Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/70zkDo5I6FAud-vYzAFjuWpiYXc.roa
File:                     70zkDo5I6FAud-vYzAFjuWpiYXc.roa (raw, json)
Hash identifier:          vtcB4WpDFnHCrfzXvVfJ5UK7hNf1m35Ybw18CAVL7Cc=
Subject key identifier:   EF:4C:E4:0E:8E:48:E8:50:2E:77:EB:D8:CC:01:63:B9:6A:62:61:77
Certificate issuer:       /CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
Certificate serial:       018CC794F69A72FB7AE6369CA351A609878E
Authority key identifier: 05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/70zkDo5I6FAud-vYzAFjuWpiYXc.roa
Signing time:             Tue 02 Jan 2024 00:31:17 +0000
ROA not before:           Tue 02 Jan 2024 00:31:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3170
IP address blocks:        45.84.241.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 00:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:f6:9a:72:fb:7a:e6:36:9c:a3:51:a6:09:87:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0551605b675ece4e0fce7175ae31a93fa8272ba6
        Validity
            Not Before: Jan  2 00:31:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ef4ce40e8e48e8502e77ebd8cc0163b96a626177
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:44:cb:df:95:cf:2a:5b:a2:7f:0b:95:4c:85:
                    fe:49:6b:8c:c8:9a:ce:97:c8:d2:1c:ab:87:9c:0e:
                    11:ac:9e:6c:07:f6:46:ee:f8:7c:f0:5f:7b:a6:38:
                    41:52:7f:c0:6a:76:83:0f:26:5f:36:5f:2e:73:b7:
                    91:5b:58:2a:93:9a:16:3c:04:2b:96:f6:8d:84:4f:
                    52:60:0d:7c:84:bc:bd:9d:96:fe:51:fc:3c:fc:b5:
                    f9:2b:06:b2:65:e6:aa:75:b0:5e:bf:05:58:b6:4d:
                    5a:a2:ac:02:da:c4:ad:73:c9:b8:be:67:45:65:9b:
                    06:bd:38:6f:8a:39:48:b7:b2:7e:82:5d:06:43:57:
                    ae:99:32:f8:84:3e:52:b6:00:02:03:b2:38:97:43:
                    60:fa:8e:8e:04:e5:87:b9:34:7a:d3:31:a0:3e:5f:
                    c1:d0:5f:3b:91:f1:d9:3a:c3:49:0a:e6:6d:18:b6:
                    ca:52:be:f0:c1:ff:71:8d:04:09:d8:96:72:cb:18:
                    40:8b:23:9e:5c:20:1e:2e:1c:87:09:b8:d1:df:70:
                    31:49:79:c8:a5:18:6a:00:cc:83:b5:18:eb:39:af:
                    d1:88:95:ff:56:33:93:cd:ee:52:4d:2d:9b:cc:6b:
                    b8:bb:53:4a:77:1a:6e:85:54:3f:9d:b0:af:9c:3a:
                    20:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:4C:E4:0E:8E:48:E8:50:2E:77:EB:D8:CC:01:63:B9:6A:62:61:77
            X509v3 Authority Key Identifier:
                keyid:05:51:60:5B:67:5E:CE:4E:0F:CE:71:75:AE:31:A9:3F:A8:27:2B:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BVFgW2dezk4PznF1rjGpP6gnK6Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/70zkDo5I6FAud-vYzAFjuWpiYXc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/28ea45-7d30-46df-8f2a-0779f48ecea0/1/BVFgW2dezk4PznF1rjGpP6gnK6Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.241.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:27:e5:4d:24:0b:25:dd:8f:89:9b:9b:6a:ef:fe:bb:5d:e1:
         9e:b8:49:31:2d:94:6e:52:7a:c6:7a:fb:aa:48:e4:c4:d3:a6:
         ec:f6:44:45:a5:ea:c1:30:74:55:15:12:c5:44:8b:1e:d6:5f:
         e0:95:bb:52:73:53:06:e4:86:bf:26:a0:4d:de:ec:85:0b:e9:
         6b:19:d2:c7:51:c0:0f:0d:5c:91:af:42:d0:60:16:57:24:a1:
         93:9b:e1:8a:58:d9:9a:94:06:e0:77:0f:ba:b7:9d:1b:d7:b8:
         41:ae:11:25:45:94:ef:b6:75:f4:ea:ef:8d:8f:4e:b5:ad:6e:
         cb:f4:c4:f1:33:98:b6:fe:ef:50:9b:29:47:f8:7e:25:67:7b:
         c8:a2:32:4f:ac:f4:fd:da:c6:7b:20:a7:f4:c8:f5:6c:3d:b8:
         3d:30:3f:c2:7b:35:b6:57:94:58:a9:e0:10:b6:cb:a6:b5:c2:
         f9:df:13:d1:3d:27:4e:1d:89:44:9f:d8:8b:04:87:2e:b9:d5:
         9f:50:fa:ff:cc:46:f1:ec:22:1b:42:f0:cc:fe:02:5a:87:89:
         e7:ee:83:a8:58:3e:69:85:14:fd:f8:cb:b7:82:ed:87:27:29:
         d7:e7:45:e5:a4:e9:78:9d:79:dd:6d:f6:68:68:0e:79:7a:67:
         85:41:51:94
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlPaacvt65jaco1GmCYeOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NTE2MDViNjc1ZWNlNGUwZmNlNzE3NWFlMzFhOTNmYTgy
NzJiYTYwHhcNMjQwMTAyMDAzMTE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjRjZTQwZThlNDhlODUwMmU3N2ViZDhjYzAxNjNiOTZhNjI2MTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA40TL35XPKluifwuVTIX+SWuMyJrO
l8jSHKuHnA4RrJ5sB/ZG7vh88F97pjhBUn/AanaDDyZfNl8uc7eRW1gqk5oWPAQr
lvaNhE9SYA18hLy9nZb+Ufw8/LX5KwayZeaqdbBevwVYtk1aoqwC2sStc8m4vmdF
ZZsGvThvijlIt7J+gl0GQ1eumTL4hD5StgACA7I4l0Ng+o6OBOWHuTR60zGgPl/B
0F87kfHZOsNJCuZtGLbKUr7wwf9xjQQJ2JZyyxhAiyOeXCAeLhyHCbjR33AxSXnI
pRhqAMyDtRjrOa/RiJX/VjOTze5STS2bzGu4u1NKdxpuhVQ/nbCvnDogawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO9M5A6OSOhQLnfr2MwBY7lqYmF3MB8GA1UdIwQY
MBaAFAVRYFtnXs5OD85xda4xqT+oJyumMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEt
MDc3OWY0OGVjZWEwLzEvNzB6a0RvNUk2RkF1ZC12WXpBRmp1V3BpWVhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yOGVhNDUtN2QzMC00NmRmLThmMmEtMDc3OWY0OGVjZWEw
LzEvQlZGZ1cyZGV6azRQem5GMXJqR3BQNmduSzZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVTxMA0G
CSqGSIb3DQEBCwUAA4IBAQBnJ+VNJAsl3Y+Jm5tq7/67XeGeuEkxLZRuUnrGevuq
SOTE06bs9kRFperBMHRVFRLFRIse1l/glbtSc1MG5Ia/JqBN3uyFC+lrGdLHUcAP
DVyRr0LQYBZXJKGTm+GKWNmalAbgdw+6t50b17hBrhElRZTvtnX06u+Nj061rW7L
9MTxM5i2/u9QmylH+H4lZ3vIojJPrPT92sZ7IKf0yPVsPbg9MD/CezW2V5RYqeAQ
tsumtcL53xPRPSdOHYlEn9iLBIcuudWfUPr/zEbx7CIbQvDM/gJah4nn7oOoWD5p
hRT9+Mu3gu2HJynX50XlpOl4nXndbfZoaA55emeFQVGU
-----END CERTIFICATE-----