Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/m8mdIGgCdDk8ECzdaCvdrLh4mtc.roa
File:                     m8mdIGgCdDk8ECzdaCvdrLh4mtc.roa (raw, json)
Hash identifier:          1WaQc/H22UNCHQlCBW6a/NhfTlO0CUALYrwN4KQk1Ck=
Subject key identifier:   9B:C9:9D:20:68:02:74:39:3C:10:2C:DD:68:2B:DD:AC:B8:78:9A:D7
Certificate issuer:       /CN=3aca50858a1856ffa02e91356f14236e7c38b85a
Certificate serial:       018CC7271755EA9C86841873DB617891C2B9
Authority key identifier: 3A:CA:50:85:8A:18:56:FF:A0:2E:91:35:6F:14:23:6E:7C:38:B8:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OspQhYoYVv-gLpE1bxQjbnw4uFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/m8mdIGgCdDk8ECzdaCvdrLh4mtc.roa
Signing time:             Mon 01 Jan 2024 22:31:16 +0000
ROA not before:           Mon 01 Jan 2024 22:31:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62142
IP address blocks:        45.9.192.0/24 maxlen: 26
                          2a0e:1106::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/OspQhYoYVv-gLpE1bxQjbnw4uFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/OspQhYoYVv-gLpE1bxQjbnw4uFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OspQhYoYVv-gLpE1bxQjbnw4uFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:17:55:ea:9c:86:84:18:73:db:61:78:91:c2:b9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aca50858a1856ffa02e91356f14236e7c38b85a
        Validity
            Not Before: Jan  1 22:31:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9bc99d20680274393c102cdd682bddacb8789ad7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:d5:03:5c:79:16:38:c7:fd:89:3b:a6:89:bc:
                    02:2d:c8:17:0d:c0:b9:74:2a:0a:bf:aa:4b:7d:be:
                    a2:7d:b0:7d:a1:57:d9:91:94:c6:59:4d:44:f1:37:
                    eb:64:45:a8:81:2f:1e:36:ee:df:25:5b:63:c7:1d:
                    b6:41:33:21:20:dd:5b:ee:dc:e6:a7:05:2b:87:8b:
                    f3:7f:76:eb:76:a4:d2:dd:cf:86:57:2b:63:f2:97:
                    42:f9:57:ec:ed:e7:48:45:49:28:84:fa:24:a2:1e:
                    70:3d:5e:ab:b8:5d:72:9a:68:2d:71:fb:e7:40:18:
                    e8:18:54:9b:ea:62:36:4e:bf:84:8b:a7:5e:c0:9f:
                    42:d6:d1:d0:a5:fe:a5:de:84:9f:ed:00:7c:b0:ed:
                    9d:77:8e:6b:8a:5a:8e:a3:db:ac:48:c1:b8:21:28:
                    66:bd:e1:b0:2d:0a:9b:94:ec:95:ac:a2:7a:9f:c6:
                    a7:18:a9:f2:88:5b:52:bb:a4:32:1e:a0:5d:ac:27:
                    7b:e4:fc:1b:fe:64:17:cb:86:9c:29:f9:e8:f2:29:
                    92:f2:ef:31:fb:d3:ab:08:10:bf:95:7e:ac:c4:7f:
                    56:b4:87:ae:0b:00:77:ca:b3:57:9a:f5:26:62:98:
                    ca:c2:80:e6:6f:65:98:df:f8:2a:e5:57:d1:47:ff:
                    75:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:C9:9D:20:68:02:74:39:3C:10:2C:DD:68:2B:DD:AC:B8:78:9A:D7
            X509v3 Authority Key Identifier:
                keyid:3A:CA:50:85:8A:18:56:FF:A0:2E:91:35:6F:14:23:6E:7C:38:B8:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OspQhYoYVv-gLpE1bxQjbnw4uFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/m8mdIGgCdDk8ECzdaCvdrLh4mtc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/OspQhYoYVv-gLpE1bxQjbnw4uFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.192.0/24
                IPv6:
                  2a0e:1106::/40

    Signature Algorithm: sha256WithRSAEncryption
         23:00:a8:8a:4a:39:31:4a:64:e9:ff:d9:fe:d2:7e:6b:dd:35:
         37:f5:e3:79:0c:dd:f2:b6:a8:07:b3:3f:a8:75:cb:9c:9f:10:
         ee:7b:da:b4:8b:14:26:a9:ee:29:f4:83:8e:a4:b2:fa:3a:5b:
         fb:0d:19:a4:9c:05:0c:de:39:4f:92:3e:0d:66:f3:a1:2a:24:
         41:c1:be:df:cd:bc:b3:38:d8:6f:ca:4f:89:f8:4b:4e:64:eb:
         18:52:c9:2e:d8:d0:ba:66:cb:40:90:71:5a:93:34:32:fa:de:
         f8:78:bc:0e:bb:57:67:0f:1a:90:9c:39:8a:8a:b1:24:ff:d0:
         bb:df:ca:b6:5c:70:4d:e9:6d:11:36:c8:f0:e6:97:57:22:53:
         df:e2:bb:55:d6:63:72:4c:c7:2b:ee:51:e1:11:49:f1:72:3d:
         5e:0e:d1:2e:2f:27:b9:49:ab:1a:ad:e5:61:fe:9a:0a:84:e1:
         9d:36:93:78:7c:d2:ac:b1:54:35:29:5b:5c:11:67:fa:2b:ff:
         5f:f8:d9:ab:bb:9a:55:0e:8f:5b:ee:7d:62:47:56:ae:be:9f:
         3a:3f:08:d2:c8:ba:11:59:1e:45:75:ca:db:b1:f6:f8:83:34:
         85:dc:a0:cb:8a:bd:cf:95:d1:6d:3b:a7:09:c3:38:02:14:5d:
         a5:61:98:26
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzHJxdV6pyGhBhz22F4kcK5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhY2E1MDg1OGExODU2ZmZhMDJlOTEzNTZmMTQyMzZlN2Mz
OGI4NWEwHhcNMjQwMTAxMjIzMTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmM5OWQyMDY4MDI3NDM5M2MxMDJjZGQ2ODJiZGRhY2I4Nzg5YWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNUDXHkWOMf9iTumibwCLcgXDcC5
dCoKv6pLfb6ifbB9oVfZkZTGWU1E8TfrZEWogS8eNu7fJVtjxx22QTMhIN1b7tzm
pwUrh4vzf3brdqTS3c+GVytj8pdC+Vfs7edIRUkohPokoh5wPV6ruF1ymmgtcfvn
QBjoGFSb6mI2Tr+Ei6dewJ9C1tHQpf6l3oSf7QB8sO2dd45rilqOo9usSMG4IShm
veGwLQqblOyVrKJ6n8anGKnyiFtSu6QyHqBdrCd75Pwb/mQXy4acKfno8imS8u8x
+9OrCBC/lX6sxH9WtIeuCwB3yrNXmvUmYpjKwoDmb2WY3/gq5VfRR/91QQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFJvJnSBoAnQ5PBAs3Wgr3ay4eJrXMB8GA1UdIwQY
MBaAFDrKUIWKGFb/oC6RNW8UI258OLhaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3NwUWhZb1lWdi1nTHBFMWJ4UWpibnc0dUZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xMmI5MzctODkwZC00N2I1LWEwNDEt
MzMxZDdmYzc3YmQ0LzEvbThtZElHZ0NkRGs4RUN6ZGFDdmRyTGg0bXRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xMmI5MzctODkwZC00N2I1LWEwNDEtMzMxZDdmYzc3YmQ0
LzEvT3NwUWhZb1lWdi1nTHBFMWJ4UWpibnc0dUZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQALQnAMA4E
AgACMAgDBgAqDhEGADANBgkqhkiG9w0BAQsFAAOCAQEAIwCoiko5MUpk6f/Z/tJ+
a901N/XjeQzd8raoB7M/qHXLnJ8Q7nvatIsUJqnuKfSDjqSy+jpb+w0ZpJwFDN45
T5I+DWbzoSokQcG+3828szjYb8pPifhLTmTrGFLJLtjQumbLQJBxWpM0Mvre+Hi8
DrtXZw8akJw5ioqxJP/Qu9/KtlxwTeltETbI8OaXVyJT3+K7VdZjckzHK+5R4RFJ
8XI9Xg7RLi8nuUmrGq3lYf6aCoThnTaTeHzSrLFUNSlbXBFn+iv/X/jZq7uaVQ6P
W+59YkdWrr6fOj8I0si6EVkeRXXK27H2+IM0hdygy4q9z5XRbTunCcM4AhRdpWGY
Jg==
-----END CERTIFICATE-----