Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/lu8Rvs3fVMprmZmVVQ_1Clp3NdE.roa
File:                     lu8Rvs3fVMprmZmVVQ_1Clp3NdE.roa (raw, json)
Hash identifier:          jGFGdv0gwktWpG2AYOh1czpziVNBvimJ1wKyvJbDDQs=
Subject key identifier:   96:EF:11:BE:CD:DF:54:CA:6B:99:99:95:55:0F:F5:0A:5A:77:35:D1
Certificate issuer:       /CN=ee31367df6d1861071c92bae726523326f45ba2a
Certificate serial:       018CC801685EAB57274D3294A22E8CE80CF9
Authority key identifier: EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/lu8Rvs3fVMprmZmVVQ_1Clp3NdE.roa
Signing time:             Tue 02 Jan 2024 02:29:44 +0000
ROA not before:           Tue 02 Jan 2024 02:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208634
IP address blocks:        45.92.40.0/22 maxlen: 24
                          2a0e:1cc0::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:68:5e:ab:57:27:4d:32:94:a2:2e:8c:e8:0c:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee31367df6d1861071c92bae726523326f45ba2a
        Validity
            Not Before: Jan  2 02:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=96ef11becddf54ca6b999995550ff50a5a7735d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:0a:19:20:d9:20:77:7d:6c:b7:5f:0b:a8:10:
                    1a:51:97:43:df:02:5d:37:f9:a9:94:f0:5b:59:ee:
                    b1:a0:44:f0:51:1d:4c:f8:5b:f1:be:e5:62:06:3d:
                    0b:88:cc:d0:fd:26:43:63:b8:a9:18:09:63:0c:63:
                    62:e4:c7:25:73:61:33:d0:25:f0:ba:c7:18:4e:de:
                    37:54:dc:6e:1e:9e:d6:cb:a1:97:08:f2:f6:c5:a8:
                    17:50:47:73:d3:7d:a7:3b:db:20:aa:45:42:92:2a:
                    f4:2a:9e:75:c8:fa:10:e7:3a:cb:1a:2f:fc:ee:a6:
                    dd:71:2d:35:0d:fd:85:0f:0f:f8:98:3d:67:38:5d:
                    92:4b:dd:93:98:b2:cf:da:fa:12:85:17:e2:29:9f:
                    25:20:53:59:c7:54:b7:ab:f1:16:c8:32:d6:d1:4c:
                    ed:24:45:98:a9:3f:0c:a9:3e:ad:8d:3b:ff:ab:1b:
                    6b:f8:dc:47:45:c2:01:6c:1f:fb:e6:8a:96:10:f5:
                    ba:82:5b:55:5f:eb:2a:60:47:f8:4b:de:b5:2f:87:
                    fb:da:4d:cf:0a:7b:74:4c:1e:f4:95:05:bf:82:23:
                    15:b6:30:7a:a2:f4:a8:4b:16:fa:ef:6f:fa:5a:7f:
                    6d:d1:1b:de:41:d5:c1:26:cc:0a:ac:49:da:e9:95:
                    26:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:EF:11:BE:CD:DF:54:CA:6B:99:99:95:55:0F:F5:0A:5A:77:35:D1
            X509v3 Authority Key Identifier:
                keyid:EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/lu8Rvs3fVMprmZmVVQ_1Clp3NdE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.40.0/22
                IPv6:
                  2a0e:1cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         c4:87:64:a8:a7:96:2d:2f:86:0c:6f:87:84:cc:5c:50:8f:9d:
         c5:bf:c3:41:4f:5c:07:ba:8f:d0:8f:2c:95:cc:c2:70:08:89:
         5e:43:7f:b2:34:a0:3c:e2:9f:ec:b4:13:f6:05:8b:7e:9a:bb:
         bb:9b:3e:bc:6f:06:95:d3:83:b6:c8:45:ff:32:7d:57:a7:fb:
         cc:4c:c4:8d:a6:3f:da:af:db:8f:83:a7:ae:b6:31:8c:76:23:
         e4:74:90:09:46:cc:68:1f:4c:7c:4b:7a:78:02:ec:99:18:29:
         f8:75:d0:f7:38:ae:ab:4c:7a:2d:da:87:19:08:4f:7c:3a:31:
         79:57:6e:5a:01:99:57:a3:0b:fd:6d:13:63:f0:a4:ec:30:24:
         33:1e:fd:db:4f:3a:b1:68:c2:0e:b1:8b:1b:41:8d:3d:2b:8f:
         e6:7f:7d:55:f1:87:40:77:7d:f8:07:d0:5d:a8:ef:65:f0:0c:
         f7:9f:18:7c:ef:4a:f8:09:25:06:a0:2d:8c:ec:0f:0d:85:f6:
         4c:84:30:7f:fb:62:b3:b9:b3:be:99:1d:5f:01:9b:32:d3:ba:
         64:fe:58:aa:08:93:76:1c:b7:47:df:a1:9f:b9:d7:08:2d:51:
         40:f7:2f:14:a1:74:96:a0:f7:19:c5:ba:a3:60:17:4c:ef:4a:
         1b:b4:25:80
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIAWheq1cnTTKUoi6M6Az5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMzEzNjdkZjZkMTg2MTA3MWM5MmJhZTcyNjUyMzMyNmY0
NWJhMmEwHhcNMjQwMTAyMDIyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmVmMTFiZWNkZGY1NGNhNmI5OTk5OTU1NTBmZjUwYTVhNzczNWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlgoZINkgd31st18LqBAaUZdD3wJd
N/mplPBbWe6xoETwUR1M+FvxvuViBj0LiMzQ/SZDY7ipGAljDGNi5Mclc2Ez0CXw
uscYTt43VNxuHp7Wy6GXCPL2xagXUEdz032nO9sgqkVCkir0Kp51yPoQ5zrLGi/8
7qbdcS01Df2FDw/4mD1nOF2SS92TmLLP2voShRfiKZ8lIFNZx1S3q/EWyDLW0Uzt
JEWYqT8MqT6tjTv/qxtr+NxHRcIBbB/75oqWEPW6gltVX+sqYEf4S961L4f72k3P
Cnt0TB70lQW/giMVtjB6ovSoSxb672/6Wn9t0RveQdXBJswKrEna6ZUmRwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJbvEb7N31TKa5mZlVUP9QpadzXRMB8GA1UdIwQY
MBaAFO4xNn320YYQcckrrnJlIzJvRboqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2It
MTE1OWRiZmJlZDU0LzEvbHU4UnZzM2ZWTXBybVptVlZRXzFDbHAzTmRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2ItMTE1OWRiZmJlZDU0
LzEvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVwoMA0E
AgACMAcDBQMqDhzAMA0GCSqGSIb3DQEBCwUAA4IBAQDEh2Sop5YtL4YMb4eEzFxQ
j53Fv8NBT1wHuo/QjyyVzMJwCIleQ3+yNKA84p/stBP2BYt+mru7mz68bwaV04O2
yEX/Mn1Xp/vMTMSNpj/ar9uPg6eutjGMdiPkdJAJRsxoH0x8S3p4AuyZGCn4ddD3
OK6rTHot2ocZCE98OjF5V25aAZlXowv9bRNj8KTsMCQzHv3bTzqxaMIOsYsbQY09
K4/mf31V8YdAd334B9BdqO9l8Az3nxh870r4CSUGoC2M7A8NhfZMhDB/+2KzubO+
mR1fAZsy07pk/liqCJN2HLdH36GfudcILVFA9y8UoXSWoPcZxbqjYBdM70obtCWA
-----END CERTIFICATE-----