Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/x_3LkVi7GeozmaERoTYojWy8UAI.roa
File:                     x_3LkVi7GeozmaERoTYojWy8UAI.roa (raw, json)
Hash identifier:          aJinCa+UZZap6JwbDgwkxNLV9sOmSw1gkV9HgAtR1do=
Subject key identifier:   C7:FD:CB:91:58:BB:19:EA:33:99:A1:11:A1:36:28:8D:6C:BC:50:02
Certificate issuer:       /CN=5dd1398976b2f487725bc13d7faebed3e16d82c9
Certificate serial:       01917A8D8CF7628A03F2203F4C537FA12068
Authority key identifier: 5D:D1:39:89:76:B2:F4:87:72:5B:C1:3D:7F:AE:BE:D3:E1:6D:82:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XdE5iXay9IdyW8E9f66-0-Ftgsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/x_3LkVi7GeozmaERoTYojWy8UAI.roa
Signing time:             Thu 22 Aug 2024 14:46:22 +0000
ROA not before:           Thu 22 Aug 2024 14:46:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211014
IP address blocks:        45.91.198.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/XdE5iXay9IdyW8E9f66-0-Ftgsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/XdE5iXay9IdyW8E9f66-0-Ftgsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XdE5iXay9IdyW8E9f66-0-Ftgsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 19 Sep 2024 14:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:7a:8d:8c:f7:62:8a:03:f2:20:3f:4c:53:7f:a1:20:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5dd1398976b2f487725bc13d7faebed3e16d82c9
        Validity
            Not Before: Aug 22 14:46:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c7fdcb9158bb19ea3399a111a136288d6cbc5002
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:3f:04:a9:11:87:a4:71:4b:9e:05:2e:94:7b:
                    f3:86:0d:13:7d:14:ac:3b:71:10:c1:80:71:55:8d:
                    5a:90:92:02:08:1a:af:27:5d:4d:68:85:3b:af:bd:
                    ec:74:9e:75:6d:b8:4e:10:74:7f:01:f7:43:d6:07:
                    e7:9f:63:d0:1d:84:6d:b8:0a:7f:7c:78:38:25:9a:
                    80:77:55:01:ce:e0:57:0d:c4:52:db:d9:32:3a:9f:
                    c0:a4:ff:f0:84:3f:39:c1:97:5d:ef:5e:06:83:36:
                    4c:77:ea:86:f8:be:39:da:84:e2:ff:f2:fd:68:00:
                    f7:48:b9:3b:e0:3e:aa:0c:9b:02:3b:03:08:7b:09:
                    05:29:03:86:44:40:5a:70:42:8f:aa:8f:3f:0c:8b:
                    fb:da:49:58:4d:06:53:58:c3:d9:6a:d5:22:38:82:
                    5d:f5:94:f6:aa:fc:f6:64:13:2b:e0:69:fb:05:04:
                    10:dd:10:c2:30:49:f4:0c:15:e5:90:c5:23:88:af:
                    c6:d5:a5:5c:a8:f6:43:02:da:8f:2d:85:28:c4:24:
                    48:d4:77:c3:2b:72:e6:4c:7a:a1:59:1d:5e:6f:ff:
                    4a:a6:bd:c2:4b:2c:85:7e:c2:30:eb:f4:e4:3d:49:
                    be:c8:f9:a6:96:6b:a6:aa:b0:aa:15:10:7a:b5:f9:
                    59:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:FD:CB:91:58:BB:19:EA:33:99:A1:11:A1:36:28:8D:6C:BC:50:02
            X509v3 Authority Key Identifier:
