Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/e29a57-6b76-4a06-a116-f6f323fd96e0/1/T9mqf4p-MAS6rTXv1yueS2aBC6Q.roa
File:                     T9mqf4p-MAS6rTXv1yueS2aBC6Q.roa (raw, json)
Hash identifier:          eB78A3F4V1VgtCnLt1uB6MhyYEzZhMW5y0dMUkbiINk=
Subject key identifier:   4F:D9:AA:7F:8A:7E:30:04:BA:AD:35:EF:D7:2B:9E:4B:66:81:0B:A4
Certificate issuer:       /CN=d643aec22f819cf01f2c6363035d97f8e0e38233
Certificate serial:       018CC56E093D6F51A7FE75C0EF126B4F8B37
Authority key identifier: D6:43:AE:C2:2F:81:9C:F0:1F:2C:63:63:03:5D:97:F8:E0:E3:82:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1kOuwi-BnPAfLGNjA12X-ODjgjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/e29a57-6b76-4a06-a116-f6f323fd96e0/1/T9mqf4p-MAS6rTXv1yueS2aBC6Q.roa
Signing time:             Mon 01 Jan 2024 14:29:31 +0000
ROA not before:           Mon 01 Jan 2024 14:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56851
IP address blocks:        45.94.156.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/e29a57-6b76-4a06-a116-f6f323fd96e0/1/1kOuwi-BnPAfLGNjA12X-ODjgjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/e29a57-6b76-4a06-a116-f6f323fd96e0/1/1kOuwi-BnPAfLGNjA12X-ODjgjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1kOuwi-BnPAfLGNjA12X-ODjgjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 27 Apr 2024 02:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:09:3d:6f:51:a7:fe:75:c0:ef:12:6b:4f:8b:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d643aec22f819cf01f2c6363035d97f8e0e38233
        Validity
            Not Before: Jan  1 14:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4fd9aa7f8a7e3004baad35efd72b9e4b66810ba4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:67:02:d9:42:60:36:cf:39:86:89:87:40:f2:
                    ec:66:7d:13:96:6d:9e:dd:a6:13:f0:b5:8e:d3:90:
                    22:2a:06:a9:fb:ee:60:a3:69:aa:d8:53:54:18:e4:
                    78:3c:55:68:4d:32:d1:cc:e4:f2:03:81:1b:f9:14:
                    94:44:56:d1:95:ca:8d:7f:c9:da:52:a1:95:e4:e5:
                    de:2b:2f:06:34:54:0d:26:24:74:fa:08:f7:03:92:
                    94:76:50:b9:cd:d0:b7:ba:db:be:86:52:50:cb:d9:
                    61:95:21:e5:cd:b7:8c:37:47:f7:d3:7e:c8:13:fc:
                    3c:bf:27:c1:c6:ba:5e:a5:4a:ca:33:8b:b5:27:21:
                    e1:8c:2e:6d:84:de:64:fb:fa:74:6a:d8:5f:0d:e6:
                    b8:2e:3b:0b:a0:fd:2d:78:73:3d:c1:b1:f3:0c:72:
                    13:c0:55:bc:f3:c7:c8:12:1c:e9:6c:4f:42:ff:47:
                    68:e6:c9:01:22:3d:eb:87:1b:0f:b8:be:0a:8a:d6:
                    d7:f2:89:1c:d6:16:fc:dc:7a:94:a2:43:e7:7c:ae:
                    56:c5:b3:80:fa:93:7f:3c:93:fe:2e:eb:62:32:81:
                    a6:75:38:14:15:a4:84:02:14:3b:9d:20:33:7a:84:
                    5e:b1:36:ae:60:59:07:c2:d5:03:73:8f:da:f0:2c:
                    b7:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:D9:AA:7F:8A:7E:30:04:BA:AD:35:EF:D7:2B:9E:4B:66:81:0B:A4
            X509v3 Authority Key Identifier:
