Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/42db52-dca7-4fa3-9a73-1d7b229d4e3b/1/K4pJl16Zy4HBzixLmxebbQsBpaM.roa
File:                     K4pJl16Zy4HBzixLmxebbQsBpaM.roa (raw, json)
Hash identifier:          BO0da7qaAwQq8xP6ynYhr6EnrXedFqMXn2hBx53CfQE=
Subject key identifier:   2B:8A:49:97:5E:99:CB:81:C1:CE:2C:4B:9B:17:9B:6D:0B:01:A5:A3
Certificate issuer:       /CN=45aa88dc675ce5dc35574bff6290e2ae88ce082b
Certificate serial:       018CC64B7DF12DF40C58AD941A4173496D0F
Authority key identifier: 45:AA:88:DC:67:5C:E5:DC:35:57:4B:FF:62:90:E2:AE:88:CE:08:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RaqI3Gdc5dw1V0v_YpDirojOCCs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/42db52-dca7-4fa3-9a73-1d7b229d4e3b/1/K4pJl16Zy4HBzixLmxebbQsBpaM.roa
Signing time:             Mon 01 Jan 2024 18:31:25 +0000
ROA not before:           Mon 01 Jan 2024 18:31:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212196
IP address blocks:        87.239.176.0/21 maxlen: 24
                          2001:67c:2b28::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/42db52-dca7-4fa3-9a73-1d7b229d4e3b/1/RaqI3Gdc5dw1V0v_YpDirojOCCs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/42db52-dca7-4fa3-9a73-1d7b229d4e3b/1/RaqI3Gdc5dw1V0v_YpDirojOCCs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RaqI3Gdc5dw1V0v_YpDirojOCCs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:7d:f1:2d:f4:0c:58:ad:94:1a:41:73:49:6d:0f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45aa88dc675ce5dc35574bff6290e2ae88ce082b
        Validity
            Not Before: Jan  1 18:31:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2b8a49975e99cb81c1ce2c4b9b179b6d0b01a5a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:45:ae:cc:dd:d4:8d:d7:82:d3:8d:14:af:66:
                    33:fb:d8:06:c1:7e:30:2e:6d:c8:b0:af:a4:9c:52:
                    fe:aa:8f:ef:9e:18:dc:0a:92:e1:78:9f:b0:ad:f4:
                    fd:a9:35:ee:55:df:96:01:c5:4c:7e:2e:ca:cf:c4:
                    ab:f5:2e:69:4d:fa:a1:e1:fd:5e:ff:74:ad:b2:af:
                    ba:a8:c7:e5:0a:db:6c:59:ac:2a:5c:d1:2f:26:ef:
                    ca:50:06:91:07:ae:dc:63:24:56:1f:7c:7d:f8:ad:
                    79:7c:2a:af:87:0f:eb:e0:ed:71:33:d1:1b:6c:73:
                    ba:ee:16:4e:b7:55:03:c8:ac:ce:3e:3f:ef:01:3f:
                    2d:5f:03:85:a9:fc:e2:24:14:56:e8:44:c3:b8:b9:
                    ad:4e:b9:95:27:6f:75:e5:2c:fc:69:8e:2f:3e:8b:
                    94:e1:3f:93:ae:20:92:de:43:cb:b7:e7:d0:aa:c8:
                    e1:5a:09:0b:45:8c:60:0d:03:48:d0:76:aa:f8:11:
                    47:e8:d9:93:0a:8e:34:25:a6:1d:7e:a3:a7:77:56:
                    37:38:29:58:24:a8:60:3a:f4:e5:02:ec:1c:15:cf:
                    70:5b:fd:3e:a7:e0:51:a6:d0:f2:01:33:23:be:0a:
                    9c:fe:ff:ff:ab:03:a5:27:be:55:34:0e:7d:32:7c:
                    8b:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:8A:49:97:5E:99:CB:81:C1:CE:2C:4B:9B:17:9B:6D:0B:01:A5:A3
            X509v3 Authority Key Identifier:
