Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/51Zk2pdO8B4GP2wKGqMXI0WjWgI.roa
File:                     51Zk2pdO8B4GP2wKGqMXI0WjWgI.roa (raw, json)
Hash identifier:          nlnxwtP1r2d+b2T5j3PbTLMrcmeAuX7WNOsRRV1aijg=
Subject key identifier:   E7:56:64:DA:97:4E:F0:1E:06:3F:6C:0A:1A:A3:17:23:45:A3:5A:02
Certificate issuer:       /CN=55fad96dd05af8c2d26192c841131f2f97459fed
Certificate serial:       018CC42484CFE767196302968BE24A28A835
Authority key identifier: 55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/51Zk2pdO8B4GP2wKGqMXI0WjWgI.roa
Signing time:             Mon 01 Jan 2024 08:29:36 +0000
ROA not before:           Mon 01 Jan 2024 08:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59514
IP address blocks:        45.10.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 21:43:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:84:cf:e7:67:19:63:02:96:8b:e2:4a:28:a8:35
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=55fad96dd05af8c2d26192c841131f2f97459fed
        Validity
            Not Before: Jan  1 08:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e75664da974ef01e063f6c0a1aa3172345a35a02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:7f:79:ab:a9:2e:60:a2:cb:7b:c7:9f:55:7e:
                    94:4d:e6:72:30:69:d0:ef:67:fa:d0:df:a4:68:e2:
                    2b:06:86:72:a3:8b:00:53:7b:e9:15:7b:f3:99:30:
                    7c:e8:f8:1c:0e:9f:10:78:49:4d:96:74:25:3e:de:
                    7e:88:90:b9:be:9e:40:9a:cd:a2:4b:ce:ed:79:23:
                    d1:64:72:b5:bd:eb:dd:8f:d9:ba:2a:63:15:d9:6e:
                    db:57:49:94:ea:0b:3a:18:ac:e2:06:51:0f:30:0a:
                    a9:46:9c:1f:48:73:93:85:8e:18:03:a6:c3:7f:bd:
                    37:ff:4a:e8:66:3f:05:66:87:17:67:22:37:21:47:
                    77:b5:fa:99:69:63:71:f5:4a:2b:d7:b5:16:ac:dd:
                    f6:96:08:b2:95:a3:27:d2:59:06:f1:af:f9:f0:7d:
                    06:b6:09:4d:f3:64:a1:1e:5c:69:d1:3c:5e:a2:ae:
                    7b:d3:f3:95:f5:c1:86:05:78:9e:fe:01:4d:90:55:
                    7b:f9:d9:49:06:ff:ba:bd:ee:ec:64:9f:a5:cc:2e:
                    9b:81:13:b3:0b:f8:c3:af:82:e4:fd:94:bb:26:b9:
                    4f:39:b8:72:32:0e:f6:7c:a4:18:e3:6e:90:7e:1e:
                    1f:c2:78:d0:fb:80:97:14:2d:37:68:de:f0:72:62:
                    26:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:56:64:DA:97:4E:F0:1E:06:3F:6C:0A:1A:A3:17:23:45:A3:5A:02
            X509v3 Authority Key Identifier:
