Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/RbidflpIM5MKtdOdC6r2WvBYK7I.roa
File:                     RbidflpIM5MKtdOdC6r2WvBYK7I.roa (raw, json)
Hash identifier:          Ty9WluS4pd1/kO3u3vGVkcpARCYhAmoI22SY+r6yKnY=
Subject key identifier:   45:B8:9D:7E:5A:48:33:93:0A:B5:D3:9D:0B:AA:F6:5A:F0:58:2B:B2
Certificate issuer:       /CN=8f3818554a51808eefb829ec7465a3222f270123
Certificate serial:       018CC801A6DF0036C8A584ADB631132A355B
Authority key identifier: 8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/RbidflpIM5MKtdOdC6r2WvBYK7I.roa
Signing time:             Tue 02 Jan 2024 02:30:00 +0000
ROA not before:           Tue 02 Jan 2024 02:30:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196914
IP address blocks:        84.47.148.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:a6:df:00:36:c8:a5:84:ad:b6:31:13:2a:35:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f3818554a51808eefb829ec7465a3222f270123
        Validity
            Not Before: Jan  2 02:30:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=45b89d7e5a4833930ab5d39d0baaf65af0582bb2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:83:82:31:0a:48:fc:2b:d9:24:20:1d:b2:1c:
                    d5:b8:fa:61:10:1f:63:78:ad:a4:1c:ef:23:4e:4c:
                    29:6e:79:53:3c:9b:90:cd:e4:21:41:e1:48:67:94:
                    7e:1c:e0:d9:60:81:19:97:a1:f6:9d:f3:75:dc:31:
                    4e:05:88:c4:1d:49:7e:5c:3a:85:32:ee:9e:2f:eb:
                    f6:17:02:f7:f1:7d:21:d7:1f:18:66:59:21:5e:18:
                    8c:13:3a:d0:37:56:7d:b3:ce:f9:c4:8b:77:a5:23:
                    79:4e:00:35:e5:9b:65:3c:60:09:fa:e6:88:7b:d3:
                    d2:d9:b1:37:9a:9f:50:c7:45:e1:a5:ae:d4:d3:8f:
                    19:ee:ab:bc:a0:8b:f8:11:8a:91:ca:7c:83:b2:e8:
                    ae:29:a1:da:aa:09:9d:55:4b:22:82:e1:2c:fe:fb:
                    f3:a0:30:ab:a4:1b:c5:6b:b2:85:ca:e5:d5:aa:23:
                    98:94:ab:db:58:42:45:e3:76:ad:f5:be:4d:76:a5:
                    ba:ed:d9:71:83:1e:6b:b2:23:c4:2f:eb:c9:7c:25:
                    3c:36:b6:50:70:a1:b6:63:94:aa:c3:83:a2:d2:47:
                    00:e8:e1:f5:fa:73:7f:fb:86:cb:52:60:63:99:4d:
                    e5:d2:b7:ea:9f:2e:a4:c7:4c:2d:3b:a8:22:84:5b:
                    00:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:B8:9D:7E:5A:48:33:93:0A:B5:D3:9D:0B:AA:F6:5A:F0:58:2B:B2
            X509v3 Authority Key Identifier:
                keyid:8F:38:18:55:4A:51:80:8E:EF:B8:29:EC:74:65:A3:22:2F:27:01:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jzgYVUpRgI7vuCnsdGWjIi8nASM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/RbidflpIM5MKtdOdC6r2WvBYK7I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/09dba4-1c93-49d6-8888-bfb4ba30e45a/1/jzgYVUpRgI7vuCnsdGWjIi8nASM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.47.148.0/23

