Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/qGPZvfRNnWmr00eepmaYJPMjmDU.roa
File:                     qGPZvfRNnWmr00eepmaYJPMjmDU.roa (raw, json)
Hash identifier:          Xdg6V4RatXkBGaTy6MJnwG883/Tq5Hs2kfUyBiAMmiY=
Subject key identifier:   A8:63:D9:BD:F4:4D:9D:69:AB:D3:47:9E:A6:66:98:24:F3:23:98:35
Certificate issuer:       /CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
Certificate serial:       018CC26D2E6F37D24592FD8DC383E51A7E4B
Authority key identifier: 8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/qGPZvfRNnWmr00eepmaYJPMjmDU.roa
Signing time:             Mon 01 Jan 2024 00:29:44 +0000
ROA not before:           Mon 01 Jan 2024 00:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197759
IP address blocks:        45.131.78.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:2e:6f:37:d2:45:92:fd:8d:c3:83:e5:1a:7e:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8fc69646457a8bf8ef9569b9b427e9f2c462e56e
        Validity
            Not Before: Jan  1 00:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a863d9bdf44d9d69abd3479ea6669824f3239835
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:6c:c6:e6:73:c0:a7:f8:b2:42:ee:d4:8e:18:
                    6d:60:57:54:8c:d4:0a:b4:fe:fa:bc:d1:6a:72:10:
                    b6:e9:cb:82:99:2b:ba:fe:2c:2d:66:06:a9:f2:ce:
                    66:5b:9e:db:d9:65:77:85:3f:65:c5:64:6b:f9:52:
                    5b:0f:4f:0d:57:98:d6:86:1d:db:a8:6e:10:9c:da:
                    ab:61:a7:1b:0b:27:e6:98:d8:70:a4:d0:9c:13:e8:
                    99:1e:aa:ec:ba:1b:53:18:5a:02:d9:60:40:88:fc:
                    5a:40:16:70:da:62:9a:84:93:25:3f:b1:5b:a5:89:
                    46:16:fc:ec:53:cc:a6:fc:68:8f:3e:c6:dd:2d:3c:
                    54:a4:fd:0c:31:22:a9:33:79:84:0d:a9:44:9d:ed:
                    17:21:39:9f:7f:aa:45:26:21:b8:41:a9:49:2d:5b:
                    7d:c0:a9:60:39:5b:75:46:60:4f:89:1f:64:73:54:
                    95:d6:8c:02:5e:e0:ba:96:3b:61:0d:d5:16:41:75:
                    51:fa:08:8a:ae:c6:6a:c0:25:7b:f4:62:ec:e5:1c:
                    cf:4d:99:50:36:4a:e6:b3:e4:4e:90:a5:52:fc:66:
                    0a:e4:2a:45:1a:f4:8c:1b:cc:b5:3c:80:48:05:1f:
                    d0:15:5e:a9:8c:b2:ff:f7:1a:29:bc:6c:76:5a:db:
                    c0:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:63:D9:BD:F4:4D:9D:69:AB:D3:47:9E:A6:66:98:24:F3:23:98:35
            X509v3 Authority Key Identifier:
                keyid:8F:C6:96:46:45:7A:8B:F8:EF:95:69:B9:B4:27:E9:F2:C4:62:E5:6E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j8aWRkV6i_jvlWm5tCfp8sRi5W4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/qGPZvfRNnWmr00eepmaYJPMjmDU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/9fab5c-e138-4ef6-8799-b0b35a34e388/1/j8aWRkV6i_jvlWm5tCfp8sRi5W4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.78.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:be:e0:fd:20:ab:31:55:a7:8e:4d:49:fb:fc:58:28:1e:e6:
         ab:1b:28:5d:c7:80:c6:ce:48:fb:45:d0:38:16:f6:f9:b0:e4:
         3c:94:ed:3e:bc:f7:69:ee:33:7e:21:4a:4e:2f:6c:6c:df:ff:
         6e:a5:e5:03:6a:9f:30:96:7b:61:6d:73:35:2a:af:e1:91:53:
         86:d0:6b:31:3a:64:2c:ea:3e:71:10:cb:b5:be:58:bd:45:e9:
         a2:ba:79:12:99:81:bd:c6:a5:c3:f1:ea:4c:f0:6a:8a:ce:ec:
         f1:e6:4e:7d:d9:fc:a1:23:e6:c5:94:92:04:3f:35:56:ec:73:
         56:c4:1b:c9:3c:79:97:17:bf:56:26:ad:b9:ac:c8:50:f7:a5:
         59:91:4f:04:48:1a:39:df:3a:52:c7:a4:92:10:13:fd:50:62:
         de:49:90:57:c8:a7:e6:61:f6:5d:c0:4a:88:9d:0d:19:bb:31:
         1b:3d:3b:68:44:de:f4:ae:b0:be:9c:fe:59:89:9e:e4:6e:9d:
         01:e6:f6:47:01:88:64:4f:0c:e5:a6:e6:3a:f6:14:16:9d:55:
         95:3b:c4:90:53:2e:fb:da:f3:ba:95:94:ba:e5:33:9f:2c:9f:
         cb:ce:75:fb:3f:6f:23:2a:d6:c5:38:1e:01:80:ad:fc:02:ee:
         83:26:60:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbS5vN9JFkv2Nw4PlGn5LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmYzY5NjQ2NDU3YThiZjhlZjk1NjliOWI0MjdlOWYyYzQ2
MmU1NmUwHhcNMjQwMTAxMDAyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODYzZDliZGY0NGQ5ZDY5YWJkMzQ3OWVhNjY2OTgyNGYzMjM5ODM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2zG5nPAp/iyQu7UjhhtYFdUjNQK
tP76vNFqchC26cuCmSu6/iwtZgap8s5mW57b2WV3hT9lxWRr+VJbD08NV5jWhh3b
qG4QnNqrYacbCyfmmNhwpNCcE+iZHqrsuhtTGFoC2WBAiPxaQBZw2mKahJMlP7Fb
pYlGFvzsU8ym/GiPPsbdLTxUpP0MMSKpM3mEDalEne0XITmff6pFJiG4QalJLVt9
wKlgOVt1RmBPiR9kc1SV1owCXuC6ljthDdUWQXVR+giKrsZqwCV79GLs5RzPTZlQ
Nkrms+ROkKVS/GYK5CpFGvSMG8y1PIBIBR/QFV6pjLL/9xopvGx2WtvA+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKhj2b30TZ1pq9NHnqZmmCTzI5g1MB8GA1UdIwQY
MBaAFI/GlkZFeov475VpubQn6fLEYuVuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTkt
YjBiMzVhMzRlMzg4LzEvcUdQWnZmUk5uV21yMDBlZXBtYVlKUE1qbURVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85ZmFiNWMtZTEzOC00ZWY2LTg3OTktYjBiMzVhMzRlMzg4
LzEvajhhV1JrVjZpX2p2bFdtNXRDZnA4c1JpNVc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYNOMA0G
CSqGSIb3DQEBCwUAA4IBAQArvuD9IKsxVaeOTUn7/FgoHuarGyhdx4DGzkj7RdA4
Fvb5sOQ8lO0+vPdp7jN+IUpOL2xs3/9upeUDap8wlnthbXM1Kq/hkVOG0GsxOmQs
6j5xEMu1vli9RemiunkSmYG9xqXD8epM8GqKzuzx5k592fyhI+bFlJIEPzVW7HNW
xBvJPHmXF79WJq25rMhQ96VZkU8ESBo53zpSx6SSEBP9UGLeSZBXyKfmYfZdwEqI
nQ0ZuzEbPTtoRN70rrC+nP5ZiZ7kbp0B5vZHAYhkTwzlpuY69hQWnVWVO8SQUy77
2vO6lZS65TOfLJ/LznX7P28jKtbFOB4BgK38Au6DJmBZ
-----END CERTIFICATE-----