Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/7aJF1OvrBkHDpgaBIudRFqduwAI.roa
File:                     7aJF1OvrBkHDpgaBIudRFqduwAI.roa (raw, json)
Hash identifier:          jNF86Ohd3P/HPa8+9WkslxOCPWkXU7Fodi0CxYqNh3I=
Subject key identifier:   ED:A2:45:D4:EB:EB:06:41:C3:A6:06:81:22:E7:51:16:A7:6E:C0:02
Certificate issuer:       /CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
Certificate serial:       018CC348A992870B14BECA99779AEFA35DE7
Authority key identifier: 0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/7aJF1OvrBkHDpgaBIudRFqduwAI.roa
Signing time:             Mon 01 Jan 2024 04:29:28 +0000
ROA not before:           Mon 01 Jan 2024 04:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9335
IP address blocks:        45.150.128.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:a9:92:87:0b:14:be:ca:99:77:9a:ef:a3:5d:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0d2999042c5e2006bd5aeb7a05de1e96a5e73664
        Validity
            Not Before: Jan  1 04:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eda245d4ebeb0641c3a6068122e75116a76ec002
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:64:c8:51:c3:38:b5:6a:e8:0d:bb:d3:2b:11:
                    bf:59:d4:03:26:c2:fc:65:aa:61:26:51:7e:86:e5:
                    cf:59:35:80:e1:e3:30:75:50:af:8b:93:29:f1:57:
                    07:f0:2c:40:cf:95:89:d3:fe:d9:42:b3:ad:72:29:
                    86:72:85:8f:7a:7f:95:00:5d:7e:c6:40:c5:7b:b0:
                    34:5f:a3:ea:9b:5c:82:73:98:14:7d:f6:35:43:e7:
                    62:30:ef:73:cd:81:2a:76:ef:6d:8a:ff:29:b8:20:
                    cf:3e:6e:fa:37:22:1d:85:99:b1:f8:7d:e9:f8:8d:
                    c3:1c:a4:fb:a4:a5:a4:0e:ad:5f:4e:27:92:7e:b7:
                    5c:1b:35:a0:3a:ec:be:df:6d:58:2f:51:04:c2:23:
                    f7:7b:98:62:a0:80:ee:dd:50:89:d0:c5:1a:42:9c:
                    9d:ac:fe:95:a3:a4:df:a7:2d:95:ce:24:6d:1d:c8:
                    e6:83:b6:fd:b8:95:4c:71:8c:51:ee:8c:a8:f3:fa:
                    7f:22:e3:9c:79:ef:e8:0f:19:f6:ae:70:a5:e5:70:
                    7b:0e:40:43:b9:9b:ba:5a:44:a3:6d:0a:80:fa:bb:
                    c6:42:e4:5f:9b:0c:eb:eb:56:c7:c7:e7:a6:75:44:
                    cc:de:de:d9:1b:63:5b:6c:a7:22:fd:ca:23:79:f3:
                    e1:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:A2:45:D4:EB:EB:06:41:C3:A6:06:81:22:E7:51:16:A7:6E:C0:02
            X509v3 Authority Key Identifier:
                keyid:0D:29:99:04:2C:5E:20:06:BD:5A:EB:7A:05:DE:1E:96:A5:E7:36:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/7aJF1OvrBkHDpgaBIudRFqduwAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/2c3316-efc7-4952-9efe-8c153965bac9/1/DSmZBCxeIAa9Wut6Bd4elqXnNmQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.128.0/22

