Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/jr4FFGrkksYO_J1OpUbXxVZuAp0.roa
File:                     jr4FFGrkksYO_J1OpUbXxVZuAp0.roa (raw, json)
Hash identifier:          nolf6IuTO5JACTNYWgrpWa6SZy4Il93m5SusKd61OBc=
Subject key identifier:   8E:BE:05:14:6A:E4:92:C6:0E:FC:9D:4E:A5:46:D7:C5:56:6E:02:9D
Certificate issuer:       /CN=91f5fcedbdb84dd52fc6770d7ccfd3fc6684fa41
Certificate serial:       018CC3B70C8309486A4B8D62A5A0CFA4EF41
Authority key identifier: 91:F5:FC:ED:BD:B8:4D:D5:2F:C6:77:0D:7C:CF:D3:FC:66:84:FA:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kfX87b24TdUvxncNfM_T_GaE-kE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/jr4FFGrkksYO_J1OpUbXxVZuAp0.roa
Signing time:             Mon 01 Jan 2024 06:30:02 +0000
ROA not before:           Mon 01 Jan 2024 06:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202699
IP address blocks:        45.82.60.0/24 maxlen: 24
                          45.82.63.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/kfX87b24TdUvxncNfM_T_GaE-kE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/kfX87b24TdUvxncNfM_T_GaE-kE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kfX87b24TdUvxncNfM_T_GaE-kE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:0c:83:09:48:6a:4b:8d:62:a5:a0:cf:a4:ef:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91f5fcedbdb84dd52fc6770d7ccfd3fc6684fa41
        Validity
            Not Before: Jan  1 06:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8ebe05146ae492c60efc9d4ea546d7c5566e029d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:cc:9d:ba:38:43:f5:cc:d0:33:21:52:ee:d8:
                    c1:05:79:87:b9:73:28:e9:74:bc:1a:f8:fc:8c:53:
                    7c:a2:5d:f6:60:98:24:b8:5e:cd:52:34:40:84:f7:
                    8a:c2:3b:c1:20:d6:13:9e:12:74:a6:54:5b:27:b0:
                    db:c8:4f:82:aa:94:f1:b8:57:8f:73:61:b8:d7:6e:
                    b3:d2:88:c3:24:9d:26:58:e4:f3:ee:63:40:27:e1:
                    e0:95:9c:12:61:75:92:3f:ad:95:52:0b:38:93:ba:
                    a2:0c:b3:72:30:93:a8:fa:b9:0f:16:85:25:ac:74:
                    38:00:3a:92:da:18:97:2d:45:87:a6:af:7f:2a:ad:
                    45:31:e4:b0:2c:8e:fb:4e:af:aa:9a:f4:0c:ec:92:
                    94:e3:03:42:7d:6a:d7:6d:7c:a4:31:78:24:fe:f8:
                    03:cf:0d:57:33:cc:da:28:be:f2:fb:a7:60:de:26:
                    f3:04:b0:5e:3a:9a:b0:5b:fc:fb:2c:6a:be:ae:4b:
                    ab:2b:dc:bc:4b:da:77:4a:3d:7a:2c:76:b2:2a:4a:
                    13:63:44:ab:f0:fb:5c:54:4e:0c:0d:ad:3f:86:a2:
                    fe:73:a2:ca:5d:7f:56:43:21:8b:da:3f:36:dd:a8:
                    cd:a2:a9:56:f2:bb:4b:50:5d:45:98:6e:00:bb:34:
                    54:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:BE:05:14:6A:E4:92:C6:0E:FC:9D:4E:A5:46:D7:C5:56:6E:02:9D
            X509v3 Authority Key Identifier:
