Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/c54e32-705a-4e7a-9513-b978bfc752ab/1/cLjFzl0kKfjU8JC6Suxb0r-YtGQ.roa
File:                     cLjFzl0kKfjU8JC6Suxb0r-YtGQ.roa (raw, json)
Hash identifier:          MJIvEP8a78+x8U40G3zP1JeiMTHXhanq1jUJZqLUacg=
Subject key identifier:   70:B8:C5:CE:5D:24:29:F8:D4:F0:90:BA:4A:EC:5B:D2:BF:98:B4:64
Certificate issuer:       /CN=843d8aa1269d1a3f3321335860c67c7e08677dc5
Certificate serial:       018CC4935350D257EE554528D27C46459185
Authority key identifier: 84:3D:8A:A1:26:9D:1A:3F:33:21:33:58:60:C6:7C:7E:08:67:7D:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hD2KoSadGj8zITNYYMZ8fghnfcU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/c54e32-705a-4e7a-9513-b978bfc752ab/1/cLjFzl0kKfjU8JC6Suxb0r-YtGQ.roa
Signing time:             Mon 01 Jan 2024 10:30:38 +0000
ROA not before:           Mon 01 Jan 2024 10:30:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207058
IP address blocks:        185.173.45.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/c54e32-705a-4e7a-9513-b978bfc752ab/1/hD2KoSadGj8zITNYYMZ8fghnfcU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/c54e32-705a-4e7a-9513-b978bfc752ab/1/hD2KoSadGj8zITNYYMZ8fghnfcU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hD2KoSadGj8zITNYYMZ8fghnfcU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 16 Jun 2024 05:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:53:50:d2:57:ee:55:45:28:d2:7c:46:45:91:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=843d8aa1269d1a3f3321335860c67c7e08677dc5
        Validity
            Not Before: Jan  1 10:30:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=70b8c5ce5d2429f8d4f090ba4aec5bd2bf98b464
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:67:11:16:2b:28:a4:e5:59:89:2f:b0:f2:d0:
                    78:f0:83:15:0e:c5:ad:6b:75:dd:e7:e0:27:00:2b:
                    fb:a7:0c:6f:3a:81:6c:8f:23:12:e0:13:49:10:be:
                    c0:66:0c:aa:4e:e7:51:62:37:dc:ac:ad:4e:fa:a1:
                    18:b8:34:c8:14:be:e7:6e:2a:d8:7f:8f:e0:5c:c5:
                    dc:64:6e:58:83:71:4e:94:33:99:62:6e:36:a0:98:
                    42:d3:bc:6a:60:00:10:77:7d:4c:e3:85:33:6b:2e:
                    f2:f4:78:a6:92:ab:34:c5:6d:82:fa:a3:1e:0d:43:
                    7d:f5:9f:19:08:4a:38:c9:d5:ae:68:e0:c1:3c:d1:
                    e0:5e:e4:1b:39:f0:0f:71:85:1a:e2:4b:a3:8d:93:
                    43:fa:d8:f2:ed:44:03:2e:84:71:f5:69:38:e4:4a:
                    4b:91:65:cc:62:9b:97:4f:5e:14:59:16:a5:a7:ea:
                    5b:30:88:1c:bc:42:f6:dd:b4:b7:e4:74:a0:d5:34:
                    88:80:a0:e1:de:03:c0:53:10:8e:0a:4c:5d:b7:38:
                    f6:57:ea:3c:da:31:7b:dc:6f:ce:0e:20:d0:e9:88:
                    03:55:07:df:d1:93:3b:f3:8a:f4:21:1b:d1:29:57:
                    cd:c0:05:17:07:fe:71:b5:2d:01:9e:48:08:39:45:
                    96:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:B8:C5:CE:5D:24:29:F8:D4:F0:90:BA:4A:EC:5B:D2:BF:98:B4:64
            X509v3 Authority Key Identifier:
