Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/i05hbp7fitjATw9xW9e2kYV4EUk.roa
File:                     i05hbp7fitjATw9xW9e2kYV4EUk.roa (raw, json)
Hash identifier:          ZhixEjx4NqKCFMnyLmWloslhW9ImxWe5QmUEZq2W5hw=
Subject key identifier:   8B:4E:61:6E:9E:DF:8A:D8:C0:4F:0F:71:5B:D7:B6:91:85:78:11:49
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       018CC8014B841D1B42E8D33B93F3C8FBAE50
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/i05hbp7fitjATw9xW9e2kYV4EUk.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47484
IP address blocks:        45.13.116.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4b:84:1d:1b:42:e8:d3:3b:93:f3:c8:fb:ae:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8b4e616e9edf8ad8c04f0f715bd7b69185781149
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c9:08:51:73:7b:d9:f9:38:42:0b:1d:6f:83:
                    21:1c:af:5d:39:f6:d4:ea:43:44:4b:f3:1a:fa:ab:
                    56:aa:7a:2a:a0:20:b7:80:23:32:93:a3:2c:0b:f7:
                    54:ff:65:a9:29:e0:4a:5d:70:41:51:d3:7e:41:f0:
                    4f:b1:39:6d:1b:46:a0:2d:69:8f:c6:d8:77:36:58:
                    3b:88:be:be:f9:9f:50:81:6f:28:6b:f4:1b:8a:90:
                    bb:b6:3a:45:17:ba:a7:a4:92:4d:cc:22:c3:73:42:
                    8f:1c:10:1d:7a:d0:15:b3:67:01:fc:e9:31:a2:3d:
                    ea:06:38:73:e1:9f:89:b5:ca:c3:ca:9f:9c:65:12:
                    3c:b3:27:49:c7:c9:e4:26:1f:76:d8:0e:a9:7c:79:
                    3b:14:1b:09:7b:b8:dd:88:27:c1:5e:0b:12:50:3a:
                    8d:89:1e:71:a7:ad:03:16:eb:ec:55:a6:66:9e:e5:
                    2d:64:95:40:d7:9c:f9:5b:78:b1:8a:d2:09:83:b5:
                    a0:c3:5a:91:d0:7e:9c:5a:af:a4:94:51:62:7b:9f:
                    49:ba:c5:41:70:a4:c2:a3:3b:7a:00:d7:ce:4a:0c:
                    5f:fc:a1:ce:fb:b3:c5:f3:98:13:91:eb:88:49:66:
                    78:3c:30:64:d1:52:d6:d3:60:cd:c3:a0:04:80:6b:
                    27:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:4E:61:6E:9E:DF:8A:D8:C0:4F:0F:71:5B:D7:B6:91:85:78:11:49
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/i05hbp7fitjATw9xW9e2kYV4EUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.116.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:67:9f:df:3c:31:b7:91:6d:d0:83:dd:59:e4:d2:5f:1e:3e:
         2f:81:f9:d0:f5:d6:cc:be:a4:e1:78:d4:f0:72:2a:fa:e7:5a:
         f8:20:2b:79:a5:47:40:3b:df:45:56:04:a2:16:59:11:8a:7c:
         57:00:36:18:09:80:20:be:f7:48:c0:cf:31:c5:e5:35:70:12:
         c7:ee:25:f4:9c:01:db:49:32:18:1b:9a:3f:7d:17:d4:3a:70:
         df:8a:94:93:38:37:64:e0:b6:22:98:eb:1f:3e:75:aa:dc:8f:
         bc:00:3a:a7:26:6d:b7:f0:f4:e7:1a:e5:98:70:49:7f:ca:95:
         4f:3d:b8:1f:14:83:0a:ff:b6:df:a4:13:44:8b:c3:f3:ae:48:
         ae:48:ce:c7:b0:45:40:5e:f2:4d:7f:20:f0:d6:9f:69:d8:99:
         db:b2:f8:41:9e:2b:b9:e3:ba:dd:6c:52:6c:2e:3c:cc:c3:64:
         a1:c2:a2:0d:f7:84:7e:5d:20:ae:7b:1c:81:74:ba:99:75:7f:
         27:0c:15:c4:a9:48:96:b1:c5:a9:b8:55:d7:08:67:a5:a4:ba:
         d7:d8:f1:a0:db:fe:21:a5:16:36:cb:fe:5b:c5:fd:c2:a1:56:
         d6:16:e7:90:f3:9d:3d:f0:cc:83:1c:7d:6b:41:19:5f:a1:22:
         e5:00:8b:8e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAUuEHRtC6NM7k/PI+65QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YjRlNjE2ZTllZGY4YWQ4YzA0ZjBmNzE1YmQ3YjY5MTg1NzgxMTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjskIUXN72fk4Qgsdb4MhHK9dOfbU
6kNES/Ma+qtWqnoqoCC3gCMyk6MsC/dU/2WpKeBKXXBBUdN+QfBPsTltG0agLWmP
xth3Nlg7iL6++Z9QgW8oa/QbipC7tjpFF7qnpJJNzCLDc0KPHBAdetAVs2cB/Okx
oj3qBjhz4Z+JtcrDyp+cZRI8sydJx8nkJh922A6pfHk7FBsJe7jdiCfBXgsSUDqN
iR5xp60DFuvsVaZmnuUtZJVA15z5W3ixitIJg7Wgw1qR0H6cWq+klFFie59JusVB
cKTCozt6ANfOSgxf/KHO+7PF85gTkeuISWZ4PDBk0VLW02DNw6AEgGsnUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFItOYW6e34rYwE8PcVvXtpGFeBFJMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvaTA1aGJwN2ZpdGpBVHc5eFc5ZTJrWVY0RVVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ10MA0G
CSqGSIb3DQEBCwUAA4IBAQBTZ5/fPDG3kW3Qg91Z5NJfHj4vgfnQ9dbMvqTheNTw
cir651r4ICt5pUdAO99FVgSiFlkRinxXADYYCYAgvvdIwM8xxeU1cBLH7iX0nAHb
STIYG5o/fRfUOnDfipSTODdk4LYimOsfPnWq3I+8ADqnJm238PTnGuWYcEl/ypVP
PbgfFIMK/7bfpBNEi8PzrkiuSM7HsEVAXvJNfyDw1p9p2JnbsvhBniu547rdbFJs
LjzMw2ShwqIN94R+XSCuexyBdLqZdX8nDBXEqUiWscWpuFXXCGelpLrX2PGg2/4h
pRY2y/5bxf3CoVbWFueQ85098MyDHH1rQRlfoSLlAIuO
-----END CERTIFICATE-----