Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/RxzxGM0-uMrw4ebSEFkcYJDRQW8.roa
File:                     RxzxGM0-uMrw4ebSEFkcYJDRQW8.roa (raw, json)
Hash identifier:          /SVi5aDIZsJDvgbNgwfdbGRIPm0sdTbBIhJHM59xRBs=
Subject key identifier:   47:1C:F1:18:CD:3E:B8:CA:F0:E1:E6:D2:10:59:1C:60:90:D1:41:6F
Certificate issuer:       /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial:       01931A0366B3E29E5BE2A008CA2FA945DA73
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/RxzxGM0-uMrw4ebSEFkcYJDRQW8.roa
Signing time:             Mon 11 Nov 2024 06:57:30 +0000
ROA not before:           Mon 11 Nov 2024 06:57:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208959
IP address blocks:        45.131.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1a:03:66:b3:e2:9e:5b:e2:a0:08:ca:2f:a9:45:da:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
        Validity
            Not Before: Nov 11 06:57:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=471cf118cd3eb8caf0e1e6d210591c6090d1416f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:32:6f:2c:2a:63:f1:11:e4:2c:15:7e:f2:53:
                    ba:ea:90:e2:0e:4a:6c:79:0b:90:fe:0c:fe:24:98:
                    44:9e:31:d3:69:58:44:d0:9f:0a:3d:e1:b8:80:9b:
                    f4:06:83:10:5f:30:c4:0e:7a:78:18:74:fd:fb:b5:
                    55:ad:d2:ed:88:f4:62:2b:44:9e:fa:22:63:ff:87:
                    61:c1:ac:f6:70:05:5a:f1:57:12:c8:76:e1:2e:e0:
                    f6:06:eb:f0:4d:3b:42:a3:ee:7b:8c:93:58:b6:66:
                    61:61:56:7b:ea:65:08:55:34:b5:89:96:ce:31:9f:
                    f2:e0:59:61:ff:33:0a:9b:10:3a:16:ee:c8:4c:e2:
                    05:0e:4a:ed:79:e7:8d:4a:57:39:c7:ce:d9:c2:7a:
                    d4:58:13:86:15:bc:3b:26:44:dc:5f:f1:84:22:b6:
                    a9:ae:b2:73:b2:3e:7b:9a:70:04:b9:25:3f:9f:75:
                    11:61:41:80:54:c6:52:dd:20:91:c2:1f:a8:a2:2a:
                    87:a3:85:94:42:49:a2:44:ab:8a:5d:ff:be:85:3f:
                    d4:79:43:5f:7c:39:6d:9b:a5:e4:e5:2e:bd:75:ff:
                    69:ff:2a:cb:f4:0d:e0:de:ab:f3:4a:1c:39:ab:d9:
                    21:d5:20:30:a6:ea:d4:8b:a8:93:db:b9:a1:03:bf:
                    89:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:1C:F1:18:CD:3E:B8:CA:F0:E1:E6:D2:10:59:1C:60:90:D1:41:6F
            X509v3 Authority Key Identifier:
                keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/RxzxGM0-uMrw4ebSEFkcYJDRQW8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.79.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:c0:62:a7:cc:0e:dc:b9:c9:df:69:63:96:b3:f0:8f:af:b2:
         dc:28:2c:e2:d8:3e:09:e8:0d:01:36:09:4b:61:fa:d8:b0:ff:
         02:17:77:8d:54:0d:de:0d:a3:c8:fe:a9:33:80:cd:c2:73:a1:
         e6:60:17:9b:95:f4:be:20:5d:c0:91:ef:20:dc:26:6d:d3:03:
         b0:58:6b:4e:34:4e:75:7d:ca:22:bb:ab:61:a5:d1:73:fd:f6:
         8c:79:3b:2b:5d:c4:7b:c6:64:9d:cc:e0:72:d7:d4:40:8a:3f:
         6f:bb:5e:03:47:43:00:7a:f5:28:6e:82:5f:a0:6f:53:fa:09:
         da:1c:44:fd:d1:76:f5:1d:b9:a5:3a:2e:87:b7:ac:e9:d0:46:
         5b:fb:20:f2:6f:eb:ff:d6:be:9e:91:5c:22:17:bc:e5:71:0a:
         ee:2a:b9:20:81:dc:3d:21:f1:90:ea:24:5b:31:4a:95:4a:b8:
         2a:4f:96:4c:ab:db:ab:d8:53:d6:fc:bc:76:1d:12:84:ce:43:
         9b:b3:55:5a:0e:f5:16:0a:79:d3:ca:ab:04:63:61:08:d9:f2:
         57:44:d5:3c:a0:85:f0:fe:11:bb:60:92:29:e5:54:e3:22:b8:
         2a:ee:b3:86:e5:f8:80:68:4a:8b:27:1a:e2:d4:6d:15:3d:a1:
         de:d9:aa:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMaA2az4p5b4qAIyi+pRdpzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjQxMTExMDY1NzMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzFjZjExOGNkM2ViOGNhZjBlMWU2ZDIxMDU5MWM2MDkwZDE0MTZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArDJvLCpj8RHkLBV+8lO66pDiDkps
eQuQ/gz+JJhEnjHTaVhE0J8KPeG4gJv0BoMQXzDEDnp4GHT9+7VVrdLtiPRiK0Se
+iJj/4dhwaz2cAVa8VcSyHbhLuD2BuvwTTtCo+57jJNYtmZhYVZ76mUIVTS1iZbO
MZ/y4Flh/zMKmxA6Fu7ITOIFDkrteeeNSlc5x87ZwnrUWBOGFbw7JkTcX/GEIrap
rrJzsj57mnAEuSU/n3URYUGAVMZS3SCRwh+ooiqHo4WUQkmiRKuKXf++hT/UeUNf
fDltm6Xk5S69df9p/yrL9A3g3qvzShw5q9kh1SAwpurUi6iT27mhA7+JmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEcc8RjNPrjK8OHm0hBZHGCQ0UFvMB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvUnh6eEdNMC11TXJ3NGViU0VGa2NZSkRSUVc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTktYjBiMzVhMzRlMzg4
LzEvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYNPMA0G
CSqGSIb3DQEBCwUAA4IBAQCgwGKnzA7cucnfaWOWs/CPr7LcKCzi2D4J6A0BNglL
YfrYsP8CF3eNVA3eDaPI/qkzgM3Cc6HmYBeblfS+IF3Ake8g3CZt0wOwWGtONE51
fcoiu6thpdFz/faMeTsrXcR7xmSdzOBy19RAij9vu14DR0MAevUoboJfoG9T+gna
HET90Xb1HbmlOi6Ht6zp0EZb+yDyb+v/1r6ekVwiF7zlcQruKrkggdw9IfGQ6iRb
MUqVSrgqT5ZMq9ur2FPW/Lx2HRKEzkObs1VaDvUWCnnTyqsEY2EI2fJXRNU8oIXw
/hG7YJIp5VTjIrgq7rOG5fiAaEqLJxri1G0VPaHe2aoj
-----END CERTIFICATE-----