Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/tH54a5u8InlwFx3uoH0av8rprKs.roa
File:                     tH54a5u8InlwFx3uoH0av8rprKs.roa (raw, json)
Hash identifier:          W+A0CAQJXLGWRwH0wHfGcN3s8kCCYsoo0Iy+7Ii/InA=
Subject key identifier:   B4:7E:78:6B:9B:BC:22:79:70:17:1D:EE:A0:7D:1A:BF:CA:E9:AC:AB
Certificate issuer:       /CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
Certificate serial:       018CC87071C9FEC2B491E81BE2B74FD33C98
Authority key identifier: 2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/tH54a5u8InlwFx3uoH0av8rprKs.roa
Signing time:             Tue 02 Jan 2024 04:31:01 +0000
ROA not before:           Tue 02 Jan 2024 04:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20860
IP address blocks:        193.37.72.0/22 maxlen: 22
                          45.88.144.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 21 Apr 2024 20:00:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:70:71:c9:fe:c2:b4:91:e8:1b:e2:b7:4f:d3:3c:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b145a8bdf2bca150f25ed54a277b8f653efdb3e
        Validity
            Not Before: Jan  2 04:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b47e786b9bbc227970171deea07d1abfcae9acab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:76:32:ea:ff:06:78:5a:ba:3c:47:f6:3c:be:
                    29:c9:fa:4b:5e:a0:82:05:fb:92:cd:62:bf:a8:1c:
                    a4:f2:7f:3a:89:41:13:7c:79:d3:d0:5e:b9:e9:ce:
                    aa:b0:a7:49:87:35:d3:92:4c:53:76:6e:01:ba:23:
                    d5:83:ab:f2:ab:8b:b3:af:7d:55:d7:1c:ed:93:72:
                    d9:02:35:22:f0:4f:98:5b:ea:5d:e4:c2:8e:a2:6e:
                    ac:6e:54:0d:14:7c:d8:eb:62:fd:00:c4:78:17:73:
                    63:84:e5:be:2e:be:22:ca:c1:6e:80:e8:58:38:5b:
                    3c:1c:41:05:22:d6:57:fd:03:5d:2e:d7:60:c5:26:
                    c4:df:d5:4b:5a:3e:1f:16:d7:85:d2:6a:97:10:a2:
                    72:f8:e2:a6:0a:13:fc:27:15:03:de:c4:eb:dd:f7:
                    21:30:a3:3e:75:34:3f:c2:4d:0b:d4:07:6a:cb:c3:
                    32:56:62:fc:9a:f8:eb:bd:a4:2c:3e:9b:66:0f:f7:
                    71:8f:8b:48:cc:53:38:9d:3d:f8:9e:2c:64:e8:d7:
                    f2:24:4b:65:18:9c:a1:cf:9c:37:2e:f5:91:59:d2:
                    c8:dd:73:bb:8a:fc:cf:19:ee:aa:d4:bd:57:25:79:
                    25:78:00:8e:bb:48:3c:af:bf:e0:f3:95:0e:20:21:
                    65:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:7E:78:6B:9B:BC:22:79:70:17:1D:EE:A0:7D:1A:BF:CA:E9:AC:AB
            X509v3 Authority Key Identifier:
