Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/ItlKXyPwGNslZV0hhZQrPQkGIDo.roa
File:                     ItlKXyPwGNslZV0hhZQrPQkGIDo.roa (raw, json)
Hash identifier:          QAM+Z8SJJ8j3z9V119Wg+WZbsc2qc/EyTR472e7AXMs=
Subject key identifier:   22:D9:4A:5F:23:F0:18:DB:25:65:5D:21:85:94:2B:3D:09:06:20:3A
Certificate issuer:       /CN=bea6ca03a8c135ceeae232c937c1ee0bab87e782
Certificate serial:       018CCA28596F001890334E1A20C25C9E0BC6
Authority key identifier: BE:A6:CA:03:A8:C1:35:CE:EA:E2:32:C9:37:C1:EE:0B:AB:87:E7:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vqbKA6jBNc7q4jLJN8HuC6uH54I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/ItlKXyPwGNslZV0hhZQrPQkGIDo.roa
Signing time:             Tue 02 Jan 2024 12:31:31 +0000
ROA not before:           Tue 02 Jan 2024 12:31:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        45.8.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/vqbKA6jBNc7q4jLJN8HuC6uH54I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/vqbKA6jBNc7q4jLJN8HuC6uH54I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vqbKA6jBNc7q4jLJN8HuC6uH54I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:28:59:6f:00:18:90:33:4e:1a:20:c2:5c:9e:0b:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bea6ca03a8c135ceeae232c937c1ee0bab87e782
        Validity
            Not Before: Jan  2 12:31:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=22d94a5f23f018db25655d2185942b3d0906203a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:4e:df:e5:17:22:a6:9e:c6:7c:59:38:14:ed:
                    39:12:b4:23:ee:fc:17:93:6a:18:f1:1c:96:57:fb:
                    d9:28:4c:00:cb:36:02:12:92:22:ca:86:c1:93:64:
                    1c:15:6b:c7:3a:ea:00:46:1a:f3:f5:fe:8c:06:9a:
                    87:c6:ed:f7:2f:58:63:47:71:35:bd:7b:c9:a7:01:
                    44:49:e7:fa:83:01:cc:f7:85:b5:bb:76:f1:92:ab:
                    23:77:66:b1:27:ca:b3:e7:d3:d8:10:41:76:7d:ae:
                    9c:d3:01:4b:8a:07:92:2c:32:50:fe:36:cd:76:7a:
                    bd:6d:f8:dd:7b:67:d9:4f:34:fe:64:13:98:e4:3b:
                    13:79:7b:21:fa:ac:50:ea:4b:5e:80:dc:e9:ff:56:
                    f2:f1:79:4c:db:7b:95:24:a3:ad:e6:ae:62:2d:98:
                    d3:db:44:a3:1a:20:87:c9:38:d5:1f:88:b4:fd:f2:
                    a0:fa:02:00:55:ad:02:17:3e:38:ab:0a:87:a2:02:
                    62:99:22:49:40:01:bc:a3:3b:c0:53:2b:84:54:6b:
                    c3:62:b3:63:a0:ff:0c:ae:e1:53:d4:f3:33:21:58:
                    86:a8:95:73:f9:75:a0:89:0e:fa:6a:d4:82:f8:fd:
                    d6:d3:66:bb:72:1b:ab:3c:ab:47:8e:07:0f:93:e4:
                    90:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:D9:4A:5F:23:F0:18:DB:25:65:5D:21:85:94:2B:3D:09:06:20:3A
            X509v3 Authority Key Identifier:
                keyid:BE:A6:CA:03:A8:C1:35:CE:EA:E2:32:C9:37:C1:EE:0B:AB:87:E7:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vqbKA6jBNc7q4jLJN8HuC6uH54I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/ItlKXyPwGNslZV0hhZQrPQkGIDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/bc65f6-0c3b-404e-bfad-9fa4228c02ea/1/vqbKA6jBNc7q4jLJN8HuC6uH54I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:d4:2c:36:8a:b4:30:64:d5:84:45:28:58:96:89:33:5b:64:
         7c:f4:de:0d:74:5d:5e:37:52:df:08:8b:ba:44:03:1f:a7:05:
         63:7f:85:e3:b5:47:a0:fe:c7:71:b2:80:93:e9:d6:29:94:e0:
         aa:24:26:5f:6a:9d:8a:7d:96:20:e1:2f:6e:07:c4:f7:8d:bf:
         b9:3e:22:12:3d:8d:50:78:a2:63:e5:60:1c:2d:a4:c1:bf:ff:
         2a:05:49:c0:7b:64:fc:81:2c:d7:11:0a:d0:55:a7:98:c5:59:
         65:47:70:a7:57:0c:53:34:f8:19:12:5c:ac:7f:5d:42:0b:e6:
         32:94:a4:3f:12:65:0b:aa:6e:d3:1a:45:3c:07:11:a8:ad:b9:
         53:d7:d4:14:38:0d:cc:bf:68:c8:25:9c:58:8b:d7:b1:21:f0:
         9f:b6:e8:24:73:51:ec:2c:a1:73:40:6d:04:15:e5:ea:89:6d:
         d6:85:fc:06:f7:96:4b:a5:73:2b:d4:2a:09:90:1b:20:43:39:
         2a:cb:b5:ec:fb:ec:cb:1a:5a:2d:57:97:2b:d6:4f:6f:a1:3a:
         7e:d2:67:05:7c:08:3b:b2:31:9a:30:bd:fd:ce:1a:53:41:2b:
         9a:79:cb:db:41:54:0f:63:fe:91:ad:60:e2:bc:ae:e6:d2:0e:
         90:24:37:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKFlvABiQM04aIMJcngvGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYTZjYTAzYThjMTM1Y2VlYWUyMzJjOTM3YzFlZTBiYWI4
N2U3ODIwHhcNMjQwMTAyMTIzMTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmQ5NGE1ZjIzZjAxOGRiMjU2NTVkMjE4NTk0MmIzZDA5MDYyMDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0E7f5Rcipp7GfFk4FO05ErQj7vwX
k2oY8RyWV/vZKEwAyzYCEpIiyobBk2QcFWvHOuoARhrz9f6MBpqHxu33L1hjR3E1
vXvJpwFESef6gwHM94W1u3bxkqsjd2axJ8qz59PYEEF2fa6c0wFLigeSLDJQ/jbN
dnq9bfjde2fZTzT+ZBOY5DsTeXsh+qxQ6ktegNzp/1by8XlM23uVJKOt5q5iLZjT
20SjGiCHyTjVH4i0/fKg+gIAVa0CFz44qwqHogJimSJJQAG8ozvAUyuEVGvDYrNj
oP8MruFT1PMzIViGqJVz+XWgiQ76atSC+P3W02a7churPKtHjgcPk+SQdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLZSl8j8BjbJWVdIYWUKz0JBiA6MB8GA1UdIwQY
MBaAFL6mygOowTXO6uIyyTfB7gurh+eCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnFiS0E2akJOYzdxNGpMSk44SHVDNnVINTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9iYzY1ZjYtMGMzYi00MDRlLWJmYWQt
OWZhNDIyOGMwMmVhLzEvSXRsS1h5UHdHTnNsWlYwaGhaUXJQUWtHSURvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9iYzY1ZjYtMGMzYi00MDRlLWJmYWQtOWZhNDIyOGMwMmVh
LzEvdnFiS0E2akJOYzdxNGpMSk44SHVDNnVINTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQgrMA0G
CSqGSIb3DQEBCwUAA4IBAQBs1Cw2irQwZNWERShYlokzW2R89N4NdF1eN1LfCIu6
RAMfpwVjf4XjtUeg/sdxsoCT6dYplOCqJCZfap2KfZYg4S9uB8T3jb+5PiISPY1Q
eKJj5WAcLaTBv/8qBUnAe2T8gSzXEQrQVaeYxVllR3CnVwxTNPgZElysf11CC+Yy
lKQ/EmULqm7TGkU8BxGorblT19QUOA3Mv2jIJZxYi9exIfCftugkc1HsLKFzQG0E
FeXqiW3WhfwG95ZLpXMr1CoJkBsgQzkqy7Xs++zLGlotV5cr1k9voTp+0mcFfAg7
sjGaML39zhpTQSuaecvbQVQPY/6RrWDivK7m0g6QJDeW
-----END CERTIFICATE-----