Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/d045ca-c1f7-4ed9-afdb-090c46e9f2ed/1/1MRv46aLV6-VLBS31_4qQTAwYso.roa
File:                     1MRv46aLV6-VLBS31_4qQTAwYso.roa (raw, json)
Hash identifier:          72YKuxwBGoqORbaMQsEqopCqCc8uRmUa4vYgeCG91X0=
Subject key identifier:   D4:C4:6F:E3:A6:8B:57:AF:95:2C:14:B7:D7:FE:2A:41:30:30:62:CA
Certificate issuer:       /CN=dc94bb69453f139a60029e22db0fb3424a906cee
Certificate serial:       018CC9BA5EA1F441255DCEAE79916241E8FD
Authority key identifier: DC:94:BB:69:45:3F:13:9A:60:02:9E:22:DB:0F:B3:42:4A:90:6C:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3JS7aUU_E5pgAp4i2w-zQkqQbO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/d045ca-c1f7-4ed9-afdb-090c46e9f2ed/1/1MRv46aLV6-VLBS31_4qQTAwYso.roa
Signing time:             Tue 02 Jan 2024 10:31:23 +0000
ROA not before:           Tue 02 Jan 2024 10:31:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43967
IP address blocks:        45.159.100.0/22 maxlen: 24
                          195.158.196.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/d045ca-c1f7-4ed9-afdb-090c46e9f2ed/1/3JS7aUU_E5pgAp4i2w-zQkqQbO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/d045ca-c1f7-4ed9-afdb-090c46e9f2ed/1/3JS7aUU_E5pgAp4i2w-zQkqQbO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3JS7aUU_E5pgAp4i2w-zQkqQbO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 11 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:5e:a1:f4:41:25:5d:ce:ae:79:91:62:41:e8:fd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc94bb69453f139a60029e22db0fb3424a906cee
        Validity
            Not Before: Jan  2 10:31:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4c46fe3a68b57af952c14b7d7fe2a41303062ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:e9:b9:62:d1:7a:a9:c1:d9:e1:fe:81:d7:11:
                    93:84:40:e7:f4:b0:72:ad:df:8e:6b:d2:4e:55:6a:
                    b0:98:ea:bf:6c:c0:8d:be:c7:2b:a7:05:41:bd:e3:
                    32:8d:f0:ee:7d:33:e7:51:2e:22:2a:fc:f0:6f:b0:
                    40:47:f7:20:a3:34:fa:7e:5e:d9:65:59:8a:02:da:
                    09:d8:70:20:c9:8f:08:fa:4b:ef:65:2f:e7:12:0d:
                    78:15:b8:d7:f1:e0:fd:70:4a:25:a7:5d:d3:f5:d7:
                    d4:cb:11:bc:06:5d:d1:19:5f:df:70:51:72:28:e2:
                    b8:b2:12:50:92:3e:9a:0a:21:49:d0:97:a4:ab:da:
                    81:b9:ea:07:85:4b:54:aa:57:9d:77:76:7a:95:91:
                    e1:c2:45:15:7d:b7:52:d8:7e:18:b8:7e:75:8a:48:
                    a6:61:59:23:96:15:75:67:f0:75:69:b8:70:da:93:
                    4d:fd:49:5b:ff:c5:c0:5e:72:f9:df:75:b9:8e:98:
                    18:99:7d:36:70:a4:51:19:1a:09:7a:02:3c:de:d7:
                    de:01:8d:b6:d0:55:09:b8:33:cf:90:3b:d5:04:c3:
                    97:27:5b:f7:cd:98:f8:a9:a0:25:b9:fd:6f:38:ea:
                    c8:96:e2:ae:61:38:7b:c4:4b:34:dc:80:74:d9:72:
                    af:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:C4:6F:E3:A6:8B:57:AF:95:2C:14:B7:D7:FE:2A:41:30:30:62:CA
            X509v3 Authority Key Identifier:
                keyid:DC:94:BB:69:45:3F:13:9A:60:02:9E:22:DB:0F:B3:42:4A:90:6C:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3JS7aUU_E5pgAp4i2w-zQkqQbO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d045ca-c1f7-4ed9-afdb-090c46e9f2ed/1/1MRv46aLV6-VLBS31_4qQTAwYso.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/d045ca-c1f7-4ed9-afdb-090c46e9f2ed/1/3JS7aUU_E5pgAp4i2w-zQkqQbO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.159.100.0/22
                  195.158.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:cd:31:c5:dd:3e:bb:e8:d7:79:83:4d:45:44:92:42:c9:9a:
         e0:a8:57:c0:62:fa:01:52:dc:6a:b5:ab:d3:42:cb:b1:c5:06:
         ef:23:75:7b:ee:a3:8d:56:1c:6c:c3:fe:4c:07:1e:60:5f:ab:
         49:7c:7c:21:74:7b:6b:82:5b:68:f7:56:a5:71:7b:55:78:55:
         f9:0f:e3:af:ed:2c:78:b7:80:da:89:0e:0b:5f:ba:cb:af:02:
         6b:e1:a7:49:dd:32:d7:7e:f1:a7:67:5b:ad:97:e4:02:38:5e:
         b2:a7:4a:af:59:38:fb:20:d5:bd:f9:32:69:e7:37:af:b6:8a:
         4b:05:68:be:59:67:eb:a3:8c:fd:75:80:2d:76:cb:1a:38:80:
         7f:9a:a5:80:f0:e5:cd:bb:4d:35:f6:86:1e:33:b0:c1:f5:ef:
         57:66:2c:c0:95:2a:b5:f9:84:f2:56:27:35:32:dd:46:fe:d1:
         57:31:70:38:9d:54:c5:be:1e:c5:f5:66:b1:39:af:be:b6:6c:
         1c:76:7a:48:66:a3:19:43:27:60:22:e9:ca:9b:49:ec:92:ef:
         eb:a7:8c:80:5c:c3:58:4d:a5:6b:46:1c:b9:0f:a8:60:aa:49:
         51:8f:e3:40:27:b0:b4:bf:b6:c7:68:6c:b6:bb:e5:7a:a9:9b:
         29:5c:4c:39
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJul6h9EElXc6ueZFiQej9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjOTRiYjY5NDUzZjEzOWE2MDAyOWUyMmRiMGZiMzQyNGE5
MDZjZWUwHhcNMjQwMTAyMTAzMTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNGM0NmZlM2E2OGI1N2FmOTUyYzE0YjdkN2ZlMmE0MTMwMzA2MmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmum5YtF6qcHZ4f6B1xGThEDn9LBy
rd+Oa9JOVWqwmOq/bMCNvscrpwVBveMyjfDufTPnUS4iKvzwb7BAR/cgozT6fl7Z
ZVmKAtoJ2HAgyY8I+kvvZS/nEg14FbjX8eD9cEolp13T9dfUyxG8Bl3RGV/fcFFy
KOK4shJQkj6aCiFJ0Jekq9qBueoHhUtUqledd3Z6lZHhwkUVfbdS2H4YuH51ikim
YVkjlhV1Z/B1abhw2pNN/Ulb/8XAXnL533W5jpgYmX02cKRRGRoJegI83tfeAY22
0FUJuDPPkDvVBMOXJ1v3zZj4qaAluf1vOOrIluKuYTh7xEs03IB02XKvpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNTEb+Omi1evlSwUt9f+KkEwMGLKMB8GA1UdIwQY
MBaAFNyUu2lFPxOaYAKeItsPs0JKkGzuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0pTN2FVVV9FNXBnQXA0aTJ3LXpRa3FRYk80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9kMDQ1Y2EtYzFmNy00ZWQ5LWFmZGIt
MDkwYzQ2ZTlmMmVkLzEvMU1SdjQ2YUxWNi1WTEJTMzFfNHFRVEF3WXNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9kMDQ1Y2EtYzFmNy00ZWQ5LWFmZGItMDkwYzQ2ZTlmMmVk
LzEvM0pTN2FVVV9FNXBnQXA0aTJ3LXpRa3FRYk80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZ9kAwQC
w57EMA0GCSqGSIb3DQEBCwUAA4IBAQBxzTHF3T676Nd5g01FRJJCyZrgqFfAYvoB
UtxqtavTQsuxxQbvI3V77qONVhxsw/5MBx5gX6tJfHwhdHtrglto91alcXtVeFX5
D+Ov7Sx4t4DaiQ4LX7rLrwJr4adJ3TLXfvGnZ1utl+QCOF6yp0qvWTj7INW9+TJp
5zevtopLBWi+WWfro4z9dYAtdssaOIB/mqWA8OXNu0019oYeM7DB9e9XZizAlSq1
+YTyVic1Mt1G/tFXMXA4nVTFvh7F9WaxOa++tmwcdnpIZqMZQydgIunKm0nsku/r
p4yAXMNYTaVrRhy5D6hgqklRj+NAJ7C0v7bHaGy2u+V6qZspXEw5
-----END CERTIFICATE-----