                keyid:45:AA:88:DC:67:5C:E5:DC:35:57:4B:FF:62:90:E2:AE:88:CE:08:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RaqI3Gdc5dw1V0v_YpDirojOCCs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/42db52-dca7-4fa3-9a73-1d7b229d4e3b/1/K4pJl16Zy4HBzixLmxebbQsBpaM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/42db52-dca7-4fa3-9a73-1d7b229d4e3b/1/RaqI3Gdc5dw1V0v_YpDirojOCCs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.239.176.0/21
                IPv6:
                  2001:67c:2b28::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:e7:19:b7:9d:5a:5b:14:93:a0:b3:04:ff:8e:6d:40:0e:7e:
         88:4b:6b:47:b4:a6:72:79:3c:98:5e:ce:a3:8e:f4:48:15:4b:
         43:ad:9a:48:58:af:fa:27:dc:87:db:00:5c:44:d3:17:61:52:
         b1:7f:5c:e9:1f:72:ee:db:39:50:19:df:c2:93:44:c9:17:69:
         3a:f6:40:4d:44:1e:b3:c2:98:9b:3a:66:ca:dc:4f:ee:22:71:
         6c:9e:c0:93:50:97:e2:66:14:f1:17:54:02:e5:28:6b:dd:31:
         bb:ff:a5:51:33:f5:ae:fa:e3:14:2d:20:c2:26:2d:78:46:c0:
         29:7c:6f:7a:93:4d:d4:ca:37:ee:d7:d6:04:7e:f6:f8:21:df:
         9e:6a:ab:a8:19:16:1f:13:1d:1c:1a:a3:9f:72:c0:85:95:2f:
         26:5f:5f:77:a6:af:d9:1a:b6:be:92:e4:6b:a1:8d:16:da:b6:
         51:27:aa:0a:1e:c9:bf:4e:fd:cf:0f:2d:3d:8d:85:6e:49:2c:
         46:16:8b:f5:6a:08:fb:94:82:8f:37:bd:5f:5d:aa:8d:4e:0d:
         4a:23:ae:54:e9:d7:d6:9e:99:74:f2:62:0e:90:ee:46:1b:9c:
         b0:27:8d:6d:31:7a:63:1d:64:06:21:f8:58:2c:29:4f:96:99:
         df:97:53:ad
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzGS33xLfQMWK2UGkFzSW0PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1YWE4OGRjNjc1Y2U1ZGMzNTU3NGJmZjYyOTBlMmFlODhj
ZTA4MmIwHhcNMjQwMTAxMTgzMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjhhNDk5NzVlOTljYjgxYzFjZTJjNGI5YjE3OWI2ZDBiMDFhNWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkWuzN3UjdeC040Ur2Yz+9gGwX4w
Lm3IsK+knFL+qo/vnhjcCpLheJ+wrfT9qTXuVd+WAcVMfi7Kz8Sr9S5pTfqh4f1e
/3Stsq+6qMflCttsWawqXNEvJu/KUAaRB67cYyRWH3x9+K15fCqvhw/r4O1xM9Eb
bHO67hZOt1UDyKzOPj/vAT8tXwOFqfziJBRW6ETDuLmtTrmVJ2915Sz8aY4vPouU
4T+TriCS3kPLt+fQqsjhWgkLRYxgDQNI0Haq+BFH6NmTCo40JaYdfqOnd1Y3OClY
JKhgOvTlAuwcFc9wW/0+p+BRptDyATMjvgqc/v//qwOlJ75VNA59MnyLRQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCuKSZdemcuBwc4sS5sXm20LAaWjMB8GA1UdIwQY
MBaAFEWqiNxnXOXcNVdL/2KQ4q6IzggrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmFxSTNHZGM1ZHcxVjB2X1lwRGlyb2pPQ0NzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS80MmRiNTItZGNhNy00ZmEzLTlhNzMt
MWQ3YjIyOWQ0ZTNiLzEvSzRwSmwxNlp5NEhCeml4TG14ZWJiUXNCcGFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS80MmRiNTItZGNhNy00ZmEzLTlhNzMtMWQ3YjIyOWQ0ZTNi
LzEvUmFxSTNHZGM1ZHcxVjB2X1lwRGlyb2pPQ0NzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQDV++wMA8E
AgACMAkDBwAgAQZ8KygwDQYJKoZIhvcNAQELBQADggEBAErnGbedWlsUk6CzBP+O
bUAOfohLa0e0pnJ5PJhezqOO9EgVS0OtmkhYr/on3IfbAFxE0xdhUrF/XOkfcu7b
OVAZ38KTRMkXaTr2QE1EHrPCmJs6ZsrcT+4icWyewJNQl+JmFPEXVALlKGvdMbv/
pVEz9a764xQtIMImLXhGwCl8b3qTTdTKN+7X1gR+9vgh355qq6gZFh8THRwao59y
wIWVLyZfX3emr9katr6S5GuhjRbatlEnqgoeyb9O/c8PLT2NhW5JLEYWi/VqCPuU
go83vV9dqo1ODUojrlTp19aemXTyYg6Q7kYbnLAnjW0xemMdZAYh+FgsKU+Wmd+X
U60=
-----END CERTIFICATE-----