Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/kERcqft_pG_zk5ei3ZDMGiUbwZ4.roa
File:                     kERcqft_pG_zk5ei3ZDMGiUbwZ4.roa (raw, json)
Hash identifier:          Bu3NELL9Hqz2/9ZJg7Zi2VUM6PEebjE405iW7pQaalw=
Subject key identifier:   90:44:5C:A9:FB:7F:A4:6F:F3:93:97:A2:DD:90:CC:1A:25:1B:C1:9E
Certificate issuer:       /CN=347b487848fff63533d87c324ecc51c2c3ea2adb
Certificate serial:       018CC64B6987BC3C78E925FD8CE2D5D93801
Authority key identifier: 34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/kERcqft_pG_zk5ei3ZDMGiUbwZ4.roa
Signing time:             Mon 01 Jan 2024 18:31:20 +0000
ROA not before:           Mon 01 Jan 2024 18:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139471
IP address blocks:        45.131.178.0/24 maxlen: 24
                          91.238.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 06:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:69:87:bc:3c:78:e9:25:fd:8c:e2:d5:d9:38:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=347b487848fff63533d87c324ecc51c2c3ea2adb
        Validity
            Not Before: Jan  1 18:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=90445ca9fb7fa46ff39397a2dd90cc1a251bc19e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:c9:3b:99:4f:b9:31:ee:39:ef:36:82:4e:89:
                    b4:b3:80:d7:c1:49:e3:21:9a:1f:a8:05:31:42:88:
                    95:5b:52:95:98:84:fd:d4:19:99:b7:db:c4:26:3f:
                    0f:a2:56:c1:93:ed:83:9a:75:9e:8d:39:aa:09:7b:
                    11:43:08:e3:e1:8f:e7:d2:1c:80:2c:48:bc:09:69:
                    0a:3c:3c:e1:f5:48:e8:02:ca:64:0d:72:e0:2a:45:
                    f5:42:98:b1:ea:74:dd:89:66:97:1c:ec:2a:07:a1:
                    ab:19:01:07:d9:56:cf:57:7d:eb:16:34:a5:99:05:
                    f5:8d:ab:63:53:60:f5:15:67:5f:3c:4b:d8:a7:d1:
                    0e:92:da:f0:15:1f:e9:f6:a6:30:6b:38:7d:7f:19:
                    b2:30:c9:a4:f3:2e:5e:38:8c:4a:1c:cd:b2:15:77:
                    e9:6d:c2:0b:d0:d7:1e:c0:b6:c9:44:18:6d:dd:01:
                    f6:80:b2:f7:08:47:15:8e:e9:eb:5e:0c:b5:e2:9b:
                    05:96:9b:e3:d4:9a:6f:30:ee:ad:1c:63:c3:57:40:
                    85:11:19:bf:53:66:4c:fe:4b:05:a6:39:21:85:da:
                    60:a3:c1:53:05:48:7a:c0:44:a7:f9:3e:70:aa:1e:
                    38:8e:02:e4:02:2f:70:8e:30:2d:9c:87:1b:0a:ed:
                    25:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:44:5C:A9:FB:7F:A4:6F:F3:93:97:A2:DD:90:CC:1A:25:1B:C1:9E
            X509v3 Authority Key Identifier:
                keyid:34:7B:48:78:48:FF:F6:35:33:D8:7C:32:4E:CC:51:C2:C3:EA:2A:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NHtIeEj_9jUz2HwyTsxRwsPqKts.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/kERcqft_pG_zk5ei3ZDMGiUbwZ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/27/bc7122-4d1b-46a7-aecb-230b3b72a175/1/NHtIeEj_9jUz2HwyTsxRwsPqKts.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.178.0/24
