Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ei4vOR31GFbOByjRBG3ptqqUMq8.roa
File:                     ei4vOR31GFbOByjRBG3ptqqUMq8.roa (raw, json)
Hash identifier:          RIzZx/NnjgotxpkkfAA4+GNkcXGpnlA/iaM5kj941jU=
Subject key identifier:   7A:2E:2F:39:1D:F5:18:56:CE:07:28:D1:04:6D:E9:B6:AA:94:32:AF
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       0190D98AEE4932E84513052DAD1D7297FE6A
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ei4vOR31GFbOByjRBG3ptqqUMq8.roa
Signing time:             Mon 22 Jul 2024 08:24:39 +0000
ROA not before:           Mon 22 Jul 2024 08:24:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211541
IP address blocks:        45.43.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:d9:8a:ee:49:32:e8:45:13:05:2d:ad:1d:72:97:fe:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Jul 22 08:24:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a2e2f391df51856ce0728d1046de9b6aa9432af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:dd:4c:82:d7:7f:f9:b6:2c:2a:34:28:9b:54:
                    24:94:56:89:b9:64:d5:88:9e:1e:9e:b8:d2:d1:13:
                    d4:a4:fc:f2:8e:6a:8d:07:9b:8c:ae:16:ac:97:a5:
                    4e:7d:50:8f:5a:64:c0:9c:07:bb:00:1a:3f:63:2b:
                    8a:0b:0c:3d:c7:7f:8d:f1:45:ed:4a:66:d4:07:c8:
                    7f:f9:12:0d:c5:79:a6:41:19:02:fc:91:8a:ea:1f:
                    0b:35:cb:36:b5:1b:27:f7:e5:52:e6:c9:24:c3:83:
                    9c:e5:17:01:9a:9e:be:3b:6e:bd:8a:81:05:1a:d9:
                    d7:1d:1a:ae:41:44:3f:a5:a1:4e:32:a2:6a:e2:d2:
                    4a:b4:a1:8c:2d:8b:a7:8d:8a:6f:ff:c1:07:3c:ac:
                    33:36:e0:1b:55:19:b6:a4:60:39:85:21:b5:20:49:
                    87:f2:63:23:cc:a0:9b:ae:42:5d:65:dd:cd:d1:e5:
                    68:07:06:72:59:46:fb:a8:f8:48:f7:49:06:42:fb:
                    dc:8f:d5:0a:4f:6b:f7:f9:c5:16:c6:e4:24:bf:43:
                    c3:bd:37:08:68:cd:27:b9:11:cc:13:57:30:6f:50:
                    b5:67:f7:3c:96:cd:99:2e:d1:2a:03:9e:2d:e0:31:
                    3d:72:3f:59:c2:8b:93:d0:b1:cf:d7:aa:af:44:a3:
                    bf:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:2E:2F:39:1D:F5:18:56:CE:07:28:D1:04:6D:E9:B6:AA:94:32:AF
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/ei4vOR31GFbOByjRBG3ptqqUMq8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:ab:b1:ba:24:f2:c3:d3:a8:e4:51:62:4d:53:80:36:4c:7d:
         05:6a:a6:4b:2e:55:4f:84:b4:50:a9:8e:38:21:55:01:2b:f1:
         ce:a7:e1:f7:2f:0f:a2:73:ee:38:ff:75:ec:6a:f7:32:0e:8b:
         e0:9c:28:5a:08:59:7c:a6:19:d3:0e:48:41:e3:c7:24:80:2b:
         df:90:5d:d9:cd:6f:dd:20:d6:7d:7c:79:e4:61:ff:e8:1a:4d:
         cf:da:94:8d:b6:5d:04:9c:d2:6f:e9:0a:ac:8e:ea:53:d3:29:
         45:c4:fd:e7:22:7a:44:06:ae:c4:17:76:24:49:e6:99:3a:62:
         2f:da:b6:56:0d:67:af:e2:91:3b:d0:6b:b6:e5:bb:d7:fc:57:
         d2:cd:d2:89:30:4d:d6:aa:7d:bb:25:94:aa:0f:32:bc:ee:1d:
         a1:b4:15:b8:f8:ad:5f:da:6c:9d:d6:a1:d4:10:c5:35:5b:50:
         c5:83:00:2e:bf:87:e4:59:91:1e:96:9e:42:4d:19:01:1d:9d:
         96:49:21:7d:11:c0:f9:2e:b6:0f:7b:15:02:26:22:0f:06:02:
         bc:94:0e:91:c9:62:49:1d:78:5a:47:8f:35:ea:6f:3d:8e:54:
         21:4a:24:03:ac:60:46:87:74:f3:0a:04:fe:53:a0:ec:ba:58:
         75:f7:99:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZDZiu5JMuhFEwUtrR1yl/5qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwNzIyMDgyNDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTJlMmYzOTFkZjUxODU2Y2UwNzI4ZDEwNDZkZTliNmFhOTQzMmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA091Mgtd/+bYsKjQom1QklFaJuWTV
iJ4enrjS0RPUpPzyjmqNB5uMrhasl6VOfVCPWmTAnAe7ABo/YyuKCww9x3+N8UXt
SmbUB8h/+RINxXmmQRkC/JGK6h8LNcs2tRsn9+VS5skkw4Oc5RcBmp6+O269ioEF
GtnXHRquQUQ/paFOMqJq4tJKtKGMLYunjYpv/8EHPKwzNuAbVRm2pGA5hSG1IEmH
8mMjzKCbrkJdZd3N0eVoBwZyWUb7qPhI90kGQvvcj9UKT2v3+cUWxuQkv0PDvTcI
aM0nuRHME1cwb1C1Z/c8ls2ZLtEqA54t4DE9cj9ZwouT0LHP16qvRKO/bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHouLzkd9RhWzgco0QRt6baqlDKvMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvZWk0dk9SMzFHRmJPQnlqUkJHM3B0cXFVTXE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALSuZMA0G
CSqGSIb3DQEBCwUAA4IBAQBlq7G6JPLD06jkUWJNU4A2TH0FaqZLLlVPhLRQqY44
IVUBK/HOp+H3Lw+ic+44/3XsavcyDovgnChaCFl8phnTDkhB48ckgCvfkF3ZzW/d
INZ9fHnkYf/oGk3P2pSNtl0EnNJv6QqsjupT0ylFxP3nInpEBq7EF3YkSeaZOmIv
2rZWDWev4pE70Gu25bvX/FfSzdKJME3Wqn27JZSqDzK87h2htBW4+K1f2myd1qHU
EMU1W1DFgwAuv4fkWZEelp5CTRkBHZ2WSSF9EcD5LrYPexUCJiIPBgK8lA6RyWJJ
HXhaR4816m89jlQhSiQDrGBGh3TzCgT+U6Dsulh195kQ
-----END CERTIFICATE-----