Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/8nbGjRRTkWEQz2eoVaY9PDf3Gn8.roa
File:                     8nbGjRRTkWEQz2eoVaY9PDf3Gn8.roa (raw, json)
Hash identifier:          xLvGuO/NmhhJ4ALWROIZGBOgk1k+V1nHG5wxHexho6Q=
Subject key identifier:   F2:76:C6:8D:14:53:91:61:10:CF:67:A8:55:A6:3D:3C:37:F7:1A:7F
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       01934EDDA9F143507CD08110F2386711CF67
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/8nbGjRRTkWEQz2eoVaY9PDf3Gn8.roa
Signing time:             Thu 21 Nov 2024 13:16:10 +0000
ROA not before:           Thu 21 Nov 2024 13:16:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     210644
IP address blocks:        45.150.32.0/24 maxlen: 24
                          45.150.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4e:dd:a9:f1:43:50:7c:d0:81:10:f2:38:67:11:cf:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Nov 21 13:16:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f276c68d1453916110cf67a855a63d3c37f71a7f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c0:13:ea:66:09:9a:93:6d:e5:9c:29:cc:8b:
                    aa:f7:8c:3d:3c:88:0d:07:fd:ff:39:5b:4e:16:e9:
                    60:13:17:e2:29:1c:61:17:23:b2:01:a4:bc:93:40:
                    da:fe:77:e3:65:09:c2:0b:dd:34:26:a1:37:27:d2:
                    26:00:66:54:e7:a1:61:51:d2:82:10:8d:1a:7d:fa:
                    5e:15:b3:f5:b1:f7:ba:a5:ec:76:ee:f2:1e:7a:e4:
                    21:29:e2:c9:67:53:b1:12:6c:a5:5a:f9:cc:f3:07:
                    78:16:a3:73:5a:6e:20:6a:80:83:e8:7d:b6:47:ae:
                    d2:41:3a:94:35:86:88:83:a2:a4:9b:c9:6a:a8:f8:
                    d9:ae:a9:48:72:0f:d7:fa:e8:04:81:c3:59:b7:32:
                    b9:f2:5d:10:40:76:86:6d:08:c4:cd:79:68:9b:5f:
                    dc:28:55:6c:73:a5:d9:05:be:22:6c:a0:c4:ba:97:
                    a3:1e:a9:f0:94:2e:37:11:61:76:74:22:b6:8c:79:
                    43:73:3a:0c:f3:ba:9d:c0:d5:ea:db:0b:36:a5:20:
                    dd:f3:a9:fd:ba:c1:d4:eb:8e:01:ef:c5:d8:c6:07:
                    3f:20:17:c4:78:b5:04:77:e1:ef:75:82:77:a8:2e:
                    d3:f4:fc:5f:c0:59:8b:77:67:ba:8f:80:aa:c1:27:
                    c3:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:76:C6:8D:14:53:91:61:10:CF:67:A8:55:A6:3D:3C:37:F7:1A:7F
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/8nbGjRRTkWEQz2eoVaY9PDf3Gn8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:29:43:0f:e4:3e:2b:36:20:72:8b:73:da:d3:4c:7b:b0:f0:
         59:da:b9:fa:a4:7f:23:78:47:72:98:fe:75:54:80:de:81:6a:
         13:52:72:b7:f7:65:28:30:2c:08:c6:73:9d:e2:2b:ec:2c:18:
         a8:1d:e2:b7:3a:bf:13:e7:7a:25:fc:71:47:a6:2d:6d:40:5d:
         0f:4d:45:f4:9e:e1:c2:b8:71:3d:a1:df:1a:9b:e0:66:89:0b:
         1d:cd:9c:02:9a:ba:93:2e:12:7a:1d:ed:d1:f7:f1:fd:cb:d1:
         c3:e6:82:75:b0:73:28:6d:9a:af:db:f6:d3:74:d6:4a:a1:62:
         0f:5b:39:06:b2:19:2a:fc:fb:72:26:97:af:29:8e:4c:6a:83:
         2a:90:db:78:48:06:d9:11:1f:c9:de:b1:07:41:f0:c8:58:1a:
         dc:46:a7:c9:44:c4:63:b1:a4:9f:36:f6:ce:9e:ef:ff:af:1b:
         7b:33:3d:a1:e3:b9:58:77:13:a4:63:f0:1d:ba:65:56:4c:9f:
         93:7d:4e:21:80:9e:3d:19:28:e8:c5:b0:c1:1d:e4:47:ea:10:
         d4:be:5d:b6:d9:e7:f6:0e:0d:d1:11:41:dd:d8:4e:31:76:53:
         17:19:a7:22:86:bf:95:3f:32:91:6f:47:67:2a:fa:61:a5:9b:
         61:d7:dc:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNO3anxQ1B80IEQ8jhnEc9nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQxMTIxMTMxNjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjc2YzY4ZDE0NTM5MTYxMTBjZjY3YTg1NWE2M2QzYzM3ZjcxYTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8AT6mYJmpNt5ZwpzIuq94w9PIgN
B/3/OVtOFulgExfiKRxhFyOyAaS8k0Da/nfjZQnCC900JqE3J9ImAGZU56FhUdKC
EI0affpeFbP1sfe6pex27vIeeuQhKeLJZ1OxEmylWvnM8wd4FqNzWm4gaoCD6H22
R67SQTqUNYaIg6Kkm8lqqPjZrqlIcg/X+ugEgcNZtzK58l0QQHaGbQjEzXlom1/c
KFVsc6XZBb4ibKDEupejHqnwlC43EWF2dCK2jHlDczoM87qdwNXq2ws2pSDd86n9
usHU644B78XYxgc/IBfEeLUEd+HvdYJ3qC7T9PxfwFmLd2e6j4CqwSfDLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJ2xo0UU5FhEM9nqFWmPTw39xp/MB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvOG5iR2pSUlRrV0VRejJlb1ZhWTlQRGYzR244LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZYgMA0G
CSqGSIb3DQEBCwUAA4IBAQByKUMP5D4rNiByi3Pa00x7sPBZ2rn6pH8jeEdymP51
VIDegWoTUnK392UoMCwIxnOd4ivsLBioHeK3Or8T53ol/HFHpi1tQF0PTUX0nuHC
uHE9od8am+BmiQsdzZwCmrqTLhJ6He3R9/H9y9HD5oJ1sHMobZqv2/bTdNZKoWIP
WzkGshkq/PtyJpevKY5MaoMqkNt4SAbZER/J3rEHQfDIWBrcRqfJRMRjsaSfNvbO
nu//rxt7Mz2h47lYdxOkY/AdumVWTJ+TfU4hgJ49GSjoxbDBHeRH6hDUvl222ef2
Dg3REUHd2E4xdlMXGacihr+VPzKRb0dnKvphpZth19yZ
-----END CERTIFICATE-----