                  91.238.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cc:4a:2a:27:fb:48:7f:a4:e8:f9:8d:c0:69:be:12:a8:db:54:
         d5:7c:21:60:de:ff:e2:e0:11:1e:29:50:9f:52:b5:7b:3c:ed:
         8a:32:3e:71:cc:b3:b6:9d:34:2b:95:4e:fa:57:e1:90:0a:a9:
         dc:52:b9:43:4f:50:c1:44:91:56:2a:bc:aa:75:23:97:d9:1b:
         57:d4:53:68:42:67:fc:4b:c3:30:ae:c5:42:07:71:a2:bb:77:
         3b:93:c2:f8:55:6f:8c:e0:64:c9:58:26:1a:65:47:bd:2b:dd:
         1d:f8:06:68:92:70:6f:e4:bb:f9:92:9f:42:0a:78:50:c9:82:
         7f:08:3b:9d:2b:f6:9b:15:1e:4a:c8:d4:ba:a9:9a:85:41:43:
         0e:cb:a9:93:d4:bf:49:27:7b:73:e2:9e:98:7c:14:82:75:5c:
         93:63:a7:d2:3f:d6:9a:5a:37:22:79:58:a1:8c:c0:18:87:8a:
         ae:71:83:64:78:f2:a9:a8:cb:6b:75:b7:b4:fc:2c:f7:68:d7:
         d5:26:3d:7d:0d:a3:24:99:98:ba:8c:dc:a3:d7:c0:0a:de:59:
         24:6d:5d:64:3d:21:f2:49:fe:20:30:77:e5:29:3f:e3:04:21:
         37:44:f4:d1:f1:f1:d3:50:c3:95:f6:5d:f8:7c:6f:15:a1:37:
         17:2b:e3:eb
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS2mHvDx46SX9jOLV2TgBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0N2I0ODc4NDhmZmY2MzUzM2Q4N2MzMjRlY2M1MWMyYzNl
YTJhZGIwHhcNMjQwMTAxMTgzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDQ0NWNhOWZiN2ZhNDZmZjM5Mzk3YTJkZDkwY2MxYTI1MWJjMTllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgsk7mU+5Me457zaCTom0s4DXwUnj
IZofqAUxQoiVW1KVmIT91BmZt9vEJj8PolbBk+2DmnWejTmqCXsRQwjj4Y/n0hyA
LEi8CWkKPDzh9UjoAspkDXLgKkX1Qpix6nTdiWaXHOwqB6GrGQEH2VbPV33rFjSl
mQX1jatjU2D1FWdfPEvYp9EOktrwFR/p9qYwazh9fxmyMMmk8y5eOIxKHM2yFXfp
bcIL0NcewLbJRBht3QH2gLL3CEcVjunrXgy14psFlpvj1JpvMO6tHGPDV0CFERm/
U2ZM/ksFpjkhhdpgo8FTBUh6wESn+T5wqh44jgLkAi9wjjAtnIcbCu0laQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJBEXKn7f6Rv85OXot2QzBolG8GeMB8GA1UdIwQY
MBaAFDR7SHhI//Y1M9h8Mk7MUcLD6irbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2It
MjMwYjNiNzJhMTc1LzEva0VSY3FmdF9wR196azVlaTNaRE1HaVVid1o0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNy9iYzcxMjItNGQxYi00NmE3LWFlY2ItMjMwYjNiNzJhMTc1
LzEvTkh0SWVFal85alV6Mkh3eVRzeFJ3c1BxS3RzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYOyAwQA
W+5yMA0GCSqGSIb3DQEBCwUAA4IBAQDMSion+0h/pOj5jcBpvhKo21TVfCFg3v/i
4BEeKVCfUrV7PO2KMj5xzLO2nTQrlU76V+GQCqncUrlDT1DBRJFWKryqdSOX2RtX
1FNoQmf8S8MwrsVCB3Giu3c7k8L4VW+M4GTJWCYaZUe9K90d+AZoknBv5Lv5kp9C
CnhQyYJ/CDudK/abFR5KyNS6qZqFQUMOy6mT1L9JJ3tz4p6YfBSCdVyTY6fSP9aa
WjcieVihjMAYh4qucYNkePKpqMtrdbe0/Cz3aNfVJj19DaMkmZi6jNyj18AK3lkk
bV1kPSHySf4gMHflKT/jBCE3RPTR8fHTUMOV9l34fG8VoTcXK+Pr
-----END CERTIFICATE-----