                keyid:55:FA:D9:6D:D0:5A:F8:C2:D2:61:92:C8:41:13:1F:2F:97:45:9F:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VfrZbdBa-MLSYZLIQRMfL5dFn-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/51Zk2pdO8B4GP2wKGqMXI0WjWgI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/30e582-4448-4952-94a0-30ff2c83f001/1/VfrZbdBa-MLSYZLIQRMfL5dFn-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:b6:1e:68:bb:9c:e9:2c:8c:99:f0:d7:80:4c:95:e3:00:40:
         be:6d:66:f1:fb:5b:af:13:2c:d4:12:ab:66:32:f5:89:69:c5:
         11:a6:2f:79:e0:f3:1e:ed:a4:cd:25:dc:70:fd:5a:08:b9:03:
         90:87:02:95:80:ea:ed:2d:a9:12:11:ee:1b:3a:73:ce:7d:92:
         5a:7e:4e:0f:05:5b:54:1f:47:a9:5f:d5:68:09:c8:1d:e7:57:
         4d:65:44:fb:95:70:fb:ab:25:91:88:16:13:c1:ee:e1:28:93:
         a1:36:a3:18:f4:ec:b4:4d:ac:5c:94:f5:c6:e2:39:cc:8b:9b:
         32:15:72:b3:fb:fb:33:ee:25:c4:94:ba:c3:2a:4e:b2:52:37:
         ba:e2:2d:e6:34:c1:4f:bb:4f:90:6c:cc:86:8f:27:96:f5:f8:
         95:04:4d:3a:f9:1d:5b:b5:90:6e:69:eb:a4:02:0e:6e:a4:17:
         62:a6:44:6f:54:b7:14:2b:80:48:d9:c0:76:11:eb:ab:bd:66:
         a8:df:7c:7f:96:00:d5:b1:71:ae:ac:c0:70:0d:af:00:06:c4:
         ef:25:d1:c5:59:b3:d7:68:5a:01:c2:2a:5e:46:7c:79:44:74:
         5e:cd:c3:ca:64:5d:3f:0a:63:c3:cb:0c:57:01:a0:32:89:d3:
         b0:18:0c:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJITP52cZYwKWi+JKKKg1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU1ZmFkOTZkZDA1YWY4YzJkMjYxOTJjODQxMTMxZjJmOTc0
NTlmZWQwHhcNMjQwMTAxMDgyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzU2NjRkYTk3NGVmMDFlMDYzZjZjMGExYWEzMTcyMzQ1YTM1YTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAon95q6kuYKLLe8efVX6UTeZyMGnQ
72f60N+kaOIrBoZyo4sAU3vpFXvzmTB86PgcDp8QeElNlnQlPt5+iJC5vp5Ams2i
S87teSPRZHK1vevdj9m6KmMV2W7bV0mU6gs6GKziBlEPMAqpRpwfSHOThY4YA6bD
f703/0roZj8FZocXZyI3IUd3tfqZaWNx9Uor17UWrN32lgiylaMn0lkG8a/58H0G
tglN82ShHlxp0Txeoq570/OV9cGGBXie/gFNkFV7+dlJBv+6ve7sZJ+lzC6bgROz
C/jDr4Lk/ZS7JrlPObhyMg72fKQY426Qfh4fwnjQ+4CXFC03aN7wcmImOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOdWZNqXTvAeBj9sChqjFyNFo1oCMB8GA1UdIwQY
MBaAFFX62W3QWvjC0mGSyEETHy+XRZ/tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAt
MzBmZjJjODNmMDAxLzEvNTFaazJwZE84QjRHUDJ3S0dxTVhJMFdqV2dJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8zMGU1ODItNDQ0OC00OTUyLTk0YTAtMzBmZjJjODNmMDAx
LzEvVmZyWmJkQmEtTUxTWVpMSVFSTWZMNWRGbi0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQpYMA0G
CSqGSIb3DQEBCwUAA4IBAQAYth5ou5zpLIyZ8NeATJXjAEC+bWbx+1uvEyzUEqtm
MvWJacURpi954PMe7aTNJdxw/VoIuQOQhwKVgOrtLakSEe4bOnPOfZJafk4PBVtU
H0epX9VoCcgd51dNZUT7lXD7qyWRiBYTwe7hKJOhNqMY9Oy0TaxclPXG4jnMi5sy
FXKz+/sz7iXElLrDKk6yUje64i3mNMFPu0+QbMyGjyeW9fiVBE06+R1btZBuaeuk
Ag5upBdipkRvVLcUK4BI2cB2EeurvWao33x/lgDVsXGurMBwDa8ABsTvJdHFWbPX
aFoBwipeRnx5RHRezcPKZF0/CmPDywxXAaAyidOwGAyN
-----END CERTIFICATE-----