                keyid:2B:14:5A:8B:DF:2B:CA:15:0F:25:ED:54:A2:77:B8:F6:53:EF:DB:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KxRai98ryhUPJe1Uone49lPv2z4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/tH54a5u8InlwFx3uoH0av8rprKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0d8c8f-ff2c-4da8-b443-3040bed3cccd/1/KxRai98ryhUPJe1Uone49lPv2z4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.144.0/22
                  193.37.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:a0:9a:a5:71:3a:1f:dd:ad:ab:68:68:67:35:57:24:01:08:
         e8:02:2e:6c:86:99:68:d7:0b:58:40:73:4f:f0:7a:6b:b3:a4:
         a3:5a:a6:e9:cb:37:56:fa:c8:54:e4:d4:e0:79:4c:50:f3:c0:
         b3:0e:a3:6d:cd:49:76:ca:ea:9f:67:60:8e:eb:6e:83:cd:7f:
         3f:c5:70:61:d5:e3:08:55:03:82:6e:c8:13:4a:87:70:a4:4d:
         a0:88:7d:0d:d2:49:bd:ad:db:92:fd:f7:48:ac:60:57:39:89:
         49:68:c3:6b:d3:7c:6c:64:f6:88:ec:39:75:5f:79:33:39:5d:
         43:83:04:12:25:bb:6e:57:2d:63:8e:87:92:37:1c:92:70:8f:
         26:ee:5a:9b:ee:e5:1c:ec:31:42:f0:bb:12:0c:90:a8:72:23:
         19:73:2e:ed:bb:e6:48:a8:e7:a4:79:71:ca:13:b9:4e:80:d5:
         f9:a4:62:f9:67:fc:ca:43:74:74:92:3d:6b:39:8c:79:5c:34:
         72:18:f4:59:df:82:a3:2d:a3:93:6e:72:83:41:8e:a2:30:05:
         28:ab:5a:08:aa:8f:93:05:7e:77:b5:e9:a5:86:9f:b7:6a:69:
         f9:d9:f9:da:31:16:15:3c:1a:b7:cb:ed:87:66:10:7d:e2:09:
         b5:5e:2c:db
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzIcHHJ/sK0kegb4rdP0zyYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMTQ1YThiZGYyYmNhMTUwZjI1ZWQ1NGEyNzdiOGY2NTNl
ZmRiM2UwHhcNMjQwMTAyMDQzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDdlNzg2YjliYmMyMjc5NzAxNzFkZWVhMDdkMWFiZmNhZTlhY2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhnYy6v8GeFq6PEf2PL4pyfpLXqCC
BfuSzWK/qByk8n86iUETfHnT0F656c6qsKdJhzXTkkxTdm4BuiPVg6vyq4uzr31V
1xztk3LZAjUi8E+YW+pd5MKOom6sblQNFHzY62L9AMR4F3NjhOW+Lr4iysFugOhY
OFs8HEEFItZX/QNdLtdgxSbE39VLWj4fFteF0mqXEKJy+OKmChP8JxUD3sTr3fch
MKM+dTQ/wk0L1Adqy8MyVmL8mvjrvaQsPptmD/dxj4tIzFM4nT34nixk6NfyJEtl
GJyhz5w3LvWRWdLI3XO7ivzPGe6q1L1XJXkleACOu0g8r7/g85UOICFl4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLR+eGubvCJ5cBcd7qB9Gr/K6ayrMB8GA1UdIwQY
MBaAFCsUWovfK8oVDyXtVKJ3uPZT79s+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMt
MzA0MGJlZDNjY2NkLzEvdEg1NGE1dThJbmx3RngzdW9IMGF2OHJwcktzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZDhjOGYtZmYyYy00ZGE4LWI0NDMtMzA0MGJlZDNjY2Nk
LzEvS3hSYWk5OHJ5aFVQSmUxVW9uZTQ5bFB2Mno0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLViQAwQC
wSVIMA0GCSqGSIb3DQEBCwUAA4IBAQCHoJqlcTof3a2raGhnNVckAQjoAi5shplo
1wtYQHNP8Hprs6SjWqbpyzdW+shU5NTgeUxQ88CzDqNtzUl2yuqfZ2CO626DzX8/
xXBh1eMIVQOCbsgTSodwpE2giH0N0km9rduS/fdIrGBXOYlJaMNr03xsZPaI7Dl1
X3kzOV1DgwQSJbtuVy1jjoeSNxyScI8m7lqb7uUc7DFC8LsSDJCociMZcy7tu+ZI
qOekeXHKE7lOgNX5pGL5Z/zKQ3R0kj1rOYx5XDRyGPRZ34KjLaOTbnKDQY6iMAUo
q1oIqo+TBX53temlhp+3amn52fnaMRYVPBq3y+2HZhB94gm1Xizb
-----END CERTIFICATE-----