                keyid:D6:43:AE:C2:2F:81:9C:F0:1F:2C:63:63:03:5D:97:F8:E0:E3:82:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1kOuwi-BnPAfLGNjA12X-ODjgjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e29a57-6b76-4a06-a116-f6f323fd96e0/1/T9mqf4p-MAS6rTXv1yueS2aBC6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/e29a57-6b76-4a06-a116-f6f323fd96e0/1/1kOuwi-BnPAfLGNjA12X-ODjgjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         71:f1:67:ca:a1:8c:cc:4d:e7:44:9a:23:cd:e1:37:0d:54:fe:
         21:bf:ea:b0:4b:18:96:1e:96:91:54:9b:6e:98:50:8c:d6:2d:
         8d:32:b2:b5:a5:95:77:dd:a5:b3:1e:a9:74:8f:7d:f9:30:d3:
         3f:6b:45:fa:15:eb:7d:30:46:7c:1a:b1:33:84:49:0b:95:34:
         44:2d:15:0b:ac:00:3a:5d:87:07:22:12:f4:91:97:c7:5b:e2:
         e4:92:fb:c8:a8:c3:90:4f:af:21:e9:02:03:02:22:64:14:57:
         7e:7b:bb:0b:88:f4:ca:c8:1c:6b:f5:aa:ee:df:8f:6c:9f:a2:
         8d:c5:a0:10:0f:4c:9c:a0:84:07:41:53:20:f0:e7:59:b8:d4:
         be:7d:b0:84:2f:91:4f:d0:ad:91:de:cb:cd:d7:31:46:7c:e4:
         70:08:9a:75:dc:2e:42:46:1e:aa:27:b7:cc:d7:21:82:23:56:
         02:16:00:15:46:de:ef:a3:8f:a6:b8:8e:b7:d7:01:43:e5:15:
         06:8b:62:f1:88:30:c2:ea:e9:88:d0:ac:d9:4f:b8:61:88:c0:
         0a:94:2a:b5:38:3c:f8:b2:81:2e:28:95:a7:38:07:23:37:89:
         da:e0:2d:a1:5a:be:72:17:10:b2:6c:96:32:75:f6:61:ee:6b:
         67:fc:e9:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbgk9b1Gn/nXA7xJrT4s3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2NDNhZWMyMmY4MTljZjAxZjJjNjM2MzAzNWQ5N2Y4ZTBl
MzgyMzMwHhcNMjQwMTAxMTQyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZmQ5YWE3ZjhhN2UzMDA0YmFhZDM1ZWZkNzJiOWU0YjY2ODEwYmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnWcC2UJgNs85homHQPLsZn0Tlm2e
3aYT8LWO05AiKgap++5go2mq2FNUGOR4PFVoTTLRzOTyA4Eb+RSURFbRlcqNf8na
UqGV5OXeKy8GNFQNJiR0+gj3A5KUdlC5zdC3utu+hlJQy9lhlSHlzbeMN0f3037I
E/w8vyfBxrpepUrKM4u1JyHhjC5thN5k+/p0athfDea4LjsLoP0teHM9wbHzDHIT
wFW888fIEhzpbE9C/0do5skBIj3rhxsPuL4KitbX8okc1hb83HqUokPnfK5WxbOA
+pN/PJP+LutiMoGmdTgUFaSEAhQ7nSAzeoResTauYFkHwtUDc4/a8Cy3pQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE/Zqn+KfjAEuq0179crnktmgQukMB8GA1UdIwQY
MBaAFNZDrsIvgZzwHyxjYwNdl/jg44IzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMWtPdXdpLUJuUEFmTEdOakExMlgtT0RqZ2pNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS9lMjlhNTctNmI3Ni00YTA2LWExMTYt
ZjZmMzIzZmQ5NmUwLzEvVDltcWY0cC1NQVM2clRYdjF5dWVTMmFCQzZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS9lMjlhNTctNmI3Ni00YTA2LWExMTYtZjZmMzIzZmQ5NmUw
LzEvMWtPdXdpLUJuUEFmTEdOakExMlgtT0RqZ2pNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLV6cMA0G
CSqGSIb3DQEBCwUAA4IBAQBx8WfKoYzMTedEmiPN4TcNVP4hv+qwSxiWHpaRVJtu
mFCM1i2NMrK1pZV33aWzHql0j335MNM/a0X6Fet9MEZ8GrEzhEkLlTRELRULrAA6
XYcHIhL0kZfHW+LkkvvIqMOQT68h6QIDAiJkFFd+e7sLiPTKyBxr9aru349sn6KN
xaAQD0ycoIQHQVMg8OdZuNS+fbCEL5FP0K2R3svN1zFGfORwCJp13C5CRh6qJ7fM
1yGCI1YCFgAVRt7vo4+muI631wFD5RUGi2LxiDDC6umI0KzZT7hhiMAKlCq1ODz4
soEuKJWnOAcjN4na4C2hWr5yFxCybJYydfZh7mtn/Onk
-----END CERTIFICATE-----