Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/t4bwye2LMmaX6IHFCvTGIDEUKB0.roa
File:                     t4bwye2LMmaX6IHFCvTGIDEUKB0.roa (raw, json)
Hash identifier:          S0D0HcFwTPkd4YIt0UfUZsmGwEAl+MQqR8452UpWAq0=
Subject key identifier:   B7:86:F0:C9:ED:8B:32:66:97:E8:81:C5:0A:F4:C6:20:31:14:28:1D
Certificate issuer:       /CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
Certificate serial:       018CE76078DCCC1807864D5DC9B4695AC54C
Authority key identifier: 17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/t4bwye2LMmaX6IHFCvTGIDEUKB0.roa
Signing time:             Mon 08 Jan 2024 04:41:48 +0000
ROA not before:           Mon 08 Jan 2024 04:41:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.235.164.0/24 maxlen: 24
                          45.135.238.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:59:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:e7:60:78:dc:cc:18:07:86:4d:5d:c9:b4:69:5a:c5:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17d03f298180cc109f19d4b1992c7d71c56c8dcc
        Validity
            Not Before: Jan  8 04:41:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b786f0c9ed8b326697e881c50af4c6203114281d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:33:9c:ab:ad:73:00:ef:52:fd:30:f4:1a:84:
                    5c:5d:ff:4e:30:73:e2:ea:7a:e8:08:ec:b0:7a:89:
                    41:cb:f3:41:8b:04:36:e9:d0:3d:15:32:08:92:59:
                    2f:67:ec:42:7f:f9:f0:0e:30:93:ae:7c:5d:ce:88:
                    ed:87:94:1d:2d:b4:aa:cd:b6:6e:12:84:45:da:a3:
                    cf:99:cf:07:45:3b:14:1a:19:9f:89:0e:f9:14:72:
                    da:1e:a3:23:23:af:2e:f2:18:1f:01:59:c9:a3:75:
                    ae:29:30:4d:45:59:a0:34:91:a1:26:1f:04:e0:91:
                    dd:cd:f1:a0:10:61:05:74:44:b6:d4:6f:dd:89:73:
                    aa:13:da:cf:54:6a:a1:d9:22:ff:e5:1f:3e:11:e9:
                    e9:da:15:25:bd:f9:2a:e3:b6:69:61:d9:3f:81:2b:
                    d3:ab:ee:bc:11:2a:cf:59:d8:83:a7:e2:07:2b:6a:
                    6b:ef:a6:f7:b0:f1:44:0f:d7:60:e4:2d:e7:f3:d4:
                    55:94:5b:ff:09:89:50:d9:b3:34:52:4e:7f:b5:7f:
                    a4:07:69:66:b4:9d:93:2f:23:fe:45:2e:fe:8c:88:
                    c3:bb:41:49:3d:6d:9b:bb:7c:4a:00:15:3c:0d:a6:
                    88:e0:84:42:e4:1b:5d:61:4c:03:93:aa:5c:ef:0e:
                    28:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:86:F0:C9:ED:8B:32:66:97:E8:81:C5:0A:F4:C6:20:31:14:28:1D
            X509v3 Authority Key Identifier:
                keyid:17:D0:3F:29:81:80:CC:10:9F:19:D4:B1:99:2C:7D:71:C5:6C:8D:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F9A_KYGAzBCfGdSxmSx9ccVsjcw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/t4bwye2LMmaX6IHFCvTGIDEUKB0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/82e253-0177-4a20-befe-918ac6462679/1/F9A_KYGAzBCfGdSxmSx9ccVsjcw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.238.0/24
