Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/z3Ui3UUpssG3bVmXTGCRNnHDcV8.roa
File:                     z3Ui3UUpssG3bVmXTGCRNnHDcV8.roa (raw, json)
Hash identifier:          jcoblLVJH+xPKNmqp/T2xPtaph4U37QverFYklTNjJM=
Subject key identifier:   CF:75:22:DD:45:29:B2:C1:B7:6D:59:97:4C:60:91:36:71:C3:71:5F
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       018D692B072C72B2C9B5BB252D96E419E8D7
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/z3Ui3UUpssG3bVmXTGCRNnHDcV8.roa
Signing time:             Fri 02 Feb 2024 09:34:04 +0000
ROA not before:           Fri 02 Feb 2024 09:34:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48347
IP address blocks:        45.142.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 15:35:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:69:2b:07:2c:72:b2:c9:b5:bb:25:2d:96:e4:19:e8:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Feb  2 09:34:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cf7522dd4529b2c1b76d59974c60913671c3715f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:19:d4:77:50:80:3d:b9:af:ed:95:3a:bc:28:
                    53:dc:f7:f1:7f:1e:47:77:5f:3a:8d:f5:f6:fc:b0:
                    12:bf:1c:ff:35:73:c3:47:4a:ab:5b:d0:36:23:8c:
                    91:06:5a:c9:b0:e0:ef:2e:45:43:ac:a5:ca:55:3f:
                    07:02:77:c9:b3:9f:fc:9f:2a:c6:73:80:a4:35:6b:
                    8e:d8:f4:85:31:95:26:35:7e:4c:d5:7b:3b:da:e6:
                    30:2c:ba:bd:f5:0e:19:0b:04:de:ab:7d:4d:ea:af:
                    23:8c:46:f7:60:7c:ce:10:6c:13:ae:fe:37:70:e3:
                    ea:44:28:8e:e5:3c:1c:7a:f9:a4:fb:a2:f9:30:55:
                    47:15:1c:ab:17:81:3d:71:9b:02:4a:92:fb:00:cc:
                    16:b8:a8:0d:07:29:ce:da:a7:1d:05:41:36:5c:87:
                    30:84:5f:9b:91:cb:2c:b2:56:42:a1:9d:ec:73:3a:
                    30:3d:44:68:c1:d0:4c:c8:21:54:e8:24:02:cc:35:
                    ae:60:11:86:49:85:fb:3b:53:cf:73:33:a8:84:1c:
                    16:ab:ff:99:56:e6:37:ca:37:2d:02:f4:49:e7:94:
                    32:b8:72:ba:6f:b0:13:4f:f9:0f:ad:8a:e5:56:17:
                    02:e3:54:db:b0:6c:e0:e5:ca:01:08:00:e7:55:21:
                    23:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:75:22:DD:45:29:B2:C1:B7:6D:59:97:4C:60:91:36:71:C3:71:5F
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/z3Ui3UUpssG3bVmXTGCRNnHDcV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:c7:07:ab:bd:7d:65:a4:ae:18:58:da:d6:0f:1d:2f:3a:64:
         4a:02:a2:d0:0c:9f:a9:80:de:ea:eb:68:96:3e:d2:b3:3c:62:
         a4:01:0b:49:bf:05:bd:da:68:79:99:c7:60:9b:ef:08:33:99:
         e7:a2:37:8a:38:df:55:24:a2:81:73:64:07:ae:9d:c9:46:9c:
         db:db:29:0e:69:3a:a0:82:bb:72:c5:23:e5:45:be:8c:a4:cf:
         00:cd:b5:3f:63:7b:59:f4:23:44:df:cb:8b:06:ce:ac:dd:4e:
         31:77:d4:40:7f:8b:8c:8f:f9:4b:8c:5d:34:6f:26:59:0d:88:
         65:00:d5:7b:1c:05:2b:ce:6c:d0:db:74:89:19:7b:73:98:44:
         8b:76:ff:1f:d3:9f:9d:23:ec:22:62:33:77:31:f1:ac:1e:f0:
         e3:20:3b:89:a9:52:46:62:f5:c1:08:39:f2:03:a9:0f:9a:52:
         33:fd:c6:27:cf:98:9b:13:0a:8a:9e:f0:b4:b8:a5:b5:26:0b:
         1b:27:dc:81:d8:6b:7e:e2:dc:78:9e:58:08:86:b5:af:f9:c4:
         05:fc:7c:89:b6:96:29:ff:b3:3d:51:1e:e9:64:b1:78:af:33:
         c2:d6:1e:c8:d5:9b:94:cc:70:05:2c:1f:90:42:d5:90:cd:ea:
         b8:62:5d:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1pKwcscrLJtbslLZbkGejXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjQwMjAyMDkzNDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjc1MjJkZDQ1MjliMmMxYjc2ZDU5OTc0YzYwOTEzNjcxYzM3MTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhnUd1CAPbmv7ZU6vChT3Pfxfx5H
d186jfX2/LASvxz/NXPDR0qrW9A2I4yRBlrJsODvLkVDrKXKVT8HAnfJs5/8nyrG
c4CkNWuO2PSFMZUmNX5M1Xs72uYwLLq99Q4ZCwTeq31N6q8jjEb3YHzOEGwTrv43
cOPqRCiO5Twcevmk+6L5MFVHFRyrF4E9cZsCSpL7AMwWuKgNBynO2qcdBUE2XIcw
hF+bkcssslZCoZ3sczowPURowdBMyCFU6CQCzDWuYBGGSYX7O1PPczOohBwWq/+Z
VuY3yjctAvRJ55QyuHK6b7ATT/kPrYrlVhcC41TbsGzg5coBCADnVSEjRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM91It1FKbLBt21Zl0xgkTZxw3FfMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvejNVaTNVVXBzc0czYlZtWFRHQ1JObkhEY1Y4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY4kMA0G
CSqGSIb3DQEBCwUAA4IBAQCgxwervX1lpK4YWNrWDx0vOmRKAqLQDJ+pgN7q62iW
PtKzPGKkAQtJvwW92mh5mcdgm+8IM5nnojeKON9VJKKBc2QHrp3JRpzb2ykOaTqg
grtyxSPlRb6MpM8AzbU/Y3tZ9CNE38uLBs6s3U4xd9RAf4uMj/lLjF00byZZDYhl
ANV7HAUrzmzQ23SJGXtzmESLdv8f05+dI+wiYjN3MfGsHvDjIDuJqVJGYvXBCDny
A6kPmlIz/cYnz5ibEwqKnvC0uKW1JgsbJ9yB2Gt+4tx4nlgIhrWv+cQF/HyJtpYp
/7M9UR7pZLF4rzPC1h7I1ZuUzHAFLB+QQtWQzeq4Yl0a
-----END CERTIFICATE-----