Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/RfPLtW3TTDg38n4nDtW1IqKz3Hw.roa
File:                     RfPLtW3TTDg38n4nDtW1IqKz3Hw.roa (raw, json)
Hash identifier:          oPjD6hlcDCfcHSCI0jIz/5O4+OHBKsaFcEQtHGLOsdU=
Subject key identifier:   45:F3:CB:B5:6D:D3:4C:38:37:F2:7E:27:0E:D5:B5:22:A2:B3:DC:7C
Certificate issuer:       /CN=f3751cf8c3a2d36c9744c96519899945ac607820
Certificate serial:       018CC9BC9FF76A8C3C0ADE2AFC8E349B92B3
Authority key identifier: F3:75:1C:F8:C3:A2:D3:6C:97:44:C9:65:19:89:99:45:AC:60:78:20
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/83Uc-MOi02yXRMllGYmZRaxgeCA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/RfPLtW3TTDg38n4nDtW1IqKz3Hw.roa
Signing time:             Tue 02 Jan 2024 10:33:51 +0000
ROA not before:           Tue 02 Jan 2024 10:33:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203140
IP address blocks:        45.90.2.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/83Uc-MOi02yXRMllGYmZRaxgeCA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/83Uc-MOi02yXRMllGYmZRaxgeCA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/83Uc-MOi02yXRMllGYmZRaxgeCA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:9f:f7:6a:8c:3c:0a:de:2a:fc:8e:34:9b:92:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f3751cf8c3a2d36c9744c96519899945ac607820
        Validity
            Not Before: Jan  2 10:33:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45f3cbb56dd34c3837f27e270ed5b522a2b3dc7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:c4:07:b3:c0:5f:50:6a:3e:33:1d:86:d7:5c:
                    cb:ce:d1:59:b5:be:5c:01:8c:53:50:bf:d6:b8:8e:
                    3f:08:0a:de:5c:12:be:ad:be:91:fe:ed:fe:0f:7f:
                    99:43:ae:91:9e:cc:5d:97:96:cb:93:36:50:f5:09:
                    de:36:dd:a8:92:24:4d:82:a9:5d:2a:d4:94:fb:b3:
                    13:31:35:12:7c:49:ae:23:0b:e1:86:b9:f2:f2:5d:
                    db:0d:a2:60:b6:3b:0a:63:a6:07:83:c8:97:92:e6:
                    c0:27:ed:42:0e:29:31:5c:c5:a3:26:65:26:c5:87:
                    31:bc:ed:32:d9:86:dd:67:8f:68:3d:9c:ff:4d:ab:
                    02:0f:69:1a:e4:96:ef:e7:92:75:50:9a:d2:0e:7a:
                    12:9b:e9:f9:c0:ac:73:1b:f2:30:32:96:4b:86:c8:
                    9d:3e:47:3e:d1:f8:10:1e:4c:44:00:e7:57:43:53:
                    87:91:9d:53:25:87:40:a6:8b:90:db:cb:e1:e6:2f:
                    6c:e5:d0:bc:ba:c2:24:0c:31:f3:ad:7c:b3:de:f5:
                    d6:74:a9:8f:53:08:11:dd:82:17:7f:cd:4b:cb:5f:
                    f5:81:c2:ed:ae:0c:d7:9c:05:d7:7c:3e:75:b8:92:
                    73:41:ab:ff:e0:4a:3b:58:5b:49:4c:66:0a:80:c9:
                    02:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:F3:CB:B5:6D:D3:4C:38:37:F2:7E:27:0E:D5:B5:22:A2:B3:DC:7C
            X509v3 Authority Key Identifier:
                keyid:F3:75:1C:F8:C3:A2:D3:6C:97:44:C9:65:19:89:99:45:AC:60:78:20

