Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/JGxpy3xH6RY2gE363ZnPW64FRkU.roa
File:                     JGxpy3xH6RY2gE363ZnPW64FRkU.roa (raw, json)
Hash identifier:          +63UymOm/KKepZNom2Rkn6RejMtgbkO/zZ4gPtzhOVk=
Subject key identifier:   24:6C:69:CB:7C:47:E9:16:36:80:4D:FA:DD:99:CF:5B:AE:05:46:45
Certificate issuer:       /CN=b9f4779575cb9bf058243287e98234deca911fc9
Certificate serial:       018CCA2AC43AB6AC4A8590B45BF06568A111
Authority key identifier: B9:F4:77:95:75:CB:9B:F0:58:24:32:87:E9:82:34:DE:CA:91:1F:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ufR3lXXLm_BYJDKH6YI03sqRH8k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/JGxpy3xH6RY2gE363ZnPW64FRkU.roa
Signing time:             Tue 02 Jan 2024 12:34:09 +0000
ROA not before:           Tue 02 Jan 2024 12:34:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208675
IP address blocks:        45.89.138.0/24 maxlen: 24
                          45.89.136.0/24 maxlen: 24
                          45.89.139.0/24 maxlen: 24
                          45.89.137.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/ufR3lXXLm_BYJDKH6YI03sqRH8k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/ufR3lXXLm_BYJDKH6YI03sqRH8k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ufR3lXXLm_BYJDKH6YI03sqRH8k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 19 Jun 2024 04:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:c4:3a:b6:ac:4a:85:90:b4:5b:f0:65:68:a1:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9f4779575cb9bf058243287e98234deca911fc9
        Validity
            Not Before: Jan  2 12:34:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=246c69cb7c47e91636804dfadd99cf5bae054645
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:32:68:8f:19:f1:ff:3b:6a:c5:77:69:0e:6a:
                    bb:df:53:a3:fb:04:9c:7f:3d:04:d2:31:57:03:3c:
                    e6:4d:7c:01:25:d5:f6:04:bd:5b:71:65:f7:0c:dc:
                    1f:45:f5:32:0e:f3:ee:e8:b4:8b:94:e3:9e:74:af:
                    f5:a1:2d:42:2f:85:db:c3:f8:60:98:d5:bc:f9:c8:
                    50:fa:80:e0:0a:55:55:56:f0:10:60:30:0f:dc:37:
                    89:7e:a9:58:19:a8:4e:e8:17:b7:87:86:41:61:cf:
                    5e:31:36:23:af:99:b4:45:23:4b:d0:a2:1f:aa:6a:
                    0b:df:54:36:79:27:c6:5a:73:66:56:5c:a2:bc:bd:
                    35:cd:3c:74:41:86:3f:98:e6:84:de:3b:a2:73:c7:
                    bf:39:75:c8:47:42:ac:55:6c:a4:03:59:3a:8f:63:
                    b5:71:0b:97:57:50:46:37:88:33:ef:c8:1a:9b:2e:
                    01:26:a5:9f:8a:92:dd:a7:fd:80:46:53:01:c6:0a:
                    05:ff:06:02:94:7a:6c:dc:d3:36:86:46:28:c5:b2:
                    f3:e5:d9:dd:d2:8b:19:18:94:96:7b:cf:07:af:80:
                    95:05:cb:6d:96:e3:ae:45:63:ad:82:67:aa:90:3b:
                    83:9c:74:7e:15:bb:f5:1c:d0:5d:da:0d:6f:93:61:
                    e0:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:6C:69:CB:7C:47:E9:16:36:80:4D:FA:DD:99:CF:5B:AE:05:46:45
