Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/lFZ_h7pu05JCo4TD40p3VfQxNH8.roa
File:                     lFZ_h7pu05JCo4TD40p3VfQxNH8.roa (raw, json)
Hash identifier:          tsBJ1XRi49cE2tS529Ec1dChUEzG1goYAWFsYqv/ylM=
Subject key identifier:   94:56:7F:87:BA:6E:D3:92:42:A3:84:C3:E3:4A:77:55:F4:31:34:7F
Certificate issuer:       /CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
Certificate serial:       018CC50046C640CD66636F0EAA8AAAB21C01
Authority key identifier: 93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/lFZ_h7pu05JCo4TD40p3VfQxNH8.roa
Signing time:             Mon 01 Jan 2024 12:29:38 +0000
ROA not before:           Mon 01 Jan 2024 12:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        45.133.104.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 04:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:46:c6:40:cd:66:63:6f:0e:aa:8a:aa:b2:1c:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93e8f4ed5dd06301c423988e786dabf51c5f5674
        Validity
            Not Before: Jan  1 12:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=94567f87ba6ed39242a384c3e34a7755f431347f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:6e:75:76:4b:e0:85:e7:98:2d:d2:d7:c6:35:
                    bd:f0:4b:52:e5:5e:ea:95:e3:f9:c4:96:3d:2e:35:
                    f3:bf:9f:36:87:ca:4f:e8:df:50:ef:93:69:08:49:
                    3c:77:25:6a:7b:5b:4c:8c:f6:c6:70:6b:e9:6d:11:
                    fa:30:d4:a1:dc:a0:7c:a3:c9:36:eb:90:3a:49:15:
                    6a:5d:6c:19:6f:21:94:8c:3f:43:b9:0c:77:85:15:
                    6e:91:76:fa:a4:31:bf:eb:02:7e:d7:f2:8c:ce:de:
                    11:cd:01:de:72:f1:59:2e:97:31:b0:c3:05:33:50:
                    89:ba:9e:cc:c1:89:a7:7c:9e:f0:83:64:6c:00:74:
                    51:1f:0c:c8:4d:f1:6c:95:bd:a5:a6:3f:d8:f9:3e:
                    cf:96:61:47:1d:19:da:73:a7:22:f5:9c:5f:6a:90:
                    6b:f9:d9:7b:13:65:4a:5d:70:5c:8a:b2:1f:05:21:
                    09:cc:05:20:41:50:cb:a2:ec:76:2e:b2:5c:c1:48:
                    8c:60:9a:1e:6f:fa:52:28:0d:bf:00:da:72:d3:08:
                    2b:84:7a:07:00:05:8e:e3:10:7b:b7:70:fe:4b:d3:
                    e3:36:34:15:d7:84:0e:89:c1:ff:58:29:c9:32:90:
                    fb:91:d4:98:fc:03:56:9b:96:2c:39:9b:4a:eb:ae:
                    6b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:56:7F:87:BA:6E:D3:92:42:A3:84:C3:E3:4A:77:55:F4:31:34:7F
            X509v3 Authority Key Identifier:
                keyid:93:E8:F4:ED:5D:D0:63:01:C4:23:98:8E:78:6D:AB:F5:1C:5F:56:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k-j07V3QYwHEI5iOeG2r9RxfVnQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/lFZ_h7pu05JCo4TD40p3VfQxNH8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/a78979-dd24-4be7-8194-1fc19ea73a2a/1/k-j07V3QYwHEI5iOeG2r9RxfVnQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:1f:24:83:f6:0b:f6:51:4d:d9:45:0b:86:08:4c:49:a7:43:
         53:73:bf:8c:df:14:1d:86:b2:01:02:79:f0:8e:cc:08:e9:23:
         bc:f3:5d:fb:3a:ff:59:12:20:3a:b0:1d:3c:45:a1:13:85:55:
         56:a5:6e:85:0b:a3:31:65:b8:04:5c:04:b3:2c:2f:25:0a:10:
         7d:1b:11:5f:f1:a2:e3:32:c1:0c:23:fa:aa:6a:eb:0f:e9:25:
         d4:09:c1:17:30:82:83:13:19:1a:4b:f6:e5:35:8e:dc:c3:c4:
         a5:e0:dd:23:1a:94:8d:a0:75:7e:b1:f0:21:dd:1a:6b:cc:5b:
         00:32:ee:ac:45:83:da:e9:7c:97:60:90:55:3d:d5:30:2f:8f:
         ef:cd:22:bc:fe:64:4a:0a:0e:50:47:c2:ca:2b:3f:42:f0:c8:
         bf:fc:9e:dc:f0:ff:fd:c0:68:1f:1f:75:87:08:18:28:0d:b4:
         7b:2c:de:1e:e2:d7:16:77:c7:27:20:fb:d5:dc:1e:31:f5:03:
         80:80:ce:c8:f1:a5:41:d6:3f:61:26:f5:ff:4b:13:72:ee:74:
         40:30:c7:38:29:f9:17:2a:59:ac:6c:21:e0:ad:45:55:31:81:
         aa:0f:94:b0:39:64:61:d8:81:f7:a8:f5:5e:7d:35:cf:cb:ce:
         e2:21:32:72
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAEbGQM1mY28OqoqqshwBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzZThmNGVkNWRkMDYzMDFjNDIzOTg4ZTc4NmRhYmY1MWM1
ZjU2NzQwHhcNMjQwMTAxMTIyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDU2N2Y4N2JhNmVkMzkyNDJhMzg0YzNlMzRhNzc1NWY0MzEzNDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoW51dkvgheeYLdLXxjW98EtS5V7q
leP5xJY9LjXzv582h8pP6N9Q75NpCEk8dyVqe1tMjPbGcGvpbRH6MNSh3KB8o8k2
65A6SRVqXWwZbyGUjD9DuQx3hRVukXb6pDG/6wJ+1/KMzt4RzQHecvFZLpcxsMMF
M1CJup7MwYmnfJ7wg2RsAHRRHwzITfFslb2lpj/Y+T7PlmFHHRnac6ci9ZxfapBr
+dl7E2VKXXBcirIfBSEJzAUgQVDLoux2LrJcwUiMYJoeb/pSKA2/ANpy0wgrhHoH
AAWO4xB7t3D+S9PjNjQV14QOicH/WCnJMpD7kdSY/ANWm5YsOZtK665rZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRWf4e6btOSQqOEw+NKd1X0MTR/MB8GA1UdIwQY
MBaAFJPo9O1d0GMBxCOYjnhtq/UcX1Z0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQt
MWZjMTllYTczYTJhLzEvbEZaX2g3cHUwNUpDbzRURDQwcDNWZlF4Tkg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9hNzg5NzktZGQyNC00YmU3LTgxOTQtMWZjMTllYTczYTJh
LzEvay1qMDdWM1FZd0hFSTVpT2VHMnI5UnhmVm5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYVoMA0G
CSqGSIb3DQEBCwUAA4IBAQB+HySD9gv2UU3ZRQuGCExJp0NTc7+M3xQdhrIBAnnw
jswI6SO88137Ov9ZEiA6sB08RaEThVVWpW6FC6MxZbgEXASzLC8lChB9GxFf8aLj
MsEMI/qqausP6SXUCcEXMIKDExkaS/blNY7cw8Sl4N0jGpSNoHV+sfAh3RprzFsA
Mu6sRYPa6XyXYJBVPdUwL4/vzSK8/mRKCg5QR8LKKz9C8Mi//J7c8P/9wGgfH3WH
CBgoDbR7LN4e4tcWd8cnIPvV3B4x9QOAgM7I8aVB1j9hJvX/SxNy7nRAMMc4KfkX
KlmsbCHgrUVVMYGqD5SwOWRh2IH3qPVefTXPy87iITJy
-----END CERTIFICATE-----