Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/fhjBzpCcwbNNm6h5eURZnuCnsLI.roa
File:                     fhjBzpCcwbNNm6h5eURZnuCnsLI.roa (raw, json)
Hash identifier:          KxA7QWKe/xYXN7rNW9iZVoDB9eQ6O6IbjvKzDzKyRqI=
Subject key identifier:   7E:18:C1:CE:90:9C:C1:B3:4D:9B:A8:79:79:44:59:9E:E0:A7:B0:B2
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       0191D6F558CA43BDEEC6578F00B675103AD0
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/fhjBzpCcwbNNm6h5eURZnuCnsLI.roa
Signing time:             Mon 09 Sep 2024 13:24:48 +0000
ROA not before:           Mon 09 Sep 2024 13:24:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212017
IP address blocks:        45.130.16.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 01:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:d6:f5:58:ca:43:bd:ee:c6:57:8f:00:b6:75:10:3a:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Sep  9 13:24:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e18c1ce909cc1b34d9ba8797944599ee0a7b0b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:64:6a:c3:2f:53:6a:73:4e:ca:f3:be:f8:22:
                    9c:b6:f5:d7:91:2c:2a:aa:bd:30:6c:8c:cd:d8:e5:
                    96:67:6d:eb:52:c0:15:39:8a:1c:36:bd:fd:73:a4:
                    a1:5b:93:28:1f:ad:83:c6:fa:bc:53:c0:4c:38:d7:
                    8a:fa:59:47:e7:3e:26:3e:17:e9:7e:8b:ed:91:8c:
                    50:da:65:58:7f:96:06:e1:7c:f6:76:a7:07:b3:18:
                    73:2f:00:a1:f2:d6:a3:ff:ee:37:64:37:e5:21:92:
                    ba:16:1f:63:71:b7:f5:25:0c:1f:13:3e:11:ba:79:
                    f3:cb:78:5f:27:b8:7c:20:4d:d2:42:d0:19:29:7b:
                    f9:04:12:02:80:a4:87:0c:b2:5e:ef:d2:e3:06:13:
                    5a:12:b3:67:50:ce:fc:e9:9c:a5:69:bf:27:eb:e7:
                    66:7a:da:36:d6:a6:ae:eb:ed:dc:2b:54:9f:26:50:
                    bd:6a:c1:89:15:c3:fd:94:94:7b:91:9b:84:0f:05:
                    bb:6e:2f:5f:b8:21:a3:69:1a:9d:8a:bf:48:e9:62:
                    13:61:05:07:e1:2d:51:fc:d5:0e:e4:79:07:70:ec:
                    26:b3:aa:8b:e9:61:63:fc:3e:8a:1d:81:af:45:d7:
                    04:b7:48:6d:b2:5c:d0:38:91:bf:19:84:9a:63:61:
                    b4:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:18:C1:CE:90:9C:C1:B3:4D:9B:A8:79:79:44:59:9E:E0:A7:B0:B2
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/fhjBzpCcwbNNm6h5eURZnuCnsLI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.130.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         05:58:e4:aa:ba:90:98:01:7a:41:5c:2e:bc:7f:a1:51:1c:8e:
         03:c2:f5:95:c2:16:0f:1b:bc:33:3c:cc:18:54:ec:38:a1:18:
         81:ce:20:21:24:36:da:f1:36:01:b0:cd:eb:a0:35:ff:f5:be:
         29:fb:b3:25:75:c4:24:33:0c:ab:10:fa:c1:9f:e8:bb:0c:18:
         ae:69:36:f9:41:09:06:f2:83:e1:85:0a:f6:8f:a8:aa:b7:90:
         33:5f:43:e0:ea:29:96:69:16:b4:46:71:46:5e:fa:53:ac:fd:
         93:67:02:79:ab:f2:20:a3:e5:4e:0a:0b:a4:30:e9:5c:dc:22:
         fc:d4:71:86:51:41:bd:e5:1d:9a:d9:3d:9e:cd:09:f7:89:67:
         b4:a6:e0:9f:f3:a0:41:35:81:50:59:17:9b:56:f3:5c:83:5a:
         d9:b0:8f:55:9b:96:66:15:1a:cb:6a:36:e8:15:38:0b:eb:ec:
         e1:e9:f1:4c:68:df:c9:94:3c:f8:28:f3:50:9f:8a:e6:31:70:
         54:e7:ac:9d:7e:61:55:f0:c3:49:a3:80:be:8b:93:9b:e0:05:
         78:ff:19:47:50:e5:4d:7e:28:18:4a:42:08:06:05:54:ee:f6:
         0e:cc:1a:2f:8f:9e:66:00:b7:da:34:f7:c0:03:70:36:54:06:
         84:99:30:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZHW9VjKQ73uxlePALZ1EDrQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjQwOTA5MTMyNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTE4YzFjZTkwOWNjMWIzNGQ5YmE4Nzk3OTQ0NTk5ZWUwYTdiMGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6GRqwy9TanNOyvO++CKctvXXkSwq
qr0wbIzN2OWWZ23rUsAVOYocNr39c6ShW5MoH62Dxvq8U8BMONeK+llH5z4mPhfp
fovtkYxQ2mVYf5YG4Xz2dqcHsxhzLwCh8taj/+43ZDflIZK6Fh9jcbf1JQwfEz4R
unnzy3hfJ7h8IE3SQtAZKXv5BBICgKSHDLJe79LjBhNaErNnUM786Zylab8n6+dm
eto21qau6+3cK1SfJlC9asGJFcP9lJR7kZuEDwW7bi9fuCGjaRqdir9I6WITYQUH
4S1R/NUO5HkHcOwms6qL6WFj/D6KHYGvRdcEt0htslzQOJG/GYSaY2G0BwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH4Ywc6QnMGzTZuoeXlEWZ7gp7CyMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvZmhqQnpwQ2N3Yk5ObTZoNWVVUlpudUNuc0xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLYIQMA0G
CSqGSIb3DQEBCwUAA4IBAQAFWOSqupCYAXpBXC68f6FRHI4DwvWVwhYPG7wzPMwY
VOw4oRiBziAhJDba8TYBsM3roDX/9b4p+7MldcQkMwyrEPrBn+i7DBiuaTb5QQkG
8oPhhQr2j6iqt5AzX0Pg6imWaRa0RnFGXvpTrP2TZwJ5q/Igo+VOCgukMOlc3CL8
1HGGUUG95R2a2T2ezQn3iWe0puCf86BBNYFQWRebVvNcg1rZsI9Vm5ZmFRrLajbo
FTgL6+zh6fFMaN/JlDz4KPNQn4rmMXBU56ydfmFV8MNJo4C+i5Ob4AV4/xlHUOVN
figYSkIIBgVU7vYOzBovj55mALfaNPfAA3A2VAaEmTAa
-----END CERTIFICATE-----