Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/l1BaaqWuFkWH-PawRGEseQ3m8Qc.roa
File:                     l1BaaqWuFkWH-PawRGEseQ3m8Qc.roa (raw, json)
Hash identifier:          nFmEbv84OkR8oFvno/OryTBPdNdBDW1/wEQUlML44ks=
Subject key identifier:   97:50:5A:6A:A5:AE:16:45:87:F8:F6:B0:44:61:2C:79:0D:E6:F1:07
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       018F33C52256152AE3FE881E3B78C970CA9E
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/l1BaaqWuFkWH-PawRGEseQ3m8Qc.roa
Signing time:             Wed 01 May 2024 10:48:28 +0000
ROA not before:           Wed 01 May 2024 10:48:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215751
IP address blocks:        45.43.142.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 20:00:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:33:c5:22:56:15:2a:e3:fe:88:1e:3b:78:c9:70:ca:9e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: May  1 10:48:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=97505a6aa5ae164587f8f6b044612c790de6f107
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:3c:1f:29:3a:0c:8f:6e:55:ce:7e:39:0f:66:
                    67:3b:98:d0:6e:2b:b7:e9:35:c1:3c:52:74:33:59:
                    f6:31:c3:9b:ba:ee:46:2d:32:6f:b3:80:86:91:58:
                    a5:da:27:b8:dd:9a:f8:2c:65:ff:49:c4:e6:d5:4f:
                    02:4a:36:8e:9c:74:85:ba:e9:f8:b2:cc:aa:b0:c6:
                    fd:5a:80:b4:5b:c3:cd:58:0f:e6:11:8b:d2:7a:1f:
                    c1:83:dd:52:93:00:3a:47:3a:f5:5d:49:d7:a3:91:
                    b1:8e:da:9c:02:3e:22:cc:ea:41:cf:bf:f1:d9:99:
                    27:eb:3b:08:2c:41:50:85:82:33:32:c2:e5:2b:70:
                    7e:db:2c:11:7e:a9:ae:df:0c:3b:4a:6f:aa:8f:8f:
                    82:34:ca:e2:a7:1c:8f:bd:fd:3a:28:8c:bc:9b:be:
                    ee:4c:c4:19:fe:cc:f1:bc:39:4c:ba:aa:f7:4b:8e:
                    33:08:65:10:58:d2:d0:a4:b8:b3:91:ba:9b:64:99:
                    57:c3:e6:d7:7b:b6:c8:31:48:d4:f5:7b:29:bd:cb:
                    cc:60:e0:eb:af:9a:a8:eb:b8:d4:a9:56:5e:88:c9:
                    3b:3f:54:00:7d:bd:06:73:7e:13:79:78:45:11:a6:
                    20:52:89:f4:ff:32:66:d3:d5:c8:95:de:15:e9:99:
                    20:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:50:5A:6A:A5:AE:16:45:87:F8:F6:B0:44:61:2C:79:0D:E6:F1:07
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/l1BaaqWuFkWH-PawRGEseQ3m8Qc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.43.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:05:35:de:ac:39:8d:44:9b:49:73:ca:df:bc:52:ce:b6:20:
         29:dd:6c:1c:2a:8e:42:d3:f3:84:cc:6f:b3:1f:25:f3:91:a1:
         95:bc:64:23:7d:a9:b9:90:8d:e3:39:32:81:e7:f2:32:0a:a3:
         71:6b:df:12:bc:16:fb:40:52:25:79:04:e2:01:39:75:7b:22:
         cf:ce:6a:46:71:2a:b7:3c:21:55:cb:17:d2:38:14:72:c2:21:
         38:73:22:fe:6f:fc:2d:2c:87:21:8c:a3:50:e8:d2:9a:ec:82:
         a2:29:b8:c3:48:50:29:8e:8f:c1:80:f8:1a:b1:fa:39:91:53:
         97:e0:7a:fa:b1:4d:bb:26:66:60:bd:78:a8:c9:3a:6e:bb:97:
         d1:c9:40:88:56:e8:b5:e8:41:e3:e6:c0:2a:bd:6c:6a:d9:9e:
         e6:45:35:87:46:44:e3:3c:0c:9a:c2:f5:d3:54:ec:53:af:05:
         de:a3:2f:cb:9e:92:95:f6:70:dd:19:90:43:0d:e9:c6:2b:1b:
         57:e0:04:b6:66:ac:6f:20:c1:ac:ae:90:68:fe:bf:82:f0:ac:
         18:b3:0e:3a:07:00:a9:6c:50:83:c8:8a:18:e4:49:b7:f8:90:
         65:ec:ad:6e:e9:9e:b0:9c:88:f3:02:9e:30:ce:04:43:6b:ca:
         30:90:43:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8zxSJWFSrj/ogeO3jJcMqeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQwNTAxMTA0ODI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzUwNWE2YWE1YWUxNjQ1ODdmOGY2YjA0NDYxMmM3OTBkZTZmMTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszwfKToMj25Vzn45D2ZnO5jQbiu3
6TXBPFJ0M1n2McObuu5GLTJvs4CGkVil2ie43Zr4LGX/ScTm1U8CSjaOnHSFuun4
ssyqsMb9WoC0W8PNWA/mEYvSeh/Bg91SkwA6Rzr1XUnXo5GxjtqcAj4izOpBz7/x
2Zkn6zsILEFQhYIzMsLlK3B+2ywRfqmu3ww7Sm+qj4+CNMripxyPvf06KIy8m77u
TMQZ/szxvDlMuqr3S44zCGUQWNLQpLizkbqbZJlXw+bXe7bIMUjU9XspvcvMYODr
r5qo67jUqVZeiMk7P1QAfb0Gc34TeXhFEaYgUon0/zJm09XIld4V6ZkgDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJdQWmqlrhZFh/j2sERhLHkN5vEHMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvbDFCYWFxV3VGa1dILVBhd1JHRXNlUTNtOFFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALSuOMA0G
CSqGSIb3DQEBCwUAA4IBAQBOBTXerDmNRJtJc8rfvFLOtiAp3WwcKo5C0/OEzG+z
HyXzkaGVvGQjfam5kI3jOTKB5/IyCqNxa98SvBb7QFIleQTiATl1eyLPzmpGcSq3
PCFVyxfSOBRywiE4cyL+b/wtLIchjKNQ6NKa7IKiKbjDSFApjo/BgPgasfo5kVOX
4Hr6sU27JmZgvXioyTpuu5fRyUCIVui16EHj5sAqvWxq2Z7mRTWHRkTjPAyawvXT
VOxTrwXeoy/LnpKV9nDdGZBDDenGKxtX4AS2ZqxvIMGsrpBo/r+C8KwYsw46BwCp
bFCDyIoY5Em3+JBl7K1u6Z6wnIjzAp4wzgRDa8owkEM5
-----END CERTIFICATE-----