Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/cLUJuuwo98F9cCSHwxMmlNgy1EI.roa
File:                     cLUJuuwo98F9cCSHwxMmlNgy1EI.roa (raw, json)
Hash identifier:          mmDXwbg2CJCgyOBYHe76QQfGOqQ3kQ37CJocjzyhcz0=
Subject key identifier:   70:B5:09:BA:EC:28:F7:C1:7D:70:24:87:C3:13:26:94:D8:32:D4:42
Certificate issuer:       /CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
Certificate serial:       018CC6B820A09531B6A2300B2F69F14DD2A8
Authority key identifier: 91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/cLUJuuwo98F9cCSHwxMmlNgy1EI.roa
Signing time:             Mon 01 Jan 2024 20:30:04 +0000
ROA not before:           Mon 01 Jan 2024 20:30:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200482
IP address blocks:        45.142.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 18:01:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:20:a0:95:31:b6:a2:30:0b:2f:69:f1:4d:d2:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
        Validity
            Not Before: Jan  1 20:30:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70b509baec28f7c17d702487c3132694d832d442
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e7:31:e2:93:19:e3:3c:3e:16:16:38:fe:ad:
                    48:12:d0:2d:a9:85:84:fb:78:97:44:99:c5:81:2a:
                    96:3b:19:3d:63:87:27:ae:8a:15:2a:d4:4b:20:c6:
                    88:06:69:98:ee:c8:58:b7:df:c5:0b:b4:d5:c1:6f:
                    31:d3:df:69:c1:00:03:59:b5:68:cb:c2:2e:cd:98:
                    20:03:a0:5e:ce:ca:01:a4:b5:f8:4b:2b:86:8e:d1:
                    cd:bc:9d:b0:a5:86:68:13:2a:05:35:3b:cd:eb:66:
                    72:27:81:38:84:11:83:a3:36:e6:c5:53:13:0d:17:
                    03:fc:22:3d:b8:de:b9:33:0b:82:01:02:78:d8:60:
                    c9:c3:a3:a6:ac:03:1f:03:9d:a8:bd:8d:3e:d5:18:
                    0d:ac:b4:65:a9:45:bd:49:fd:ca:70:ae:fe:93:10:
                    8f:35:ee:75:ce:15:2b:44:d3:08:4d:c3:43:7b:a0:
                    81:a1:21:ad:9a:b0:e3:e9:f9:13:57:7b:9c:a5:6e:
                    24:43:d8:2f:db:63:45:1f:09:ec:d7:b9:ce:f0:c3:
                    82:76:30:ce:2a:1b:c9:98:d8:0c:22:9f:a0:1f:2a:
                    04:3e:3c:53:79:7e:e7:e3:87:90:c0:f0:d9:a3:3e:
                    95:cd:45:0c:bc:4f:0e:48:c6:1e:04:86:88:b7:0e:
                    e1:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:B5:09:BA:EC:28:F7:C1:7D:70:24:87:C3:13:26:94:D8:32:D4:42
            X509v3 Authority Key Identifier:
                keyid:91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/cLUJuuwo98F9cCSHwxMmlNgy1EI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:85:0d:3a:f3:84:ee:6b:0e:51:43:04:f0:a2:f5:75:31:b7:
         89:6e:bd:0c:5c:7d:76:86:c1:e3:88:a1:17:68:a0:c1:42:47:
         dc:26:4c:e0:e2:c3:c0:a4:23:0b:5e:c6:96:f0:8b:fa:a1:0d:
         0c:79:91:45:62:36:81:4c:bd:05:4d:52:47:e9:69:7f:86:fe:
         b1:b2:df:65:72:ac:68:2f:02:7e:d3:da:28:62:6e:a7:c3:11:
         a9:0f:31:7b:09:e3:ee:0f:c4:b0:ed:f5:c7:72:cb:9f:c0:94:
         70:df:06:b9:72:59:f5:73:8f:3a:25:4a:d3:5b:41:df:f0:f1:
         a3:96:e5:82:4d:a2:9e:62:81:fb:78:df:74:7f:31:bc:ab:63:
         01:16:f9:24:1d:72:d4:2b:72:50:d7:51:5c:20:d6:cc:49:a6:
         a9:da:c0:b2:4a:6c:bf:7d:ca:ba:6e:f7:9d:01:65:5c:a1:9f:
         19:6c:43:e3:65:24:9e:1c:65:76:67:14:1c:19:0e:94:73:4f:
         33:27:11:3c:9b:ab:f5:2c:64:21:d8:22:78:03:8e:c4:f9:4e:
         56:4d:07:d0:2d:b6:cf:c9:b5:2c:bf:49:d0:44:44:46:85:28:
         91:e0:31:6a:cd:a8:aa:88:fa:ef:80:02:ff:66:c7:d9:b0:34:
         4c:e8:cc:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuCCglTG2ojALL2nxTdKoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDBjNzhjMzA5YTNlOTlkYzlhYjc0ZjJjZGMwNDg0ODU5
ZTc1MzAwHhcNMjQwMTAxMjAzMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGI1MDliYWVjMjhmN2MxN2Q3MDI0ODdjMzEzMjY5NGQ4MzJkNDQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+cx4pMZ4zw+FhY4/q1IEtAtqYWE
+3iXRJnFgSqWOxk9Y4cnrooVKtRLIMaIBmmY7shYt9/FC7TVwW8x099pwQADWbVo
y8IuzZggA6BezsoBpLX4SyuGjtHNvJ2wpYZoEyoFNTvN62ZyJ4E4hBGDozbmxVMT
DRcD/CI9uN65MwuCAQJ42GDJw6OmrAMfA52ovY0+1RgNrLRlqUW9Sf3KcK7+kxCP
Ne51zhUrRNMITcNDe6CBoSGtmrDj6fkTV3ucpW4kQ9gv22NFHwns17nO8MOCdjDO
KhvJmNgMIp+gHyoEPjxTeX7n44eQwPDZoz6VzUUMvE8OSMYeBIaItw7hSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHC1CbrsKPfBfXAkh8MTJpTYMtRCMB8GA1UdIwQY
MBaAFJHQx4wwmj6Z3Jq3TyzcBISFnnUwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEt
NDg1MmM4ZmY4YWYyLzEvY0xVSnV1d285OEY5Y0NTSHd4TW1sTmd5MUVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEtNDg1MmM4ZmY4YWYy
LzEva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY61MA0G
CSqGSIb3DQEBCwUAA4IBAQCbhQ0684Tuaw5RQwTwovV1MbeJbr0MXH12hsHjiKEX
aKDBQkfcJkzg4sPApCMLXsaW8Iv6oQ0MeZFFYjaBTL0FTVJH6Wl/hv6xst9lcqxo
LwJ+09ooYm6nwxGpDzF7CePuD8Sw7fXHcsufwJRw3wa5cln1c486JUrTW0Hf8PGj
luWCTaKeYoH7eN90fzG8q2MBFvkkHXLUK3JQ11FcINbMSaap2sCySmy/fcq6bved
AWVcoZ8ZbEPjZSSeHGV2ZxQcGQ6Uc08zJxE8m6v1LGQh2CJ4A47E+U5WTQfQLbbP
ybUsv0nQRERGhSiR4DFqzaiqiPrvgAL/ZsfZsDRM6MyX
-----END CERTIFICATE-----