Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/1f0955-4d62-433b-b18c-7c37e639bf0f/1/VxlxdoLqNiPpy4IJtbfLwlSSzV0.roa
File:                     VxlxdoLqNiPpy4IJtbfLwlSSzV0.roa (raw, json)
Hash identifier:          uIUZieJ4FHgzdhmY+0JJ4SWlSVsKwFMrcPzkn4HdLRs=
Subject key identifier:   57:19:71:76:82:EA:36:23:E9:CB:82:09:B5:B7:CB:C2:54:92:CD:5D
Certificate issuer:       /CN=39caa0bd254d1a87f4bb30db3b513fdb9af625f6
Certificate serial:       018CC9BCA1E15CFF933E267EE82765F18551
Authority key identifier: 39:CA:A0:BD:25:4D:1A:87:F4:BB:30:DB:3B:51:3F:DB:9A:F6:25:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OcqgvSVNGof0uzDbO1E_25r2JfY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/1f0955-4d62-433b-b18c-7c37e639bf0f/1/VxlxdoLqNiPpy4IJtbfLwlSSzV0.roa
Signing time:             Tue 02 Jan 2024 10:33:51 +0000
ROA not before:           Tue 02 Jan 2024 10:33:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209046
IP address blocks:        45.9.44.0/22 maxlen: 22
                          45.9.44.0/24 maxlen: 24
                          45.9.47.0/24 maxlen: 24
                          45.9.46.0/24 maxlen: 24
                          45.9.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/1f0955-4d62-433b-b18c-7c37e639bf0f/1/OcqgvSVNGof0uzDbO1E_25r2JfY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/1f0955-4d62-433b-b18c-7c37e639bf0f/1/OcqgvSVNGof0uzDbO1E_25r2JfY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OcqgvSVNGof0uzDbO1E_25r2JfY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 22:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:a1:e1:5c:ff:93:3e:26:7e:e8:27:65:f1:85:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39caa0bd254d1a87f4bb30db3b513fdb9af625f6
        Validity
            Not Before: Jan  2 10:33:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5719717682ea3623e9cb8209b5b7cbc25492cd5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:d1:4f:d7:0a:6e:b0:fd:ed:87:fc:50:3f:b7:
                    25:0a:ec:04:40:25:df:aa:cc:12:65:42:c0:0a:44:
                    05:4f:ba:6c:8e:43:2a:f1:8b:5c:1c:2e:df:9b:8b:
                    d9:98:56:08:f6:a8:e8:09:78:99:c0:66:52:9d:49:
                    80:93:97:09:af:fe:a1:05:19:e5:c4:f8:cd:01:06:
                    2b:4b:8e:d3:c6:4a:f3:91:51:9f:d5:de:88:56:e0:
                    ca:2b:b9:8a:ed:99:dd:9f:c8:5f:5c:17:b0:63:ad:
                    59:11:5a:09:74:b4:f9:db:85:f3:fd:dd:1d:42:f2:
                    dd:cc:2c:28:78:7d:17:16:00:16:bc:31:07:4d:ea:
                    ba:c2:80:66:90:5c:89:dd:c1:9d:dc:39:c4:65:c6:
                    de:69:55:03:ad:8b:13:00:72:1b:da:b9:40:e6:b5:
                    33:6f:5c:98:a6:20:fb:23:06:f4:f8:b6:d2:3c:ba:
                    15:ce:8d:27:ba:38:79:aa:83:8e:ae:ed:ae:a7:9c:
                    ba:68:c5:1f:93:8b:9f:8e:2c:6b:37:c9:40:32:32:
                    8e:9a:d2:c3:e3:b5:d1:15:f5:05:68:b3:87:b6:fe:
                    48:24:28:d6:cc:b7:88:f7:b2:80:e0:b3:38:0c:3d:
                    58:36:99:27:6f:38:5b:d8:3f:06:80:0f:a5:e9:60:
                    ec:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:19:71:76:82:EA:36:23:E9:CB:82:09:B5:B7:CB:C2:54:92:CD:5D
