Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/00PgbuOIl4C2QCWbeohnPj7hTWs.roa
File:                     00PgbuOIl4C2QCWbeohnPj7hTWs.roa (raw, json)
Hash identifier:          gdHBaHrfYAE2mWm+mmG/VnLBrM6nKxXuifsfWXB1EFg=
Subject key identifier:   D3:43:E0:6E:E3:88:97:80:B6:40:25:9B:7A:88:67:3E:3E:E1:4D:6B
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       018CC56E06C84ADAD15941E5E2E19F7FE3C0
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/00PgbuOIl4C2QCWbeohnPj7hTWs.roa
Signing time:             Mon 01 Jan 2024 14:29:31 +0000
ROA not before:           Mon 01 Jan 2024 14:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45054
IP address blocks:        46.161.16.0/22 maxlen: 22
                          45.159.200.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 13 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:06:c8:4a:da:d1:59:41:e5:e2:e1:9f:7f:e3:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  1 14:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d343e06ee3889780b640259b7a88673e3ee14d6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:12:7c:4c:85:b2:1d:74:24:4b:04:8d:5a:71:
                    55:2f:90:a0:2f:17:fe:fc:69:26:f8:60:3e:10:b7:
                    ea:e3:38:b6:29:e4:f9:43:a7:25:13:0a:cd:17:89:
                    af:1e:74:ad:48:1a:a3:d2:2c:24:6f:63:3f:71:5f:
                    aa:ca:8d:66:51:d2:c1:ca:2c:a8:6d:57:e8:bc:bd:
                    71:db:1f:f8:5d:3c:85:e1:5f:bf:b3:bc:f4:0a:d9:
                    df:8a:6f:1f:09:cb:f1:f5:b3:fe:fd:60:72:aa:79:
                    2e:f7:4e:8f:99:bb:f7:ef:61:31:94:92:b0:95:e2:
                    32:0a:0c:1f:04:32:c7:a5:17:89:61:33:2c:ad:8f:
                    37:f8:c7:5e:e0:aa:0c:a9:ca:7c:21:ef:03:47:45:
                    c7:ac:ec:e2:c0:8f:62:f5:b1:11:95:46:d5:75:d2:
                    c4:40:c4:d3:8f:8c:b4:11:30:30:03:af:bf:09:df:
                    12:71:51:5a:6f:ba:8c:0f:a8:a1:a8:9f:1c:af:5a:
                    16:c3:0b:64:3a:60:08:bb:e3:3c:d8:59:62:12:54:
                    6d:30:d8:c9:31:90:21:3e:bd:5b:b6:0f:30:26:cb:
                    93:f3:59:28:b4:68:91:96:26:87:b6:0a:2b:6a:84:
                    89:19:2d:86:46:5d:3d:bb:7a:b8:cf:84:33:e6:26:
                    3c:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:43:E0:6E:E3:88:97:80:B6:40:25:9B:7A:88:67:3E:3E:E1:4D:6B
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/00PgbuOIl4C2QCWbeohnPj7hTWs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.200.0/22
                  46.161.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c5:66:7a:2e:cb:b9:0c:e5:09:e0:24:79:49:39:42:63:7c:55:
         73:69:50:5e:9a:0f:88:a6:a2:71:27:8a:c6:9f:db:8b:2a:cb:
         fd:ed:fd:48:98:d7:69:3b:e5:4c:19:49:8d:d1:cc:8c:a1:28:
         38:47:23:0c:ca:f1:91:25:0c:d4:44:b6:74:77:24:d1:11:21:
         02:3b:08:0b:21:0a:04:ca:9e:1f:f3:00:2c:77:fe:63:7a:bd:
         fd:c8:44:d3:3d:d1:fc:ad:01:38:75:17:40:b8:70:0c:21:b8:
         03:d4:3e:7b:48:17:dc:83:1c:98:d5:fa:be:18:9d:e1:e7:54:
         70:be:7e:55:4d:1a:92:1c:93:00:77:8d:cf:a7:3c:73:c9:c2:
         48:34:c6:9b:04:4d:da:7d:2b:97:28:06:b8:c1:2d:fd:71:bb:
         bc:f2:36:69:6d:0e:6f:10:52:d5:7f:12:b9:41:0c:36:41:b6:
         b2:ff:ed:cc:10:89:fc:dd:19:89:86:05:a1:cc:38:a9:28:cb:
         f0:5f:b6:d8:59:f3:91:2b:46:55:e6:df:63:31:14:8f:b6:3a:
         7f:19:3a:bb:e0:2c:02:ca:e2:77:e4:a4:0d:64:b1:c5:2b:21:
         3f:2e:fd:7d:48:52:34:0d:bd:85:00:c4:6e:b8:90:d7:b8:b4:
         11:99:e6:20
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbgbIStrRWUHl4uGff+PAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQwMTAxMTQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzQzZTA2ZWUzODg5NzgwYjY0MDI1OWI3YTg4NjczZTNlZTE0ZDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhRJ8TIWyHXQkSwSNWnFVL5CgLxf+
/Gkm+GA+ELfq4zi2KeT5Q6clEwrNF4mvHnStSBqj0iwkb2M/cV+qyo1mUdLByiyo
bVfovL1x2x/4XTyF4V+/s7z0Ctnfim8fCcvx9bP+/WByqnku906Pmbv372ExlJKw
leIyCgwfBDLHpReJYTMsrY83+Mde4KoMqcp8Ie8DR0XHrOziwI9i9bERlUbVddLE
QMTTj4y0ETAwA6+/Cd8ScVFab7qMD6ihqJ8cr1oWwwtkOmAIu+M82FliElRtMNjJ
MZAhPr1btg8wJsuT81kotGiRliaHtgoraoSJGS2GRl09u3q4z4Qz5iY8NQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNND4G7jiJeAtkAlm3qIZz4+4U1rMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvMDBQZ2J1T0lsNEMyUUNXYmVvaG5QajdoVFdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZ/IAwQC
LqEQMA0GCSqGSIb3DQEBCwUAA4IBAQDFZnouy7kM5QngJHlJOUJjfFVzaVBemg+I
pqJxJ4rGn9uLKsv97f1ImNdpO+VMGUmN0cyMoSg4RyMMyvGRJQzURLZ0dyTRESEC
OwgLIQoEyp4f8wAsd/5jer39yETTPdH8rQE4dRdAuHAMIbgD1D57SBfcgxyY1fq+
GJ3h51Rwvn5VTRqSHJMAd43PpzxzycJINMabBE3afSuXKAa4wS39cbu88jZpbQ5v
EFLVfxK5QQw2Qbay/+3MEIn83RmJhgWhzDipKMvwX7bYWfORK0ZV5t9jMRSPtjp/
GTq74CwCyuJ35KQNZLHFKyE/Lv19SFI0Db2FAMRuuJDXuLQRmeYg
-----END CERTIFICATE-----