    Signature Algorithm: sha256WithRSAEncryption
         75:3f:72:0b:56:d8:18:a0:f2:37:e7:c6:bc:1e:e8:da:69:e7:
         bd:46:51:5c:d9:48:4c:38:61:a0:88:11:ff:5e:d6:8b:94:8a:
         2b:74:2b:ac:f1:97:d1:43:20:5d:f9:c1:75:3c:10:9a:ff:81:
         ef:17:13:55:e5:17:51:f9:4c:27:83:74:b7:1f:03:85:3d:49:
         e4:de:8a:2a:16:b7:13:7b:43:66:51:75:68:ec:44:50:4c:9b:
         71:f6:8b:ad:32:2d:95:ef:f6:d6:9f:c9:36:8e:da:af:d5:77:
         75:e4:b3:e3:74:40:cc:9b:f0:28:19:c3:9a:43:15:b9:f3:7b:
         ae:2e:80:37:35:c7:be:32:f4:ab:e8:6e:7f:3c:12:95:bd:40:
         38:af:52:3d:b2:c5:c6:0e:e2:b6:29:82:91:4b:8d:06:d0:92:
         00:97:da:d7:58:5e:d2:95:0b:c1:25:57:48:76:02:33:22:e5:
         9e:1b:c9:91:41:91:fb:3a:ea:24:ed:5d:9d:d3:e6:ab:0a:17:
         09:c0:87:fb:82:94:69:72:7d:03:97:a7:ea:87:1e:b6:52:b5:
         19:78:6e:e7:10:b7:5b:68:29:97:13:c3:e4:b2:2c:de:dc:af:
         23:c3:30:11:4f:28:1f:c8:12:9a:87:9c:3f:3d:ac:aa:a5:39:
         f2:4f:d2:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSKmShwsUvsqZd5rvo13nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkMjk5OTA0MmM1ZTIwMDZiZDVhZWI3YTA1ZGUxZTk2YTVl
NzM2NjQwHhcNMjQwMTAxMDQyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGEyNDVkNGViZWIwNjQxYzNhNjA2ODEyMmU3NTExNmE3NmVjMDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWTIUcM4tWroDbvTKxG/WdQDJsL8
ZaphJlF+huXPWTWA4eMwdVCvi5Mp8VcH8CxAz5WJ0/7ZQrOtcimGcoWPen+VAF1+
xkDFe7A0X6Pqm1yCc5gUffY1Q+diMO9zzYEqdu9tiv8puCDPPm76NyIdhZmx+H3p
+I3DHKT7pKWkDq1fTieSfrdcGzWgOuy+321YL1EEwiP3e5hioIDu3VCJ0MUaQpyd
rP6Vo6Tfpy2VziRtHcjmg7b9uJVMcYxR7oyo8/p/IuOcee/oDxn2rnCl5XB7DkBD
uZu6WkSjbQqA+rvGQuRfmwzr61bHx+emdUTM3t7ZG2NbbKci/cojefPhbQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2iRdTr6wZBw6YGgSLnURanbsACMB8GA1UdIwQY
MBaAFA0pmQQsXiAGvVrregXeHpal5zZkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUt
OGMxNTM5NjViYWM5LzEvN2FKRjFPdnJCa0hEcGdhQkl1ZFJGcWR1d0FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC8yYzMzMTYtZWZjNy00OTUyLTllZmUtOGMxNTM5NjViYWM5
LzEvRFNtWkJDeGVJQWE5V3V0NkJkNGVscVhuTm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZaAMA0G
CSqGSIb3DQEBCwUAA4IBAQB1P3ILVtgYoPI358a8Hujaaee9RlFc2UhMOGGgiBH/
XtaLlIordCus8ZfRQyBd+cF1PBCa/4HvFxNV5RdR+Uwng3S3HwOFPUnk3ooqFrcT
e0NmUXVo7ERQTJtx9outMi2V7/bWn8k2jtqv1Xd15LPjdEDMm/AoGcOaQxW583uu
LoA3Nce+MvSr6G5/PBKVvUA4r1I9ssXGDuK2KYKRS40G0JIAl9rXWF7SlQvBJVdI
dgIzIuWeG8mRQZH7Ouok7V2d0+arChcJwIf7gpRpcn0Dl6fqhx62UrUZeG7nELdb
aCmXE8Pksize3K8jwzARTygfyBKah5w/PayqpTnyT9JN
-----END CERTIFICATE-----