Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/466119-873f-4cfd-91a6-b1e313d79893/1/B1K1g5pBErsC3tVJWlKmSlRmWVw.roa
File:                     B1K1g5pBErsC3tVJWlKmSlRmWVw.roa (raw, json)
Hash identifier:          jtPxtoM7gI7xp9dJ8hsKQMcFtxrc5m5n4RICC6uUCC8=
Subject key identifier:   07:52:B5:83:9A:41:12:BB:02:DE:D5:49:5A:52:A6:4A:54:66:59:5C
Certificate issuer:       /CN=e0afb160a97338ab21114840addc6180a5ba42b1
Certificate serial:       018CC4922D4478655A440B1EF4768748B02C
Authority key identifier: E0:AF:B1:60:A9:73:38:AB:21:11:48:40:AD:DC:61:80:A5:BA:42:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4K-xYKlzOKshEUhArdxhgKW6QrE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/466119-873f-4cfd-91a6-b1e313d79893/1/B1K1g5pBErsC3tVJWlKmSlRmWVw.roa
Signing time:             Mon 01 Jan 2024 10:29:23 +0000
ROA not before:           Mon 01 Jan 2024 10:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203318
IP address blocks:        45.153.84.0/22 maxlen: 24
                          2a05:b000::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/466119-873f-4cfd-91a6-b1e313d79893/1/4K-xYKlzOKshEUhArdxhgKW6QrE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/466119-873f-4cfd-91a6-b1e313d79893/1/4K-xYKlzOKshEUhArdxhgKW6QrE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4K-xYKlzOKshEUhArdxhgKW6QrE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 19:02:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:2d:44:78:65:5a:44:0b:1e:f4:76:87:48:b0:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0afb160a97338ab21114840addc6180a5ba42b1
        Validity
            Not Before: Jan  1 10:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0752b5839a4112bb02ded5495a52a64a5466595c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:3c:41:27:e4:1e:fc:72:35:eb:b5:2e:0e:6a:
                    6d:fc:93:60:a7:71:34:0c:2d:9f:72:ae:bb:23:d5:
                    e1:2e:38:85:af:93:04:ec:10:1d:02:4f:02:a4:b1:
                    88:3b:08:08:67:28:99:63:36:71:69:3c:9e:46:b2:
                    33:73:1d:d6:66:70:c6:95:5f:20:7d:76:01:40:b9:
                    2a:38:71:e7:dd:7c:fb:53:27:1c:6b:1a:71:c0:21:
                    3a:73:36:d3:38:03:7a:dd:f0:69:04:a3:b2:f2:00:
                    09:04:97:c6:fd:5c:30:4e:e4:96:44:6d:8a:86:e4:
                    90:31:50:c6:cc:1d:bb:46:bc:3f:29:e1:4e:97:47:
                    be:13:58:cc:34:d5:db:49:dd:1c:8b:ec:68:d2:82:
                    14:06:bd:fa:c3:22:a7:f0:01:84:89:fa:7c:c3:55:
                    ef:b1:05:69:c7:56:59:e7:d4:d1:58:6c:f1:22:83:
                    9d:e9:31:39:97:a4:58:e9:18:44:fb:05:bd:49:98:
                    85:bf:da:2f:ff:61:87:d3:93:79:e4:a8:e4:ff:1b:
                    cc:b5:a5:a4:42:58:f4:5b:3e:b3:d0:d5:b7:02:d0:
                    bc:d0:86:1b:9e:76:cb:ab:2f:28:13:e7:78:fd:f4:
                    d8:ef:9d:66:d3:5b:c6:1c:13:83:3d:5f:23:c0:7f:
                    b7:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:52:B5:83:9A:41:12:BB:02:DE:D5:49:5A:52:A6:4A:54:66:59:5C
            X509v3 Authority Key Identifier:
                keyid:E0:AF:B1:60:A9:73:38:AB:21:11:48:40:AD:DC:61:80:A5:BA:42:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4K-xYKlzOKshEUhArdxhgKW6QrE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/466119-873f-4cfd-91a6-b1e313d79893/1/B1K1g5pBErsC3tVJWlKmSlRmWVw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/466119-873f-4cfd-91a6-b1e313d79893/1/4K-xYKlzOKshEUhArdxhgKW6QrE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.84.0/22
                IPv6:
                  2a05:b000::/32

    Signature Algorithm: sha256WithRSAEncryption
         b5:bd:e7:27:47:2c:dd:3c:cf:6e:9b:11:38:eb:35:78:c3:f2:
         52:a5:64:c7:57:d5:fb:21:76:8c:b3:62:ca:b7:07:36:0b:8f:
         4d:56:45:ec:de:63:0e:30:1f:fe:af:f3:9d:1d:91:51:97:6d:
         09:2c:82:70:d8:9c:d2:98:8f:38:b5:34:92:a3:fe:5f:37:ac:
         a3:49:6a:c2:67:ff:2d:fb:44:2a:12:54:88:ae:4e:3e:91:48:
         14:ff:d9:88:d1:06:35:86:bf:aa:82:da:28:fe:9c:11:36:6f:
         94:c6:76:07:49:56:53:47:1c:9b:7f:3f:7b:93:73:1e:ec:eb:
         31:16:88:99:1d:d9:87:ee:62:e5:f1:20:b3:cc:96:de:a1:b3:
         46:9b:65:62:97:c7:b4:25:9d:6c:77:df:17:9c:78:50:a3:24:
         47:17:77:fc:b1:7d:16:04:1b:10:8b:22:a1:ff:ac:ef:68:c1:
         db:d0:9f:5d:99:75:83:ae:65:d4:ee:64:99:14:7e:d6:0f:9a:
         43:65:60:99:03:2d:0f:41:75:0e:b7:dc:b9:62:6e:0a:e8:06:
         5c:6b:84:4d:23:15:51:67:1a:97:16:8a:85:8a:89:30:87:27:
         b6:3b:83:c3:a4:9d:ae:f3:a4:f3:ca:a4:1f:54:7c:96:61:2d:
         b7:a2:db:ba
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEki1EeGVaRAse9HaHSLAsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwYWZiMTYwYTk3MzM4YWIyMTExNDg0MGFkZGM2MTgwYTVi
YTQyYjEwHhcNMjQwMTAxMTAyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzUyYjU4MzlhNDExMmJiMDJkZWQ1NDk1YTUyYTY0YTU0NjY1OTVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjxBJ+Qe/HI167UuDmpt/JNgp3E0
DC2fcq67I9XhLjiFr5ME7BAdAk8CpLGIOwgIZyiZYzZxaTyeRrIzcx3WZnDGlV8g
fXYBQLkqOHHn3Xz7UyccaxpxwCE6czbTOAN63fBpBKOy8gAJBJfG/VwwTuSWRG2K
huSQMVDGzB27Rrw/KeFOl0e+E1jMNNXbSd0ci+xo0oIUBr36wyKn8AGEifp8w1Xv
sQVpx1ZZ59TRWGzxIoOd6TE5l6RY6RhE+wW9SZiFv9ov/2GH05N55Kjk/xvMtaWk
Qlj0Wz6z0NW3AtC80IYbnnbLqy8oE+d4/fTY751m01vGHBODPV8jwH+3AQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAdStYOaQRK7At7VSVpSpkpUZllcMB8GA1UdIwQY
MBaAFOCvsWCpczirIRFIQK3cYYClukKxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEsteFlLbHpPS3NoRVVoQXJkeGhnS1c2UXJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi80NjYxMTktODczZi00Y2ZkLTkxYTYt
YjFlMzEzZDc5ODkzLzEvQjFLMWc1cEJFcnNDM3RWSldsS21TbFJtV1Z3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi80NjYxMTktODczZi00Y2ZkLTkxYTYtYjFlMzEzZDc5ODkz
LzEvNEsteFlLbHpPS3NoRVVoQXJkeGhnS1c2UXJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZlUMA0E
AgACMAcDBQAqBbAAMA0GCSqGSIb3DQEBCwUAA4IBAQC1vecnRyzdPM9umxE46zV4
w/JSpWTHV9X7IXaMs2LKtwc2C49NVkXs3mMOMB/+r/OdHZFRl20JLIJw2JzSmI84
tTSSo/5fN6yjSWrCZ/8t+0QqElSIrk4+kUgU/9mI0QY1hr+qgtoo/pwRNm+UxnYH
SVZTRxybfz97k3Me7OsxFoiZHdmH7mLl8SCzzJbeobNGm2Vil8e0JZ1sd98XnHhQ
oyRHF3f8sX0WBBsQiyKh/6zvaMHb0J9dmXWDrmXU7mSZFH7WD5pDZWCZAy0PQXUO
t9y5Ym4K6AZca4RNIxVRZxqXFoqFiokwhye2O4PDpJ2u86TzyqQfVHyWYS23otu6
-----END CERTIFICATE-----