Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/fda059-3436-4158-a1e4-49da05978ad0/1/UpGqVQThY3yVFDpjdD69HQBUjBk.roa
File:                     UpGqVQThY3yVFDpjdD69HQBUjBk.roa (raw, json)
Hash identifier:          KEBuxLbBRU/pCXpH4dX06zLilUmM4tCFH5WeH9eApd8=
Subject key identifier:   52:91:AA:55:04:E1:63:7C:95:14:3A:63:74:3E:BD:1D:00:54:8C:19
Certificate issuer:       /CN=23dcd6f17126d4e951d92bc5f4c06ba9450fc8d4
Certificate serial:       018CC56DE2DA86AACCE2E1B20F099812E522
Authority key identifier: 23:DC:D6:F1:71:26:D4:E9:51:D9:2B:C5:F4:C0:6B:A9:45:0F:C8:D4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I9zW8XEm1OlR2SvF9MBrqUUPyNQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/fda059-3436-4158-a1e4-49da05978ad0/1/UpGqVQThY3yVFDpjdD69HQBUjBk.roa
Signing time:             Mon 01 Jan 2024 14:29:22 +0000
ROA not before:           Mon 01 Jan 2024 14:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202966
IP address blocks:        45.137.228.0/22 maxlen: 22
                          2a0e:ac40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/fda059-3436-4158-a1e4-49da05978ad0/1/I9zW8XEm1OlR2SvF9MBrqUUPyNQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/fda059-3436-4158-a1e4-49da05978ad0/1/I9zW8XEm1OlR2SvF9MBrqUUPyNQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I9zW8XEm1OlR2SvF9MBrqUUPyNQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:e2:da:86:aa:cc:e2:e1:b2:0f:09:98:12:e5:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23dcd6f17126d4e951d92bc5f4c06ba9450fc8d4
        Validity
            Not Before: Jan  1 14:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5291aa5504e1637c95143a63743ebd1d00548c19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:dd:44:02:d7:1e:ca:14:ec:27:9d:54:80:b7:
                    38:3e:80:83:5b:ef:7b:26:68:5f:9b:da:f7:e4:71:
                    14:45:43:9b:e8:df:3f:bc:f4:23:90:3a:c0:03:dd:
                    e8:91:23:99:a1:8f:b6:51:ad:89:7a:4c:0e:47:c4:
                    bd:ee:58:20:4f:33:53:66:ea:12:f8:1d:03:cc:b5:
                    af:29:eb:1d:d6:f4:f5:4a:96:d6:ec:19:75:92:39:
                    33:11:a7:58:b4:0c:b7:85:7c:28:42:86:b8:8d:93:
                    27:0c:81:f5:72:93:7a:d2:54:a4:16:03:35:02:7b:
                    c3:c8:6d:f1:61:8e:dd:51:5a:6b:3e:f5:c0:c2:54:
                    e6:92:e7:58:45:dd:cd:a0:96:2c:fc:7a:c0:f7:e3:
                    75:b6:f1:2b:06:cf:55:d0:d9:ea:4f:15:57:bc:5b:
                    31:3f:74:c6:0b:c6:9c:28:11:b2:3d:4f:07:21:60:
                    52:06:7f:7a:a8:5d:7a:93:52:e8:a7:f0:5e:f8:f4:
                    95:a1:24:69:66:4c:66:db:c7:86:d5:99:09:66:35:
                    bf:bb:1f:ca:b3:88:cb:c2:c7:59:8a:4f:6b:20:a0:
                    aa:46:8f:47:bc:77:8c:01:83:e9:42:e7:0b:f3:b3:
                    dd:71:a9:92:a0:a0:13:2f:0e:f7:0f:ad:5a:a4:f2:
                    f1:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:91:AA:55:04:E1:63:7C:95:14:3A:63:74:3E:BD:1D:00:54:8C:19
            X509v3 Authority Key Identifier:
                keyid:23:DC:D6:F1:71:26:D4:E9:51:D9:2B:C5:F4:C0:6B:A9:45:0F:C8:D4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I9zW8XEm1OlR2SvF9MBrqUUPyNQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/fda059-3436-4158-a1e4-49da05978ad0/1/UpGqVQThY3yVFDpjdD69HQBUjBk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/fda059-3436-4158-a1e4-49da05978ad0/1/I9zW8XEm1OlR2SvF9MBrqUUPyNQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.137.228.0/22
                IPv6:
                  2a0e:ac40::/29

    Signature Algorithm: sha256WithRSAEncryption
         13:54:d6:1a:ed:a5:05:fb:88:35:fd:9c:64:21:70:fb:8c:76:
         39:ab:e0:0d:b5:7f:f0:8a:3a:4f:37:84:f7:68:2f:4a:0b:f2:
         52:86:e8:7e:3e:6d:dd:b3:5d:4d:45:e3:c5:09:af:e6:ca:70:
         be:2b:57:2d:fc:00:c4:57:7d:23:b1:ba:79:0d:48:ef:78:e7:
         79:80:b2:10:d9:9e:7e:bf:9c:50:fa:04:f5:99:40:0c:de:08:
         32:84:37:f4:2f:76:a6:29:db:fa:5c:d1:4c:3e:c8:ab:bc:aa:
         52:73:80:67:05:4e:0b:80:67:db:c0:a0:52:c5:ea:86:68:42:
         72:c6:b9:ae:55:b4:12:e9:e1:f2:d1:b9:aa:48:b2:61:86:f4:
         30:e4:bc:09:88:0b:f7:00:d5:8b:eb:12:9c:30:47:78:5a:79:
         74:5d:64:ec:07:bd:8e:93:70:a8:d3:83:5d:5e:8c:c2:17:b0:
         b9:d7:0b:4a:e9:fa:c3:6a:1a:7c:a9:08:4c:8f:e8:91:4c:a3:
         44:92:c9:ec:00:a8:bb:89:40:16:ad:80:e1:c2:44:a0:eb:22:
         94:52:41:03:2c:9d:71:0a:dd:72:3b:1e:87:00:52:06:1f:a3:
         41:87:04:60:ca:6d:7a:bc:ab:01:0d:96:42:7b:ad:da:ab:bf:
         f8:2c:73:9b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbeLahqrM4uGyDwmYEuUiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzZGNkNmYxNzEyNmQ0ZTk1MWQ5MmJjNWY0YzA2YmE5NDUw
ZmM4ZDQwHhcNMjQwMTAxMTQyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjkxYWE1NTA0ZTE2MzdjOTUxNDNhNjM3NDNlYmQxZDAwNTQ4YzE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzN1EAtceyhTsJ51UgLc4PoCDW+97
Jmhfm9r35HEURUOb6N8/vPQjkDrAA93okSOZoY+2Ua2JekwOR8S97lggTzNTZuoS
+B0DzLWvKesd1vT1SpbW7Bl1kjkzEadYtAy3hXwoQoa4jZMnDIH1cpN60lSkFgM1
AnvDyG3xYY7dUVprPvXAwlTmkudYRd3NoJYs/HrA9+N1tvErBs9V0NnqTxVXvFsx
P3TGC8acKBGyPU8HIWBSBn96qF16k1Lop/Be+PSVoSRpZkxm28eG1ZkJZjW/ux/K
s4jLwsdZik9rIKCqRo9HvHeMAYPpQucL87PdcamSoKATLw73D61apPLxawIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFFKRqlUE4WN8lRQ6Y3Q+vR0AVIwZMB8GA1UdIwQY
MBaAFCPc1vFxJtTpUdkrxfTAa6lFD8jUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTl6VzhYRW0xT2xSMlN2RjlNQnJxVVVQeU5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9mZGEwNTktMzQzNi00MTU4LWExZTQt
NDlkYTA1OTc4YWQwLzEvVXBHcVZRVGhZM3lWRkRwamRENjlIUUJVakJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9mZGEwNTktMzQzNi00MTU4LWExZTQtNDlkYTA1OTc4YWQw
LzEvSTl6VzhYRW0xT2xSMlN2RjlNQnJxVVVQeU5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLYnkMA0E
AgACMAcDBQMqDqxAMA0GCSqGSIb3DQEBCwUAA4IBAQATVNYa7aUF+4g1/ZxkIXD7
jHY5q+ANtX/wijpPN4T3aC9KC/JShuh+Pm3ds11NRePFCa/mynC+K1ct/ADEV30j
sbp5DUjveOd5gLIQ2Z5+v5xQ+gT1mUAM3ggyhDf0L3amKdv6XNFMPsirvKpSc4Bn
BU4LgGfbwKBSxeqGaEJyxrmuVbQS6eHy0bmqSLJhhvQw5LwJiAv3ANWL6xKcMEd4
Wnl0XWTsB72Ok3Co04NdXozCF7C51wtK6frDahp8qQhMj+iRTKNEksnsAKi7iUAW
rYDhwkSg6yKUUkEDLJ1xCt1yOx6HAFIGH6NBhwRgym16vKsBDZZCe63aq7/4LHOb
-----END CERTIFICATE-----