                keyid:91:F5:FC:ED:BD:B8:4D:D5:2F:C6:77:0D:7C:CF:D3:FC:66:84:FA:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kfX87b24TdUvxncNfM_T_GaE-kE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/jr4FFGrkksYO_J1OpUbXxVZuAp0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/9a0981-0ad8-48a5-bfec-8cc9833611e6/1/kfX87b24TdUvxncNfM_T_GaE-kE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.60.0/24
                  45.82.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:fe:e5:70:90:a5:f2:e3:62:9a:da:44:5f:b4:67:39:22:93:
         bf:f1:18:18:d6:30:a4:6d:87:4a:62:e5:6b:66:7c:fa:a2:47:
         75:81:eb:b0:e5:c5:48:ba:f3:8a:48:e0:1b:41:06:fa:9a:e5:
         e8:c1:8d:5b:70:94:98:57:fb:52:92:5d:c2:1f:9e:59:e9:f6:
         f3:45:dc:fc:9d:90:32:ea:51:c2:83:cb:41:1b:bd:91:f5:57:
         1e:69:30:ee:e9:2c:9a:5b:d4:2d:bc:b0:56:70:d6:99:8e:88:
         02:c7:f0:e0:6e:f3:53:54:05:c6:5d:3e:26:7c:bb:09:7f:23:
         3a:df:a2:11:2a:a4:b8:c3:50:20:b0:a2:b9:05:a9:d2:b0:f8:
         47:5b:17:25:1d:53:4d:4d:29:57:fd:f7:68:91:6f:59:86:eb:
         f8:41:bd:5b:fc:0f:6b:fd:71:11:6c:fa:97:a8:d5:82:b7:f9:
         29:7c:00:0e:a9:de:87:bc:f5:c2:b9:8f:ac:62:58:da:8f:55:
         a7:be:de:70:45:8e:1f:32:7f:36:0c:59:f3:d1:89:55:b4:cf:
         47:6c:3e:18:29:c2:f0:ef:d9:04:af:c8:05:5e:15:c6:d7:1f:
         6f:f5:ad:56:8c:a3:76:be:c3:cd:b1:66:a5:83:eb:af:41:10:
         4a:5a:b8:da
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtwyDCUhqS41ipaDPpO9BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZjVmY2VkYmRiODRkZDUyZmM2NzcwZDdjY2ZkM2ZjNjY4
NGZhNDEwHhcNMjQwMTAxMDYzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWJlMDUxNDZhZTQ5MmM2MGVmYzlkNGVhNTQ2ZDdjNTU2NmUwMjlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsydujhD9czQMyFS7tjBBXmHuXMo
6XS8Gvj8jFN8ol32YJgkuF7NUjRAhPeKwjvBINYTnhJ0plRbJ7DbyE+CqpTxuFeP
c2G4126z0ojDJJ0mWOTz7mNAJ+HglZwSYXWSP62VUgs4k7qiDLNyMJOo+rkPFoUl
rHQ4ADqS2hiXLUWHpq9/Kq1FMeSwLI77Tq+qmvQM7JKU4wNCfWrXbXykMXgk/vgD
zw1XM8zaKL7y+6dg3ibzBLBeOpqwW/z7LGq+rkurK9y8S9p3Sj16LHayKkoTY0Sr
8PtcVE4MDa0/hqL+c6LKXX9WQyGL2j823ajNoqlW8rtLUF1FmG4AuzRUywIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFI6+BRRq5JLGDvydTqVG18VWbgKdMB8GA1UdIwQY
MBaAFJH1/O29uE3VL8Z3DXzP0/xmhPpBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2ZYODdiMjRUZFV2eG5jTmZNX1RfR2FFLWtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC85YTA5ODEtMGFkOC00OGE1LWJmZWMt
OGNjOTgzMzYxMWU2LzEvanI0RkZHcmtrc1lPX0oxT3BVYlh4Vlp1QXAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC85YTA5ODEtMGFkOC00OGE1LWJmZWMtOGNjOTgzMzYxMWU2
LzEva2ZYODdiMjRUZFV2eG5jTmZNX1RfR2FFLWtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVI8AwQA
LVI/MA0GCSqGSIb3DQEBCwUAA4IBAQB+/uVwkKXy42Ka2kRftGc5IpO/8RgY1jCk
bYdKYuVrZnz6okd1geuw5cVIuvOKSOAbQQb6muXowY1bcJSYV/tSkl3CH55Z6fbz
Rdz8nZAy6lHCg8tBG72R9VceaTDu6SyaW9QtvLBWcNaZjogCx/DgbvNTVAXGXT4m
fLsJfyM636IRKqS4w1AgsKK5BanSsPhHWxclHVNNTSlX/fdokW9Zhuv4Qb1b/A9r
/XERbPqXqNWCt/kpfAAOqd6HvPXCuY+sYljaj1Wnvt5wRY4fMn82DFnz0YlVtM9H
bD4YKcLw79kEr8gFXhXG1x9v9a1WjKN2vsPNsWalg+uvQRBKWrja
-----END CERTIFICATE-----