            X509v3 Authority Key Identifier:
                keyid:39:CA:A0:BD:25:4D:1A:87:F4:BB:30:DB:3B:51:3F:DB:9A:F6:25:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OcqgvSVNGof0uzDbO1E_25r2JfY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/1f0955-4d62-433b-b18c-7c37e639bf0f/1/VxlxdoLqNiPpy4IJtbfLwlSSzV0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/1f0955-4d62-433b-b18c-7c37e639bf0f/1/OcqgvSVNGof0uzDbO1E_25r2JfY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4f:cb:d8:b1:96:6c:64:79:7c:fa:27:e2:81:26:de:86:12:be:
         71:d7:a0:23:9c:02:2f:8e:73:de:d8:22:e5:b5:dc:08:8c:49:
         1f:06:97:c8:f4:12:67:bc:c9:50:e4:7f:b1:9a:0f:9c:ff:a3:
         5e:ed:ad:02:16:bf:d3:06:51:6d:f7:68:aa:9f:20:a9:17:49:
         13:7c:e6:9c:25:42:d2:3b:7d:b1:82:eb:a6:81:22:af:54:61:
         5e:ce:de:1d:28:e8:c1:c4:f8:e0:6a:8a:65:79:58:a2:fd:1a:
         b7:86:4f:11:34:60:17:c4:48:b8:21:eb:cd:95:6f:39:0a:aa:
         77:66:51:d1:ac:53:d8:83:a9:cf:46:98:0b:15:35:57:b4:41:
         68:0d:ab:90:5b:16:45:86:52:65:13:d5:a5:ac:e0:d6:33:33:
         29:72:e8:1a:da:ea:08:fd:14:f8:ff:d9:ea:a0:28:4c:d3:41:
         38:56:c9:8a:3c:44:75:d9:c2:ba:32:12:54:fc:6a:6f:7e:48:
         4a:ce:d1:ea:fc:3d:45:bb:8f:27:c4:76:84:a5:d8:d3:17:81:
         d8:99:ee:82:ec:85:7b:39:c0:d9:24:1f:6a:91:5c:d8:62:d4:
         2e:cd:29:8a:ed:d9:67:51:22:ab:95:8a:af:88:b3:fd:25:05:
         a5:74:85:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvKHhXP+TPiZ+6Cdl8YVRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5Y2FhMGJkMjU0ZDFhODdmNGJiMzBkYjNiNTEzZmRiOWFm
NjI1ZjYwHhcNMjQwMTAyMTAzMzUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzE5NzE3NjgyZWEzNjIzZTljYjgyMDliNWI3Y2JjMjU0OTJjZDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9FP1wpusP3th/xQP7clCuwEQCXf
qswSZULACkQFT7psjkMq8YtcHC7fm4vZmFYI9qjoCXiZwGZSnUmAk5cJr/6hBRnl
xPjNAQYrS47TxkrzkVGf1d6IVuDKK7mK7Zndn8hfXBewY61ZEVoJdLT524Xz/d0d
QvLdzCwoeH0XFgAWvDEHTeq6woBmkFyJ3cGd3DnEZcbeaVUDrYsTAHIb2rlA5rUz
b1yYpiD7Iwb0+LbSPLoVzo0nujh5qoOOru2up5y6aMUfk4ufjixrN8lAMjKOmtLD
47XRFfUFaLOHtv5IJCjWzLeI97KA4LM4DD1YNpknbzhb2D8GgA+l6WDs+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFcZcXaC6jYj6cuCCbW3y8JUks1dMB8GA1UdIwQY
MBaAFDnKoL0lTRqH9Lsw2ztRP9ua9iX2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2NxZ3ZTVk5Hb2YwdXpEYk8xRV8yNXIySmZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8xZjA5NTUtNGQ2Mi00MzNiLWIxOGMt
N2MzN2U2MzliZjBmLzEvVnhseGRvTHFOaVBweTRJSnRiZkx3bFNTelYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8xZjA5NTUtNGQ2Mi00MzNiLWIxOGMtN2MzN2U2MzliZjBm
LzEvT2NxZ3ZTVk5Hb2YwdXpEYk8xRV8yNXIySmZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQksMA0G
CSqGSIb3DQEBCwUAA4IBAQBPy9ixlmxkeXz6J+KBJt6GEr5x16AjnAIvjnPe2CLl
tdwIjEkfBpfI9BJnvMlQ5H+xmg+c/6Ne7a0CFr/TBlFt92iqnyCpF0kTfOacJULS
O32xguumgSKvVGFezt4dKOjBxPjgaopleVii/Rq3hk8RNGAXxEi4IevNlW85Cqp3
ZlHRrFPYg6nPRpgLFTVXtEFoDauQWxZFhlJlE9WlrODWMzMpcuga2uoI/RT4/9nq
oChM00E4VsmKPER12cK6MhJU/GpvfkhKztHq/D1Fu48nxHaEpdjTF4HYme6C7IV7
OcDZJB9qkVzYYtQuzSmK7dlnUSKrlYqviLP9JQWldIUb
-----END CERTIFICATE-----