:6c:c0:df:d1:3e:50:6a:d2:35:b8:5c:2b:
                    b4:bf:fb:90:62:39:1b:06:57:dc:25:11:98:12:33:
                    4b:ec:96:54:2e:63:a5:56:86:c7:8e:82:82:76:31:
                    df:af:b8:85:b8:65:e3:6c:c1:46:d7:d7:5d:0a:ce:
                    44:10:a0:b3:4d:0a:41:28:2b:e7:40:67:52:4e:3d:
                    2b:da:d2:86:02:a4:3d:64:e7:70:2e:55:51:db:05:
                    2f:17:a0:b7:90:32:1a:4c:b9:de:49:65:29:f0:d1:
                    c7:cd:05:9f:08:da:37:c3:a9:2a:cf:a9:55:a7:1a:
                    62:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:34:9D:49:90:C1:17:B7:F2:70:73:AE:60:24:61:3C:76:00:B7:5F
            X509v3 Authority Key Identifier:
                keyid:5C:61:DC:D3:EB:50:C8:3D:68:06:0B:CB:A4:AF:15:22:04:19:35:03

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XGHc0-tQyD1oBgvLpK8VIgQZNQM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/3jSdSZDBF7fycHOuYCRhPHYAt18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/44a155-4d02-4002-8f3d-c36d1c460e2f/1/XGHc0-tQyD1oBgvLpK8VIgQZNQM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:a4:5f:c6:62:df:07:70:84:07:ba:66:2d:28:80:47:74:0e:
         fd:34:19:0f:9c:53:42:4d:3e:a7:6f:4a:85:07:77:e1:07:30:
         c6:2e:52:c2:87:2c:46:36:dd:98:05:78:85:c0:79:2e:82:13:
         57:57:fa:32:61:23:40:b0:57:02:7d:18:98:32:0e:9f:95:50:
         b3:d9:8a:d3:06:b3:97:ad:c3:81:72:c6:41:bd:3d:3f:07:36:
         06:21:c7:30:cb:7f:dc:02:6e:9e:23:69:18:29:6b:f8:74:28:
         c2:b5:b0:35:d8:e6:1b:b3:07:ea:1e:ac:d0:7f:77:d1:6f:8a:
         f3:c4:a1:27:7f:6b:74:89:36:bf:80:e8:f3:f9:81:1d:35:70:
         0a:76:f0:83:a2:9e:27:6d:b0:40:98:d0:02:82:30:a4:5a:ad:
         2e:3b:d0:6b:fb:d9:54:9b:93:2f:b1:59:12:96:6d:89:fb:07:
         a4:e5:00:a0:8f:27:dd:fc:60:f0:1a:0b:14:55:6d:2e:21:ed:
         4b:cc:2c:53:90:eb:07:52:8a:7d:ae:6d:77:cd:e3:6d:c3:a8:
         f4:00:d1:c1:6d:40:05:14:3c:26:6b:be:b1:2e:28:c3:15:a3:
         f0:b9:9c:e7:68:5b:be:ba:44:10:85:6a:37:95:ef:a8:5a:3a:
         2c:08:4a:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5Ihum0b2o35P9Lsz2snN0pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjNjFkY2QzZWI1MGM4M2Q2ODA2MGJjYmE0YWYxNTIyMDQx
OTM1MDMwHhcNMjQwMzE2MTgyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTM0OWQ0OTkwYzExN2I3ZjI3MDczYWU2MDI0NjEzYzc2MDBiNzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhzlDkrtFLrqwIDuZF7ipvOku2sCh
X/hhgKoVlbWqm+rg+7DgGvm2JZnJ0Gpa1Cr0MH7LNYh92PnRyUTWMIIZiAl2P2+i
VJK1+1SaOV3oAOtE/8tYk+tErah7qJ9hIjeYuQF5sz0YwTy2+P9aojl5cFSCS6r4
2PwLRYPpLUk4KLMt0/eNF8bd3RxswN/RPlBq0jW4XCu0v/uQYjkbBlfcJRGYEjNL
7JZULmOlVobHjoKCdjHfr7iFuGXjbMFG19ddCs5EEKCzTQpBKCvnQGdSTj0r2tKG
AqQ9ZOdwLlVR2wUvF6C3kDIaTLneSWUp8NHHzQWfCNo3w6kqz6lVpxpiHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFN40nUmQwRe38nBzrmAkYTx2ALdfMB8GA1UdIwQY
MBaAFFxh3NPrUMg9aAYLy6SvFSIEGTUDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWEdIYzAtdFF5RDFvQmd2THBLOFZJZ1FaTlFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80NGExNTUtNGQwMi00MDAyLThmM2Qt
YzM2ZDFjNDYwZTJmLzEvM2pTZFNaREJGN2Z5Y0hPdVlDUmhQSFlBdDE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80NGExNTUtNGQwMi00MDAyLThmM2QtYzM2ZDFjNDYwZTJm
LzEvWEdIYzAtdFF5RDFvQmd2THBLOFZJZ1FaTlFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYB4MA0G
CSqGSIb3DQEBCwUAA4IBAQBIpF/GYt8HcIQHumYtKIBHdA79NBkPnFNCTT6nb0qF
B3fhBzDGLlLChyxGNt2YBXiFwHkughNXV/oyYSNAsFcCfRiYMg6flVCz2YrTBrOX
rcOBcsZBvT0/BzYGIccwy3/cAm6eI2kYKWv4dCjCtbA12OYbswfqHqzQf3fRb4rz
xKEnf2t0iTa/gOjz+YEdNXAKdvCDop4nbbBAmNACgjCkWq0uO9Br+9lUm5MvsVkS
lm2J+wek5QCgjyfd/GDwGgsUVW0uIe1LzCxTkOsHUop9rm13zeNtw6j0ANHBbUAF
FDwma76xLijDFaPwuZznaFu+ukQQhWo3le+oWjosCErf
-----END CERTIFICATE-----