Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/x4Pf1yuy2VppWdhJ73eM-aBDFnA.roa
File:                     x4Pf1yuy2VppWdhJ73eM-aBDFnA.roa (raw, json)
Hash identifier:          j1S9Y9yaGy0/S3v+JAcngf4I4lHXmMmssOnjnciIHTE=
Subject key identifier:   C7:83:DF:D7:2B:B2:D9:5A:69:59:D8:49:EF:77:8C:F9:A0:43:16:70
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       018E798ECC11D3CEBDD79CBD0FD02380321B
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/x4Pf1yuy2VppWdhJ73eM-aBDFnA.roa
Signing time:             Tue 26 Mar 2024 06:59:45 +0000
ROA not before:           Tue 26 Mar 2024 06:59:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215310
IP address blocks:        45.141.168.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:79:8e:cc:11:d3:ce:bd:d7:9c:bd:0f:d0:23:80:32:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Mar 26 06:59:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c783dfd72bb2d95a6959d849ef778cf9a0431670
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:14:5a:45:51:54:41:d0:f5:be:4f:ba:1a:6f:
                    8b:57:86:d4:3a:9b:d2:42:e6:d6:41:ee:4c:98:0a:
                    74:4a:1b:16:25:70:e6:a5:21:8e:68:eb:71:33:3c:
                    a8:99:e1:8c:3c:8b:48:d1:d8:3f:2c:00:bb:63:16:
                    9e:9c:83:f7:af:2b:b9:1a:56:73:0f:0e:79:7e:af:
                    6a:00:a6:2c:b8:7d:20:f8:c5:3d:d3:b9:65:f1:b2:
                    01:12:b1:53:46:e5:c7:8e:aa:b9:d4:c4:0d:d0:69:
                    38:4c:e9:7a:c7:a8:54:f5:21:1f:90:56:e9:e2:a1:
                    d6:d1:e1:8c:89:9a:57:d3:00:03:c9:52:fd:0f:7b:
                    7b:2c:43:43:c3:c3:82:84:7f:fe:d6:39:d3:2a:32:
                    11:0c:c1:f1:43:f7:d6:21:24:31:ea:8d:ff:57:5e:
                    ec:de:08:73:ac:02:68:69:d6:ae:b2:bc:3e:48:b8:
                    da:63:f1:4f:f1:38:bb:98:43:2f:25:b1:e2:46:48:
                    fd:48:9b:1a:2a:fc:ab:34:a8:10:59:3c:39:8b:ad:
                    cd:4e:15:a5:65:ee:cc:1a:bd:08:5e:e2:b6:47:b8:
                    12:83:37:14:e3:d7:8f:b9:d0:6e:70:df:d7:32:1b:
                    44:55:d5:17:e9:84:c1:90:8f:5d:c8:d7:7b:ee:b7:
                    f4:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:83:DF:D7:2B:B2:D9:5A:69:59:D8:49:EF:77:8C:F9:A0:43:16:70
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/x4Pf1yuy2VppWdhJ73eM-aBDFnA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:f8:1a:06:4a:77:cc:19:d8:0a:78:ed:27:6d:be:29:78:56:
         12:5b:bc:ac:19:dc:53:bf:c0:67:b1:4c:f4:b4:94:62:e7:a1:
         ab:23:f6:34:46:dc:99:7e:9a:1f:3d:96:2c:45:cc:02:ff:1c:
         0c:e3:47:cd:6e:74:10:b1:84:af:02:e7:77:66:eb:86:39:64:
         a5:88:d1:56:08:70:da:31:c0:4d:64:ba:fc:8c:2d:b1:b3:de:
         0c:2b:8c:4c:9c:c3:41:5e:18:d1:aa:6b:92:e2:49:46:d9:ce:
         a0:f8:07:83:27:24:85:e2:3e:06:9c:c5:ab:61:ec:99:60:8e:
         bc:a8:fa:25:54:2c:73:41:9b:7e:c4:03:98:15:aa:80:71:79:
         be:aa:d4:68:b0:6b:67:9e:78:38:2e:33:3b:f6:9d:d0:8e:74:
         d0:98:c8:30:3a:0e:28:a3:d5:61:ed:ab:35:e9:2a:be:52:0a:
         6f:ab:ed:87:b5:e0:4f:49:73:d4:f6:b4:0f:27:77:5f:31:52:
         95:42:c4:5c:63:9e:fa:a2:9f:01:15:b8:61:1f:83:cf:06:94:
         b0:61:de:31:86:77:de:95:6e:1c:5d:af:a1:67:85:72:94:42:
         8a:01:b4:2d:af:2a:6e:60:b6:58:60:0e:98:4d:d7:22:3c:9f:
         4b:c7:5b:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY55jswR086915y9D9AjgDIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjQwMzI2MDY1OTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzgzZGZkNzJiYjJkOTVhNjk1OWQ4NDllZjc3OGNmOWEwNDMxNjcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBRaRVFUQdD1vk+6Gm+LV4bUOpvS
QubWQe5MmAp0ShsWJXDmpSGOaOtxMzyomeGMPItI0dg/LAC7YxaenIP3ryu5GlZz
Dw55fq9qAKYsuH0g+MU907ll8bIBErFTRuXHjqq51MQN0Gk4TOl6x6hU9SEfkFbp
4qHW0eGMiZpX0wADyVL9D3t7LENDw8OChH/+1jnTKjIRDMHxQ/fWISQx6o3/V17s
3ghzrAJoadausrw+SLjaY/FP8Ti7mEMvJbHiRkj9SJsaKvyrNKgQWTw5i63NThWl
Ze7MGr0IXuK2R7gSgzcU49ePudBucN/XMhtEVdUX6YTBkI9dyNd77rf0cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMeD39crstlaaVnYSe93jPmgQxZwMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEveDRQZjF5dXkyVnBwV2RoSjczZU0tYUJERm5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLY2oMA0G
CSqGSIb3DQEBCwUAA4IBAQB7+BoGSnfMGdgKeO0nbb4peFYSW7ysGdxTv8BnsUz0
tJRi56GrI/Y0RtyZfpofPZYsRcwC/xwM40fNbnQQsYSvAud3ZuuGOWSliNFWCHDa
McBNZLr8jC2xs94MK4xMnMNBXhjRqmuS4klG2c6g+AeDJySF4j4GnMWrYeyZYI68
qPolVCxzQZt+xAOYFaqAcXm+qtRosGtnnng4LjM79p3QjnTQmMgwOg4oo9Vh7as1
6Sq+Ugpvq+2HteBPSXPU9rQPJ3dfMVKVQsRcY576op8BFbhhH4PPBpSwYd4xhnfe
lW4cXa+hZ4VylEKKAbQtrypuYLZYYA6YTdciPJ9Lx1sL
-----END CERTIFICATE-----