Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/44/51bac7-9806-41e5-9936-7dfdacfa6511/1/6Ky9ErIkjUnv4D5IqNmsA0JmiL4.roa
File:                     6Ky9ErIkjUnv4D5IqNmsA0JmiL4.roa (raw, json)
Hash identifier:          h0PjhhxfiUYLqV+i0AF8aVRm1PgEwPt73OBcTDfuyFQ=
Subject key identifier:   E8:AC:BD:12:B2:24:8D:49:EF:E0:3E:48:A8:D9:AC:03:42:66:88:BE
Certificate issuer:       /CN=4191e5826270f49eae999d489e85deccc847738b
Certificate serial:       018CCA287A547566809694FE5FC1F1A9F375
Authority key identifier: 41:91:E5:82:62:70:F4:9E:AE:99:9D:48:9E:85:DE:CC:C8:47:73:8B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QZHlgmJw9J6umZ1InoXezMhHc4s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/44/51bac7-9806-41e5-9936-7dfdacfa6511/1/6Ky9ErIkjUnv4D5IqNmsA0JmiL4.roa
Signing time:             Tue 02 Jan 2024 12:31:39 +0000
ROA not before:           Tue 02 Jan 2024 12:31:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57763
IP address blocks:        45.90.24.0/22 maxlen: 22
                          2a06:3cc0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/44/51bac7-9806-41e5-9936-7dfdacfa6511/1/QZHlgmJw9J6umZ1InoXezMhHc4s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/44/51bac7-9806-41e5-9936-7dfdacfa6511/1/QZHlgmJw9J6umZ1InoXezMhHc4s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QZHlgmJw9J6umZ1InoXezMhHc4s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 01:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:7a:54:75:66:80:96:94:fe:5f:c1:f1:a9:f3:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4191e5826270f49eae999d489e85deccc847738b
        Validity
            Not Before: Jan  2 12:31:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e8acbd12b2248d49efe03e48a8d9ac03426688be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:a7:fb:93:c7:25:b0:5c:c8:e2:b2:1c:f3:e2:
                    60:bd:ef:20:5f:17:17:fc:48:85:af:f1:67:a6:91:
                    8b:45:09:b8:b5:fc:3e:b8:a6:a4:ef:82:2e:25:40:
                    3c:08:29:a1:c3:96:95:0c:c4:9c:c2:c3:aa:da:ee:
                    57:96:a6:9a:82:a6:44:a0:6a:01:ac:c2:dc:3f:dd:
                    a1:26:32:ce:ed:1f:7b:df:0a:e5:c6:33:8b:f2:fc:
                    92:c5:36:87:1a:e2:8c:62:d3:8b:cc:02:bf:4c:54:
                    06:2f:e8:cb:bd:e7:cb:84:e4:f6:3f:5a:92:b3:76:
                    8c:9c:ae:31:fc:af:02:1b:30:6f:12:68:bd:79:58:
                    a7:c8:4e:b2:02:5e:dd:4d:f5:54:14:5a:bd:2f:bb:
                    bd:f0:ae:79:5e:e3:08:97:46:9c:22:f1:b9:8f:13:
                    5d:0d:b3:92:e1:dc:b4:fd:68:0a:a5:5b:a8:23:89:
                    f9:ca:72:68:1b:67:67:e3:4d:c6:93:7b:ec:32:c5:
                    bf:83:2e:4b:cc:8e:8b:23:f2:68:5c:0a:5c:ea:f8:
                    70:fe:b8:e1:b5:80:2b:9d:8e:87:60:94:a6:5a:8d:
                    54:07:ab:92:86:f1:f0:91:b2:19:39:9e:c2:f1:72:
                    fe:d6:39:c7:be:b2:58:ce:d2:09:de:cc:a7:db:a4:
                    b8:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:AC:BD:12:B2:24:8D:49:EF:E0:3E:48:A8:D9:AC:03:42:66:88:BE
            X509v3 Authority Key Identifier:
                keyid:41:91:E5:82:62:70:F4:9E:AE:99:9D:48:9E:85:DE:CC:C8:47:73:8B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QZHlgmJw9J6umZ1InoXezMhHc4s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/44/51bac7-9806-41e5-9936-7dfdacfa6511/1/6Ky9ErIkjUnv4D5IqNmsA0JmiL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/44/51bac7-9806-41e5-9936-7dfdacfa6511/1/QZHlgmJw9J6umZ1InoXezMhHc4s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.24.0/22
                IPv6:
                  2a06:3cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         0a:04:10:5e:c5:89:9f:b7:35:b6:50:0e:d7:c1:f1:94:86:29:
         c0:ec:0f:b7:b9:a6:eb:9e:d5:c1:f7:40:cc:9f:20:e6:b8:52:
         2b:03:b4:96:2a:4c:72:61:67:ef:7d:d3:93:e1:49:b6:f0:13:
         95:1e:c3:c1:86:e1:33:ab:5e:d8:74:79:28:82:21:58:cd:4b:
         45:ff:c5:b4:95:bc:13:49:8c:58:55:c9:0d:ce:32:40:cc:eb:
         a9:14:25:50:ec:32:db:f1:b2:cb:05:f1:45:fb:4e:93:07:cc:
         3a:2c:be:b6:f7:7b:17:16:dd:45:87:ef:7e:61:5e:76:c4:1b:
         52:81:63:cc:0e:49:33:a1:24:63:93:bc:bb:dc:91:cb:8f:bf:
         77:76:e4:3d:24:f7:54:47:11:3e:0a:f2:5d:2f:78:91:77:0c:
         eb:a1:5c:a5:09:9e:f6:87:0e:cf:13:b4:62:21:88:6f:a5:ea:
         c1:aa:db:94:33:83:ad:b2:56:aa:dd:22:8c:55:df:a4:d4:e1:
         f9:f0:ca:d9:5c:4b:50:6b:c3:85:08:d5:0c:d5:b8:e0:83:2f:
         f9:0b:bc:90:7f:22:c2:39:1c:f2:d5:4c:8b:7c:cd:66:14:96:
         9f:66:6f:04:e4:21:9b:ed:01:b4:fe:64:22:4b:81:de:c3:e4:
         33:22:fc:83
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzKKHpUdWaAlpT+X8HxqfN1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxOTFlNTgyNjI3MGY0OWVhZTk5OWQ0ODllODVkZWNjYzg0
NzczOGIwHhcNMjQwMTAyMTIzMTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGFjYmQxMmIyMjQ4ZDQ5ZWZlMDNlNDhhOGQ5YWMwMzQyNjY4OGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6f7k8clsFzI4rIc8+Jgve8gXxcX
/EiFr/FnppGLRQm4tfw+uKak74IuJUA8CCmhw5aVDMScwsOq2u5XlqaagqZEoGoB
rMLcP92hJjLO7R973wrlxjOL8vySxTaHGuKMYtOLzAK/TFQGL+jLvefLhOT2P1qS
s3aMnK4x/K8CGzBvEmi9eVinyE6yAl7dTfVUFFq9L7u98K55XuMIl0acIvG5jxNd
DbOS4dy0/WgKpVuoI4n5ynJoG2dn403Gk3vsMsW/gy5LzI6LI/JoXApc6vhw/rjh
tYArnY6HYJSmWo1UB6uShvHwkbIZOZ7C8XL+1jnHvrJYztIJ3syn26S4kQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOisvRKyJI1J7+A+SKjZrANCZoi+MB8GA1UdIwQY
MBaAFEGR5YJicPSerpmdSJ6F3szIR3OLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVpIbGdtSnc5SjZ1bVoxSW5vWGV6TWhIYzRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NC81MWJhYzctOTgwNi00MWU1LTk5MzYt
N2RmZGFjZmE2NTExLzEvNkt5OUVySWtqVW52NEQ1SXFObXNBMEptaUw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NC81MWJhYzctOTgwNi00MWU1LTk5MzYtN2RmZGFjZmE2NTEx
LzEvUVpIbGdtSnc5SjZ1bVoxSW5vWGV6TWhIYzRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVoYMA0E
AgACMAcDBQMqBjzAMA0GCSqGSIb3DQEBCwUAA4IBAQAKBBBexYmftzW2UA7XwfGU
hinA7A+3uabrntXB90DMnyDmuFIrA7SWKkxyYWfvfdOT4Um28BOVHsPBhuEzq17Y
dHkogiFYzUtF/8W0lbwTSYxYVckNzjJAzOupFCVQ7DLb8bLLBfFF+06TB8w6LL62
93sXFt1Fh+9+YV52xBtSgWPMDkkzoSRjk7y73JHLj793duQ9JPdURxE+CvJdL3iR
dwzroVylCZ72hw7PE7RiIYhvperBqtuUM4Otslaq3SKMVd+k1OH58MrZXEtQa8OF
CNUM1bjggy/5C7yQfyLCORzy1UyLfM1mFJafZm8E5CGb7QG0/mQiS4Hew+QzIvyD
-----END CERTIFICATE-----