Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/RX2H6-tz1QdRsWi0aRDhcqFJ2N0.roa
File:                     RX2H6-tz1QdRsWi0aRDhcqFJ2N0.roa (raw, json)
Hash identifier:          MHdWysYFODlgXgU5yOD/15qAp1YeoaC92tX8akPagQQ=
Subject key identifier:   45:7D:87:EB:EB:73:D5:07:51:B1:68:B4:69:10:E1:72:A1:49:D8:DD
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       018CC9BCA908724B20C489390D82A8F35FF3
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/RX2H6-tz1QdRsWi0aRDhcqFJ2N0.roa
Signing time:             Tue 02 Jan 2024 10:33:53 +0000
ROA not before:           Tue 02 Jan 2024 10:33:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48037
IP address blocks:        145.10.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a9:08:72:4b:20:c4:89:39:0d:82:a8:f3:5f:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  2 10:33:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=457d87ebeb73d50751b168b46910e172a149d8dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:8d:d3:23:60:6c:f0:01:1d:7c:30:9d:74:f6:
                    e6:95:9a:2c:f4:99:9c:41:2c:63:74:c3:6e:a6:b9:
                    f2:df:66:22:c1:a1:6a:08:e9:58:bb:1c:01:42:dd:
                    0c:bf:32:7a:58:63:09:4d:ba:f4:4f:ba:22:4b:6e:
                    c3:3f:ff:b7:2c:75:d6:bb:f7:43:86:af:6d:c6:88:
                    bf:c2:db:77:95:6d:5b:13:b7:84:8c:aa:f1:ae:35:
                    ff:0a:12:93:8f:41:62:03:24:64:44:de:5c:cb:d3:
                    07:46:74:53:d9:70:6c:4b:1d:fa:8b:c4:21:b3:cc:
                    ec:33:98:50:48:4b:cb:96:ae:71:ff:73:80:e5:a3:
                    de:6f:11:d1:50:87:01:00:0f:e4:56:e2:81:16:c4:
                    9e:27:db:4a:c4:63:81:2c:6a:c6:34:ce:cc:d2:a6:
                    76:77:33:11:5c:cc:8b:d7:e0:bd:56:27:19:e0:6c:
                    71:cf:9a:be:f1:31:4f:34:05:66:cd:d1:2b:a2:70:
                    a3:5a:2c:fb:23:a6:b3:00:cd:fb:cb:13:03:78:e3:
                    87:27:7d:5f:b4:0a:0f:75:46:e3:06:ac:17:6d:25:
                    38:2d:c9:54:30:17:63:72:0d:4c:6b:a4:25:e1:40:
                    cc:c6:95:80:b9:1c:a5:00:87:2f:1b:94:25:fa:f4:
                    7a:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:7D:87:EB:EB:73:D5:07:51:B1:68:B4:69:10:E1:72:A1:49:D8:DD
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/RX2H6-tz1QdRsWi0aRDhcqFJ2N0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.10.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3d:8d:2f:c2:88:69:88:a7:b0:46:f5:74:98:6d:cc:df:0d:19:
         ba:33:c0:b3:ca:1d:de:16:f1:6b:1c:e5:85:bf:3f:7c:9d:d6:
         85:6b:5b:91:f2:23:3e:44:81:9f:60:6a:1a:84:6f:94:ee:74:
         21:89:f7:ed:54:8c:6e:82:6c:84:36:8d:33:09:f2:7c:08:60:
         55:66:f5:08:64:e7:17:7a:91:82:e4:8a:80:13:cc:3f:92:1d:
         21:b8:dd:d9:d6:a6:2f:61:09:03:6d:1f:68:3c:05:8d:d1:04:
         54:d0:36:ec:b6:7e:70:ff:5a:7d:3d:fe:42:1d:17:60:dd:25:
         fb:dc:1d:f8:5b:79:0b:f6:87:62:78:71:87:80:a6:c0:5e:75:
         39:2b:5b:76:70:6d:6c:66:d7:05:01:0a:61:d8:3e:85:00:1e:
         c9:45:e9:6f:3c:4e:ef:df:f1:1a:d2:bd:a8:98:79:6d:6b:96:
         a2:56:db:9a:48:28:b5:56:97:85:d5:d7:a8:ce:b8:59:e3:b8:
         99:d3:b2:9e:5a:2b:40:36:c5:70:37:a4:55:2c:f4:a1:de:14:
         d3:51:cf:08:42:84:02:22:98:03:79:e6:a8:88:f8:d1:74:f9:
         d0:bf:c1:22:93:68:3e:54:3f:74:52:83:e8:6d:6c:a6:9d:66:
         e6:bd:4a:d1
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzJvKkIcksgxIk5DYKo81/zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjQwMTAyMTAzMzUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTdkODdlYmViNzNkNTA3NTFiMTY4YjQ2OTEwZTE3MmExNDlkOGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiY3TI2Bs8AEdfDCddPbmlZos9Jmc
QSxjdMNuprny32YiwaFqCOlYuxwBQt0MvzJ6WGMJTbr0T7oiS27DP/+3LHXWu/dD
hq9txoi/wtt3lW1bE7eEjKrxrjX/ChKTj0FiAyRkRN5cy9MHRnRT2XBsSx36i8Qh
s8zsM5hQSEvLlq5x/3OA5aPebxHRUIcBAA/kVuKBFsSeJ9tKxGOBLGrGNM7M0qZ2
dzMRXMyL1+C9VicZ4Gxxz5q+8TFPNAVmzdEronCjWiz7I6azAM37yxMDeOOHJ31f
tAoPdUbjBqwXbSU4LclUMBdjcg1Ma6Ql4UDMxpWAuRylAIcvG5Ql+vR6MwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFEV9h+vrc9UHUbFotGkQ4XKhSdjdMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvUlgySDYtdHoxUWRSc1dpMGFSRGhjcUZKMk4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkQowDQYJ
KoZIhvcNAQELBQADggEBAD2NL8KIaYinsEb1dJhtzN8NGbozwLPKHd4W8Wsc5YW/
P3yd1oVrW5HyIz5EgZ9gahqEb5TudCGJ9+1UjG6CbIQ2jTMJ8nwIYFVm9Qhk5xd6
kYLkioATzD+SHSG43dnWpi9hCQNtH2g8BY3RBFTQNuy2fnD/Wn09/kIdF2DdJfvc
HfhbeQv2h2J4cYeApsBedTkrW3ZwbWxm1wUBCmHYPoUAHslF6W88Tu/f8RrSvaiY
eW1rlqJW25pIKLVWl4XV16jOuFnjuJnTsp5aK0A2xXA3pFUs9KHeFNNRzwhChAIi
mAN55qiI+NF0+dC/wSKTaD5UP3RSg+htbKadZua9StE=
-----END CERTIFICATE-----