Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/kTrWfNa3msz-3R4wvNCqeCiwafY.roa
File:                     kTrWfNa3msz-3R4wvNCqeCiwafY.roa (raw, json)
Hash identifier:          RYFW5b1IJiwgaww26M4wU4/o8vXk3HEi7i6+GDtnuDI=
Subject key identifier:   91:3A:D6:7C:D6:B7:9A:CC:FE:DD:1E:30:BC:D0:AA:78:28:B0:69:F6
Certificate issuer:       /CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
Certificate serial:       018CC5001250565EDA3DD0C4F8D254E866DC
Authority key identifier: 5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/kTrWfNa3msz-3R4wvNCqeCiwafY.roa
Signing time:             Mon 01 Jan 2024 12:29:25 +0000
ROA not before:           Mon 01 Jan 2024 12:29:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13335
IP address blocks:        45.89.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:12:50:56:5e:da:3d:d0:c4:f8:d2:54:e8:66:dc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5eee0d7e73084a42e4c7f7118f2383fcff369ba4
        Validity
            Not Before: Jan  1 12:29:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=913ad67cd6b79accfedd1e30bcd0aa7828b069f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f0:ae:f6:46:38:d9:08:e0:d9:32:12:4a:21:
                    98:7a:98:21:9f:b7:b5:fb:69:5c:01:11:81:42:a3:
                    00:c8:98:78:01:a8:e8:47:dd:db:82:55:6a:43:d0:
                    b3:91:31:08:7a:55:4e:95:5c:bc:c4:e0:25:a5:38:
                    0a:13:88:d1:da:5c:3d:56:19:4e:81:34:89:3e:45:
                    d4:e9:ed:59:4f:0a:1f:12:7c:5f:8f:d7:ee:39:39:
                    11:91:f8:59:13:eb:e4:56:f1:64:46:71:05:b0:73:
                    b7:0a:7a:34:97:7a:3e:32:e6:54:19:b6:93:12:1a:
                    28:13:f3:7e:94:82:45:c7:88:b9:cf:a3:1b:10:a7:
                    1a:39:b5:58:09:bf:69:af:f6:4c:0c:4f:f5:5a:c3:
                    f0:f6:fa:5f:fe:0b:b4:c3:9f:bf:94:7e:99:af:3b:
                    6d:37:03:04:48:fb:7a:2c:c1:18:bd:c8:98:26:d4:
                    bb:44:b4:18:72:04:ba:7a:59:a6:c8:95:82:51:7d:
                    0a:c6:5a:f5:3b:93:63:a8:7b:01:7d:4e:e0:96:70:
                    55:84:67:77:99:d9:71:7e:d8:19:dd:81:73:66:e1:
                    74:b3:2e:35:5f:15:a7:67:3f:88:f5:d7:24:a9:e8:
                    51:b3:f6:5b:c8:40:2c:27:cb:b2:90:2a:70:61:7a:
                    77:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:3A:D6:7C:D6:B7:9A:CC:FE:DD:1E:30:BC:D0:AA:78:28:B0:69:F6
            X509v3 Authority Key Identifier:
                keyid:5E:EE:0D:7E:73:08:4A:42:E4:C7:F7:11:8F:23:83:FC:FF:36:9B:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Xu4NfnMISkLkx_cRjyOD_P82m6Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/kTrWfNa3msz-3R4wvNCqeCiwafY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/784321-99dd-4754-b208-ddc2665646cc/1/Xu4NfnMISkLkx_cRjyOD_P82m6Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:bd:8a:5f:48:6a:b8:9e:57:a3:f4:c0:53:43:bb:cc:b6:6e:
         3f:bf:75:15:6b:7d:38:fc:fa:67:6e:53:29:0e:a9:2c:3c:9b:
         25:06:57:c0:63:34:cc:bc:bb:ce:0d:ee:71:cb:cb:b0:b5:74:
         57:bc:f2:d2:6d:d2:0f:42:db:18:4a:ec:77:68:7f:ef:5a:8d:
         24:72:30:0a:aa:75:86:57:0a:8a:8b:e1:69:71:94:15:35:05:
         e4:a9:37:65:d5:91:ab:02:22:22:19:09:7a:d8:31:b4:d0:26:
         df:a2:17:17:26:4e:52:2e:5a:70:c1:63:c0:66:52:3a:cb:a2:
         55:dc:67:f7:f0:05:e9:34:55:0d:df:f1:48:f6:2b:4b:c5:de:
         62:af:e7:e3:0c:13:e4:05:91:3a:43:91:dd:c5:03:7f:6b:e5:
         c9:94:67:92:f6:00:ae:15:50:4a:43:c1:47:80:5b:b0:ef:df:
         c7:e8:d6:f9:11:0e:1a:81:38:33:63:bc:47:48:c0:9b:d6:c0:
         7d:63:8d:91:c1:0b:68:93:e3:b5:1d:08:da:0d:db:fb:e9:95:
         94:ed:60:33:05:cb:cc:35:44:5f:02:74:ba:2a:f3:91:f8:97:
         c0:32:67:ba:aa:d9:42:db:d9:42:39:8d:73:5d:e1:e5:90:77:
         3e:dd:f9:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFABJQVl7aPdDE+NJU6GbcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlZWUwZDdlNzMwODRhNDJlNGM3ZjcxMThmMjM4M2ZjZmYz
NjliYTQwHhcNMjQwMTAxMTIyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTNhZDY3Y2Q2Yjc5YWNjZmVkZDFlMzBiY2QwYWE3ODI4YjA2OWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArfCu9kY42Qjg2TISSiGYepghn7e1
+2lcARGBQqMAyJh4AajoR93bglVqQ9CzkTEIelVOlVy8xOAlpTgKE4jR2lw9VhlO
gTSJPkXU6e1ZTwofEnxfj9fuOTkRkfhZE+vkVvFkRnEFsHO3Cno0l3o+MuZUGbaT
EhooE/N+lIJFx4i5z6MbEKcaObVYCb9pr/ZMDE/1WsPw9vpf/gu0w5+/lH6Zrztt
NwMESPt6LMEYvciYJtS7RLQYcgS6elmmyJWCUX0Kxlr1O5NjqHsBfU7glnBVhGd3
mdlxftgZ3YFzZuF0sy41XxWnZz+I9dckqehRs/ZbyEAsJ8uykCpwYXp3SwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJE61nzWt5rM/t0eMLzQqngosGn2MB8GA1UdIwQY
MBaAFF7uDX5zCEpC5Mf3EY8jg/z/NpukMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgt
ZGRjMjY2NTY0NmNjLzEva1RyV2ZOYTNtc3otM1I0d3ZOQ3FlQ2l3YWZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni83ODQzMjEtOTlkZC00NzU0LWIyMDgtZGRjMjY2NTY0NmNj
LzEvWHU0TmZuTUlTa0xreF9jUmp5T0RfUDgybTZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVkeMA0G
CSqGSIb3DQEBCwUAA4IBAQASvYpfSGq4nlej9MBTQ7vMtm4/v3UVa304/PpnblMp
DqksPJslBlfAYzTMvLvODe5xy8uwtXRXvPLSbdIPQtsYSux3aH/vWo0kcjAKqnWG
VwqKi+FpcZQVNQXkqTdl1ZGrAiIiGQl62DG00CbfohcXJk5SLlpwwWPAZlI6y6JV
3Gf38AXpNFUN3/FI9itLxd5ir+fjDBPkBZE6Q5HdxQN/a+XJlGeS9gCuFVBKQ8FH
gFuw79/H6Nb5EQ4agTgzY7xHSMCb1sB9Y42RwQtok+O1HQjaDdv76ZWU7WAzBcvM
NURfAnS6KvOR+JfAMme6qtlC29lCOY1zXeHlkHc+3fkj
-----END CERTIFICATE-----