Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/4a68a7-dc31-40fa-a110-91d56200baf4/1/NAamPDal-rVrjA1r9N5wbsERf_g.roa
File:                     NAamPDal-rVrjA1r9N5wbsERf_g.roa (raw, json)
Hash identifier:          HG5fuPvi1F4hgTZKEOUt3IthR4taUqyfwJw7AujO8A8=
Subject key identifier:   34:06:A6:3C:36:A5:FA:B5:6B:8C:0D:6B:F4:DE:70:6E:C1:11:7F:F8
Certificate issuer:       /CN=851c281f576b43a1cab953c92041ce9599270c78
Certificate serial:       018CC72675EBD363A4B236412BFB65137FED
Authority key identifier: 85:1C:28:1F:57:6B:43:A1:CA:B9:53:C9:20:41:CE:95:99:27:0C:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hRwoH1drQ6HKuVPJIEHOlZknDHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/4a68a7-dc31-40fa-a110-91d56200baf4/1/NAamPDal-rVrjA1r9N5wbsERf_g.roa
Signing time:             Mon 01 Jan 2024 22:30:35 +0000
ROA not before:           Mon 01 Jan 2024 22:30:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57793
IP address blocks:        45.83.168.0/22 maxlen: 24
                          2a0e:8380::/29 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/4a68a7-dc31-40fa-a110-91d56200baf4/1/hRwoH1drQ6HKuVPJIEHOlZknDHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/4a68a7-dc31-40fa-a110-91d56200baf4/1/hRwoH1drQ6HKuVPJIEHOlZknDHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hRwoH1drQ6HKuVPJIEHOlZknDHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:75:eb:d3:63:a4:b2:36:41:2b:fb:65:13:7f:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=851c281f576b43a1cab953c92041ce9599270c78
        Validity
            Not Before: Jan  1 22:30:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3406a63c36a5fab56b8c0d6bf4de706ec1117ff8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:c8:9f:e2:33:4f:b2:73:82:18:55:0b:a8:e5:
                    b9:61:5e:2b:a4:e5:2b:b1:a5:2a:cc:a0:07:ab:2c:
                    e5:f8:b1:b3:f8:0d:c7:f3:0e:83:9c:8c:fb:53:49:
                    cc:a3:61:93:ac:00:51:30:4a:8c:da:8c:4a:b4:67:
                    3a:cd:32:83:a8:a0:f3:77:80:ac:25:5d:e7:33:e4:
                    58:fd:f2:f9:7d:c4:18:30:10:6f:b8:a1:26:90:9b:
                    99:33:f1:27:f2:a4:e1:0f:da:5c:b4:09:f9:23:cf:
                    f0:c2:9e:6a:b6:31:5b:c8:04:a1:fa:4a:ce:6b:e5:
                    f8:a2:32:88:34:84:a4:dd:c5:e2:2c:4b:2e:4d:64:
                    56:37:2c:bd:9b:dc:fd:c6:64:cc:f9:21:b1:56:14:
                    bc:b3:36:33:f2:f1:a2:27:e1:0a:3d:53:0d:c6:ec:
                    3c:76:ba:86:30:e2:b8:b5:5e:d1:fc:4b:8d:a3:46:
                    90:12:50:82:ef:cb:9f:d7:f3:22:8a:eb:c5:82:8b:
                    70:bf:03:eb:68:ce:83:03:55:c5:7b:7a:d5:3a:c5:
                    9a:e1:a7:31:69:2f:69:b7:14:28:93:4f:a9:a1:ee:
                    98:1b:95:18:39:3c:0d:1a:0f:9a:9b:ef:b6:f2:3d:
                    90:a8:d6:3f:f3:f2:39:39:04:e0:2a:15:74:1f:bc:
                    15:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:06:A6:3C:36:A5:FA:B5:6B:8C:0D:6B:F4:DE:70:6E:C1:11:7F:F8
            X509v3 Authority Key Identifier:
