Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/hB_bF40OQ1fP_dJH2lPdGvhynUA.roa
File:                     hB_bF40OQ1fP_dJH2lPdGvhynUA.roa (raw, json)
Hash identifier:          uO5FaYJD3D1BELoM9lwklnA7+EozF2DRcG4Xt22yHkc=
Subject key identifier:   84:1F:DB:17:8D:0E:43:57:CF:FD:D2:47:DA:53:DD:1A:F8:72:9D:40
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       018CC56E91206C1DCDA02023CC99E4620D04
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/hB_bF40OQ1fP_dJH2lPdGvhynUA.roa
Signing time:             Mon 01 Jan 2024 14:30:06 +0000
ROA not before:           Mon 01 Jan 2024 14:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44558
IP address blocks:        92.45.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:91:20:6c:1d:cd:a0:20:23:cc:99:e4:62:0d:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 14:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=841fdb178d0e4357cffdd247da53dd1af8729d40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:30:97:d0:f7:a9:d1:a4:30:aa:6f:20:1d:22:
                    40:21:7d:e6:67:f7:fe:33:a2:6f:0e:ab:35:72:9d:
                    59:88:1c:40:11:d1:15:e5:df:f9:d1:2f:20:6f:00:
                    9c:0b:9f:1f:6c:87:11:bc:44:b7:59:e9:ec:b9:2a:
                    e1:bb:e5:46:c6:e6:4a:53:9a:90:18:9a:aa:f4:b6:
                    f7:4f:18:d0:dd:0e:f6:13:e5:84:10:37:c1:2d:19:
                    54:34:e9:d6:51:31:f3:c1:26:13:5d:5b:e3:81:f3:
                    d8:a7:6b:f8:ae:07:81:5d:07:53:6a:b3:ab:fd:65:
                    11:8b:a7:13:9d:cb:41:85:78:0b:24:2b:7d:c6:ef:
                    9e:cc:37:23:50:31:72:36:88:40:f1:31:0b:57:e2:
                    0f:eb:22:90:31:04:99:80:c3:d7:9d:0d:9f:bd:a6:
                    d9:7c:e4:1c:b2:94:75:90:a4:39:d7:c6:5d:24:2a:
                    7f:51:39:74:e7:54:32:00:10:5c:93:f6:37:bb:23:
                    43:91:ea:bb:c5:de:2b:3f:28:53:9f:d9:c7:ff:71:
                    db:51:62:3b:c3:ae:cc:6c:fb:88:8c:b5:9e:3f:5d:
                    95:62:c9:f3:fc:60:5b:1d:ec:eb:87:d0:17:0f:37:
                    53:f0:46:ac:01:ee:4d:d2:d0:17:9f:6b:10:6a:9b:
                    3d:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:1F:DB:17:8D:0E:43:57:CF:FD:D2:47:DA:53:DD:1A:F8:72:9D:40
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/hB_bF40OQ1fP_dJH2lPdGvhynUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.45.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:c3:81:b4:d6:80:30:a5:2a:c9:81:f2:48:86:3a:37:25:31:
         58:70:d7:96:d2:e7:10:85:a4:34:34:a9:1c:be:b2:51:89:b3:
         62:d7:dd:c6:8f:b1:89:00:0e:d8:2a:49:be:95:b8:ef:5f:13:
         78:5f:2d:e9:c7:a3:a8:8d:ed:59:4b:cd:88:47:d6:98:ad:9f:
         9d:83:40:07:98:75:1c:cc:90:93:0b:fe:a7:b7:2c:3d:17:a9:
         1f:7a:5c:55:dc:73:25:fd:a9:df:68:35:6c:2c:79:1d:f3:95:
         08:64:cc:f5:7c:84:82:81:dd:e2:a8:b1:2d:15:4e:2e:db:38:
         53:1e:68:70:61:a8:54:ed:51:38:d1:a8:b4:7a:10:dc:5a:c6:
         00:0f:b7:8c:f1:1b:4c:f9:fc:1d:d6:26:8a:e4:33:43:c0:26:
         43:ec:78:73:ba:25:d4:b5:4f:bc:2f:d1:23:75:6b:9f:84:d8:
         64:9c:06:93:8f:ab:82:8d:b3:7f:b0:13:d1:75:07:af:32:87:
         61:86:c6:4b:ee:10:bb:ef:7b:bb:33:39:bf:83:3c:fb:06:b1:
         85:d7:0f:ce:73:21:d5:e7:a2:3c:22:19:bd:05:98:af:c4:d7:
         e2:8a:7a:9c:c6:45:0d:a7:df:b0:1c:31:27:6f:14:20:86:bd:
         ae:47:a6:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbpEgbB3NoCAjzJnkYg0EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjQwMTAxMTQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDFmZGIxNzhkMGU0MzU3Y2ZmZGQyNDdkYTUzZGQxYWY4NzI5ZDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTCX0Pep0aQwqm8gHSJAIX3mZ/f+
M6JvDqs1cp1ZiBxAEdEV5d/50S8gbwCcC58fbIcRvES3WensuSrhu+VGxuZKU5qQ
GJqq9Lb3TxjQ3Q72E+WEEDfBLRlUNOnWUTHzwSYTXVvjgfPYp2v4rgeBXQdTarOr
/WURi6cTnctBhXgLJCt9xu+ezDcjUDFyNohA8TELV+IP6yKQMQSZgMPXnQ2fvabZ
fOQcspR1kKQ518ZdJCp/UTl051QyABBck/Y3uyNDkeq7xd4rPyhTn9nH/3HbUWI7
w67MbPuIjLWeP12VYsnz/GBbHezrh9AXDzdT8EasAe5N0tAXn2sQaps9mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIQf2xeNDkNXz/3SR9pT3Rr4cp1AMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvaEJfYkY0ME9RMWZQX2RKSDJsUGRHdmh5blVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXC1kMA0G
CSqGSIb3DQEBCwUAA4IBAQBQw4G01oAwpSrJgfJIhjo3JTFYcNeW0ucQhaQ0NKkc
vrJRibNi193Gj7GJAA7YKkm+lbjvXxN4Xy3px6Ooje1ZS82IR9aYrZ+dg0AHmHUc
zJCTC/6ntyw9F6kfelxV3HMl/anfaDVsLHkd85UIZMz1fISCgd3iqLEtFU4u2zhT
HmhwYahU7VE40ai0ehDcWsYAD7eM8RtM+fwd1iaK5DNDwCZD7HhzuiXUtU+8L9Ej
dWufhNhknAaTj6uCjbN/sBPRdQevModhhsZL7hC773u7Mzm/gzz7BrGF1w/OcyHV
56I8Ihm9BZivxNfiinqcxkUNp9+wHDEnbxQghr2uR6Y5
-----END CERTIFICATE-----