Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/33bec5-6ad5-4e80-bf58-52ca2a9d514b/1/vXiXqFTHkxigMYnUirfwZI2gL9U.roa
File:                     vXiXqFTHkxigMYnUirfwZI2gL9U.roa (raw, json)
Hash identifier:          2tZI4nwuGWR3/gflq0kFrrK9P02MeUMKNITXIdpkZ7k=
Subject key identifier:   BD:78:97:A8:54:C7:93:18:A0:31:89:D4:8A:B7:F0:64:8D:A0:2F:D5
Certificate issuer:       /CN=2e407eb764e083855a2581308f341d5ba7d8b247
Certificate serial:       018D5A64D422CBDE1C6E46C282D393AA1023
Authority key identifier: 2E:40:7E:B7:64:E0:83:85:5A:25:81:30:8F:34:1D:5B:A7:D8:B2:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LkB-t2Tgg4VaJYEwjzQdW6fYskc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/33bec5-6ad5-4e80-bf58-52ca2a9d514b/1/vXiXqFTHkxigMYnUirfwZI2gL9U.roa
Signing time:             Tue 30 Jan 2024 12:42:53 +0000
ROA not before:           Tue 30 Jan 2024 12:42:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49223
IP address blocks:        45.90.176.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/33bec5-6ad5-4e80-bf58-52ca2a9d514b/1/LkB-t2Tgg4VaJYEwjzQdW6fYskc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/33bec5-6ad5-4e80-bf58-52ca2a9d514b/1/LkB-t2Tgg4VaJYEwjzQdW6fYskc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LkB-t2Tgg4VaJYEwjzQdW6fYskc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5a:64:d4:22:cb:de:1c:6e:46:c2:82:d3:93:aa:10:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e407eb764e083855a2581308f341d5ba7d8b247
        Validity
            Not Before: Jan 30 12:42:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bd7897a854c79318a03189d48ab7f0648da02fd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:83:3a:f4:de:4e:bb:b8:a1:3b:76:3b:f6:d0:
                    12:26:99:8c:06:2e:86:88:dc:26:09:8e:49:51:6c:
                    84:a7:37:f6:e3:7e:23:56:e0:5b:b1:a2:70:4b:a9:
                    0e:b4:8b:96:4f:bf:07:59:bf:83:d4:36:03:b8:5f:
                    31:3b:76:8b:4a:44:1e:0d:ea:0f:ea:26:20:6a:0e:
                    15:37:4e:4f:2c:1c:65:56:9d:a1:ed:41:cf:4f:76:
                    8a:a2:39:c1:db:09:d7:21:65:d6:27:88:c9:e5:78:
                    64:d4:68:1a:e5:f5:07:2c:eb:a4:93:fe:26:6b:92:
                    0d:41:4e:1a:d1:65:e3:fc:fd:ab:7b:5e:50:98:ca:
                    67:67:d7:c6:05:11:1c:4b:35:2b:c0:dd:ce:d0:52:
                    6b:f5:58:df:95:9f:fb:ce:30:92:cd:e9:52:6e:8e:
                    e2:a4:ea:01:c2:d9:4e:f1:7b:62:c5:0d:38:84:8e:
                    ba:be:e5:e1:00:c1:75:8c:ad:75:74:54:4d:74:bd:
                    27:2b:46:48:6e:c6:f7:b7:2b:ad:f3:cb:03:82:40:
                    25:19:4d:f9:77:e4:33:23:f3:18:b7:c1:0b:36:b7:
                    02:bb:45:cd:d8:bd:c4:42:8a:5e:64:b3:bf:82:5e:
                    d5:79:95:ec:80:f6:a2:13:ba:dc:59:15:3c:7e:de:
                    10:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:78:97:A8:54:C7:93:18:A0:31:89:D4:8A:B7:F0:64:8D:A0:2F:D5
            X509v3 Authority Key Identifier:
                keyid:2E:40:7E:B7:64:E0:83:85:5A:25:81:30:8F:34:1D:5B:A7:D8:B2:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LkB-t2Tgg4VaJYEwjzQdW6fYskc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/33bec5-6ad5-4e80-bf58-52ca2a9d514b/1/vXiXqFTHkxigMYnUirfwZI2gL9U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/33bec5-6ad5-4e80-bf58-52ca2a9d514b/1/LkB-t2Tgg4VaJYEwjzQdW6fYskc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:bb:22:a1:73:ab:f5:60:8e:b2:36:50:b5:76:6d:fe:ee:55:
         bf:8c:d4:99:3e:43:44:08:e7:ce:5a:a7:97:31:96:ae:af:95:
         58:f0:9f:b7:d3:31:66:66:35:48:4f:e1:cd:df:13:f5:60:4b:
         b2:08:3c:76:69:61:ca:e7:52:11:1b:d3:ad:6c:e6:54:b7:77:
         a0:b4:4e:c2:f1:be:26:f1:3d:e8:67:3e:82:ad:77:5e:df:60:
         78:b2:09:3e:42:73:ff:ad:2d:70:a1:f7:c8:12:e8:f2:1b:fb:
         d7:06:6c:69:03:cc:54:67:7e:11:50:cb:0a:c8:5c:3c:14:72:
         2f:08:27:42:24:6b:15:a0:5a:41:16:9f:e1:93:d6:88:0e:c2:
         e5:63:a2:83:c5:2e:05:eb:56:29:6d:99:df:3c:57:5a:d8:e1:
         06:49:6a:75:e8:aa:f6:67:75:84:41:a8:8a:46:f3:50:ca:af:
         26:da:96:29:84:c3:c9:dd:a2:fc:55:bf:e7:62:bd:a1:d9:e6:
         11:62:05:27:1a:66:a7:aa:70:f2:68:18:65:28:e9:a9:6b:39:
         5f:de:d7:7a:39:ba:20:a0:37:09:f2:96:84:84:e6:84:7f:e3:
         7f:53:b5:60:4c:64:7c:93:87:7e:21:2b:95:5d:62:e1:03:a5:
         e3:fd:5c:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1aZNQiy94cbkbCgtOTqhAjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNDA3ZWI3NjRlMDgzODU1YTI1ODEzMDhmMzQxZDViYTdk
OGIyNDcwHhcNMjQwMTMwMTI0MjUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDc4OTdhODU0Yzc5MzE4YTAzMTg5ZDQ4YWI3ZjA2NDhkYTAyZmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4M69N5Ou7ihO3Y79tASJpmMBi6G
iNwmCY5JUWyEpzf2434jVuBbsaJwS6kOtIuWT78HWb+D1DYDuF8xO3aLSkQeDeoP
6iYgag4VN05PLBxlVp2h7UHPT3aKojnB2wnXIWXWJ4jJ5Xhk1Gga5fUHLOukk/4m
a5INQU4a0WXj/P2re15QmMpnZ9fGBREcSzUrwN3O0FJr9VjflZ/7zjCSzelSbo7i
pOoBwtlO8XtixQ04hI66vuXhAMF1jK11dFRNdL0nK0ZIbsb3tyut88sDgkAlGU35
d+QzI/MYt8ELNrcCu0XN2L3EQopeZLO/gl7VeZXsgPaiE7rcWRU8ft4QvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL14l6hUx5MYoDGJ1Iq38GSNoC/VMB8GA1UdIwQY
MBaAFC5Afrdk4IOFWiWBMI80HVun2LJHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGtCLXQyVGdnNFZhSllFd2p6UWRXNmZZc2tjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zM2JlYzUtNmFkNS00ZTgwLWJmNTgt
NTJjYTJhOWQ1MTRiLzEvdlhpWHFGVEhreGlnTVluVWlyZndaSTJnTDlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zM2JlYzUtNmFkNS00ZTgwLWJmNTgtNTJjYTJhOWQ1MTRi
LzEvTGtCLXQyVGdnNFZhSllFd2p6UWRXNmZZc2tjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVqwMA0G
CSqGSIb3DQEBCwUAA4IBAQBQuyKhc6v1YI6yNlC1dm3+7lW/jNSZPkNECOfOWqeX
MZaur5VY8J+30zFmZjVIT+HN3xP1YEuyCDx2aWHK51IRG9OtbOZUt3egtE7C8b4m
8T3oZz6CrXde32B4sgk+QnP/rS1woffIEujyG/vXBmxpA8xUZ34RUMsKyFw8FHIv
CCdCJGsVoFpBFp/hk9aIDsLlY6KDxS4F61YpbZnfPFda2OEGSWp16Kr2Z3WEQaiK
RvNQyq8m2pYphMPJ3aL8Vb/nYr2h2eYRYgUnGmanqnDyaBhlKOmpazlf3td6Obog
oDcJ8paEhOaEf+N/U7VgTGR8k4d+ISuVXWLhA6Xj/VxG
-----END CERTIFICATE-----