Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/hk0lV3u8UCz2tA84_nhzieslmuE.roa
File:                     hk0lV3u8UCz2tA84_nhzieslmuE.roa (raw, json)
Hash identifier:          r7XiNHfPPkEgisi8k0yyYed6uBOFfamsoPKcR/By1g8=
Subject key identifier:   86:4D:25:57:7B:BC:50:2C:F6:B4:0F:38:FE:78:73:89:EB:25:9A:E1
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       018E79D0B5F003B03951DBCC0EEA014C2892
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/hk0lV3u8UCz2tA84_nhzieslmuE.roa
Signing time:             Tue 26 Mar 2024 08:11:44 +0000
ROA not before:           Tue 26 Mar 2024 08:11:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215303
IP address blocks:        45.143.6.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 25 May 2024 19:03:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:79:d0:b5:f0:03:b0:39:51:db:cc:0e:ea:01:4c:28:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: Mar 26 08:11:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=864d25577bbc502cf6b40f38fe787389eb259ae1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:37:47:87:3a:6c:87:04:02:16:63:57:3d:d2:
                    5c:fb:10:20:1f:56:d6:f7:47:26:bb:8b:d2:6c:2d:
                    c6:d1:67:df:20:b3:22:b3:93:48:44:03:da:fe:0f:
                    92:6e:26:fe:e9:84:aa:d1:35:38:ca:90:02:af:ea:
                    be:f2:3d:0f:6a:70:dc:f1:69:3b:22:04:76:f8:c3:
                    4c:49:1b:fb:f5:a8:11:54:ad:f1:5e:ef:2e:d5:54:
                    6e:aa:f9:dd:de:6f:d8:5f:3a:9f:05:6b:91:de:12:
                    30:f4:cc:7a:0f:b1:c4:e8:d4:81:9f:c5:a7:d1:a4:
                    20:a2:22:1c:c0:06:ce:af:b9:df:b5:71:1b:2a:7f:
                    cd:80:29:91:a0:1b:7c:1d:ec:16:7e:1d:79:51:4d:
                    7f:3c:c0:a8:37:cc:87:62:0e:48:bb:a3:c9:2e:52:
                    b6:56:dc:d6:8c:b3:66:38:a2:af:a7:0e:ed:28:d1:
                    4e:69:54:35:a6:da:63:9a:03:1d:81:f7:e2:58:8d:
                    2c:bb:92:ef:48:45:8b:13:6f:65:24:18:b4:6c:ca:
                    a9:51:4d:d2:02:1e:70:a5:6f:2a:8b:b5:e0:ee:b3:
                    ec:55:b6:ba:07:f0:ff:48:d7:22:7b:00:d2:e9:49:
                    32:19:13:e4:27:d5:2a:ea:10:4c:ce:1e:e7:bb:4a:
                    cf:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:4D:25:57:7B:BC:50:2C:F6:B4:0F:38:FE:78:73:89:EB:25:9A:E1
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/hk0lV3u8UCz2tA84_nhzieslmuE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:87:6e:3d:fd:3a:92:68:0a:4f:3e:89:aa:07:f2:bf:c7:91:
         85:f1:f8:91:ca:6c:63:9a:bc:0a:c5:43:4a:aa:4a:e4:85:a8:
         1e:1a:0c:0d:ce:fd:57:09:ed:db:7a:f3:83:28:02:97:04:cf:
         78:22:e1:04:fe:6e:83:f3:c8:a0:86:05:1e:9f:21:cf:42:8f:
         c1:55:6a:34:a8:18:a2:e5:35:a6:20:50:eb:d1:48:72:ff:bb:
         2e:7e:ee:52:e5:4d:6c:31:56:af:c6:3d:37:29:45:39:56:a9:
         d7:2c:d5:ae:94:ee:5c:92:15:7b:5a:a7:3c:d3:08:8e:a1:c9:
         62:19:06:fa:9c:e5:9a:11:94:a5:6a:00:b2:86:f4:45:33:2a:
         6c:e5:81:26:da:70:2d:fe:64:d5:60:c3:2c:90:fe:83:1b:5a:
         43:a0:44:93:97:ff:c8:81:23:4b:7f:dd:51:7c:da:55:83:3f:
         ce:c1:4d:a6:8e:40:54:99:77:ae:a5:91:cf:ba:0b:66:d9:a8:
         04:a7:d7:be:be:af:a8:e4:58:13:b0:b1:96:23:f7:76:5d:42:
         3d:59:8d:88:3b:cd:e7:7d:81:f6:c1:fa:74:69:3d:e0:c6:84:
         e1:cb:0a:a4:d4:e6:24:a4:93:12:a6:37:4b:c6:33:5c:29:98:
         20:e2:39:3d
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAY550LXwA7A5UdvMDuoBTCiSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjQwMzI2MDgxMTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NjRkMjU1NzdiYmM1MDJjZjZiNDBmMzhmZTc4NzM4OWViMjU5YWUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnzdHhzpshwQCFmNXPdJc+xAgH1bW
90cmu4vSbC3G0WffILMis5NIRAPa/g+Sbib+6YSq0TU4ypACr+q+8j0PanDc8Wk7
IgR2+MNMSRv79agRVK3xXu8u1VRuqvnd3m/YXzqfBWuR3hIw9Mx6D7HE6NSBn8Wn
0aQgoiIcwAbOr7nftXEbKn/NgCmRoBt8HewWfh15UU1/PMCoN8yHYg5Iu6PJLlK2
VtzWjLNmOKKvpw7tKNFOaVQ1ptpjmgMdgffiWI0su5LvSEWLE29lJBi0bMqpUU3S
Ah5wpW8qi7Xg7rPsVba6B/D/SNciewDS6UkyGRPkJ9Uq6hBMzh7nu0rPlwIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFIZNJVd7vFAs9rQPOP54c4nrJZrhMB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xL2hrMGxWM3U4VUN6MnRBODRfbmh6aWVzbG11RS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtjwYw
DQYJKoZIhvcNAQELBQADggEBAHyHbj39OpJoCk8+iaoH8r/HkYXx+JHKbGOavArF
Q0qqSuSFqB4aDA3O/VcJ7dt684MoApcEz3gi4QT+boPzyKCGBR6fIc9Cj8FVajSo
GKLlNaYgUOvRSHL/uy5+7lLlTWwxVq/GPTcpRTlWqdcs1a6U7lySFXtapzzTCI6h
yWIZBvqc5ZoRlKVqALKG9EUzKmzlgSbacC3+ZNVgwyyQ/oMbWkOgRJOX/8iBI0t/
3VF82lWDP87BTaaOQFSZd66lkc+6C2bZqASn176+r6jkWBOwsZYj93ZdQj1ZjYg7
zed9gfbB+nRpPeDGhOHLCqTU5iSkkxKmN0vGM1wpmCDiOT0=
-----END CERTIFICATE-----