Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/9wkeXjc_OkwzJNASBRs-P6qPMkQ.roa
File:                     9wkeXjc_OkwzJNASBRs-P6qPMkQ.roa (raw, json)
Hash identifier:          fmpvo542/M0fE7tnMFQKjET5nsM4x733l8Ua871QisI=
Subject key identifier:   F7:09:1E:5E:37:3F:3A:4C:33:24:D0:12:05:1B:3E:3F:AA:8F:32:44
Certificate issuer:       /CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
Certificate serial:       018CC5012C8B060008723A1341E412884EEB
Authority key identifier: 9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/9wkeXjc_OkwzJNASBRs-P6qPMkQ.roa
Signing time:             Mon 01 Jan 2024 12:30:37 +0000
ROA not before:           Mon 01 Jan 2024 12:30:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     46261
IP address blocks:        45.94.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 10:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:2c:8b:06:00:08:72:3a:13:41:e4:12:88:4e:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9cb25ce550e4d9bda05bd5d45c8b6ba37430bbba
        Validity
            Not Before: Jan  1 12:30:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f7091e5e373f3a4c3324d012051b3e3faa8f3244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ef:30:44:58:36:cb:21:b0:1a:ab:e5:20:cb:
                    e0:c3:43:25:b9:eb:4a:1b:2e:93:04:98:73:dc:06:
                    12:9e:d1:f1:d3:60:a5:48:c7:9b:e6:2e:ae:bf:3f:
                    40:e6:82:43:24:33:7c:15:41:eb:fb:18:0e:b9:e1:
                    e9:99:ec:d3:4a:6d:bc:2d:66:02:93:54:8b:47:f7:
                    0c:82:95:81:a2:2e:9b:19:2d:de:ec:39:7d:95:62:
                    ed:24:3b:76:e0:fc:b4:53:ab:dd:30:11:fb:80:ce:
                    dc:28:d0:2d:57:02:c5:c1:3d:9e:d7:cc:5e:6c:f4:
                    12:fa:39:3d:1e:15:9a:2b:c7:e1:ae:1e:69:bd:41:
                    f9:d9:3c:48:2e:83:53:77:cb:2a:b5:0a:d8:ad:2b:
                    52:59:9f:e5:f6:04:fa:89:7d:43:52:a4:3c:3c:bf:
                    51:bc:31:72:09:3f:97:f5:a8:b5:c7:b4:9c:ff:ae:
                    7d:a5:1a:24:63:b0:64:18:e2:88:94:63:c8:c6:d6:
                    6d:24:4b:6c:5d:c5:2c:88:4e:c7:b2:3d:31:1a:f4:
                    54:5e:0d:ea:a0:07:70:88:57:5e:0a:f3:24:ae:e4:
                    9a:f0:c4:73:35:16:82:3b:9a:b9:8e:85:71:7c:19:
                    aa:a9:32:e5:7b:0c:0f:e7:04:d3:37:25:f6:84:f7:
                    dc:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:09:1E:5E:37:3F:3A:4C:33:24:D0:12:05:1B:3E:3F:AA:8F:32:44
            X509v3 Authority Key Identifier:
                keyid:9C:B2:5C:E5:50:E4:D9:BD:A0:5B:D5:D4:5C:8B:6B:A3:74:30:BB:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nLJc5VDk2b2gW9XUXItro3Qwu7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/9wkeXjc_OkwzJNASBRs-P6qPMkQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/4f336b-4a79-4425-9556-be45f0d2abbb/1/nLJc5VDk2b2gW9XUXItro3Qwu7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:41:c7:22:4f:e5:46:d6:ce:06:52:69:1d:38:cc:61:46:ca:
         ee:ba:30:70:aa:f5:42:68:64:e4:7a:d9:6c:3d:f6:d9:49:f1:
         12:87:49:75:7c:ed:65:05:a3:9d:55:2e:9b:ef:61:5a:a5:82:
         48:49:b4:f0:dc:5c:4e:75:35:61:db:fe:2d:22:28:ba:1f:96:
         8b:6f:d1:82:18:c5:39:14:36:9d:74:99:ba:2f:8c:7d:da:e3:
         6c:63:db:dc:f6:5f:16:09:2e:6e:ec:2d:1c:55:5e:a6:49:c0:
         ba:a9:77:b1:1f:f1:f8:5a:cd:f0:15:62:4c:82:6e:5a:8c:85:
         b2:c4:1c:f9:55:6c:ca:89:ad:70:93:fa:0c:7f:74:78:a3:46:
         07:48:82:7d:0d:1b:1f:e0:be:34:3a:42:f9:6a:6f:a2:68:4e:
         07:fc:fa:59:d0:9d:19:21:ce:aa:73:e1:64:bd:c4:27:fc:91:
         89:d5:68:89:80:96:66:25:b8:b1:f7:30:fb:63:d2:b2:cb:8a:
         75:9c:a8:be:76:77:7e:25:fb:63:2e:d1:11:55:0f:98:5c:ab:
         bc:50:8e:2b:aa:2b:af:de:13:09:ee:6a:61:09:75:47:a7:43:
         66:18:2e:e1:4f:dc:de:3e:f6:46:c9:ae:ca:e6:3b:67:7a:7a:
         b2:35:b0:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFASyLBgAIcjoTQeQSiE7rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljYjI1Y2U1NTBlNGQ5YmRhMDViZDVkNDVjOGI2YmEzNzQz
MGJiYmEwHhcNMjQwMTAxMTIzMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNzA5MWU1ZTM3M2YzYTRjMzMyNGQwMTIwNTFiM2UzZmFhOGYzMjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqO8wRFg2yyGwGqvlIMvgw0MluetK
Gy6TBJhz3AYSntHx02ClSMeb5i6uvz9A5oJDJDN8FUHr+xgOueHpmezTSm28LWYC
k1SLR/cMgpWBoi6bGS3e7Dl9lWLtJDt24Py0U6vdMBH7gM7cKNAtVwLFwT2e18xe
bPQS+jk9HhWaK8fhrh5pvUH52TxILoNTd8sqtQrYrStSWZ/l9gT6iX1DUqQ8PL9R
vDFyCT+X9ai1x7Sc/659pRokY7BkGOKIlGPIxtZtJEtsXcUsiE7Hsj0xGvRUXg3q
oAdwiFdeCvMkruSa8MRzNRaCO5q5joVxfBmqqTLlewwP5wTTNyX2hPfclQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPcJHl43PzpMMyTQEgUbPj+qjzJEMB8GA1UdIwQY
MBaAFJyyXOVQ5Nm9oFvV1FyLa6N0MLu6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYt
YmU0NWYwZDJhYmJiLzEvOXdrZVhqY19Pa3d6Sk5BU0JScy1QNnFQTWtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS80ZjMzNmItNGE3OS00NDI1LTk1NTYtYmU0NWYwZDJhYmJi
LzEvbkxKYzVWRGsyYjJnVzlYVVhJdHJvM1F3dTdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV6JMA0G
CSqGSIb3DQEBCwUAA4IBAQAxQcciT+VG1s4GUmkdOMxhRsruujBwqvVCaGTketls
PfbZSfESh0l1fO1lBaOdVS6b72FapYJISbTw3FxOdTVh2/4tIii6H5aLb9GCGMU5
FDaddJm6L4x92uNsY9vc9l8WCS5u7C0cVV6mScC6qXexH/H4Ws3wFWJMgm5ajIWy
xBz5VWzKia1wk/oMf3R4o0YHSIJ9DRsf4L40OkL5am+iaE4H/PpZ0J0ZIc6qc+Fk
vcQn/JGJ1WiJgJZmJbix9zD7Y9Kyy4p1nKi+dnd+JftjLtERVQ+YXKu8UI4rqiuv
3hMJ7mphCXVHp0NmGC7hT9zePvZGya7K5jtnenqyNbBY
-----END CERTIFICATE-----