Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/Rp_HcgsCzVn-e2Qbaf-fRXdbxmg.roa
File:                     Rp_HcgsCzVn-e2Qbaf-fRXdbxmg.roa (raw, json)
Hash identifier:          F+KcV6257T6B307qXRMloBRO0xPivl0rpJuMy+xl8cw=
Subject key identifier:   46:9F:C7:72:0B:02:CD:59:FE:7B:64:1B:69:FF:9F:45:77:5B:C6:68
Certificate issuer:       /CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
Certificate serial:       018CC9BC9D5344B7E0D4C60C8C0D28D79F7D
Authority key identifier: 17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/Rp_HcgsCzVn-e2Qbaf-fRXdbxmg.roa
Signing time:             Tue 02 Jan 2024 10:33:50 +0000
ROA not before:           Tue 02 Jan 2024 10:33:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     702
IP address blocks:        145.4.0.0/16 maxlen: 16

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:9d:53:44:b7:e0:d4:c6:0c:8c:0d:28:d7:9f:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1773db17795d2bf1b4b5345c5b29390dbaf4523e
        Validity
            Not Before: Jan  2 10:33:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=469fc7720b02cd59fe7b641b69ff9f45775bc668
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:ad:c9:76:38:f8:32:10:ca:e4:43:fe:59:83:
                    5b:4a:5c:d3:12:f1:21:59:99:b0:85:48:bc:26:af:
                    54:04:d8:ee:0a:35:c7:10:6f:33:de:0d:14:4f:ce:
                    05:ec:1e:45:70:d0:83:93:4c:b0:18:00:94:c6:fd:
                    a0:5a:61:54:0a:45:45:de:2b:b8:bd:5a:d3:d2:af:
                    d5:fa:65:37:90:e5:67:8b:e3:50:bd:76:7e:18:78:
                    0e:7d:17:0d:9c:bd:d3:b6:fe:09:3e:62:d8:51:7b:
                    3b:e9:35:0f:91:36:b0:6a:0b:63:bc:c6:d8:05:1b:
                    82:26:4b:86:e3:5d:44:ea:1a:35:2c:b4:25:4d:2b:
                    c7:8e:48:df:f3:62:02:1e:a0:8e:66:a8:0c:92:46:
                    a7:5a:4c:59:32:60:2a:61:d3:e7:0a:3d:24:7c:d8:
                    c7:a9:4a:4a:ad:88:8b:00:f4:f4:db:a2:d1:a8:1d:
                    e7:01:b1:47:fb:35:0a:2e:86:ad:c8:7f:f9:52:b3:
                    ed:a9:a5:28:7e:be:8d:bf:c3:ab:bc:04:7f:42:57:
                    fc:55:e0:d6:ed:00:db:c9:63:d7:e3:d9:7b:b4:4f:
                    ee:52:fd:1b:09:49:54:7a:54:55:7a:65:1e:88:1a:
                    12:a7:07:9b:ca:de:17:fb:d6:07:57:37:24:fc:f4:
                    4c:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                46:9F:C7:72:0B:02:CD:59:FE:7B:64:1B:69:FF:9F:45:77:5B:C6:68
            X509v3 Authority Key Identifier:
