Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/8TnnzvzXbFo0Rf6XY4r08Iar3oc.roa
File:                     8TnnzvzXbFo0Rf6XY4r08Iar3oc.roa (raw, json)
Hash identifier:          y6ldPW4gqUk1TiDg5hR0oMImkUsM5FEN+Pcnwx3yt+0=
Subject key identifier:   F1:39:E7:CE:FC:D7:6C:5A:34:45:FE:97:63:8A:F4:F0:86:AB:DE:87
Certificate issuer:       /CN=ff44dbaca56dac319401f68a50d917f5424611ad
Certificate serial:       01907EA67DF82F9E7FCE384D5F09CE607C9D
Authority key identifier: FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/8TnnzvzXbFo0Rf6XY4r08Iar3oc.roa
Signing time:             Thu 04 Jul 2024 16:49:18 +0000
ROA not before:           Thu 04 Jul 2024 16:49:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8100
IP address blocks:        45.143.11.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Oct 2024 16:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:7e:a6:7d:f8:2f:9e:7f:ce:38:4d:5f:09:ce:60:7c:9d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff44dbaca56dac319401f68a50d917f5424611ad
        Validity
            Not Before: Jul  4 16:49:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f139e7cefcd76c5a3445fe97638af4f086abde87
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:6c:39:d0:cf:af:c3:5f:19:5e:47:6c:4f:d6:
                    d5:26:83:75:79:df:31:ed:a6:96:22:7d:e0:ed:19:
                    ab:12:35:30:ba:9f:aa:fa:98:87:53:58:1a:99:00:
                    8d:35:fd:9b:99:75:9b:b8:93:92:39:5c:d0:96:37:
                    52:8b:fd:ba:99:0a:3e:67:06:8e:59:79:84:c5:62:
                    22:8f:a0:ca:58:8a:98:67:f4:cc:dc:b7:f9:8a:de:
                    16:a8:45:17:a6:08:9d:8d:fd:35:bc:3c:ff:6c:db:
                    26:25:12:4f:e2:9c:ac:c0:2a:2a:2f:e8:2d:73:2b:
                    51:1d:27:95:c6:bb:8e:b9:0f:7b:ec:7f:31:87:90:
                    3f:e3:2f:cd:9f:09:b2:0a:3f:45:3e:20:29:43:3e:
                    80:d7:f7:da:04:ef:8e:a6:1a:b8:2e:25:3c:42:1f:
                    a7:b2:ca:aa:5f:9c:98:fd:64:3b:eb:bf:25:a4:a4:
                    70:1a:de:b9:d5:0d:42:1d:ea:86:87:91:da:8f:14:
                    29:9f:85:6f:fa:22:80:89:2c:7c:96:73:64:a2:46:
                    f9:12:e7:de:bb:fc:ef:b7:33:53:c5:1c:fa:60:02:
                    6a:89:88:32:c0:b4:ed:fb:99:6b:2f:41:30:a5:c0:
                    43:19:56:af:27:40:db:84:25:ab:66:53:1b:62:de:
                    0f:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:39:E7:CE:FC:D7:6C:5A:34:45:FE:97:63:8A:F4:F0:86:AB:DE:87
            X509v3 Authority Key Identifier:
                keyid:FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/8TnnzvzXbFo0Rf6XY4r08Iar3oc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.11.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:8f:30:23:de:ee:37:4e:0a:4e:68:9c:2a:15:ff:27:d2:f0:
         44:0b:14:19:33:b5:f8:ed:61:b4:f5:f3:40:c3:aa:0d:9d:e8:
         21:18:d9:72:cb:18:7b:79:8c:1c:6d:bc:b7:72:05:59:67:2e:
         dc:70:9e:c1:ac:ac:97:67:02:79:cc:12:bd:9a:50:d0:dc:e0:
         f0:e8:b0:36:b3:69:7b:14:90:39:74:eb:80:b5:91:2c:4c:c0:
         ba:ad:0e:4b:94:dd:cf:e5:ee:24:1c:31:02:4b:f5:03:75:65:
         3d:c3:1a:08:3a:fd:e2:6e:a9:de:19:d9:d6:df:44:e2:68:65:
         43:6f:16:48:a8:4a:84:0b:d9:e7:91:3d:de:08:15:a0:21:ab:
         ef:5a:3e:ff:c4:23:41:a1:66:f1:4a:3a:f7:76:ed:4e:55:4d:
         d3:ee:6c:dd:55:86:8d:32:98:e9:80:da:93:04:93:96:f5:cd:
         df:34:c7:46:c4:f6:d0:37:ca:eb:f1:23:29:ba:3c:54:77:f4:
         e0:94:dd:76:3a:7a:6e:2b:8c:0c:0b:e3:7c:f8:08:6e:84:61:
         9d:19:41:9b:95:fc:b6:dd:8b:8d:6f:59:25:b0:24:af:25:58:
         4d:8e:90:43:7b:25:4d:95:67:ae:a9:f5:a6:0c:e6:82:4a:76:
         00:27:ab:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZB+pn34L55/zjhNXwnOYHydMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNDRkYmFjYTU2ZGFjMzE5NDAxZjY4YTUwZDkxN2Y1NDI0
NjExYWQwHhcNMjQwNzA0MTY0OTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTM5ZTdjZWZjZDc2YzVhMzQ0NWZlOTc2MzhhZjRmMDg2YWJkZTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn2w50M+vw18ZXkdsT9bVJoN1ed8x
7aaWIn3g7RmrEjUwup+q+piHU1gamQCNNf2bmXWbuJOSOVzQljdSi/26mQo+ZwaO
WXmExWIij6DKWIqYZ/TM3Lf5it4WqEUXpgidjf01vDz/bNsmJRJP4pyswCoqL+gt
cytRHSeVxruOuQ977H8xh5A/4y/NnwmyCj9FPiApQz6A1/faBO+Ophq4LiU8Qh+n
ssqqX5yY/WQ7678lpKRwGt651Q1CHeqGh5HajxQpn4Vv+iKAiSx8lnNkokb5Eufe
u/zvtzNTxRz6YAJqiYgywLTt+5lrL0EwpcBDGVavJ0DbhCWrZlMbYt4PXQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPE5587812xaNEX+l2OK9PCGq96HMB8GA1UdIwQY
MBaAFP9E26ylbawxlAH2ilDZF/VCRhGtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4Mjct
YzVkODk1MDgxOGVjLzEvOFRubnp2elhiRm8wUmY2WFk0cjA4SWFyM29jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4MjctYzVkODk1MDgxOGVj
LzEvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY8LMA0G
CSqGSIb3DQEBCwUAA4IBAQA6jzAj3u43TgpOaJwqFf8n0vBECxQZM7X47WG09fNA
w6oNneghGNlyyxh7eYwcbby3cgVZZy7ccJ7BrKyXZwJ5zBK9mlDQ3ODw6LA2s2l7
FJA5dOuAtZEsTMC6rQ5LlN3P5e4kHDECS/UDdWU9wxoIOv3ibqneGdnW30TiaGVD
bxZIqEqEC9nnkT3eCBWgIavvWj7/xCNBoWbxSjr3du1OVU3T7mzdVYaNMpjpgNqT
BJOW9c3fNMdGxPbQN8rr8SMpujxUd/TglN12OnpuK4wMC+N8+AhuhGGdGUGblfy2
3YuNb1klsCSvJVhNjpBDeyVNlWeuqfWmDOaCSnYAJ6s/
-----END CERTIFICATE-----