Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/8ab976-e53a-4c43-a8e8-2014fe0a1611/1/OU1UdlvcF3kXUMja7DaZipAMWHQ.roa
File:                     OU1UdlvcF3kXUMja7DaZipAMWHQ.roa (raw, json)
Hash identifier:          NFl8QRZDZa4JauGtTREvBdQOdWwkPbH+RYxmkC1ispA=
Subject key identifier:   39:4D:54:76:5B:DC:17:79:17:50:C8:DA:EC:36:99:8A:90:0C:58:74
Certificate issuer:       /CN=323e300a7b63ad4fefbae671f51abc24f1128719
Certificate serial:       018CC5DC1407BD44F26D6A0A30FA89597A37
Authority key identifier: 32:3E:30:0A:7B:63:AD:4F:EF:BA:E6:71:F5:1A:BC:24:F1:12:87:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mj4wCntjrU_vuuZx9Rq8JPEShxk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/8ab976-e53a-4c43-a8e8-2014fe0a1611/1/OU1UdlvcF3kXUMja7DaZipAMWHQ.roa
Signing time:             Mon 01 Jan 2024 16:29:43 +0000
ROA not before:           Mon 01 Jan 2024 16:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208418
IP address blocks:        45.81.52.0/24 maxlen: 24
                          45.81.52.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/8ab976-e53a-4c43-a8e8-2014fe0a1611/1/Mj4wCntjrU_vuuZx9Rq8JPEShxk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/8ab976-e53a-4c43-a8e8-2014fe0a1611/1/Mj4wCntjrU_vuuZx9Rq8JPEShxk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mj4wCntjrU_vuuZx9Rq8JPEShxk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:14:07:bd:44:f2:6d:6a:0a:30:fa:89:59:7a:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=323e300a7b63ad4fefbae671f51abc24f1128719
        Validity
            Not Before: Jan  1 16:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=394d54765bdc17791750c8daec36998a900c5874
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:fd:d2:26:12:bb:76:94:e0:fd:99:24:9d:d1:
                    18:92:77:87:3c:47:12:28:42:95:d2:00:7d:1d:7b:
                    44:f2:31:87:3d:2b:1c:f1:27:49:5b:d6:21:10:cf:
                    c6:82:15:ef:1a:39:f5:11:89:ff:1f:04:94:78:07:
                    c8:bc:da:00:5a:d5:db:9e:93:9a:86:ff:a4:f0:b3:
                    86:25:f2:82:2e:b8:31:94:2d:6e:25:54:a4:d5:1b:
                    c2:72:0e:21:72:87:10:5d:8c:9a:9d:31:e2:9f:cc:
                    3f:eb:05:89:41:6d:4b:62:66:da:f7:b3:14:3f:16:
                    fa:2c:50:dc:29:3f:0d:fc:31:8b:88:af:dd:3f:49:
                    4e:92:ae:cb:ec:de:5c:72:60:51:bc:de:07:ba:59:
                    29:d8:45:1d:2b:ef:15:3f:d5:41:61:32:5e:55:a4:
                    1b:a4:e7:06:96:f1:55:fa:c0:65:cf:42:30:2d:bd:
                    7f:46:dd:7f:09:4d:75:c5:33:b0:04:12:d6:5e:75:
                    8a:fc:5e:d6:8a:4b:44:d7:03:1e:16:51:80:29:2d:
                    82:68:d2:2a:3d:0f:88:c4:7e:a6:62:ec:01:04:2b:
                    fe:60:ba:35:0e:14:2e:c1:98:cb:ec:14:28:2e:ca:
                    5e:9f:dc:84:e9:f6:31:92:6d:e0:76:1c:1a:37:1f:
                    95:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:4D:54:76:5B:DC:17:79:17:50:C8:DA:EC:36:99:8A:90:0C:58:74
            X509v3 Authority Key Identifier:
                keyid:32:3E:30:0A:7B:63:AD:4F:EF:BA:E6:71:F5:1A:BC:24:F1:12:87:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mj4wCntjrU_vuuZx9Rq8JPEShxk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/8ab976-e53a-4c43-a8e8-2014fe0a1611/1/OU1UdlvcF3kXUMja7DaZipAMWHQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/8ab976-e53a-4c43-a8e8-2014fe0a1611/1/Mj4wCntjrU_vuuZx9Rq8JPEShxk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:a2:ba:1e:a9:e2:04:8d:d6:67:ef:e9:73:bd:15:8f:90:67:
         6e:02:07:8c:c2:9e:81:fe:8d:21:7a:87:70:1b:fa:8c:27:c0:
         10:c1:44:2f:4c:b9:87:88:c6:62:ba:e7:3c:26:20:3e:fd:97:
         26:de:38:2a:e9:8a:fe:b9:7b:45:f1:50:4d:38:84:9d:e9:85:
         bb:b4:aa:80:f1:d5:33:3d:29:8f:09:49:20:e0:d2:48:5d:cb:
         8a:72:0f:a3:86:35:7c:9b:19:a8:d0:f0:72:ad:51:b5:78:6a:
         5e:d3:3d:d7:3c:7f:b0:98:7a:1d:bb:bb:09:7f:ed:21:0f:3d:
         ed:e1:92:af:57:ed:39:e3:d7:08:f9:a8:4d:bb:e3:68:b3:24:
         e7:fb:b3:ac:db:fa:ed:c3:0d:2f:12:d8:97:99:4f:1b:28:f7:
         46:7c:20:b2:f0:1e:fe:3e:5e:04:e2:6f:c5:c7:cf:66:2c:51:
         3c:40:43:82:2d:00:40:72:16:2a:27:de:70:19:15:a4:64:8b:
         51:8c:16:18:1c:6e:9f:a7:89:ab:f2:ba:a1:db:f2:99:aa:ca:
         cf:17:02:71:2c:86:b9:74:c5:6d:f0:d0:0b:e5:eb:f1:15:b3:
         75:f9:11:bd:d1:0d:37:19:4a:21:03:8b:31:ee:46:d4:a3:7d:
         3d:da:1f:52
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BQHvUTybWoKMPqJWXo3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyM2UzMDBhN2I2M2FkNGZlZmJhZTY3MWY1MWFiYzI0ZjEx
Mjg3MTkwHhcNMjQwMTAxMTYyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTRkNTQ3NjViZGMxNzc5MTc1MGM4ZGFlYzM2OTk4YTkwMGM1ODc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvf3SJhK7dpTg/ZkkndEYkneHPEcS
KEKV0gB9HXtE8jGHPSsc8SdJW9YhEM/GghXvGjn1EYn/HwSUeAfIvNoAWtXbnpOa
hv+k8LOGJfKCLrgxlC1uJVSk1RvCcg4hcocQXYyanTHin8w/6wWJQW1LYmba97MU
Pxb6LFDcKT8N/DGLiK/dP0lOkq7L7N5ccmBRvN4Hulkp2EUdK+8VP9VBYTJeVaQb
pOcGlvFV+sBlz0IwLb1/Rt1/CU11xTOwBBLWXnWK/F7WiktE1wMeFlGAKS2CaNIq
PQ+IxH6mYuwBBCv+YLo1DhQuwZjL7BQoLspen9yE6fYxkm3gdhwaNx+VxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDlNVHZb3Bd5F1DI2uw2mYqQDFh0MB8GA1UdIwQY
MBaAFDI+MAp7Y61P77rmcfUavCTxEocZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTWo0d0NudGpyVV92dXVaeDlScThKUEVTaHhrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC84YWI5NzYtZTUzYS00YzQzLWE4ZTgt
MjAxNGZlMGExNjExLzEvT1UxVWRsdmNGM2tYVU1qYTdEYVppcEFNV0hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC84YWI5NzYtZTUzYS00YzQzLWE4ZTgtMjAxNGZlMGExNjEx
LzEvTWo0d0NudGpyVV92dXVaeDlScThKUEVTaHhrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVE0MA0G
CSqGSIb3DQEBCwUAA4IBAQBuoroeqeIEjdZn7+lzvRWPkGduAgeMwp6B/o0heodw
G/qMJ8AQwUQvTLmHiMZiuuc8JiA+/Zcm3jgq6Yr+uXtF8VBNOISd6YW7tKqA8dUz
PSmPCUkg4NJIXcuKcg+jhjV8mxmo0PByrVG1eGpe0z3XPH+wmHodu7sJf+0hDz3t
4ZKvV+0549cI+ahNu+NosyTn+7Os2/rtww0vEtiXmU8bKPdGfCCy8B7+Pl4E4m/F
x89mLFE8QEOCLQBAchYqJ95wGRWkZItRjBYYHG6fp4mr8rqh2/KZqsrPFwJxLIa5
dMVt8NAL5evxFbN1+RG90Q03GUohA4sx7kbUo3092h9S
-----END CERTIFICATE-----