            X509v3 Authority Key Identifier:
                keyid:B9:F4:77:95:75:CB:9B:F0:58:24:32:87:E9:82:34:DE:CA:91:1F:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufR3lXXLm_BYJDKH6YI03sqRH8k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/JGxpy3xH6RY2gE363ZnPW64FRkU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/f6d2dd-03a7-4f1f-b890-cd9ff0552f92/1/ufR3lXXLm_BYJDKH6YI03sqRH8k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:fe:9b:00:0c:81:d2:41:ad:2a:2f:b8:ec:e8:99:a9:86:cc:
         4e:6c:70:1a:25:1f:80:d1:24:14:37:ae:5d:58:68:58:0f:24:
         47:25:3e:00:46:6b:b0:2e:74:9d:9e:ad:09:ae:81:d8:10:f7:
         27:a4:69:83:7c:8d:9f:35:a2:e8:ac:05:81:76:44:25:82:39:
         5e:6a:04:ba:36:ed:1b:67:39:1a:e3:30:d3:93:11:cf:96:8e:
         6e:39:89:44:a0:79:e8:57:0f:51:c7:7b:12:87:02:9f:4c:fb:
         49:05:56:32:48:6e:d8:02:c0:3d:ec:02:f4:cd:ea:3a:23:91:
         b8:48:d4:b9:87:9e:29:c6:80:ee:c5:36:45:08:77:89:6c:4a:
         66:80:72:bd:e1:a6:7d:bd:81:b1:11:fe:b9:50:4c:e3:ec:0f:
         be:d3:3d:26:86:c1:7f:1e:d3:b9:5e:fd:aa:b2:17:4e:b7:b2:
         9c:32:7d:a9:83:7f:8c:0f:8f:03:b6:49:00:70:09:6e:a7:87:
         00:9e:56:47:0d:56:0a:13:b6:e8:62:71:6d:ef:60:88:12:a6:
         d0:35:48:6c:80:c3:b5:59:db:41:76:0f:c8:3d:e2:b6:8f:c2:
         1b:79:0b:8f:df:b9:4a:72:84:0c:6e:a9:fc:76:99:a9:cd:c7:
         56:96:62:6e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKsQ6tqxKhZC0W/BlaKERMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjQ3Nzk1NzVjYjliZjA1ODI0MzI4N2U5ODIzNGRlY2E5
MTFmYzkwHhcNMjQwMTAyMTIzNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDZjNjljYjdjNDdlOTE2MzY4MDRkZmFkZDk5Y2Y1YmFlMDU0NjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDJojxnx/ztqxXdpDmq731Oj+wSc
fz0E0jFXAzzmTXwBJdX2BL1bcWX3DNwfRfUyDvPu6LSLlOOedK/1oS1CL4Xbw/hg
mNW8+chQ+oDgClVVVvAQYDAP3DeJfqlYGahO6Be3h4ZBYc9eMTYjr5m0RSNL0KIf
qmoL31Q2eSfGWnNmVlyivL01zTx0QYY/mOaE3juic8e/OXXIR0KsVWykA1k6j2O1
cQuXV1BGN4gz78gamy4BJqWfipLdp/2ARlMBxgoF/wYClHps3NM2hkYoxbLz5dnd
0osZGJSWe88Hr4CVBcttluOuRWOtgmeqkDuDnHR+Fbv1HNBd2g1vk2HgLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCRsact8R+kWNoBN+t2Zz1uuBUZFMB8GA1UdIwQY
MBaAFLn0d5V1y5vwWCQyh+mCNN7KkR/JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZSM2xYWExtX0JZSkRLSDZZSTAzc3FSSDhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC9mNmQyZGQtMDNhNy00ZjFmLWI4OTAt
Y2Q5ZmYwNTUyZjkyLzEvSkd4cHkzeEg2UlkyZ0UzNjNablBXNjRGUmtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC9mNmQyZGQtMDNhNy00ZjFmLWI4OTAtY2Q5ZmYwNTUyZjky
LzEvdWZSM2xYWExtX0JZSkRLSDZZSTAzc3FSSDhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVmIMA0G
CSqGSIb3DQEBCwUAA4IBAQAZ/psADIHSQa0qL7js6JmphsxObHAaJR+A0SQUN65d
WGhYDyRHJT4ARmuwLnSdnq0JroHYEPcnpGmDfI2fNaLorAWBdkQlgjleagS6Nu0b
Zzka4zDTkxHPlo5uOYlEoHnoVw9Rx3sShwKfTPtJBVYySG7YAsA97AL0zeo6I5G4
SNS5h54pxoDuxTZFCHeJbEpmgHK94aZ9vYGxEf65UEzj7A++0z0mhsF/HtO5Xv2q
shdOt7KcMn2pg3+MD48DtkkAcAlup4cAnlZHDVYKE7boYnFt72CIEqbQNUhsgMO1
WdtBdg/IPeK2j8IbeQuP37lKcoQMbqn8dpmpzcdWlmJu
-----END CERTIFICATE-----