                  185.235.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:46:07:e8:e8:42:0f:05:55:7b:7e:6c:c1:12:4d:23:f8:5f:
         81:59:a0:89:cc:e6:63:09:7f:3d:ec:14:28:0b:48:21:52:2a:
         d4:d8:6e:d7:4e:c6:1d:58:23:e6:92:b0:9e:99:da:97:17:59:
         96:f4:3a:8c:56:57:86:96:58:dc:80:55:79:a1:aa:03:06:6e:
         44:30:8f:5f:b7:34:5b:2d:07:37:20:b9:57:5c:cf:05:13:12:
         c3:8f:11:97:63:a3:ec:c7:7f:ae:98:82:51:e4:84:04:e6:e7:
         a7:1d:dd:95:af:75:c2:5c:27:3e:da:09:23:5b:5e:d3:19:21:
         39:63:7b:b5:26:0a:b7:c8:ab:fa:5f:74:fe:73:e0:4c:eb:7b:
         51:f1:0c:4b:dc:6e:05:81:f3:6e:a8:e7:ec:95:d5:cc:76:ed:
         8b:14:32:f8:da:32:b9:ef:b1:fc:31:2a:89:32:6c:a8:91:58:
         bc:68:d1:7e:d5:ce:92:93:cb:e5:89:7c:43:84:46:23:52:b1:
         7b:c3:70:d5:f0:e3:5c:47:02:6f:0e:1c:a7:dd:99:a1:02:95:
         d8:bc:2b:73:83:5b:b2:68:49:74:34:45:1c:d5:23:e5:52:96:
         fd:18:6e:a6:6b:a3:09:b8:56:4e:91:49:77:3f:0b:ca:f0:8f:
         24:c9:de:68
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYznYHjczBgHhk1dybRpWsVMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZDAzZjI5ODE4MGNjMTA5ZjE5ZDRiMTk5MmM3ZDcxYzU2
YzhkY2MwHhcNMjQwMTA4MDQ0MTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzg2ZjBjOWVkOGIzMjY2OTdlODgxYzUwYWY0YzYyMDMxMTQyODFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDOcq61zAO9S/TD0GoRcXf9OMHPi
6nroCOyweolBy/NBiwQ26dA9FTIIklkvZ+xCf/nwDjCTrnxdzojth5QdLbSqzbZu
EoRF2qPPmc8HRTsUGhmfiQ75FHLaHqMjI68u8hgfAVnJo3WuKTBNRVmgNJGhJh8E
4JHdzfGgEGEFdES21G/diXOqE9rPVGqh2SL/5R8+Eenp2hUlvfkq47ZpYdk/gSvT
q+68ESrPWdiDp+IHK2pr76b3sPFED9dg5C3n89RVlFv/CYlQ2bM0Uk5/tX+kB2lm
tJ2TLyP+RS7+jIjDu0FJPW2bu3xKABU8DaaI4IRC5BtdYUwDk6pc7w4oGQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLeG8MntizJml+iBxQr0xiAxFCgdMB8GA1UdIwQY
MBaAFBfQPymBgMwQnxnUsZksfXHFbI3MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUt
OTE4YWM2NDYyNjc5LzEvdDRid3llMkxNbWFYNklIRkN2VEdJREVVS0IwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC84MmUyNTMtMDE3Ny00YTIwLWJlZmUtOTE4YWM2NDYyNjc5
LzEvRjlBX0tZR0F6QkNmR2RTeG1TeDljY1ZzamN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYfuAwQA
ueukMA0GCSqGSIb3DQEBCwUAA4IBAQC7Rgfo6EIPBVV7fmzBEk0j+F+BWaCJzOZj
CX897BQoC0ghUirU2G7XTsYdWCPmkrCemdqXF1mW9DqMVleGlljcgFV5oaoDBm5E
MI9ftzRbLQc3ILlXXM8FExLDjxGXY6Psx3+umIJR5IQE5uenHd2Vr3XCXCc+2gkj
W17TGSE5Y3u1Jgq3yKv6X3T+c+BM63tR8QxL3G4FgfNuqOfsldXMdu2LFDL42jK5
77H8MSqJMmyokVi8aNF+1c6Sk8vliXxDhEYjUrF7w3DV8ONcRwJvDhyn3ZmhApXY
vCtzg1uyaEl0NEUc1SPlUpb9GG6ma6MJuFZOkUl3PwvK8I8kyd5o
-----END CERTIFICATE-----