Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/e85ad2-d2f1-481d-bfdf-bda534e6f643/1/OXG45KhURevq-eZCK0P7yslrvj4.roa
File:                     OXG45KhURevq-eZCK0P7yslrvj4.roa (raw, json)
Hash identifier:          Sx8MOuA9VR5EyojaeHonHZstvCFAqEs4aAu6D86jYtA=
Subject key identifier:   39:71:B8:E4:A8:54:45:EB:EA:F9:E6:42:2B:43:FB:CA:C9:6B:BE:3E
Certificate issuer:       /CN=8c81648afc34ce191437516cddc4bf0dcdf47e3b
Certificate serial:       018CC348CD5398D09584A9F288691613DBBA
Authority key identifier: 8C:81:64:8A:FC:34:CE:19:14:37:51:6C:DD:C4:BF:0D:CD:F4:7E:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jIFkivw0zhkUN1Fs3cS_Dc30fjs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/e85ad2-d2f1-481d-bfdf-bda534e6f643/1/OXG45KhURevq-eZCK0P7yslrvj4.roa
Signing time:             Mon 01 Jan 2024 04:29:37 +0000
ROA not before:           Mon 01 Jan 2024 04:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206975
IP address blocks:        45.155.82.0/24 maxlen: 24
                          45.155.81.0/24 maxlen: 24
                          45.155.80.0/22 maxlen: 22
                          45.155.80.0/24 maxlen: 24
                          45.155.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/e85ad2-d2f1-481d-bfdf-bda534e6f643/1/jIFkivw0zhkUN1Fs3cS_Dc30fjs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/e85ad2-d2f1-481d-bfdf-bda534e6f643/1/jIFkivw0zhkUN1Fs3cS_Dc30fjs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jIFkivw0zhkUN1Fs3cS_Dc30fjs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:cd:53:98:d0:95:84:a9:f2:88:69:16:13:db:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c81648afc34ce191437516cddc4bf0dcdf47e3b
        Validity
            Not Before: Jan  1 04:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3971b8e4a85445ebeaf9e6422b43fbcac96bbe3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:35:0b:1b:d0:84:02:36:92:75:5e:87:57:a1:
                    5b:c8:70:9c:21:c6:fa:49:88:4e:a3:09:74:f0:0c:
                    f6:6c:db:77:2c:21:d9:a4:01:e4:8a:c4:c0:84:e3:
                    d5:ee:7a:ed:fb:c2:a7:77:84:4a:86:b3:87:41:bf:
                    62:00:91:72:58:16:45:0e:a2:68:e7:7c:b3:16:a5:
                    1a:0d:35:54:94:9b:d9:33:fc:17:60:02:a9:4f:25:
                    03:25:92:67:ca:50:8f:cc:ad:dd:e4:28:19:5d:90:
                    2e:06:14:7e:8f:93:04:ac:23:40:fd:3c:22:d0:71:
                    78:71:91:bd:ce:f6:34:05:07:8d:d3:8d:96:5b:5d:
                    9a:a8:c5:00:6a:0f:85:e3:c7:41:4f:d9:6d:f1:89:
                    87:df:64:57:27:f0:f2:67:f0:db:ff:0f:d4:0b:f2:
                    c3:73:21:39:39:1c:11:20:d1:22:23:01:0d:51:61:
                    de:2c:8d:8c:18:57:36:9e:99:57:ab:0c:ae:43:d5:
                    24:36:1b:82:e5:8a:1d:05:04:1b:5a:4e:be:68:61:
                    f5:1f:42:3b:ff:ac:52:b8:78:68:25:69:a6:67:ae:
                    fe:70:4c:42:1d:92:8b:08:9a:65:b4:e1:2d:df:48:
                    2f:74:2f:64:7c:71:14:ff:4b:ad:63:8f:ff:52:6a:
                    13:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:71:B8:E4:A8:54:45:EB:EA:F9:E6:42:2B:43:FB:CA:C9:6B:BE:3E
