Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/9uKYEqkA2JRj2FgP2JTFqt8LyTc.roa
File:                     9uKYEqkA2JRj2FgP2JTFqt8LyTc.roa (raw, json)
Hash identifier:          pfG8K1+2opnuZoPfhZFhLZ+cJ1R2eCNnANQZuxpz7ZM=
Subject key identifier:   F6:E2:98:12:A9:00:D8:94:63:D8:58:0F:D8:94:C5:AA:DF:0B:C9:37
Certificate issuer:       /CN=5c892aed3833e6100f5e0cf12271fd80b755c361
Certificate serial:       018CC8018C3FA69B16EB527C022F57BCEC19
Authority key identifier: 5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/9uKYEqkA2JRj2FgP2JTFqt8LyTc.roa
Signing time:             Tue 02 Jan 2024 02:29:53 +0000
ROA not before:           Tue 02 Jan 2024 02:29:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200017
IP address blocks:        45.151.69.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 20:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:8c:3f:a6:9b:16:eb:52:7c:02:2f:57:bc:ec:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5c892aed3833e6100f5e0cf12271fd80b755c361
        Validity
            Not Before: Jan  2 02:29:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6e29812a900d89463d8580fd894c5aadf0bc937
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:ca:26:3c:70:21:20:56:76:5c:9d:0b:d2:c5:
                    b5:73:56:75:9d:ca:b9:85:60:e2:b8:5b:89:48:d3:
                    b3:71:01:b1:1d:71:94:61:49:74:94:3e:b4:15:6c:
                    77:88:ee:00:80:25:fa:97:6d:3b:e9:63:68:ff:2c:
                    ea:29:5b:b8:2f:ff:5b:22:df:31:04:aa:1b:1a:0c:
                    8c:e2:7a:12:0b:98:20:91:cd:df:1f:33:fa:1e:94:
                    80:7c:4f:68:f5:a2:c0:3e:ad:77:e2:6f:b4:86:aa:
                    53:a3:16:18:8d:6f:5a:fa:19:a2:c4:2d:bf:8c:7a:
                    d1:af:7b:f5:2f:96:fe:9f:ef:41:1a:c6:d4:66:1a:
                    0c:84:fe:5f:45:78:83:24:d1:81:b0:70:99:4d:63:
                    ae:8d:a7:fa:bd:11:7c:50:26:aa:98:09:1e:cc:d2:
                    68:f0:0b:be:0c:2c:61:0c:8d:9f:d0:ce:05:51:39:
                    69:d8:e5:34:1a:de:e7:96:20:e4:23:ba:34:f6:62:
                    b5:f0:e4:2e:22:b4:15:a8:c1:66:b4:29:28:6e:be:
                    c6:ca:56:b9:e3:3e:7d:74:36:0a:29:f4:0d:dd:8a:
                    ac:3c:69:6c:55:a7:3c:bb:f5:73:ac:dd:cd:46:5a:
                    b3:21:83:6c:f4:29:62:9e:b1:27:35:d7:f1:70:ab:
                    b5:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:E2:98:12:A9:00:D8:94:63:D8:58:0F:D8:94:C5:AA:DF:0B:C9:37
            X509v3 Authority Key Identifier:
                keyid:5C:89:2A:ED:38:33:E6:10:0F:5E:0C:F1:22:71:FD:80:B7:55:C3:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XIkq7Tgz5hAPXgzxInH9gLdVw2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/9uKYEqkA2JRj2FgP2JTFqt8LyTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/86fb46-d712-4602-9cce-3aa7daa9d3ec/1/XIkq7Tgz5hAPXgzxInH9gLdVw2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.69.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:58:78:e5:ff:05:84:e9:32:93:f1:09:91:fc:dd:7a:5e:d4:
         5e:e9:88:84:c7:90:6c:3a:a9:77:99:75:e2:d1:4b:09:77:6a:
         9f:63:a9:76:5a:22:9b:61:07:27:a2:6e:10:00:1d:de:da:ca:
         08:11:98:fd:66:1c:56:6e:eb:af:49:61:87:8b:b4:4c:e1:f9:
         d3:c4:4a:c5:b2:ee:7c:eb:35:a3:f3:c8:df:65:11:41:21:8d:
         b1:3b:9c:eb:b7:81:d4:70:b0:f1:06:1c:cf:d6:b7:6e:32:5c:
         d1:d8:e3:0c:48:b4:46:ea:23:02:25:7b:ad:2d:3a:5c:27:ac:
         45:23:9d:f6:de:c7:6e:2f:f5:e2:9b:f9:06:0b:cd:94:00:b6:
         f8:2a:1d:38:89:ba:bc:41:d6:2e:db:11:6b:e8:20:93:26:83:
         eb:ea:76:d5:99:6c:47:59:57:34:b0:50:16:e3:58:5e:3e:09:
         6e:8f:90:6a:12:a0:0d:f6:38:4a:7e:83:82:32:60:20:9a:03:
         30:e8:b5:d7:cf:a4:ca:f0:f6:68:f0:8c:42:b1:19:26:7d:08:
         a3:54:7a:51:f3:5e:1f:5d:c7:dd:51:56:51:d0:3b:de:47:97:
         e9:6a:51:1e:8b:05:b8:2f:1e:93:b6:02:5d:7a:34:5a:48:0c:
         de:ad:30:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAYw/ppsW61J8Ai9XvOwZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVjODkyYWVkMzgzM2U2MTAwZjVlMGNmMTIyNzFmZDgwYjc1
NWMzNjEwHhcNMjQwMTAyMDIyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmUyOTgxMmE5MDBkODk0NjNkODU4MGZkODk0YzVhYWRmMGJjOTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyMomPHAhIFZ2XJ0L0sW1c1Z1ncq5
hWDiuFuJSNOzcQGxHXGUYUl0lD60FWx3iO4AgCX6l2076WNo/yzqKVu4L/9bIt8x
BKobGgyM4noSC5ggkc3fHzP6HpSAfE9o9aLAPq134m+0hqpToxYYjW9a+hmixC2/
jHrRr3v1L5b+n+9BGsbUZhoMhP5fRXiDJNGBsHCZTWOujaf6vRF8UCaqmAkezNJo
8Au+DCxhDI2f0M4FUTlp2OU0Gt7nliDkI7o09mK18OQuIrQVqMFmtCkobr7Gyla5
4z59dDYKKfQN3YqsPGlsVac8u/VzrN3NRlqzIYNs9ClinrEnNdfxcKu1HQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPbimBKpANiUY9hYD9iUxarfC8k3MB8GA1UdIwQY
MBaAFFyJKu04M+YQD14M8SJx/YC3VcNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2Ut
M2FhN2RhYTlkM2VjLzEvOXVLWUVxa0EySlJqMkZnUDJKVEZxdDhMeVRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi84NmZiNDYtZDcxMi00NjAyLTljY2UtM2FhN2RhYTlkM2Vj
LzEvWElrcTdUZ3o1aEFQWGd6eEluSDlnTGRWdzJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZdFMA0G
CSqGSIb3DQEBCwUAA4IBAQA9WHjl/wWE6TKT8QmR/N16XtRe6YiEx5BsOql3mXXi
0UsJd2qfY6l2WiKbYQcnom4QAB3e2soIEZj9ZhxWbuuvSWGHi7RM4fnTxErFsu58
6zWj88jfZRFBIY2xO5zrt4HUcLDxBhzP1rduMlzR2OMMSLRG6iMCJXutLTpcJ6xF
I5323sduL/Xim/kGC82UALb4Kh04ibq8QdYu2xFr6CCTJoPr6nbVmWxHWVc0sFAW
41hePgluj5BqEqAN9jhKfoOCMmAgmgMw6LXXz6TK8PZo8IxCsRkmfQijVHpR814f
XcfdUVZR0DveR5fpalEeiwW4Lx6TtgJdejRaSAzerTBS
-----END CERTIFICATE-----