Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/ETxn0TXg_Hk67b3_ndKMuLUMfpc.roa
File:                     ETxn0TXg_Hk67b3_ndKMuLUMfpc.roa (raw, json)
Hash identifier:          gIhauKHMzoyRBDIaxHdMhsIstSurv2aA3D1l8RSTmnI=
Subject key identifier:   11:3C:67:D1:35:E0:FC:79:3A:ED:BD:FF:9D:D2:8C:B8:B5:0C:7E:97
Certificate issuer:       /CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
Certificate serial:       018CC9BBA2EB80CDE081E8772BD69A303E3A
Authority key identifier: CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/ETxn0TXg_Hk67b3_ndKMuLUMfpc.roa
Signing time:             Tue 02 Jan 2024 10:32:46 +0000
ROA not before:           Tue 02 Jan 2024 10:32:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41202
IP address blocks:        45.144.40.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:a2:eb:80:cd:e0:81:e8:77:2b:d6:9a:30:3e:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cfcd73f82c260da87386dcf7be26d5c5445526fa
        Validity
            Not Before: Jan  2 10:32:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=113c67d135e0fc793aedbdff9dd28cb8b50c7e97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:8b:08:1b:4c:f0:40:7e:30:68:6c:a4:f4:08:
                    25:b4:46:7a:c2:6f:ef:5f:d2:83:ff:1b:99:d1:2c:
                    ab:f7:51:c3:fb:d7:e5:ac:a4:9e:a2:eb:af:40:37:
                    cf:b9:9c:3b:1f:75:e6:4a:ce:09:49:f8:69:3f:71:
                    a7:54:b8:ec:73:b4:e4:6b:94:98:5a:ec:b0:64:50:
                    21:b9:20:3b:78:2b:58:5e:d0:52:19:02:cc:e4:0e:
                    05:27:73:5a:58:4c:78:4d:f0:3f:8f:94:ab:e8:bf:
                    90:5f:7b:06:f9:b2:5e:d9:ec:e4:e5:ef:9a:f6:99:
                    ba:ec:41:0c:2f:2f:5e:41:13:a3:f9:bc:00:b2:9e:
                    7a:77:93:ca:4c:2b:60:e8:8c:65:90:da:f5:f0:ec:
                    6f:87:28:93:92:8f:2e:33:4f:e3:ee:b5:34:91:8c:
                    a3:91:51:6c:2a:c7:61:c1:9d:62:22:e5:53:2d:c5:
                    a3:68:91:46:23:2c:08:95:a8:99:4e:81:ec:47:44:
                    55:ff:9e:1a:8b:0c:3b:74:8d:7b:eb:3b:fd:81:db:
                    03:26:4c:d8:2b:c0:8e:a0:5e:53:4d:5f:7d:7a:8c:
                    a6:5a:80:b8:f5:98:97:ba:01:ba:97:44:d2:97:ca:
                    c9:85:3b:83:bc:7e:fe:65:bf:90:39:d2:79:b5:cd:
                    85:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:3C:67:D1:35:E0:FC:79:3A:ED:BD:FF:9D:D2:8C:B8:B5:0C:7E:97
            X509v3 Authority Key Identifier:
                keyid:CF:CD:73:F8:2C:26:0D:A8:73:86:DC:F7:BE:26:D5:C5:44:55:26:FA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z81z-CwmDahzhtz3vibVxURVJvo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/ETxn0TXg_Hk67b3_ndKMuLUMfpc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/40ade0-98da-4aa5-b817-6edc1b225625/1/z81z-CwmDahzhtz3vibVxURVJvo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.144.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         00:b1:7f:d2:ef:c8:9f:62:24:44:71:02:19:fb:b9:34:2e:58:
         ca:7f:05:c4:a8:2d:4b:a4:2d:6f:f4:87:b3:87:71:9d:c8:a1:
         ad:9f:a5:35:d3:72:60:5e:08:0a:ac:89:7a:03:cd:d2:cc:34:
         39:d6:63:57:40:88:4c:58:9a:03:af:bf:6b:bd:be:eb:f4:69:
         69:6c:c7:92:73:1d:42:86:50:47:3b:2b:ce:18:a7:9d:9c:48:
         c1:93:ba:8c:eb:67:b5:7e:c2:92:ae:24:9c:b4:34:55:b0:20:
         86:fd:c1:2e:84:a8:de:11:0a:a7:09:b7:b0:db:fc:fd:ec:23:
         ac:cb:ff:83:14:fd:83:e7:a0:08:52:49:cd:53:05:1f:b9:b9:
         a8:ea:f6:ea:db:ca:b1:cb:0b:b3:d3:f0:14:99:20:54:b6:55:
         26:c5:56:b0:20:f1:45:37:e6:62:a8:03:20:15:fe:47:d6:b1:
         e7:f1:01:06:db:83:64:5c:9c:8c:71:95:be:32:b3:b0:88:5f:
         0a:f6:7b:19:86:14:d7:9d:33:ed:b4:c4:e4:13:bd:db:15:55:
         53:2d:27:8d:be:66:74:69:85:30:ef:c9:57:c5:e1:9f:03:df:
         6b:2e:3a:4b:cf:76:13:04:8f:3e:29:a9:14:cc:96:0f:01:04:
         86:c5:ad:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu6LrgM3ggeh3K9aaMD46MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmY2Q3M2Y4MmMyNjBkYTg3Mzg2ZGNmN2JlMjZkNWM1NDQ1
NTI2ZmEwHhcNMjQwMTAyMTAzMjQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTNjNjdkMTM1ZTBmYzc5M2FlZGJkZmY5ZGQyOGNiOGI1MGM3ZTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4sIG0zwQH4waGyk9AgltEZ6wm/v
X9KD/xuZ0Syr91HD+9flrKSeouuvQDfPuZw7H3XmSs4JSfhpP3GnVLjsc7Tka5SY
WuywZFAhuSA7eCtYXtBSGQLM5A4FJ3NaWEx4TfA/j5Sr6L+QX3sG+bJe2ezk5e+a
9pm67EEMLy9eQROj+bwAsp56d5PKTCtg6IxlkNr18OxvhyiTko8uM0/j7rU0kYyj
kVFsKsdhwZ1iIuVTLcWjaJFGIywIlaiZToHsR0RV/54aiww7dI176zv9gdsDJkzY
K8COoF5TTV99eoymWoC49ZiXugG6l0TSl8rJhTuDvH7+Zb+QOdJ5tc2FIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBE8Z9E14Px5Ou29/53SjLi1DH6XMB8GA1UdIwQY
MBaAFM/Nc/gsJg2oc4bc974m1cVEVSb6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTct
NmVkYzFiMjI1NjI1LzEvRVR4bjBUWGdfSGs2N2IzX25kS011TFVNZnBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy80MGFkZTAtOThkYS00YWE1LWI4MTctNmVkYzFiMjI1NjI1
LzEvejgxei1Dd21EYWh6aHR6M3ZpYlZ4VVJWSnZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZAoMA0G
CSqGSIb3DQEBCwUAA4IBAQAAsX/S78ifYiREcQIZ+7k0LljKfwXEqC1LpC1v9Iez
h3GdyKGtn6U103JgXggKrIl6A83SzDQ51mNXQIhMWJoDr79rvb7r9GlpbMeScx1C
hlBHOyvOGKednEjBk7qM62e1fsKSriSctDRVsCCG/cEuhKjeEQqnCbew2/z97COs
y/+DFP2D56AIUknNUwUfubmo6vbq28qxywuz0/AUmSBUtlUmxVawIPFFN+ZiqAMg
Ff5H1rHn8QEG24NkXJyMcZW+MrOwiF8K9nsZhhTXnTPttMTkE73bFVVTLSeNvmZ0
aYUw78lXxeGfA99rLjpLz3YTBI8+KakUzJYPAQSGxa0B
-----END CERTIFICATE-----