Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/20Hbt_I4W1h_ECR8adP23DFza_U.roa
File:                     20Hbt_I4W1h_ECR8adP23DFza_U.roa (raw, json)
Hash identifier:          hvH+sdpA2O54FrijSSMs1k0qsF0koXxi52n1kDLKVcg=
Subject key identifier:   DB:41:DB:B7:F2:38:5B:58:7F:10:24:7C:69:D3:F6:DC:31:73:6B:F5
Certificate issuer:       /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial:       019265EB8D6044102AD819C5A97D471CA612
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/20Hbt_I4W1h_ECR8adP23DFza_U.roa
Signing time:             Mon 07 Oct 2024 07:39:48 +0000
ROA not before:           Mon 07 Oct 2024 07:39:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30058
IP address blocks:        45.93.62.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:65:eb:8d:60:44:10:2a:d8:19:c5:a9:7d:47:1c:a6:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
        Validity
            Not Before: Oct  7 07:39:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=db41dbb7f2385b587f10247c69d3f6dc31736bf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:4b:9f:ad:dc:e5:29:83:f2:76:d5:2f:5c:2b:
                    fa:7f:92:5d:f5:46:0d:c8:29:06:46:c7:f3:82:05:
                    03:62:2c:dd:46:10:b6:de:07:bf:dd:26:3a:76:68:
                    14:18:55:05:9d:f4:59:da:2d:0c:5d:d1:61:05:f6:
                    40:e6:2b:bf:c9:e8:7c:89:26:6f:eb:99:19:61:67:
                    56:c0:2f:40:b2:c9:a1:c4:7d:a2:27:9b:35:04:f8:
                    59:d1:ff:82:c6:fc:eb:4b:4d:90:8f:5e:08:e1:ec:
                    39:ad:ad:7b:fc:03:45:96:bb:21:1d:05:87:72:8f:
                    05:93:a4:52:56:dd:c2:f1:ae:99:3a:89:72:99:ed:
                    78:01:e3:6e:e4:d9:8d:db:2f:bc:c7:13:0c:22:df:
                    6a:ab:86:43:ab:f4:d3:35:01:a1:67:5e:25:9f:8e:
                    41:48:40:a8:e2:cd:cd:8a:e9:69:19:2c:9c:62:8d:
                    5d:18:0e:c8:08:a2:f2:6f:99:d1:ef:43:97:34:3e:
                    90:e6:f6:20:a9:63:2a:e2:a3:83:6b:48:0f:b4:ac:
                    67:00:35:ba:9d:c2:b0:55:fc:a1:14:90:57:90:2f:
                    a1:33:00:22:82:73:9f:6a:d9:0c:e8:ab:59:b7:ca:
                    5b:bc:be:2c:01:9f:65:b2:e9:3d:dc:65:5a:14:6a:
                    f5:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:41:DB:B7:F2:38:5B:58:7F:10:24:7C:69:D3:F6:DC:31:73:6B:F5
            X509v3 Authority Key Identifier:
                keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/20Hbt_I4W1h_ECR8adP23DFza_U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:21:e4:b7:54:54:7f:bf:72:5c:5e:06:43:02:a2:e5:51:bc:
         f3:46:53:33:58:e2:7e:48:92:b4:8e:9b:88:a4:16:16:15:83:
         f1:de:e4:55:ff:4c:03:e7:b5:ba:76:85:d3:aa:05:7f:b8:66:
         72:73:3d:50:81:93:c9:25:1e:c8:27:ac:fc:0a:36:9a:ce:07:
         8c:d0:65:ad:1c:49:02:46:b4:6e:9b:76:75:b4:4f:3a:ea:7c:
         5b:f1:e5:5a:c8:0d:30:5a:5e:a0:58:b7:81:2d:76:f9:be:08:
         7a:da:7c:36:4f:51:c1:88:09:1b:6c:95:f5:f7:ac:8b:7f:96:
         0c:91:62:e7:e5:a2:d3:a9:e6:34:60:12:c5:ef:0c:89:d2:ff:
         01:cb:94:93:85:82:f4:c6:a0:e4:cb:3b:3e:d2:8f:a7:fb:f8:
         d9:50:97:93:31:01:4e:82:af:d7:cb:53:79:d1:44:44:b7:17:
         8c:90:b4:45:15:e8:32:60:2e:9c:4c:19:58:eb:37:60:4a:cc:
         21:a7:34:ea:84:65:03:c7:8a:0d:f4:3d:56:df:fe:e8:22:60:
         10:83:5f:e0:31:c4:30:a9:5c:82:f3:18:54:6b:f3:30:2b:f7:
         c8:98:69:5d:38:d9:8a:f1:7e:09:dd:e7:8e:6a:5f:38:17:aa:
         1e:ed:b3:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJl641gRBAq2BnFqX1HHKYSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjQxMDA3MDczOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjQxZGJiN2YyMzg1YjU4N2YxMDI0N2M2OWQzZjZkYzMxNzM2YmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs0ufrdzlKYPydtUvXCv6f5Jd9UYN
yCkGRsfzggUDYizdRhC23ge/3SY6dmgUGFUFnfRZ2i0MXdFhBfZA5iu/yeh8iSZv
65kZYWdWwC9AssmhxH2iJ5s1BPhZ0f+CxvzrS02Qj14I4ew5ra17/ANFlrshHQWH
co8Fk6RSVt3C8a6ZOolyme14AeNu5NmN2y+8xxMMIt9qq4ZDq/TTNQGhZ14ln45B
SECo4s3NiulpGSycYo1dGA7ICKLyb5nR70OXND6Q5vYgqWMq4qODa0gPtKxnADW6
ncKwVfyhFJBXkC+hMwAignOfatkM6KtZt8pbvL4sAZ9lsuk93GVaFGr12QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNtB27fyOFtYfxAkfGnT9twxc2v1MB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvMjBIYnRfSTRXMWhfRUNSOGFkUDIzREZ6YV9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV0+MA0G
CSqGSIb3DQEBCwUAA4IBAQBTIeS3VFR/v3JcXgZDAqLlUbzzRlMzWOJ+SJK0jpuI
pBYWFYPx3uRV/0wD57W6doXTqgV/uGZycz1QgZPJJR7IJ6z8CjaazgeM0GWtHEkC
RrRum3Z1tE866nxb8eVayA0wWl6gWLeBLXb5vgh62nw2T1HBiAkbbJX196yLf5YM
kWLn5aLTqeY0YBLF7wyJ0v8By5SThYL0xqDkyzs+0o+n+/jZUJeTMQFOgq/Xy1N5
0UREtxeMkLRFFegyYC6cTBlY6zdgSswhpzTqhGUDx4oN9D1W3/7oImAQg1/gMcQw
qVyC8xhUa/MwK/fImGldONmK8X4J3eeOal84F6oe7bMW
-----END CERTIFICATE-----