Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/_0bhTUK7PGGhGHjKwVH1Nepdkk8.roa
File:                     _0bhTUK7PGGhGHjKwVH1Nepdkk8.roa (raw, json)
Hash identifier:          2vDoRsMIMuVxX/vtWJJKexfIAi9QZEiPQYZiwtskCng=
Subject key identifier:   FF:46:E1:4D:42:BB:3C:61:A1:18:78:CA:C1:51:F5:35:EA:5D:92:4F
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018CC8DFA6DA4A104C6A324C53DEED0BC7B8
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/_0bhTUK7PGGhGHjKwVH1Nepdkk8.roa
Signing time:             Tue 02 Jan 2024 06:32:29 +0000
ROA not before:           Tue 02 Jan 2024 06:32:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     140683
IP address blocks:        45.135.237.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:a6:da:4a:10:4c:6a:32:4c:53:de:ed:0b:c7:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  2 06:32:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ff46e14d42bb3c61a11878cac151f535ea5d924f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:37:ad:c1:3b:36:66:67:52:19:3b:dd:72:68:
                    6b:7a:58:d3:b8:e3:18:39:f4:cc:d9:3c:90:e6:ec:
                    3b:5f:e3:79:4d:ce:84:23:55:1d:7b:42:4b:4e:48:
                    7b:f7:22:6b:0f:be:96:fe:29:c1:29:2a:ac:31:a3:
                    8e:32:aa:b2:4a:85:ce:dc:72:5e:86:ef:f8:e7:50:
                    98:c8:e2:99:a1:47:a6:c7:e5:56:5e:a7:b9:34:4a:
                    94:5d:08:a0:4e:2c:f2:0c:b6:eb:95:5b:e6:58:a1:
                    76:2c:92:6c:7c:11:13:ea:56:ab:43:e8:76:ac:83:
                    60:fa:d1:e5:42:fb:09:d8:bb:a2:e1:a6:45:c8:ce:
                    e3:ef:20:3a:79:ab:29:18:bb:27:48:5b:30:23:eb:
                    af:c1:b7:49:0c:a6:85:09:73:9a:a4:9b:a9:c6:dd:
                    3b:08:4a:00:cb:17:31:7d:63:b2:b6:e8:9f:ba:61:
                    35:1a:4c:79:8f:c9:e0:2b:7c:a7:e4:ae:ef:d7:44:
                    45:cd:05:c1:fd:89:f8:97:96:da:ae:3b:74:03:12:
                    b7:12:aa:d7:b8:ca:1e:a8:6f:69:28:77:5b:e1:89:
                    ad:91:be:a2:66:2e:c8:44:04:dd:ee:e7:96:56:51:
                    06:56:bd:f8:86:ac:39:51:ec:a7:ca:90:2b:f1:93:
                    50:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:46:E1:4D:42:BB:3C:61:A1:18:78:CA:C1:51:F5:35:EA:5D:92:4F
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/_0bhTUK7PGGhGHjKwVH1Nepdkk8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.237.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7a:03:29:a1:d9:8a:d0:e6:2b:eb:a0:70:08:72:65:73:c8:06:
         98:e9:ee:ff:73:55:5d:88:1c:78:99:2f:1e:ef:06:b4:89:af:
         30:55:da:8b:2e:21:ab:2f:5e:2b:02:c2:39:12:16:6c:1e:ef:
         25:87:ac:92:36:27:f2:ce:08:7e:69:69:14:34:80:4c:2a:09:
         f9:79:3c:48:e6:52:3a:6e:cc:40:d8:b3:6d:bb:19:cd:c7:d0:
         8c:37:48:31:d7:d9:15:61:7f:7c:16:ac:45:70:a4:05:c3:34:
         6a:f3:60:4c:db:50:4c:e0:b0:12:91:e8:ac:f8:c4:15:a1:69:
         85:74:f6:af:06:df:4f:03:ed:13:a6:e8:93:12:31:e1:a8:71:
         9c:41:ea:1f:dd:36:0d:6c:e0:4f:3f:05:fe:51:00:8c:3e:e1:
         51:d7:24:13:55:09:7f:eb:b9:d1:5c:ac:e6:db:41:8a:20:c5:
         ca:59:36:c3:86:d4:a3:1b:64:f8:d2:e1:c1:d4:a9:de:97:1b:
         e0:05:4f:e9:1e:ae:fc:61:03:e0:e9:5f:18:25:84:b7:fc:29:
         7b:23:3a:dd:3a:e0:bc:4f:aa:5f:8d:51:3c:c7:8e:57:68:bf:
         c7:18:e5:cf:23:2a:87:a7:7d:53:d3:c9:e4:af:da:a8:87:69:
         14:33:d6:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI36baShBMajJMU97tC8e4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMTAyMDYzMjI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjQ2ZTE0ZDQyYmIzYzYxYTExODc4Y2FjMTUxZjUzNWVhNWQ5MjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhjetwTs2ZmdSGTvdcmhreljTuOMY
OfTM2TyQ5uw7X+N5Tc6EI1Ude0JLTkh79yJrD76W/inBKSqsMaOOMqqySoXO3HJe
hu/451CYyOKZoUemx+VWXqe5NEqUXQigTizyDLbrlVvmWKF2LJJsfBET6larQ+h2
rINg+tHlQvsJ2Lui4aZFyM7j7yA6easpGLsnSFswI+uvwbdJDKaFCXOapJupxt07
CEoAyxcxfWOytuifumE1Gkx5j8ngK3yn5K7v10RFzQXB/Yn4l5barjt0AxK3EqrX
uMoeqG9pKHdb4Ymtkb6iZi7IRATd7ueWVlEGVr34hqw5UeynypAr8ZNQCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP9G4U1CuzxhoRh4ysFR9TXqXZJPMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvXzBiaFRVSzdQR0doR0hqS3dWSDFOZXBka2s4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYftMA0G
CSqGSIb3DQEBCwUAA4IBAQB6Aymh2YrQ5ivroHAIcmVzyAaY6e7/c1VdiBx4mS8e
7wa0ia8wVdqLLiGrL14rAsI5EhZsHu8lh6ySNifyzgh+aWkUNIBMKgn5eTxI5lI6
bsxA2LNtuxnNx9CMN0gx19kVYX98FqxFcKQFwzRq82BM21BM4LASkeis+MQVoWmF
dPavBt9PA+0TpuiTEjHhqHGcQeof3TYNbOBPPwX+UQCMPuFR1yQTVQl/67nRXKzm
20GKIMXKWTbDhtSjG2T40uHB1KnelxvgBU/pHq78YQPg6V8YJYS3/Cl7IzrdOuC8
T6pfjVE8x45XaL/HGOXPIyqHp31T08nkr9qoh2kUM9Ym
-----END CERTIFICATE-----