Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/97ad7e-fcbe-4fcc-9c3f-f48930e42641/1/oP1uck7vT0EeQoJK0Uh_MIrT27s.roa
File:                     oP1uck7vT0EeQoJK0Uh_MIrT27s.roa (raw, json)
Hash identifier:          r3X6w2UJb6A71oC+LQuwsNrP9F7a7CXOc7RFi7W49MA=
Subject key identifier:   A0:FD:6E:72:4E:EF:4F:41:1E:42:82:4A:D1:48:7F:30:8A:D3:DB:BB
Certificate issuer:       /CN=7277a02aa546dd1a0a6a82d05d90b0917e1545ed
Certificate serial:       018CC72729498E63570316D50006C65CE733
Authority key identifier: 72:77:A0:2A:A5:46:DD:1A:0A:6A:82:D0:5D:90:B0:91:7E:15:45:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cnegKqVG3RoKaoLQXZCwkX4VRe0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/97ad7e-fcbe-4fcc-9c3f-f48930e42641/1/oP1uck7vT0EeQoJK0Uh_MIrT27s.roa
Signing time:             Mon 01 Jan 2024 22:31:21 +0000
ROA not before:           Mon 01 Jan 2024 22:31:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208451
IP address blocks:        45.132.116.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/97ad7e-fcbe-4fcc-9c3f-f48930e42641/1/cnegKqVG3RoKaoLQXZCwkX4VRe0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/97ad7e-fcbe-4fcc-9c3f-f48930e42641/1/cnegKqVG3RoKaoLQXZCwkX4VRe0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cnegKqVG3RoKaoLQXZCwkX4VRe0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 04:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:29:49:8e:63:57:03:16:d5:00:06:c6:5c:e7:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7277a02aa546dd1a0a6a82d05d90b0917e1545ed
        Validity
            Not Before: Jan  1 22:31:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a0fd6e724eef4f411e42824ad1487f308ad3dbbb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:58:83:e2:51:17:ed:c7:6d:a5:60:4b:23:97:
                    b1:f0:ec:a9:08:1d:44:d2:39:c4:45:74:98:87:0b:
                    db:21:e5:07:ad:69:3a:a8:3a:4b:f0:5a:21:2b:bc:
                    e8:c9:10:c0:6f:05:39:e3:67:38:f6:1a:a0:c2:77:
                    c5:6b:3d:22:ad:1d:eb:c2:b7:fd:88:a5:d7:ce:b8:
                    54:af:31:51:ab:0c:70:49:33:68:cc:be:b0:5d:88:
                    9c:f1:8f:c1:64:e0:7c:b4:66:a0:c9:9d:24:8e:0f:
                    a5:e8:26:b3:71:88:9b:ec:cd:8f:25:ad:9e:07:95:
                    e0:90:f5:82:a8:98:46:e2:6d:6a:0c:67:af:83:ed:
                    d8:04:17:e2:8e:7f:f0:1c:ed:7f:a7:79:e7:c1:6a:
                    6e:ee:29:3e:c2:90:b7:e5:a3:38:81:85:74:dd:5c:
                    91:22:6b:bd:2c:31:8b:9c:c1:61:86:10:e0:eb:16:
                    61:9b:d3:bb:69:cb:00:cc:ad:53:bd:08:e9:1b:fd:
                    11:c7:3f:bc:d8:41:be:2e:a2:d7:21:42:32:1b:f4:
                    1f:04:6f:e1:99:3c:19:09:35:c6:91:8f:3f:3b:de:
                    84:8e:be:c0:28:91:54:f3:65:85:be:c5:43:7f:02:
                    0d:36:89:25:ee:d2:77:45:b2:fa:55:d9:da:a4:20:
                    2e:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:FD:6E:72:4E:EF:4F:41:1E:42:82:4A:D1:48:7F:30:8A:D3:DB:BB
            X509v3 Authority Key Identifier:
                keyid:72:77:A0:2A:A5:46:DD:1A:0A:6A:82:D0:5D:90:B0:91:7E:15:45:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cnegKqVG3RoKaoLQXZCwkX4VRe0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/97ad7e-fcbe-4fcc-9c3f-f48930e42641/1/oP1uck7vT0EeQoJK0Uh_MIrT27s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/97ad7e-fcbe-4fcc-9c3f-f48930e42641/1/cnegKqVG3RoKaoLQXZCwkX4VRe0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.132.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5e:e5:b9:9a:42:89:51:a6:7f:39:e4:2c:2b:1d:8b:15:5d:eb:
         e5:05:30:f5:e9:f6:b0:07:fd:fa:14:dc:93:a4:40:3a:5d:36:
         7a:f6:bf:99:09:fb:94:ae:ae:e9:47:82:1d:d4:67:77:29:7b:
         ca:dd:5b:35:31:c7:9b:19:17:15:be:f4:2b:43:43:5b:76:5b:
         fd:44:6d:55:a7:ba:6c:72:73:8f:0d:f3:9d:eb:7b:11:47:8e:
         db:dc:71:50:65:8c:14:fa:14:94:c9:c1:13:4a:9c:e4:20:43:
         08:8c:3c:0e:f4:dc:f4:bd:6f:9d:87:95:da:e9:c9:01:db:26:
         2a:73:9e:9e:b1:37:45:75:98:6d:3d:93:ac:08:9b:e1:a5:0d:
         7d:8a:58:1a:cc:b0:d3:50:0b:e9:37:f2:b5:3a:6e:e9:8f:fe:
         41:59:44:58:bc:97:13:72:53:0b:28:99:83:48:74:4c:25:15:
         95:85:7f:8b:8e:d8:46:c9:ba:81:a2:a0:ae:06:e1:db:ec:25:
         5a:3a:32:c7:e9:41:84:ed:0d:c5:81:71:eb:ae:77:1f:9c:9f:
         5a:bd:3a:b2:52:b6:0b:77:a7:73:a3:ae:59:6f:fe:37:d7:72:
         f3:e2:a1:a3:5d:29:42:70:7e:5c:dd:18:2e:bd:64:44:f9:08:
         1c:78:26:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJylJjmNXAxbVAAbGXOczMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyNzdhMDJhYTU0NmRkMWEwYTZhODJkMDVkOTBiMDkxN2Ux
NTQ1ZWQwHhcNMjQwMTAxMjIzMTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGZkNmU3MjRlZWY0ZjQxMWU0MjgyNGFkMTQ4N2YzMDhhZDNkYmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFiD4lEX7cdtpWBLI5ex8OypCB1E
0jnERXSYhwvbIeUHrWk6qDpL8FohK7zoyRDAbwU542c49hqgwnfFaz0irR3rwrf9
iKXXzrhUrzFRqwxwSTNozL6wXYic8Y/BZOB8tGagyZ0kjg+l6CazcYib7M2PJa2e
B5XgkPWCqJhG4m1qDGevg+3YBBfijn/wHO1/p3nnwWpu7ik+wpC35aM4gYV03VyR
Imu9LDGLnMFhhhDg6xZhm9O7acsAzK1TvQjpG/0Rxz+82EG+LqLXIUIyG/QfBG/h
mTwZCTXGkY8/O96Ejr7AKJFU82WFvsVDfwINNokl7tJ3RbL6VdnapCAu4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKD9bnJO709BHkKCStFIfzCK09u7MB8GA1UdIwQY
MBaAFHJ3oCqlRt0aCmqC0F2QsJF+FUXtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY25lZ0txVkczUm9LYW9MUVhaQ3drWDRWUmUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi85N2FkN2UtZmNiZS00ZmNjLTljM2Yt
ZjQ4OTMwZTQyNjQxLzEvb1AxdWNrN3ZUMEVlUW9KSzBVaF9NSXJUMjdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi85N2FkN2UtZmNiZS00ZmNjLTljM2YtZjQ4OTMwZTQyNjQx
LzEvY25lZ0txVkczUm9LYW9MUVhaQ3drWDRWUmUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYR0MA0G
CSqGSIb3DQEBCwUAA4IBAQBe5bmaQolRpn855CwrHYsVXevlBTD16fawB/36FNyT
pEA6XTZ69r+ZCfuUrq7pR4Id1Gd3KXvK3Vs1McebGRcVvvQrQ0Nbdlv9RG1Vp7ps
cnOPDfOd63sRR47b3HFQZYwU+hSUycETSpzkIEMIjDwO9Nz0vW+dh5Xa6ckB2yYq
c56esTdFdZhtPZOsCJvhpQ19ilgazLDTUAvpN/K1Om7pj/5BWURYvJcTclMLKJmD
SHRMJRWVhX+LjthGybqBoqCuBuHb7CVaOjLH6UGE7Q3FgXHrrncfnJ9avTqyUrYL
d6dzo65Zb/4313Lz4qGjXSlCcH5c3RguvWRE+QgceCbl
-----END CERTIFICATE-----