Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/1-OurgVfTD7pKsf0V3bEdJdKxNGA.roa
File:                     1-OurgVfTD7pKsf0V3bEdJdKxNGA.roa (raw, json)
Hash identifier:          +Dy1+BOIoNFH7Xx9tQ2F8405tMUbLJARnihqd0dDWUM=
Subject key identifier:   F8:EB:AB:81:57:D3:0F:BA:4A:B1:FD:15:DD:B1:1D:25:D2:B1:34:60
Certificate issuer:       /CN=17526ccac4f9064e058549b30172c84439787fbc
Certificate serial:       018CC424EAE16ECA8BD74850233F14784512
Authority key identifier: 17:52:6C:CA:C4:F9:06:4E:05:85:49:B3:01:72:C8:44:39:78:7F:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F1JsysT5Bk4FhUmzAXLIRDl4f7w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/1-OurgVfTD7pKsf0V3bEdJdKxNGA.roa
Signing time:             Mon 01 Jan 2024 08:30:02 +0000
ROA not before:           Mon 01 Jan 2024 08:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206150
IP address blocks:        45.90.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/F1JsysT5Bk4FhUmzAXLIRDl4f7w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/F1JsysT5Bk4FhUmzAXLIRDl4f7w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F1JsysT5Bk4FhUmzAXLIRDl4f7w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 14:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:ea:e1:6e:ca:8b:d7:48:50:23:3f:14:78:45:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17526ccac4f9064e058549b30172c84439787fbc
        Validity
            Not Before: Jan  1 08:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f8ebab8157d30fba4ab1fd15ddb11d25d2b13460
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ea:35:32:d7:e8:57:20:d8:ae:36:af:c2:02:
                    97:80:98:d1:f0:d0:17:6f:23:6f:3b:9e:3c:1b:db:
                    5f:57:2d:d6:74:40:7a:9b:24:4b:f8:d8:df:88:67:
                    12:9b:8a:25:2a:e2:2c:bf:24:aa:26:30:a3:01:bb:
                    5c:57:75:21:e4:84:ef:57:14:fd:47:7a:d9:f7:6e:
                    03:4c:cf:62:bc:e5:80:c8:2c:46:a1:9a:16:3d:ee:
                    51:34:c1:ad:83:ad:46:7f:8e:a4:bb:d3:36:cc:af:
                    ab:82:ac:92:f5:51:b2:4e:8a:6b:ca:9a:f5:e1:d4:
                    26:86:39:35:ae:30:d7:25:fe:8e:7c:07:38:21:2d:
                    55:97:ea:44:d2:03:c6:c4:2c:c6:b3:95:5b:62:3b:
                    c2:79:ad:0e:10:c7:f6:07:a5:0d:22:1a:3b:47:2e:
                    1f:c6:30:14:ba:3a:57:df:e4:8f:d5:0d:6c:d3:e5:
                    cc:5b:16:e5:2a:c4:81:64:68:4b:08:a4:42:e6:32:
                    3c:3c:d8:21:eb:4a:9c:8b:d1:9e:ec:0c:a4:56:5d:
                    48:d9:fb:bc:70:ec:2c:4e:08:5d:1f:db:1e:ce:0c:
                    29:6c:53:c8:58:c2:d4:25:93:ab:66:ce:be:35:95:
                    f7:87:18:78:a5:22:3b:a6:30:0d:7a:d9:4b:b0:e8:
                    6c:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:EB:AB:81:57:D3:0F:BA:4A:B1:FD:15:DD:B1:1D:25:D2:B1:34:60
            X509v3 Authority Key Identifier:
