Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/MmiMwpeV_ik73TADPvmeD6M5xdA.roa
File:                     MmiMwpeV_ik73TADPvmeD6M5xdA.roa (raw, json)
Hash identifier:          hu2KyxNz/Nj15vcsZAthVv4rl6MIBGzIB3NuZ2ZAGNo=
Subject key identifier:   32:68:8C:C2:97:95:FE:29:3B:DD:30:03:3E:F9:9E:0F:A3:39:C5:D0
Certificate issuer:       /CN=a487782e3f70c5cd27b32f5274d0e5bc62e95caf
Certificate serial:       018CC4254737EF89FA636E1C9E001011D18D
Authority key identifier: A4:87:78:2E:3F:70:C5:CD:27:B3:2F:52:74:D0:E5:BC:62:E9:5C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pId4Lj9wxc0nsy9SdNDlvGLpXK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/MmiMwpeV_ik73TADPvmeD6M5xdA.roa
Signing time:             Mon 01 Jan 2024 08:30:26 +0000
ROA not before:           Mon 01 Jan 2024 08:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209164
IP address blocks:        45.132.52.0/22 maxlen: 24
                          2a11:ab00::/32 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/pId4Lj9wxc0nsy9SdNDlvGLpXK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/pId4Lj9wxc0nsy9SdNDlvGLpXK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pId4Lj9wxc0nsy9SdNDlvGLpXK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:47:37:ef:89:fa:63:6e:1c:9e:00:10:11:d1:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a487782e3f70c5cd27b32f5274d0e5bc62e95caf
        Validity
            Not Before: Jan  1 08:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32688cc29795fe293bdd30033ef99e0fa339c5d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a4:77:c9:cc:d1:a3:38:8d:fa:92:ee:35:dc:
                    08:7e:43:63:d8:cb:b1:95:e3:f8:03:ec:b8:6a:7f:
                    f4:93:3d:09:cb:3f:f6:95:5a:09:9f:83:d7:84:77:
                    35:9f:a7:a0:80:71:d8:a3:84:02:06:ab:ac:c6:a3:
                    c6:61:3c:5b:aa:3c:6c:91:97:fd:2d:a8:55:35:ea:
                    59:6e:bc:df:c7:d2:fd:11:f0:82:2d:20:e3:0c:bc:
                    df:42:2d:b3:27:14:b8:9d:cc:71:1f:f7:4c:8f:1a:
                    22:7d:73:e4:14:a8:85:d1:b0:9b:4f:45:3e:d7:4b:
                    03:7c:5d:b2:a7:be:be:28:08:e0:4e:25:81:95:2e:
                    a9:b2:6c:20:f0:5f:49:10:e8:67:a7:fd:c7:a4:40:
                    1d:5d:ea:27:ea:33:00:e6:c6:6c:1e:89:4e:d4:0c:
                    10:39:aa:a4:a4:7f:ad:52:3e:28:b8:84:59:cb:69:
                    c7:37:5a:1d:c5:6a:c5:7f:12:da:b9:94:b2:3c:7b:
                    e9:82:24:44:cb:cf:4c:c3:3d:f1:9c:60:6e:b0:0c:
                    4a:36:a5:a1:12:08:c8:29:93:b3:a0:d4:82:8a:c4:
                    3c:b5:d9:85:5b:48:62:02:2b:97:34:41:75:38:4d:
                    84:5e:dd:9f:8f:ec:68:5c:dc:03:1b:38:bf:57:07:
                    fa:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:68:8C:C2:97:95:FE:29:3B:DD:30:03:3E:F9:9E:0F:A3:39:C5:D0
            X509v3 Authority Key Identifier:
