Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/o4l4xoSgTMrdqOrrn4OL-fgp07I.roa
File:                     o4l4xoSgTMrdqOrrn4OL-fgp07I.roa (raw, json)
Hash identifier:          qntxlJ86xtlpRX6iKzs7fTmJI3BOJy2wSctGlhp6FT0=
Subject key identifier:   A3:89:78:C6:84:A0:4C:CA:DD:A8:EA:EB:9F:83:8B:F9:F8:29:D3:B2
Certificate issuer:       /CN=75ea894ee05775e0ef061d086ca252147f5c91de
Certificate serial:       0190A74BB359DD4ACC42346DAFEA887D5518
Authority key identifier: 75:EA:89:4E:E0:57:75:E0:EF:06:1D:08:6C:A2:52:14:7F:5C:91:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/deqJTuBXdeDvBh0IbKJSFH9ckd4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/o4l4xoSgTMrdqOrrn4OL-fgp07I.roa
Signing time:             Fri 12 Jul 2024 14:14:34 +0000
ROA not before:           Fri 12 Jul 2024 14:14:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57795
IP address blocks:        45.154.45.0/24 maxlen: 24
                          45.154.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/deqJTuBXdeDvBh0IbKJSFH9ckd4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/deqJTuBXdeDvBh0IbKJSFH9ckd4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/deqJTuBXdeDvBh0IbKJSFH9ckd4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:a7:4b:b3:59:dd:4a:cc:42:34:6d:af:ea:88:7d:55:18
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=75ea894ee05775e0ef061d086ca252147f5c91de
        Validity
            Not Before: Jul 12 14:14:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a38978c684a04ccadda8eaeb9f838bf9f829d3b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a7:f8:df:77:5b:8c:25:94:9d:0d:be:20:b4:
                    a1:11:02:75:86:0e:77:b5:18:4c:6f:8c:e1:08:27:
                    ef:3d:f9:83:8d:6d:9d:4b:cf:c2:b7:3c:ea:fe:e1:
                    3e:9c:0b:24:6f:8e:8f:a9:5e:d7:6e:94:d9:b3:11:
                    6e:9a:d7:25:7a:02:98:55:51:0a:a9:df:47:f5:d5:
                    b0:50:eb:a4:89:22:95:41:56:37:b1:1a:23:7d:1d:
                    11:0f:20:81:b6:3b:bb:d0:8b:d1:87:71:96:8f:e4:
                    be:1b:0e:d7:70:22:bc:3b:fc:68:9d:cb:bc:fe:f2:
                    8a:f3:53:65:17:c8:59:2e:29:7d:5e:47:97:32:34:
                    0a:93:55:c1:23:f8:8c:26:f3:f4:41:0d:9a:c9:7e:
                    cc:e0:ed:5e:22:37:ca:3a:90:99:ae:38:17:33:4e:
                    4e:02:ee:e8:ab:f3:1a:af:b5:81:fa:95:09:de:97:
                    e1:64:fa:45:89:a9:10:ca:66:16:4e:6b:71:f6:03:
                    e1:bc:2f:18:a7:97:60:1d:1f:0f:35:cb:98:79:81:
                    e0:5d:15:6f:7e:12:3e:bb:8a:65:06:ed:40:1b:3b:
                    25:d9:56:2b:00:9a:f1:fb:b7:ed:08:4f:a0:40:87:
                    df:a0:e0:82:a3:6f:8f:6c:d5:1b:67:bb:c6:08:b9:
                    2a:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:89:78:C6:84:A0:4C:CA:DD:A8:EA:EB:9F:83:8B:F9:F8:29:D3:B2
            X509v3 Authority Key Identifier:
                keyid:75:EA:89:4E:E0:57:75:E0:EF:06:1D:08:6C:A2:52:14:7F:5C:91:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/deqJTuBXdeDvBh0IbKJSFH9ckd4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/o4l4xoSgTMrdqOrrn4OL-fgp07I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/1cdce2-a3f8-44b6-b5e1-b7f2984eb653/1/deqJTuBXdeDvBh0IbKJSFH9ckd4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.45.0-45.154.46.255

    Signature Algorithm: sha256WithRSAEncryption
         00:82:28:d8:46:1a:5d:56:e2:77:23:fc:37:75:86:f7:72:0b:
         34:b0:f9:33:d7:d3:e3:e9:26:74:11:b1:5a:2f:80:68:f5:f1:
         6a:fc:b8:b2:63:0e:81:cf:3c:3f:e8:3c:e0:a4:2b:36:7a:84:
         bd:df:fb:95:a2:f9:27:78:de:93:15:54:ad:74:27:86:8d:7f:
         fd:7c:72:80:55:e6:69:da:58:a1:a6:db:92:d2:d9:d8:f2:9b:
         a6:31:40:2d:cc:bc:b2:b3:f8:97:27:cb:f3:c6:74:01:29:3c:
         c3:f9:b7:da:a9:a7:26:f1:99:fc:54:3a:5a:e7:16:69:aa:bc:
         85:b0:ed:6d:79:bf:34:31:35:c8:ac:a0:0f:52:0c:63:6f:33:
         eb:5a:1d:b2:5a:65:80:29:96:c5:74:c7:fc:5d:cf:71:09:0d:
         fc:e8:0c:17:35:96:9b:42:76:2b:09:f3:b0:78:3e:3b:e7:2a:
         3e:74:f6:b4:18:c7:76:e7:d0:c3:2e:0f:61:a4:b7:0c:db:67:
         be:4a:02:e8:6a:ed:f4:66:47:da:1a:bb:31:92:d9:e2:48:4e:
         93:6d:df:a8:f5:39:ac:9c:15:66:27:1d:04:a6:20:d6:93:d6:
         15:32:91:f6:94:74:bb:a6:5e:95:92:00:cc:8d:83:af:f7:46:
         d6:73:35:4b
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZCnS7NZ3UrMQjRtr+qIfVUYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc1ZWE4OTRlZTA1Nzc1ZTBlZjA2MWQwODZjYTI1MjE0N2Y1
YzkxZGUwHhcNMjQwNzEyMTQxNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzg5NzhjNjg0YTA0Y2NhZGRhOGVhZWI5ZjgzOGJmOWY4MjlkM2IyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwKf433dbjCWUnQ2+ILShEQJ1hg53
tRhMb4zhCCfvPfmDjW2dS8/Ctzzq/uE+nAskb46PqV7XbpTZsxFumtclegKYVVEK
qd9H9dWwUOukiSKVQVY3sRojfR0RDyCBtju70IvRh3GWj+S+Gw7XcCK8O/xoncu8
/vKK81NlF8hZLil9XkeXMjQKk1XBI/iMJvP0QQ2ayX7M4O1eIjfKOpCZrjgXM05O
Au7oq/Mar7WB+pUJ3pfhZPpFiakQymYWTmtx9gPhvC8Yp5dgHR8PNcuYeYHgXRVv
fhI+u4plBu1AGzsl2VYrAJrx+7ftCE+gQIffoOCCo2+PbNUbZ7vGCLkq/wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFKOJeMaEoEzK3ajq65+Di/n4KdOyMB8GA1UdIwQY
MBaAFHXqiU7gV3Xg7wYdCGyiUhR/XJHeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGVxSlR1QlhkZUR2QmgwSWJLSlNGSDlja2Q0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8xY2RjZTItYTNmOC00NGI2LWI1ZTEt
YjdmMjk4NGViNjUzLzEvbzRsNHhvU2dUTXJkcU9ycm40T0wtZmdwMDdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8xY2RjZTItYTNmOC00NGI2LWI1ZTEtYjdmMjk4NGViNjUz
LzEvZGVxSlR1QlhkZUR2QmgwSWJLSlNGSDlja2Q0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtmi0D
BAAtmi4wDQYJKoZIhvcNAQELBQADggEBAACCKNhGGl1W4ncj/Dd1hvdyCzSw+TPX
0+PpJnQRsVovgGj18Wr8uLJjDoHPPD/oPOCkKzZ6hL3f+5Wi+Sd43pMVVK10J4aN
f/18coBV5mnaWKGm25LS2djym6YxQC3MvLKz+Jcny/PGdAEpPMP5t9qppybxmfxU
OlrnFmmqvIWw7W15vzQxNcisoA9SDGNvM+taHbJaZYAplsV0x/xdz3EJDfzoDBc1
lptCdisJ87B4PjvnKj509rQYx3bn0MMuD2GktwzbZ75KAuhq7fRmR9oauzGS2eJI
TpNt36j1OaycFWYnHQSmINaT1hUykfaUdLumXpWSAMyNg6/3RtZzNUs=
-----END CERTIFICATE-----