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/83Uc-MOi02yXRMllGYmZRaxgeCA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/RfPLtW3TTDg38n4nDtW1IqKz3Hw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/08f9b4-115c-4488-b567-5cf7c0621065/1/83Uc-MOi02yXRMllGYmZRaxgeCA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.2.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b7:b1:b6:ed:9b:78:f1:72:a2:bc:15:4f:a3:6e:d2:9d:a1:86:
         c6:74:03:7a:7c:e7:d5:dc:bc:99:89:03:60:4d:a5:34:cb:bf:
         dc:2d:ec:14:18:ab:c0:f1:6e:e3:9f:e9:d2:30:76:17:f5:c8:
         12:46:9e:e7:89:bb:f9:3b:08:fa:3c:2b:31:d9:ad:1e:95:68:
         b2:af:7f:c9:84:79:4f:32:2c:97:4c:bd:b7:d8:4e:7b:95:46:
         fa:25:12:d0:4b:18:be:7d:7b:7b:8a:3b:3f:84:87:81:b2:5a:
         1d:e6:42:36:d1:26:cb:9d:33:17:b6:f9:8e:9c:6d:b4:c3:3f:
         65:00:8b:51:db:b1:54:81:52:9a:73:c1:e9:69:89:f8:84:21:
         ec:57:d8:64:8e:c6:98:bd:97:55:f7:b1:0e:a5:9a:6b:b3:8b:
         8e:11:97:8c:0d:34:eb:9b:9d:9b:10:1c:3e:f4:ab:69:c1:ed:
         a6:9e:c6:b9:cd:42:fe:e5:74:e3:91:00:0e:a8:8f:06:9d:03:
         6a:ff:06:8f:f3:d8:60:67:d4:35:53:0c:c2:0e:6b:43:b8:95:
         8a:2b:c1:49:37:cb:58:ea:15:ac:bf:07:ec:66:98:ee:18:9a:
         7d:1c:0d:0d:c8:93:0e:4a:61:84:30:fa:d4:2b:de:dd:b9:ae:
         01:35:98:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvJ/3aow8Ct4q/I40m5KzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzNzUxY2Y4YzNhMmQzNmM5NzQ0Yzk2NTE5ODk5OTQ1YWM2
MDc4MjAwHhcNMjQwMTAyMTAzMzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWYzY2JiNTZkZDM0YzM4MzdmMjdlMjcwZWQ1YjUyMmEyYjNkYzdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApsQHs8BfUGo+Mx2G11zLztFZtb5c
AYxTUL/WuI4/CAreXBK+rb6R/u3+D3+ZQ66Rnsxdl5bLkzZQ9QneNt2okiRNgqld
KtSU+7MTMTUSfEmuIwvhhrny8l3bDaJgtjsKY6YHg8iXkubAJ+1CDikxXMWjJmUm
xYcxvO0y2YbdZ49oPZz/TasCD2ka5Jbv55J1UJrSDnoSm+n5wKxzG/IwMpZLhsid
Pkc+0fgQHkxEAOdXQ1OHkZ1TJYdApouQ28vh5i9s5dC8usIkDDHzrXyz3vXWdKmP
UwgR3YIXf81Ly1/1gcLtrgzXnAXXfD51uJJzQav/4Eo7WFtJTGYKgMkCRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEXzy7Vt00w4N/J+Jw7VtSKis9x8MB8GA1UdIwQY
MBaAFPN1HPjDotNsl0TJZRmJmUWsYHggMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODNVYy1NT2kwMnlYUk1sbEdZbVpSYXhnZUNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi8wOGY5YjQtMTE1Yy00NDg4LWI1Njct
NWNmN2MwNjIxMDY1LzEvUmZQTHRXM1RURGczOG40bkR0VzFJcUt6M0h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi8wOGY5YjQtMTE1Yy00NDg4LWI1NjctNWNmN2MwNjIxMDY1
LzEvODNVYy1NT2kwMnlYUk1sbEdZbVpSYXhnZUNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVoCMA0G
CSqGSIb3DQEBCwUAA4IBAQC3sbbtm3jxcqK8FU+jbtKdoYbGdAN6fOfV3LyZiQNg
TaU0y7/cLewUGKvA8W7jn+nSMHYX9cgSRp7nibv5Owj6PCsx2a0elWiyr3/JhHlP
MiyXTL232E57lUb6JRLQSxi+fXt7ijs/hIeBslod5kI20SbLnTMXtvmOnG20wz9l
AItR27FUgVKac8HpaYn4hCHsV9hkjsaYvZdV97EOpZprs4uOEZeMDTTrm52bEBw+
9Ktpwe2mnsa5zUL+5XTjkQAOqI8GnQNq/waP89hgZ9Q1UwzCDmtDuJWKK8FJN8tY
6hWsvwfsZpjuGJp9HA0NyJMOSmGEMPrUK97dua4BNZg3
-----END CERTIFICATE-----