                keyid:85:1C:28:1F:57:6B:43:A1:CA:B9:53:C9:20:41:CE:95:99:27:0C:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hRwoH1drQ6HKuVPJIEHOlZknDHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4a68a7-dc31-40fa-a110-91d56200baf4/1/NAamPDal-rVrjA1r9N5wbsERf_g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/4a68a7-dc31-40fa-a110-91d56200baf4/1/hRwoH1drQ6HKuVPJIEHOlZknDHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.168.0/22
                IPv6:
                  2a0e:8380::/29

    Signature Algorithm: sha256WithRSAEncryption
         b0:60:55:85:8b:32:03:c1:c0:3a:82:59:b4:54:3a:9d:4c:6c:
         62:65:7a:c2:b4:a7:89:c3:13:27:b8:89:f8:a5:88:6a:ea:dc:
         7e:a7:6d:09:61:8a:93:86:23:15:78:4b:b1:a4:ff:b0:d4:b9:
         45:d7:24:d5:0d:2c:39:e1:6c:1f:da:bd:de:08:fd:28:1f:df:
         8d:59:3f:71:0d:86:6d:c0:7e:d5:c2:48:f5:34:e2:57:9b:db:
         5a:34:d8:b9:39:30:2b:e1:7c:65:78:ab:20:f5:67:7c:ce:a4:
         b1:9b:00:78:61:6f:2e:a0:c7:1a:03:f2:28:29:aa:cc:2c:46:
         3b:21:2e:69:1a:39:c8:6b:15:69:f1:3e:e3:82:92:8b:35:7a:
         df:06:e4:5c:ee:ea:30:92:38:4f:b9:03:da:ff:6d:78:64:31:
         38:a4:ba:14:bc:ab:41:23:7c:6a:6b:8a:ef:f9:fa:99:0b:7b:
         ae:31:49:20:f7:0e:96:7f:da:ba:33:b0:e6:75:65:00:6d:28:
         61:a5:3c:2f:aa:82:5c:74:dd:44:7a:93:3b:59:5c:eb:28:a6:
         1d:b6:36:99:b9:39:e6:01:d3:c9:15:8d:b3:01:d4:08:f1:1b:
         97:da:8a:93:df:a9:67:9d:c8:63:d6:e4:a1:29:26:fe:a0:63:
         cd:33:d1:28
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJnXr02OksjZBK/tlE3/tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1MWMyODFmNTc2YjQzYTFjYWI5NTNjOTIwNDFjZTk1OTky
NzBjNzgwHhcNMjQwMTAxMjIzMDM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDA2YTYzYzM2YTVmYWI1NmI4YzBkNmJmNGRlNzA2ZWMxMTE3ZmY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq8if4jNPsnOCGFULqOW5YV4rpOUr
saUqzKAHqyzl+LGz+A3H8w6DnIz7U0nMo2GTrABRMEqM2oxKtGc6zTKDqKDzd4Cs
JV3nM+RY/fL5fcQYMBBvuKEmkJuZM/En8qThD9pctAn5I8/wwp5qtjFbyASh+krO
a+X4ojKINISk3cXiLEsuTWRWNyy9m9z9xmTM+SGxVhS8szYz8vGiJ+EKPVMNxuw8
drqGMOK4tV7R/EuNo0aQElCC78uf1/MiiuvFgotwvwPraM6DA1XFe3rVOsWa4acx
aS9ptxQok0+poe6YG5UYOTwNGg+am++28j2QqNY/8/I5OQTgKhV0H7wVKQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDQGpjw2pfq1a4wNa/TecG7BEX/4MB8GA1UdIwQY
MBaAFIUcKB9Xa0OhyrlTySBBzpWZJwx4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaFJ3b0gxZHJRNkhLdVZQSklFSE9sWmtuREhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC80YTY4YTctZGMzMS00MGZhLWExMTAt
OTFkNTYyMDBiYWY0LzEvTkFhbVBEYWwtclZyakExcjlONXdic0VSZl9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC80YTY4YTctZGMzMS00MGZhLWExMTAtOTFkNTYyMDBiYWY0
LzEvaFJ3b0gxZHJRNkhLdVZQSklFSE9sWmtuREhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVOoMA0E
AgACMAcDBQMqDoOAMA0GCSqGSIb3DQEBCwUAA4IBAQCwYFWFizIDwcA6glm0VDqd
TGxiZXrCtKeJwxMnuIn4pYhq6tx+p20JYYqThiMVeEuxpP+w1LlF1yTVDSw54Wwf
2r3eCP0oH9+NWT9xDYZtwH7Vwkj1NOJXm9taNNi5OTAr4XxleKsg9Wd8zqSxmwB4
YW8uoMcaA/IoKarMLEY7IS5pGjnIaxVp8T7jgpKLNXrfBuRc7uowkjhPuQPa/214
ZDE4pLoUvKtBI3xqa4rv+fqZC3uuMUkg9w6Wf9q6M7DmdWUAbShhpTwvqoJcdN1E
epM7WVzrKKYdtjaZuTnmAdPJFY2zAdQI8RuX2oqT36lnnchj1uShKSb+oGPNM9Eo
-----END CERTIFICATE-----