                keyid:17:73:DB:17:79:5D:2B:F1:B4:B5:34:5C:5B:29:39:0D:BA:F4:52:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/Rp_HcgsCzVn-e2Qbaf-fRXdbxmg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/f77cbd-893b-4616-9d76-54861f23249d/1/F3PbF3ldK_G0tTRcWyk5Dbr0Uj4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.4.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         3e:28:44:ef:4d:8b:90:92:cc:60:cf:7e:43:20:9a:e0:35:45:
         f7:e4:9b:19:9d:e9:49:9e:c1:9a:18:eb:dd:f3:1f:d5:95:48:
         1b:37:76:63:cf:df:f3:6b:29:eb:0b:a2:d5:99:a2:ac:e9:c8:
         8b:74:84:fc:43:13:1a:f3:2e:d7:4f:04:ff:e2:3e:eb:04:a3:
         61:c4:f3:c7:f9:b4:a2:a5:df:7b:ca:eb:b1:78:81:c3:09:66:
         7f:ad:d5:70:af:21:83:74:83:da:e1:4b:23:45:96:81:76:81:
         59:8d:33:21:15:f5:91:82:88:ef:1c:ef:4f:6b:99:cb:20:24:
         ca:85:41:45:ba:47:0f:b9:fb:9c:be:e5:e8:c7:22:84:bd:b6:
         db:ae:33:f1:47:87:25:b1:94:46:9b:11:d8:f4:8e:81:1f:81:
         9d:82:fd:ba:7c:63:c3:9b:f7:cf:ad:aa:96:ab:27:71:b4:e3:
         43:60:30:46:37:ef:fc:3a:ac:a3:d6:55:9e:18:80:9e:31:4c:
         b1:41:e3:12:38:86:e2:88:3b:37:54:6d:69:78:77:59:d8:0d:
         4e:50:a5:37:3b:dc:e5:98:c2:d3:8f:be:bb:3b:e4:ab:6b:74:
         19:da:66:3c:48:51:1f:6c:ac:0b:55:6e:3f:a4:be:25:2f:9b:
         bb:6e:21:44
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzJvJ1TRLfg1MYMjA0o1599MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzNkYjE3Nzk1ZDJiZjFiNGI1MzQ1YzViMjkzOTBkYmFm
NDUyM2UwHhcNMjQwMTAyMTAzMzUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NjlmYzc3MjBiMDJjZDU5ZmU3YjY0MWI2OWZmOWY0NTc3NWJjNjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9a3Jdjj4MhDK5EP+WYNbSlzTEvEh
WZmwhUi8Jq9UBNjuCjXHEG8z3g0UT84F7B5FcNCDk0ywGACUxv2gWmFUCkVF3iu4
vVrT0q/V+mU3kOVni+NQvXZ+GHgOfRcNnL3Ttv4JPmLYUXs76TUPkTawagtjvMbY
BRuCJkuG411E6ho1LLQlTSvHjkjf82ICHqCOZqgMkkanWkxZMmAqYdPnCj0kfNjH
qUpKrYiLAPT026LRqB3nAbFH+zUKLoatyH/5UrPtqaUofr6Nv8OrvAR/Qlf8VeDW
7QDbyWPX49l7tE/uUv0bCUlUelRVemUeiBoSpwebyt4X+9YHVzck/PRMzQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFEafx3ILAs1Z/ntkG2n/n0V3W8ZoMB8GA1UdIwQY
MBaAFBdz2xd5XSvxtLU0XFspOQ269FI+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYt
NTQ4NjFmMjMyNDlkLzEvUnBfSGNnc0N6Vm4tZTJRYmFmLWZSWGRieG1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC9mNzdjYmQtODkzYi00NjE2LTlkNzYtNTQ4NjFmMjMyNDlk
LzEvRjNQYkYzbGRLX0cwdFRSY1d5azVEYnIwVWo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAkQQwDQYJ
KoZIhvcNAQELBQADggEBAD4oRO9Ni5CSzGDPfkMgmuA1Rffkmxmd6UmewZoY693z
H9WVSBs3dmPP3/NrKesLotWZoqzpyIt0hPxDExrzLtdPBP/iPusEo2HE88f5tKKl
33vK67F4gcMJZn+t1XCvIYN0g9rhSyNFloF2gVmNMyEV9ZGCiO8c709rmcsgJMqF
QUW6Rw+5+5y+5ejHIoS9ttuuM/FHhyWxlEabEdj0joEfgZ2C/bp8Y8Ob98+tqpar
J3G040NgMEY37/w6rKPWVZ4YgJ4xTLFB4xI4huKIOzdUbWl4d1nYDU5QpTc73OWY
wtOPvrs75KtrdBnaZjxIUR9srAtVbj+kviUvm7tuIUQ=
-----END CERTIFICATE-----