Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/iKcM7VDIT3qoM_9t4tzwFZY4TY4.roa
File:                     iKcM7VDIT3qoM_9t4tzwFZY4TY4.roa (raw, json)
Hash identifier:          xqV7YHWmSViN8FDe4MhgFHK8cba5jx5Hh8Ja2oeH19s=
Subject key identifier:   88:A7:0C:ED:50:C8:4F:7A:A8:33:FF:6D:E2:DC:F0:15:96:38:4D:8E
Certificate issuer:       /CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
Certificate serial:       018CC3B6C6338D98974C5B9122F2AA38AD89
Authority key identifier: 11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/iKcM7VDIT3qoM_9t4tzwFZY4TY4.roa
Signing time:             Mon 01 Jan 2024 06:29:44 +0000
ROA not before:           Mon 01 Jan 2024 06:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51765
IP address blocks:        45.159.249.0/24 maxlen: 24
                          141.98.169.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:c6:33:8d:98:97:4c:5b:91:22:f2:aa:38:ad:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=11a010f87a049b6e21abed9b40983b04f3f1c7e8
        Validity
            Not Before: Jan  1 06:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=88a70ced50c84f7aa833ff6de2dcf01596384d8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:77:c6:fb:03:be:df:a1:94:d4:56:29:d6:e6:
                    99:fc:43:72:b3:65:84:4e:7c:f7:ed:df:18:dc:17:
                    86:ac:0b:b6:6a:4c:2e:17:c9:2e:ac:c8:3d:c3:e7:
                    48:0e:f5:75:7c:52:e3:fe:26:f9:90:9b:4b:30:9b:
                    75:4b:c8:0e:39:97:e5:d2:fa:bb:21:44:7f:47:ab:
                    e7:77:d3:e8:56:82:43:d6:1b:2f:ee:5b:89:2d:23:
                    e5:eb:e2:a3:19:af:23:75:4b:42:15:72:22:d2:b3:
                    f9:58:de:1c:1d:1b:c9:ed:af:6b:19:54:fb:fd:66:
                    de:4e:70:a1:17:0f:e2:54:99:e2:f3:4c:0a:1f:a1:
                    bf:08:c7:49:49:19:e9:87:fe:c1:69:52:cc:5f:e9:
                    85:d2:37:55:40:80:24:e4:9b:07:fc:ee:40:e0:4d:
                    c1:ff:1b:03:0b:90:a2:68:74:22:55:26:cb:9a:a8:
                    ec:54:7b:12:ca:af:f5:73:07:33:0a:8a:b8:6c:68:
                    0b:ad:d3:26:2d:90:fc:d7:3b:d2:67:c5:1a:7a:a1:
                    92:29:c8:62:f3:f4:c1:a0:44:ae:9b:fd:67:31:a4:
                    b0:b4:25:a5:93:ad:3b:8b:14:3b:41:2c:7d:79:35:
                    89:7d:91:51:28:95:f9:2c:dd:c8:d3:41:be:aa:7a:
                    cb:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:A7:0C:ED:50:C8:4F:7A:A8:33:FF:6D:E2:DC:F0:15:96:38:4D:8E
            X509v3 Authority Key Identifier:
                keyid:11:A0:10:F8:7A:04:9B:6E:21:AB:ED:9B:40:98:3B:04:F3:F1:C7:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EaAQ-HoEm24hq-2bQJg7BPPxx-g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/iKcM7VDIT3qoM_9t4tzwFZY4TY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/f25d7c-6677-4fdb-898e-ee7465754ff6/1/EaAQ-HoEm24hq-2bQJg7BPPxx-g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.249.0/24
