Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/zPJ4iT8IJFBLC4KpCDe12b_SOyA.roa
File:                     zPJ4iT8IJFBLC4KpCDe12b_SOyA.roa (raw, json)
Hash identifier:          27/bKUkD3B4SO5N537UzYaqqGUZorzyFlGbctpVT6Io=
Subject key identifier:   CC:F2:78:89:3F:08:24:50:4B:0B:82:A9:08:37:B5:D9:BF:D2:3B:20
Certificate issuer:       /CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
Certificate serial:       018CC6B7B8C2AFD20B8E4F0D14FFD4360731
Authority key identifier: 62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/zPJ4iT8IJFBLC4KpCDe12b_SOyA.roa
Signing time:             Mon 01 Jan 2024 20:29:38 +0000
ROA not before:           Mon 01 Jan 2024 20:29:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200019
IP address blocks:        45.145.0.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 20:27:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b7:b8:c2:af:d2:0b:8e:4f:0d:14:ff:d4:36:07:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6222e1c2a5315334b66d80f78d5b50b42e480b9c
        Validity
            Not Before: Jan  1 20:29:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ccf278893f0824504b0b82a90837b5d9bfd23b20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:6b:56:21:78:c6:17:08:8e:82:c0:e7:01:da:
                    ee:bc:d0:fc:79:58:55:5c:95:a4:db:9e:60:d2:f8:
                    2f:f3:20:79:fb:87:6c:f5:fd:40:79:4e:84:c5:9d:
                    89:15:91:c7:21:3e:09:98:6f:0d:9b:c3:0b:14:65:
                    63:ff:a2:24:5c:97:b7:79:80:ca:e9:c3:d1:76:29:
                    31:a3:57:ec:e0:3b:ac:45:98:58:ca:b3:61:d5:45:
                    30:f6:97:a2:3a:ef:38:60:72:21:61:ff:95:cd:b8:
                    b9:14:44:23:3a:81:05:76:e4:33:87:eb:5c:98:e5:
                    22:47:64:97:08:d2:46:e7:cb:7b:a1:fc:fc:c8:c0:
                    6e:ed:0a:38:96:d3:c2:21:a9:51:62:ed:93:6c:c9:
                    6e:5f:a7:1a:d5:e2:36:69:94:c1:09:57:a0:7f:55:
                    e6:99:b6:7b:f6:55:9f:f0:78:0e:ad:88:be:89:0d:
                    f7:5a:31:7a:9d:69:70:49:ff:52:06:f3:b5:cf:2e:
                    ff:a8:fb:8e:f1:a6:22:02:42:39:67:4b:ea:51:98:
                    00:bd:e5:ff:4b:8f:3b:02:ad:52:ba:1e:9e:03:8d:
                    e9:cc:a8:3f:2b:12:bd:e1:2a:89:80:04:dc:ae:dc:
                    ed:a7:db:c1:68:2e:71:9c:47:bf:89:bc:13:34:84:
                    0b:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:F2:78:89:3F:08:24:50:4B:0B:82:A9:08:37:B5:D9:BF:D2:3B:20
            X509v3 Authority Key Identifier:
                keyid:62:22:E1:C2:A5:31:53:34:B6:6D:80:F7:8D:5B:50:B4:2E:48:0B:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YiLhwqUxUzS2bYD3jVtQtC5IC5w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/zPJ4iT8IJFBLC4KpCDe12b_SOyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/999b97-c731-4192-85f1-573701c84833/1/YiLhwqUxUzS2bYD3jVtQtC5IC5w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:ae:1b:60:c1:31:15:bc:74:8e:b5:ed:af:75:a1:1b:69:3b:
         ad:36:b5:10:a1:85:cf:87:d7:08:39:3c:bc:98:32:b4:22:20:
         b5:99:e0:66:8d:62:47:1c:a7:fe:19:e9:28:63:26:82:87:52:
         64:f1:23:72:4c:24:fd:69:85:24:0d:96:70:55:bf:c7:4d:76:
         4a:48:c5:67:b3:48:e6:13:c7:db:f6:a6:77:6e:d4:57:8b:f9:
         1a:43:bb:d5:b3:dd:57:b2:62:fb:43:95:a3:72:9c:44:09:95:
         47:20:83:ec:0e:7e:b7:d6:dc:5f:81:06:6d:2a:2a:58:fe:f8:
         00:2c:65:23:77:87:34:d0:d2:53:bf:42:08:8b:a6:d2:db:e8:
         22:16:a3:e4:87:31:05:af:d2:50:4a:75:fa:e9:a8:bb:b5:7a:
         8b:32:bc:85:9f:45:a7:45:40:c8:35:93:0a:a0:f8:71:42:16:
         f5:ed:0f:17:f3:4d:f8:21:0a:05:c8:b0:3b:60:9b:4e:79:ac:
         2d:3e:7d:59:5c:c3:11:40:74:4d:2f:96:79:01:90:dc:be:ff:
         37:cf:dd:cf:22:f4:4d:ec:16:66:d7:42:99:11:9c:a8:8c:22:
         72:24:f0:47:47:bb:af:3d:1b:8b:ac:78:29:61:89:60:a3:84:
         5b:40:9c:b6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGt7jCr9ILjk8NFP/UNgcxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMjJlMWMyYTUzMTUzMzRiNjZkODBmNzhkNWI1MGI0MmU0
ODBiOWMwHhcNMjQwMTAxMjAyOTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2YyNzg4OTNmMDgyNDUwNGIwYjgyYTkwODM3YjVkOWJmZDIzYjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWtWIXjGFwiOgsDnAdruvND8eVhV
XJWk255g0vgv8yB5+4ds9f1AeU6ExZ2JFZHHIT4JmG8Nm8MLFGVj/6IkXJe3eYDK
6cPRdikxo1fs4DusRZhYyrNh1UUw9peiOu84YHIhYf+Vzbi5FEQjOoEFduQzh+tc
mOUiR2SXCNJG58t7ofz8yMBu7Qo4ltPCIalRYu2TbMluX6ca1eI2aZTBCVegf1Xm
mbZ79lWf8HgOrYi+iQ33WjF6nWlwSf9SBvO1zy7/qPuO8aYiAkI5Z0vqUZgAveX/
S487Aq1Suh6eA43pzKg/KxK94SqJgATcrtztp9vBaC5xnEe/ibwTNIQLCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMzyeIk/CCRQSwuCqQg3tdm/0jsgMB8GA1UdIwQY
MBaAFGIi4cKlMVM0tm2A941bULQuSAucMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEt
NTczNzAxYzg0ODMzLzEvelBKNGlUOElKRkJMQzRLcENEZTEyYl9TT3lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85OTliOTctYzczMS00MTkyLTg1ZjEtNTczNzAxYzg0ODMz
LzEvWWlMaHdxVXhVelMyYllEM2pWdFF0QzVJQzV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZEAMA0G
CSqGSIb3DQEBCwUAA4IBAQBDrhtgwTEVvHSOte2vdaEbaTutNrUQoYXPh9cIOTy8
mDK0IiC1meBmjWJHHKf+GekoYyaCh1Jk8SNyTCT9aYUkDZZwVb/HTXZKSMVns0jm
E8fb9qZ3btRXi/kaQ7vVs91XsmL7Q5WjcpxECZVHIIPsDn631txfgQZtKipY/vgA
LGUjd4c00NJTv0IIi6bS2+giFqPkhzEFr9JQSnX66ai7tXqLMryFn0WnRUDINZMK
oPhxQhb17Q8X8034IQoFyLA7YJtOeawtPn1ZXMMRQHRNL5Z5AZDcvv83z93PIvRN
7BZm10KZEZyojCJyJPBHR7uvPRuLrHgpYYlgo4RbQJy2
-----END CERTIFICATE-----