                keyid:84:3D:8A:A1:26:9D:1A:3F:33:21:33:58:60:C6:7C:7E:08:67:7D:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hD2KoSadGj8zITNYYMZ8fghnfcU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/c54e32-705a-4e7a-9513-b978bfc752ab/1/cLjFzl0kKfjU8JC6Suxb0r-YtGQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/c54e32-705a-4e7a-9513-b978bfc752ab/1/hD2KoSadGj8zITNYYMZ8fghnfcU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.173.45.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cb:c5:23:89:2b:d3:6a:c5:0c:1d:f5:94:ff:0f:18:e2:bc:a2:
         26:94:23:98:b7:20:1f:18:e6:97:da:15:48:d5:cb:56:ea:c4:
         09:10:92:3a:40:41:0c:36:24:56:7a:69:38:2c:f2:30:3b:1b:
         75:6d:3b:bb:85:d2:62:ce:aa:5f:da:e6:f2:84:a8:00:fa:b4:
         b8:c6:e1:cd:00:41:25:1c:6c:cb:ee:1f:da:9c:5f:28:81:84:
         f9:94:1b:e1:f3:c0:b8:9a:2b:59:4a:08:eb:54:bf:3f:71:87:
         be:f6:b7:10:67:c0:bb:c4:1f:cc:8a:9a:46:05:e3:a8:6c:3e:
         23:2d:4a:86:cd:10:7d:02:12:50:7f:69:57:94:a5:19:60:7f:
         32:f7:ea:88:21:42:d2:4d:70:2d:1f:1b:fa:09:8d:85:37:8d:
         4a:3c:d0:70:58:22:b4:17:3f:36:29:a1:d1:02:da:39:cc:cb:
         27:21:cb:d8:32:53:6f:11:15:16:fb:f8:3d:3c:d9:ce:40:3a:
         ad:ed:05:ba:b5:1e:08:a8:06:9e:ee:0b:8b:c1:fb:e5:97:90:
         0d:5c:23:c5:55:08:8d:f4:2f:67:ff:cb:fd:0e:e6:46:22:5b:
         af:a1:b7:7d:6c:28:00:b9:52:bc:24:3a:4c:d3:6c:77:85:6b:
         75:06:ec:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk1NQ0lfuVUUo0nxGRZGFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0M2Q4YWExMjY5ZDFhM2YzMzIxMzM1ODYwYzY3YzdlMDg2
NzdkYzUwHhcNMjQwMTAxMTAzMDM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MGI4YzVjZTVkMjQyOWY4ZDRmMDkwYmE0YWVjNWJkMmJmOThiNDY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjWcRFisopOVZiS+w8tB48IMVDsWt
a3Xd5+AnACv7pwxvOoFsjyMS4BNJEL7AZgyqTudRYjfcrK1O+qEYuDTIFL7nbirY
f4/gXMXcZG5Yg3FOlDOZYm42oJhC07xqYAAQd31M44Uzay7y9Himkqs0xW2C+qMe
DUN99Z8ZCEo4ydWuaODBPNHgXuQbOfAPcYUa4kujjZND+tjy7UQDLoRx9Wk45EpL
kWXMYpuXT14UWRalp+pbMIgcvEL23bS35HSg1TSIgKDh3gPAUxCOCkxdtzj2V+o8
2jF73G/ODiDQ6YgDVQff0ZM784r0IRvRKVfNwAUXB/5xtS0BnkgIOUWW/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHC4xc5dJCn41PCQukrsW9K/mLRkMB8GA1UdIwQY
MBaAFIQ9iqEmnRo/MyEzWGDGfH4IZ33FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEQyS29TYWRHajh6SVROWVlNWjhmZ2huZmNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9jNTRlMzItNzA1YS00ZTdhLTk1MTMt
Yjk3OGJmYzc1MmFiLzEvY0xqRnpsMGtLZmpVOEpDNlN1eGIwci1ZdEdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9jNTRlMzItNzA1YS00ZTdhLTk1MTMtYjk3OGJmYzc1MmFi
LzEvaEQyS29TYWRHajh6SVROWVlNWjhmZ2huZmNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAua0tMA0G
CSqGSIb3DQEBCwUAA4IBAQDLxSOJK9NqxQwd9ZT/DxjivKImlCOYtyAfGOaX2hVI
1ctW6sQJEJI6QEEMNiRWemk4LPIwOxt1bTu7hdJizqpf2ubyhKgA+rS4xuHNAEEl
HGzL7h/anF8ogYT5lBvh88C4mitZSgjrVL8/cYe+9rcQZ8C7xB/MippGBeOobD4j
LUqGzRB9AhJQf2lXlKUZYH8y9+qIIULSTXAtHxv6CY2FN41KPNBwWCK0Fz82KaHR
Ato5zMsnIcvYMlNvERUW+/g9PNnOQDqt7QW6tR4IqAae7guLwfvll5ANXCPFVQiN
9C9n/8v9DuZGIluvobd9bCgAuVK8JDpM02x3hWt1BuzL
-----END CERTIFICATE-----