                keyid:17:52:6C:CA:C4:F9:06:4E:05:85:49:B3:01:72:C8:44:39:78:7F:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F1JsysT5Bk4FhUmzAXLIRDl4f7w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/1-OurgVfTD7pKsf0V3bEdJdKxNGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/c9aa81-5bfd-4535-9606-941cc6a7bad9/1/F1JsysT5Bk4FhUmzAXLIRDl4f7w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:6c:a8:bd:49:bc:e8:69:c5:83:6c:68:73:5a:6f:fa:ff:00:
         76:e1:fc:bf:10:8d:b5:12:50:f5:96:05:cc:12:00:e4:31:4d:
         e3:cd:41:2a:e0:a9:25:db:2f:7c:eb:19:14:37:d1:ee:5b:af:
         fa:d5:0b:fe:db:bc:ee:9b:9a:a8:fd:a0:da:67:c9:6b:84:4e:
         b9:00:ae:f3:26:4d:c4:4d:fc:46:b8:16:dd:a8:c5:d7:84:02:
         0d:2f:0b:1d:a5:eb:28:59:71:11:f0:10:aa:ab:ca:a6:7a:dc:
         8f:2e:4e:9d:b3:97:3c:0f:1e:d7:fb:fb:c2:88:16:cd:79:c8:
         81:83:9e:da:b3:22:3f:c7:1b:9b:04:d0:4a:a1:2b:42:ba:d3:
         cc:fd:92:75:38:dc:4e:c8:a9:b7:c5:d5:1d:e9:ea:b5:6a:b5:
         24:53:8c:e6:46:ae:14:80:88:17:9b:db:de:ad:65:55:bf:79:
         63:8b:97:b2:45:3b:5b:21:7e:46:19:e3:4b:de:a9:ab:10:b8:
         28:cf:60:5c:1b:79:f9:95:d1:d5:a8:b8:71:19:ea:b5:35:b8:
         eb:b4:0e:8a:a3:90:4f:2a:f3:3f:ab:68:c5:02:51:da:cb:f3:
         85:b9:0e:c8:6b:19:10:8e:7e:f6:11:2b:85:ed:ad:42:a1:43:
         1e:75:47:70
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzEJOrhbsqL10hQIz8UeEUSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NTI2Y2NhYzRmOTA2NGUwNTg1NDliMzAxNzJjODQ0Mzk3
ODdmYmMwHhcNMjQwMTAxMDgzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGViYWI4MTU3ZDMwZmJhNGFiMWZkMTVkZGIxMWQyNWQyYjEzNDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOo1MtfoVyDYrjavwgKXgJjR8NAX
byNvO548G9tfVy3WdEB6myRL+NjfiGcSm4olKuIsvySqJjCjAbtcV3Uh5ITvVxT9
R3rZ924DTM9ivOWAyCxGoZoWPe5RNMGtg61Gf46ku9M2zK+rgqyS9VGyToprypr1
4dQmhjk1rjDXJf6OfAc4IS1Vl+pE0gPGxCzGs5VbYjvCea0OEMf2B6UNIho7Ry4f
xjAUujpX3+SP1Q1s0+XMWxblKsSBZGhLCKRC5jI8PNgh60qci9Ge7AykVl1I2fu8
cOwsTghdH9sezgwpbFPIWMLUJZOrZs6+NZX3hxh4pSI7pjANetlLsOhs2wIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPjrq4FX0w+6SrH9Fd2xHSXSsTRgMB8GA1UdIwQY
MBaAFBdSbMrE+QZOBYVJswFyyEQ5eH+8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjFKc3lzVDVCazRGaFVtekFYTElSRGw0Zjd3LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9jOWFhODEtNWJmZC00NTM1LTk2MDYt
OTQxY2M2YTdiYWQ5LzEvMS1PdXJnVmZURDdwS3NmMFYzYkVkSmRLeE5HQS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMzUvYzlhYTgxLTViZmQtNDUzNS05NjA2LTk0MWNjNmE3YmFk
OS8xL0YxSnN5c1Q1Qms0RmhVbXpBWExJUkRsNGY3dy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAC1aVDAN
BgkqhkiG9w0BAQsFAAOCAQEALGyovUm86GnFg2xoc1pv+v8AduH8vxCNtRJQ9ZYF
zBIA5DFN481BKuCpJdsvfOsZFDfR7luv+tUL/tu87puaqP2g2mfJa4ROuQCu8yZN
xE38RrgW3ajF14QCDS8LHaXrKFlxEfAQqqvKpnrcjy5OnbOXPA8e1/v7wogWzXnI
gYOe2rMiP8cbmwTQSqErQrrTzP2SdTjcTsipt8XVHenqtWq1JFOM5kauFICIF5vb
3q1lVb95Y4uXskU7WyF+RhnjS96pqxC4KM9gXBt5+ZXR1ai4cRnqtTW467QOiqOQ
TyrzP6toxQJR2svzhbkOyGsZEI5+9hErhe2tQqFDHnVHcA==
-----END CERTIFICATE-----