                keyid:A4:87:78:2E:3F:70:C5:CD:27:B3:2F:52:74:D0:E5:BC:62:E9:5C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pId4Lj9wxc0nsy9SdNDlvGLpXK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/MmiMwpeV_ik73TADPvmeD6M5xdA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/pId4Lj9wxc0nsy9SdNDlvGLpXK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.52.0/22
                IPv6:
                  2a11:ab00::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:59:97:05:e7:cf:81:6c:a6:81:49:c1:8d:52:9b:fe:74:d1:
         8b:a8:d8:14:1a:c4:8b:0a:6a:ee:88:f5:cd:17:55:fb:d3:96:
         ee:ce:6c:4d:db:53:e1:0d:0c:86:4f:7e:09:54:af:d2:3b:66:
         ae:30:d7:cf:c7:f1:c4:bd:b2:1b:8b:53:36:dc:4b:c6:9f:97:
         5c:e3:74:c7:97:b4:6e:f2:c7:3e:01:77:29:8d:a7:38:9d:fe:
         22:fb:d5:db:7a:95:1f:cb:95:54:16:5a:8b:71:a7:7c:0d:13:
         69:be:54:4d:e4:68:ac:fe:6b:cf:bd:ae:f7:fe:5d:0f:49:bd:
         25:b3:ee:67:75:b8:0c:f4:83:d8:6d:45:ba:35:c7:b4:5c:58:
         6b:0c:14:c5:01:af:a3:d0:43:8c:46:34:67:6b:8b:df:79:52:
         34:8e:62:f8:f9:58:b0:4e:c9:40:c4:b8:99:9d:26:08:c4:6a:
         18:30:46:b6:35:ec:3a:9b:37:95:ab:27:ea:8b:15:17:bc:91:
         64:5b:51:e3:3f:2a:d7:1d:76:8b:db:13:0f:89:95:63:7b:ff:
         c3:88:29:ff:0c:c9:0d:84:47:75:64:86:8c:fa:91:b9:b2:26:
         f1:28:04:7d:1b:6b:4d:30:8e:0f:60:9b:54:eb:e9:c5:68:58:
         df:bd:dc:22
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJUc374n6Y24cngAQEdGNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ODc3ODJlM2Y3MGM1Y2QyN2IzMmY1Mjc0ZDBlNWJjNjJl
OTVjYWYwHhcNMjQwMTAxMDgzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjY4OGNjMjk3OTVmZTI5M2JkZDMwMDMzZWY5OWUwZmEzMzljNWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1KR3yczRoziN+pLuNdwIfkNj2Mux
leP4A+y4an/0kz0Jyz/2lVoJn4PXhHc1n6eggHHYo4QCBqusxqPGYTxbqjxskZf9
LahVNepZbrzfx9L9EfCCLSDjDLzfQi2zJxS4ncxxH/dMjxoifXPkFKiF0bCbT0U+
10sDfF2yp76+KAjgTiWBlS6psmwg8F9JEOhnp/3HpEAdXeon6jMA5sZsHolO1AwQ
OaqkpH+tUj4ouIRZy2nHN1odxWrFfxLauZSyPHvpgiREy89Mwz3xnGBusAxKNqWh
EgjIKZOzoNSCisQ8tdmFW0hiAiuXNEF1OE2EXt2fj+xoXNwDGzi/Vwf6mQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDJojMKXlf4pO90wAz75ng+jOcXQMB8GA1UdIwQY
MBaAFKSHeC4/cMXNJ7MvUnTQ5bxi6VyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcElkNExqOXd4YzBuc3k5U2RORGx2R0xwWEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9iZWY2ZTgtODg3My00NTI5LThlNzIt
MjM4YzZkOGE0YzE3LzEvTW1pTXdwZVZfaWs3M1RBRFB2bWVENk01eGRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9iZWY2ZTgtODg3My00NTI5LThlNzItMjM4YzZkOGE0YzE3
LzEvcElkNExqOXd4YzBuc3k5U2RORGx2R0xwWEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYQ0MA0E
AgACMAcDBQAqEasAMA0GCSqGSIb3DQEBCwUAA4IBAQAqWZcF58+BbKaBScGNUpv+
dNGLqNgUGsSLCmruiPXNF1X705buzmxN21PhDQyGT34JVK/SO2auMNfPx/HEvbIb
i1M23EvGn5dc43THl7Ru8sc+AXcpjac4nf4i+9XbepUfy5VUFlqLcad8DRNpvlRN
5Gis/mvPva73/l0PSb0ls+5ndbgM9IPYbUW6Nce0XFhrDBTFAa+j0EOMRjRna4vf
eVI0jmL4+ViwTslAxLiZnSYIxGoYMEa2New6mzeVqyfqixUXvJFkW1HjPyrXHXaL
2xMPiZVje//DiCn/DMkNhEd1ZIaM+pG5sibxKAR9G2tNMI4PYJtU6+nFaFjfvdwi
-----END CERTIFICATE-----