    Signature Algorithm: sha256WithRSAEncryption
         32:fe:2e:6d:3a:30:60:f5:c4:7d:61:cd:2c:e8:bf:dc:2e:16:
         c4:f8:f8:d3:aa:40:e1:8d:0f:b1:56:30:bb:c4:53:7c:39:05:
         5d:3e:27:f5:99:5b:89:f8:7e:46:00:d0:2a:7c:0a:56:85:89:
         ff:79:51:8c:98:d1:c5:c1:fd:d4:94:ea:65:2c:b5:06:27:ea:
         fd:24:57:a6:a3:55:f9:c1:81:e5:da:ef:ca:f8:06:b2:9b:ef:
         98:d0:59:aa:54:37:15:0b:ca:62:91:24:58:23:ca:c2:35:bf:
         2d:ef:33:31:74:e5:76:ee:7b:d4:b0:66:2e:af:c6:d9:9f:10:
         c7:aa:8e:cb:50:1c:e9:c6:d0:a7:d4:cc:58:b2:3f:5b:e8:03:
         da:c7:27:2f:5e:00:8e:de:73:63:3e:3d:d3:ef:ee:34:47:b4:
         6e:07:57:4a:d1:6e:57:36:b0:c5:47:63:e6:df:fc:a2:61:15:
         e0:f6:df:8f:fe:48:37:3c:33:9f:03:5d:2f:5d:a6:e7:60:9a:
         94:f3:9e:d3:61:cb:39:11:31:99:dc:70:12:e7:c2:af:d1:39:
         e9:37:88:64:34:58:da:24:9b:ee:b3:cf:56:96:7c:a1:35:39:
         7a:4f:72:12:8b:c5:c1:a2:ff:60:55:13:3c:7f:26:38:4c:90:
         24:f0:8a:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAabfADbIpYSttjETKjVbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmMzgxODU1NGE1MTgwOGVlZmI4MjllYzc0NjVhMzIyMmYy
NzAxMjMwHhcNMjQwMTAyMDIzMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NWI4OWQ3ZTVhNDgzMzkzMGFiNWQzOWQwYmFhZjY1YWYwNTgyYmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqYOCMQpI/CvZJCAdshzVuPphEB9j
eK2kHO8jTkwpbnlTPJuQzeQhQeFIZ5R+HODZYIEZl6H2nfN13DFOBYjEHUl+XDqF
Mu6eL+v2FwL38X0h1x8YZlkhXhiMEzrQN1Z9s875xIt3pSN5TgA15ZtlPGAJ+uaI
e9PS2bE3mp9Qx0Xhpa7U048Z7qu8oIv4EYqRynyDsuiuKaHaqgmdVUsiguEs/vvz
oDCrpBvFa7KFyuXVqiOYlKvbWEJF43at9b5NdqW67dlxgx5rsiPEL+vJfCU8NrZQ
cKG2Y5Sqw4Oi0kcA6OH1+nN/+4bLUmBjmU3l0rfqny6kx0wtO6gihFsAewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEW4nX5aSDOTCrXTnQuq9lrwWCuyMB8GA1UdIwQY
MBaAFI84GFVKUYCO77gp7HRloyIvJwEjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgt
YmZiNGJhMzBlNDVhLzEvUmJpZGZscElNNU1LdGRPZEM2cjJXdkJZSzdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8wOWRiYTQtMWM5My00OWQ2LTg4ODgtYmZiNGJhMzBlNDVh
LzEvanpnWVZVcFJnSTd2dUNuc2RHV2pJaThuQVNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVC+UMA0G
CSqGSIb3DQEBCwUAA4IBAQAy/i5tOjBg9cR9Yc0s6L/cLhbE+PjTqkDhjQ+xVjC7
xFN8OQVdPif1mVuJ+H5GANAqfApWhYn/eVGMmNHFwf3UlOplLLUGJ+r9JFemo1X5
wYHl2u/K+Aaym++Y0FmqVDcVC8pikSRYI8rCNb8t7zMxdOV27nvUsGYur8bZnxDH
qo7LUBzpxtCn1MxYsj9b6APaxycvXgCO3nNjPj3T7+40R7RuB1dK0W5XNrDFR2Pm
3/yiYRXg9t+P/kg3PDOfA10vXabnYJqU857TYcs5ETGZ3HAS58Kv0TnpN4hkNFja
JJvus89WlnyhNTl6T3ISi8XBov9gVRM8fyY4TJAk8IpI
-----END CERTIFICATE-----