                keyid:5D:D1:39:89:76:B2:F4:87:72:5B:C1:3D:7F:AE:BE:D3:E1:6D:82:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XdE5iXay9IdyW8E9f66-0-Ftgsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/x_3LkVi7GeozmaERoTYojWy8UAI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/3e8100-988d-483e-bc86-600810634878/1/XdE5iXay9IdyW8E9f66-0-Ftgsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:7e:eb:0e:42:ff:a9:67:a2:48:c1:af:25:bf:a2:c3:55:b7:
         d8:cc:2a:78:bd:a0:70:ef:c9:49:bb:ca:c6:2f:a1:45:07:28:
         ab:2f:a0:45:a5:8d:7f:bb:af:c5:74:97:ec:55:cb:c2:90:ce:
         b3:fc:0d:00:9e:d3:73:01:08:9f:f8:d7:85:fa:a6:46:82:93:
         9d:bb:4c:07:60:88:3c:f0:94:f1:a8:bf:44:5c:dd:78:87:25:
         13:c7:ca:9d:2c:92:a2:be:19:91:f3:9c:1f:76:60:85:c7:ab:
         ab:f7:8d:92:3a:63:a4:70:c3:6d:0d:63:1f:bf:f4:a9:19:2d:
         f6:ba:ed:7f:df:46:0e:78:d4:e5:dd:88:b4:72:60:50:95:0a:
         e5:a2:20:8f:3f:7a:20:6a:88:de:6b:5b:09:4e:49:f8:11:45:
         11:38:6e:79:a8:9e:ba:df:9e:4e:3a:aa:af:5e:50:76:11:85:
         52:58:ae:bf:a9:83:80:1e:c9:75:ef:d8:60:79:fc:65:4c:82:
         ac:b5:78:91:83:7f:55:83:ca:69:b3:02:c0:82:f6:ca:7e:62:
         1e:6a:e3:72:c7:eb:56:dd:e8:26:d2:c6:52:e7:ce:70:67:15:
         14:a1:f5:60:fb:d6:ef:54:6a:8a:8a:39:7a:05:04:4b:c6:e6:
         12:a3:d4:fc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZF6jYz3YooD8iA/TFN/oSBoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkZDEzOTg5NzZiMmY0ODc3MjViYzEzZDdmYWViZWQzZTE2
ZDgyYzkwHhcNMjQwODIyMTQ0NjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2ZkY2I5MTU4YmIxOWVhMzM5OWExMTFhMTM2Mjg4ZDZjYmM1MDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1T8EqRGHpHFLngUulHvzhg0TfRSs
O3EQwYBxVY1akJICCBqvJ11NaIU7r73sdJ51bbhOEHR/AfdD1gfnn2PQHYRtuAp/
fHg4JZqAd1UBzuBXDcRS29kyOp/ApP/whD85wZdd714GgzZMd+qG+L452oTi//L9
aAD3SLk74D6qDJsCOwMIewkFKQOGREBacEKPqo8/DIv72klYTQZTWMPZatUiOIJd
9ZT2qvz2ZBMr4Gn7BQQQ3RDCMEn0DBXlkMUjiK/G1aVcqPZDAtqPLYUoxCRI1HfD
K3LmTHqhWR1eb/9Kpr3CSyyFfsIw6/TkPUm+yPmmlmumqrCqFRB6tflZxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMf9y5FYuxnqM5mhEaE2KI1svFACMB8GA1UdIwQY
MBaAFF3ROYl2svSHclvBPX+uvtPhbYLJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGRFNWlYYXk5SWR5VzhFOWY2Ni0wLUZ0Z3NrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi8zZTgxMDAtOTg4ZC00ODNlLWJjODYt
NjAwODEwNjM0ODc4LzEveF8zTGtWaTdHZW96bWFFUm9UWW9qV3k4VUFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi8zZTgxMDAtOTg4ZC00ODNlLWJjODYtNjAwODEwNjM0ODc4
LzEvWGRFNWlYYXk5SWR5VzhFOWY2Ni0wLUZ0Z3NrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVvGMA0G
CSqGSIb3DQEBCwUAA4IBAQBVfusOQv+pZ6JIwa8lv6LDVbfYzCp4vaBw78lJu8rG
L6FFByirL6BFpY1/u6/FdJfsVcvCkM6z/A0AntNzAQif+NeF+qZGgpOdu0wHYIg8
8JTxqL9EXN14hyUTx8qdLJKivhmR85wfdmCFx6ur942SOmOkcMNtDWMfv/SpGS32
uu1/30YOeNTl3Yi0cmBQlQrloiCPP3ogaojea1sJTkn4EUUROG55qJ66355OOqqv
XlB2EYVSWK6/qYOAHsl179hgefxlTIKstXiRg39Vg8ppswLAgvbKfmIeauNyx+tW
3egm0sZS585wZxUUofVg+9bvVGqKijl6BQRLxuYSo9T8
-----END CERTIFICATE-----