            X509v3 Authority Key Identifier:
                keyid:8C:81:64:8A:FC:34:CE:19:14:37:51:6C:DD:C4:BF:0D:CD:F4:7E:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jIFkivw0zhkUN1Fs3cS_Dc30fjs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e85ad2-d2f1-481d-bfdf-bda534e6f643/1/OXG45KhURevq-eZCK0P7yslrvj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/e85ad2-d2f1-481d-bfdf-bda534e6f643/1/jIFkivw0zhkUN1Fs3cS_Dc30fjs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.80.0/22

    Signature Algorithm: sha256WithRSAEncryption
         59:e8:4f:dd:b1:8d:bf:10:0a:ab:8b:b2:0d:38:d9:cf:73:2e:
         e5:01:ef:36:56:d0:57:95:b4:5e:25:7e:38:ee:a1:d1:93:ee:
         c9:de:23:2f:89:88:78:35:59:bb:68:3b:78:ac:a7:02:9a:73:
         42:c2:d6:63:81:6d:2a:70:e2:b0:0c:1a:4c:67:2c:21:ec:e3:
         8c:b1:ca:0c:fd:3a:e5:e2:a1:bd:d3:f1:3e:cc:f1:b2:08:32:
         b7:da:ba:87:97:63:bb:cb:ad:a6:53:7e:9a:1d:26:c6:68:6a:
         49:5c:7e:d4:4c:72:7d:32:28:3e:a9:df:ba:da:8b:9a:6f:36:
         18:6c:62:ad:85:88:aa:5f:38:28:d2:5e:c6:58:c8:18:60:20:
         3b:b9:e4:3c:0c:25:5a:b5:97:98:aa:dd:d6:c2:10:ee:b3:b3:
         5b:92:e9:eb:9f:d1:be:53:6b:0c:c0:21:0f:21:90:f4:2b:b3:
         b8:cd:25:34:36:97:9d:b7:61:08:f1:1e:b0:da:cd:d7:1b:ea:
         2a:76:fb:1c:12:d1:24:df:cc:a0:dc:83:3a:b0:59:5f:78:41:
         dc:f9:12:f2:53:4e:1e:4d:c2:b8:19:01:83:0b:55:c3:ec:bc:
         9b:e2:08:d1:12:76:be:4e:0a:8f:de:20:4a:db:08:57:d6:ec:
         a9:c5:08:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSM1TmNCVhKnyiGkWE9u6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjODE2NDhhZmMzNGNlMTkxNDM3NTE2Y2RkYzRiZjBkY2Rm
NDdlM2IwHhcNMjQwMTAxMDQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTcxYjhlNGE4NTQ0NWViZWFmOWU2NDIyYjQzZmJjYWM5NmJiZTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnDULG9CEAjaSdV6HV6FbyHCcIcb6
SYhOowl08Az2bNt3LCHZpAHkisTAhOPV7nrt+8Knd4RKhrOHQb9iAJFyWBZFDqJo
53yzFqUaDTVUlJvZM/wXYAKpTyUDJZJnylCPzK3d5CgZXZAuBhR+j5MErCNA/Twi
0HF4cZG9zvY0BQeN042WW12aqMUAag+F48dBT9lt8YmH32RXJ/DyZ/Db/w/UC/LD
cyE5ORwRINEiIwENUWHeLI2MGFc2nplXqwyuQ9UkNhuC5YodBQQbWk6+aGH1H0I7
/6xSuHhoJWmmZ67+cExCHZKLCJpltOEt30gvdC9kfHEU/0utY4//UmoTxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlxuOSoVEXr6vnmQitD+8rJa74+MB8GA1UdIwQY
MBaAFIyBZIr8NM4ZFDdRbN3Evw3N9H47MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaklGa2l2dzB6aGtVTjFGczNjU19EYzMwZmpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS9lODVhZDItZDJmMS00ODFkLWJmZGYt
YmRhNTM0ZTZmNjQzLzEvT1hHNDVLaFVSZXZxLWVaQ0swUDd5c2xydmo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS9lODVhZDItZDJmMS00ODFkLWJmZGYtYmRhNTM0ZTZmNjQz
LzEvaklGa2l2dzB6aGtVTjFGczNjU19EYzMwZmpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZtQMA0G
CSqGSIb3DQEBCwUAA4IBAQBZ6E/dsY2/EAqri7INONnPcy7lAe82VtBXlbReJX44
7qHRk+7J3iMviYh4NVm7aDt4rKcCmnNCwtZjgW0qcOKwDBpMZywh7OOMscoM/Trl
4qG90/E+zPGyCDK32rqHl2O7y62mU36aHSbGaGpJXH7UTHJ9Mig+qd+62ouabzYY
bGKthYiqXzgo0l7GWMgYYCA7ueQ8DCVatZeYqt3WwhDus7Nbkunrn9G+U2sMwCEP
IZD0K7O4zSU0Npedt2EI8R6w2s3XG+oqdvscEtEk38yg3IM6sFlfeEHc+RLyU04e
TcK4GQGDC1XD7Lyb4gjREna+TgqP3iBK2whX1uypxQgy
-----END CERTIFICATE-----