                  141.98.169.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:f6:9a:18:d6:33:eb:15:51:64:3b:13:1d:00:47:4e:20:1a:
         f8:08:c8:08:c7:61:7a:87:6a:e5:f4:a2:0a:13:ef:67:97:37:
         ca:f7:d7:d5:78:df:bb:c9:fe:6d:2f:40:dc:13:a5:e5:76:46:
         db:e8:97:2b:6a:f1:80:f2:2a:84:1b:80:4d:de:30:bb:42:b7:
         fa:cd:4f:cd:5b:cc:55:58:14:14:9e:a4:ec:55:43:7d:8a:98:
         a5:00:21:b2:01:d7:d7:e8:40:58:43:e8:11:16:12:33:7e:f9:
         8c:b6:9f:7d:bd:f0:fc:3b:54:33:bd:f7:9c:e3:a7:18:4b:40:
         f7:ba:f5:e6:40:59:de:27:98:28:08:61:d6:3f:16:19:52:5f:
         0b:ae:6b:27:59:28:f6:81:49:9a:cc:cf:c3:5d:b3:78:c7:1c:
         e5:ff:92:94:60:8b:bc:b8:1e:b8:8e:49:6f:69:f6:00:7d:57:
         3b:05:a5:ae:56:7a:7e:fa:4c:09:73:fa:d6:5c:46:b1:4f:49:
         94:e3:11:85:d5:37:44:39:8e:31:af:2f:2f:75:28:7b:6b:28:
         5f:42:a8:e1:62:e2:54:18:a7:b8:d2:45:83:fb:8d:8a:15:33:
         a2:ca:85:71:30:b6:df:13:4e:85:3a:18:84:7f:d6:ff:b3:64:
         36:a0:b7:64
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDtsYzjZiXTFuRIvKqOK2JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExYTAxMGY4N2EwNDliNmUyMWFiZWQ5YjQwOTgzYjA0ZjNm
MWM3ZTgwHhcNMjQwMTAxMDYyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGE3MGNlZDUwYzg0ZjdhYTgzM2ZmNmRlMmRjZjAxNTk2Mzg0ZDhlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXfG+wO+36GU1FYp1uaZ/ENys2WE
Tnz37d8Y3BeGrAu2akwuF8kurMg9w+dIDvV1fFLj/ib5kJtLMJt1S8gOOZfl0vq7
IUR/R6vnd9PoVoJD1hsv7luJLSPl6+KjGa8jdUtCFXIi0rP5WN4cHRvJ7a9rGVT7
/WbeTnChFw/iVJni80wKH6G/CMdJSRnph/7BaVLMX+mF0jdVQIAk5JsH/O5A4E3B
/xsDC5CiaHQiVSbLmqjsVHsSyq/1cwczCoq4bGgLrdMmLZD81zvSZ8UaeqGSKchi
8/TBoESum/1nMaSwtCWlk607ixQ7QSx9eTWJfZFRKJX5LN3I00G+qnrLgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFIinDO1QyE96qDP/beLc8BWWOE2OMB8GA1UdIwQY
MBaAFBGgEPh6BJtuIavtm0CYOwTz8cfoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUt
ZWU3NDY1NzU0ZmY2LzEvaUtjTTdWRElUM3FvTV85dDR0endGWlk0VFk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi9mMjVkN2MtNjY3Ny00ZmRiLTg5OGUtZWU3NDY1NzU0ZmY2
LzEvRWFBUS1Ib0VtMjRocS0yYlFKZzdCUFB4eC1nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZ/5AwQA
jWKpMA0GCSqGSIb3DQEBCwUAA4IBAQB+9poY1jPrFVFkOxMdAEdOIBr4CMgIx2F6
h2rl9KIKE+9nlzfK99fVeN+7yf5tL0DcE6Xldkbb6JcravGA8iqEG4BN3jC7Qrf6
zU/NW8xVWBQUnqTsVUN9ipilACGyAdfX6EBYQ+gRFhIzfvmMtp99vfD8O1Qzvfec
46cYS0D3uvXmQFneJ5goCGHWPxYZUl8LrmsnWSj2gUmazM/DXbN4xxzl/5KUYIu8
uB64jklvafYAfVc7BaWuVnp++kwJc/rWXEaxT0mU4xGF1TdEOY4xry8vdSh7ayhf
QqjhYuJUGKe40kWD+42KFTOiyoVxMLbfE06FOhiEf9b/s2Q2oLdk
-----END CERTIFICATE-----