Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/b4ad85-16a8-487a-8a77-8852a532ad45/1/Tw9j_v_XmiW6OLRNQmWCBqIkYTg.roa
File:                     Tw9j_v_XmiW6OLRNQmWCBqIkYTg.roa (raw, json)
Hash identifier:          I3F3YvhnePUqktpuD12+anlZyHrnV997YS7sAIJUIpk=
Subject key identifier:   4F:0F:63:FE:FF:D7:9A:25:BA:38:B4:4D:42:65:82:06:A2:24:61:38
Certificate issuer:       /CN=a37244348e71ec1be5f5007c8d5efe7125920722
Certificate serial:       018DA6652174D7234E0C06D75D11BCA78377
Authority key identifier: A3:72:44:34:8E:71:EC:1B:E5:F5:00:7C:8D:5E:FE:71:25:92:07:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/o3JENI5x7Bvl9QB8jV7-cSWSByI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/b4ad85-16a8-487a-8a77-8852a532ad45/1/Tw9j_v_XmiW6OLRNQmWCBqIkYTg.roa
Signing time:             Wed 14 Feb 2024 06:54:22 +0000
ROA not before:           Wed 14 Feb 2024 06:54:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200617
IP address blocks:        45.145.36.0/24 maxlen: 24
                          2a13:5840::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/b4ad85-16a8-487a-8a77-8852a532ad45/1/o3JENI5x7Bvl9QB8jV7-cSWSByI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/b4ad85-16a8-487a-8a77-8852a532ad45/1/o3JENI5x7Bvl9QB8jV7-cSWSByI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/o3JENI5x7Bvl9QB8jV7-cSWSByI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 23:23:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:a6:65:21:74:d7:23:4e:0c:06:d7:5d:11:bc:a7:83:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a37244348e71ec1be5f5007c8d5efe7125920722
        Validity
            Not Before: Feb 14 06:54:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4f0f63feffd79a25ba38b44d42658206a2246138
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:a9:cf:45:85:c9:c3:8c:ef:45:8c:e4:73:e8:
                    55:b9:11:9d:57:53:83:7c:73:97:09:e6:d3:da:62:
                    11:05:b8:ba:bf:31:4a:3c:34:b6:fe:5e:d3:2c:ba:
                    83:12:51:5a:16:51:aa:e4:31:c0:54:b7:aa:c0:55:
                    c8:ac:0e:04:cf:c0:90:64:8d:81:52:16:8e:e2:40:
                    e2:d0:63:7f:62:39:90:cb:3f:92:cd:36:55:39:63:
                    b5:4e:19:05:a4:bd:28:ff:7f:e3:03:74:25:be:f9:
                    84:70:6d:74:17:a0:ae:08:73:4a:6e:0a:fe:de:4c:
                    cb:51:67:32:77:fa:c2:b1:c1:78:5e:14:fb:07:04:
                    1b:8f:72:8a:5c:7d:98:b9:53:33:79:e4:8b:9f:0e:
                    05:47:b7:aa:cd:37:85:24:44:65:51:8d:cf:02:ef:
                    aa:bb:0d:3e:6a:de:1d:6a:d3:fc:e9:0c:04:88:15:
                    bf:ac:b5:a7:14:2d:90:59:4f:10:76:08:b1:ab:62:
                    8a:06:61:4b:52:7a:c4:88:f5:b9:9f:a7:22:fc:2c:
                    94:ee:c4:94:c2:48:6d:59:b1:12:db:6e:91:dc:f0:
                    cc:eb:3a:f5:ab:19:e8:02:12:20:38:57:bb:08:d8:
                    58:25:32:6e:09:6f:6d:64:84:3b:76:db:c9:5d:9c:
                    88:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:0F:63:FE:FF:D7:9A:25:BA:38:B4:4D:42:65:82:06:A2:24:61:38
            X509v3 Authority Key Identifier:
                keyid:A3:72:44:34:8E:71:EC:1B:E5:F5:00:7C:8D:5E:FE:71:25:92:07:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/o3JENI5x7Bvl9QB8jV7-cSWSByI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/b4ad85-16a8-487a-8a77-8852a532ad45/1/Tw9j_v_XmiW6OLRNQmWCBqIkYTg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/b4ad85-16a8-487a-8a77-8852a532ad45/1/o3JENI5x7Bvl9QB8jV7-cSWSByI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.36.0/24
                IPv6:
                  2a13:5840::/29

    Signature Algorithm: sha256WithRSAEncryption
         0b:66:24:45:14:9b:a6:12:a0:20:e5:84:d0:ff:11:f1:28:9d:
         be:39:31:8a:19:60:8f:37:83:43:85:b8:b1:7d:1e:95:93:e1:
         f1:ca:4a:f9:87:ac:6c:f5:82:ff:3f:51:52:20:88:0e:33:30:
         68:59:b1:dd:df:b2:73:0c:59:77:08:30:2f:48:3d:ee:37:91:
         39:15:f3:36:0d:cb:14:15:6f:fd:0b:23:75:cc:96:1a:96:2c:
         b5:e3:41:21:eb:ab:c7:21:3a:be:1b:09:e8:1b:88:68:22:25:
         f1:93:cc:7f:7a:5c:ad:c8:4e:cd:9f:03:29:20:12:fd:8c:2a:
         8e:04:7e:84:50:7a:5d:2d:b8:72:a3:b9:8a:0d:a9:ae:ec:de:
         51:2a:3e:1d:dc:e7:f5:27:66:04:92:8c:aa:d2:08:4d:14:58:
         1d:e4:45:b6:f4:15:d9:7b:55:e0:42:35:7a:7b:81:f9:9d:91:
         cd:80:71:eb:d7:65:d2:10:b9:3e:13:9a:39:f6:10:a3:4b:a8:
         30:18:ff:a0:82:bd:fb:42:a5:42:0c:b8:73:3b:40:6d:4b:8d:
         78:01:48:9a:ee:e3:cc:1a:87:90:e3:d4:ac:94:7e:71:99:c4:
         ce:5a:02:c3:01:be:4b:12:02:6f:a7:d9:81:da:1e:22:8a:cd:
         d0:c8:a5:40
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY2mZSF01yNODAbXXRG8p4N3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEzNzI0NDM0OGU3MWVjMWJlNWY1MDA3YzhkNWVmZTcxMjU5
MjA3MjIwHhcNMjQwMjE0MDY1NDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZjBmNjNmZWZmZDc5YTI1YmEzOGI0NGQ0MjY1ODIwNmEyMjQ2MTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKnPRYXJw4zvRYzkc+hVuRGdV1OD
fHOXCebT2mIRBbi6vzFKPDS2/l7TLLqDElFaFlGq5DHAVLeqwFXIrA4Ez8CQZI2B
UhaO4kDi0GN/YjmQyz+SzTZVOWO1ThkFpL0o/3/jA3QlvvmEcG10F6CuCHNKbgr+
3kzLUWcyd/rCscF4XhT7BwQbj3KKXH2YuVMzeeSLnw4FR7eqzTeFJERlUY3PAu+q
uw0+at4datP86QwEiBW/rLWnFC2QWU8Qdgixq2KKBmFLUnrEiPW5n6ci/CyU7sSU
wkhtWbES226R3PDM6zr1qxnoAhIgOFe7CNhYJTJuCW9tZIQ7dtvJXZyIkwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFE8PY/7/15oluji0TUJlggaiJGE4MB8GA1UdIwQY
MBaAFKNyRDSOcewb5fUAfI1e/nElkgciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbzNKRU5JNXg3QnZsOVFCOGpWNy1jU1dTQnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9iNGFkODUtMTZhOC00ODdhLThhNzct
ODg1MmE1MzJhZDQ1LzEvVHc5al92X1htaVc2T0xSTlFtV0NCcUlrWVRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9iNGFkODUtMTZhOC00ODdhLThhNzctODg1MmE1MzJhZDQ1
LzEvbzNKRU5JNXg3QnZsOVFCOGpWNy1jU1dTQnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALZEkMA0E
AgACMAcDBQMqE1hAMA0GCSqGSIb3DQEBCwUAA4IBAQALZiRFFJumEqAg5YTQ/xHx
KJ2+OTGKGWCPN4NDhbixfR6Vk+Hxykr5h6xs9YL/P1FSIIgOMzBoWbHd37JzDFl3
CDAvSD3uN5E5FfM2DcsUFW/9CyN1zJYaliy140Eh66vHITq+GwnoG4hoIiXxk8x/
elytyE7NnwMpIBL9jCqOBH6EUHpdLbhyo7mKDamu7N5RKj4d3Of1J2YEkoyq0ghN
FFgd5EW29BXZe1XgQjV6e4H5nZHNgHHr12XSELk+E5o59hCjS6gwGP+ggr37QqVC
DLhzO0BtS414AUia7uPMGoeQ49SslH5xmcTOWgLDAb5LEgJvp9mB2h4iis3QyKVA
-----END CERTIFICATE-----