Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/IVNpOV2zpNXGyApZTGLm0-x0ZK0.roa
File:                     IVNpOV2zpNXGyApZTGLm0-x0ZK0.roa (raw, json)
Hash identifier:          R+tkOC1o90D0Eq6CotxrT01eTJhH09NIyECKbpnAL4o=
Subject key identifier:   21:53:69:39:5D:B3:A4:D5:C6:C8:0A:59:4C:62:E6:D3:EC:74:64:AD
Certificate issuer:       /CN=57130f799f8a8985502a2ea3356037674085cfca
Certificate serial:       018CC4923D1C604BE4D01CCC883D5CDFD181
Authority key identifier: 57:13:0F:79:9F:8A:89:85:50:2A:2E:A3:35:60:37:67:40:85:CF:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/IVNpOV2zpNXGyApZTGLm0-x0ZK0.roa
Signing time:             Mon 01 Jan 2024 10:29:27 +0000
ROA not before:           Mon 01 Jan 2024 10:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199925
IP address blocks:        45.149.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 02 Jul 2024 04:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:3d:1c:60:4b:e4:d0:1c:cc:88:3d:5c:df:d1:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57130f799f8a8985502a2ea3356037674085cfca
        Validity
            Not Before: Jan  1 10:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=215369395db3a4d5c6c80a594c62e6d3ec7464ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:79:4a:1d:c2:bc:de:40:2a:1f:a4:e6:36:b3:
                    d1:a3:9b:cf:fa:5c:7d:29:a0:97:0d:91:3c:9f:4a:
                    3f:11:3a:8e:2d:c1:5f:b5:69:07:96:f3:4b:f3:2b:
                    e2:c9:f8:76:f1:f0:eb:85:57:f9:98:82:32:d7:5d:
                    c1:59:ba:ac:b2:0e:43:9b:c0:2a:68:d1:4f:1d:b0:
                    b5:b7:d3:fa:1c:9c:ee:1b:f2:de:de:ef:f5:a2:4e:
                    9e:91:88:ba:d5:75:98:07:33:34:46:c2:a0:89:e5:
                    d5:e4:9d:83:99:f4:b1:4e:f5:ae:8f:2b:b1:a4:08:
                    19:be:6a:1c:88:7c:f8:bd:1f:a4:e5:3f:61:4d:b5:
                    d3:55:53:09:0c:79:1c:d0:25:93:c6:22:31:29:86:
                    d4:96:f0:dc:19:40:93:56:62:6d:cd:19:23:6a:a9:
                    17:03:03:bb:a8:31:1f:90:d2:2b:ce:30:fb:43:fb:
                    c4:94:81:35:ed:c3:6e:6f:7c:af:d8:e6:11:bd:84:
                    ed:cf:7b:db:fc:3f:02:34:69:31:61:2a:08:1c:a1:
                    29:69:f4:bf:ef:1b:62:4d:bc:23:d5:10:83:2b:fd:
                    6c:13:81:29:6e:f1:35:5b:e1:4f:c9:01:fe:ad:b1:
                    f2:ee:99:6f:5b:32:eb:18:b0:03:0c:ac:5b:e0:8a:
                    56:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:53:69:39:5D:B3:A4:D5:C6:C8:0A:59:4C:62:E6:D3:EC:74:64:AD
            X509v3 Authority Key Identifier:
                keyid:57:13:0F:79:9F:8A:89:85:50:2A:2E:A3:35:60:37:67:40:85:CF:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/IVNpOV2zpNXGyApZTGLm0-x0ZK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/5181de-44cd-4654-96fc-d3b90a9b9b41/1/VxMPeZ-KiYVQKi6jNWA3Z0CFz8o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:1b:d1:45:74:50:58:33:be:24:29:84:dd:32:f0:b1:0e:5d:
         3c:52:d1:53:9b:9e:22:b3:48:bb:d0:48:32:7b:2f:86:18:93:
         40:59:c4:f0:b7:97:4f:c1:27:10:1a:0d:75:79:9a:c6:4c:6f:
         a1:7f:d3:13:54:a3:dc:3f:6d:61:60:42:67:32:fd:79:ec:d6:
         8d:41:4c:9b:25:07:e2:31:46:07:96:e5:0a:b2:fc:90:4a:c1:
         b8:8b:43:48:70:07:a9:6e:8c:6e:e6:99:ce:52:56:2a:6d:5f:
         36:6d:97:11:56:8f:c1:af:24:f2:06:de:b5:3e:8e:13:99:ba:
         2d:21:0a:87:a2:f0:52:4e:dc:da:0e:14:e8:fe:ce:b2:b7:e0:
         1e:e5:be:7f:eb:10:79:0b:d9:d0:0e:0b:2c:21:44:57:f6:ec:
         f3:7f:34:0a:d3:02:06:38:79:fd:e0:4c:90:33:b3:63:0e:8b:
         36:0c:93:59:fb:a4:7f:c0:b0:7c:7c:1a:d5:75:66:b1:dc:a8:
         d6:35:5e:ae:3d:ff:cd:3a:26:ff:89:b1:06:99:7c:bc:60:ef:
         5b:3d:71:86:2c:2e:78:05:dd:9c:fb:96:d4:02:bb:f8:5d:ef:
         9f:61:af:c9:a2:c3:25:2f:7e:ba:43:0c:ca:5a:4a:81:be:0c:
         e3:3c:5c:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkj0cYEvk0BzMiD1c39GBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MTMwZjc5OWY4YTg5ODU1MDJhMmVhMzM1NjAzNzY3NDA4
NWNmY2EwHhcNMjQwMTAxMTAyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTUzNjkzOTVkYjNhNGQ1YzZjODBhNTk0YzYyZTZkM2VjNzQ2NGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg3lKHcK83kAqH6TmNrPRo5vP+lx9
KaCXDZE8n0o/ETqOLcFftWkHlvNL8yviyfh28fDrhVf5mIIy113BWbqssg5Dm8Aq
aNFPHbC1t9P6HJzuG/Le3u/1ok6ekYi61XWYBzM0RsKgieXV5J2DmfSxTvWujyux
pAgZvmociHz4vR+k5T9hTbXTVVMJDHkc0CWTxiIxKYbUlvDcGUCTVmJtzRkjaqkX
AwO7qDEfkNIrzjD7Q/vElIE17cNub3yv2OYRvYTtz3vb/D8CNGkxYSoIHKEpafS/
7xtiTbwj1RCDK/1sE4EpbvE1W+FPyQH+rbHy7plvWzLrGLADDKxb4IpW2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFTaTlds6TVxsgKWUxi5tPsdGStMB8GA1UdIwQY
MBaAFFcTD3mfiomFUCouozVgN2dAhc/KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnhNUGVaLUtpWVZRS2k2ak5XQTNaMENGejhvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi81MTgxZGUtNDRjZC00NjU0LTk2ZmMt
ZDNiOTBhOWI5YjQxLzEvSVZOcE9WMnpwTlhHeUFwWlRHTG0wLXgwWkswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi81MTgxZGUtNDRjZC00NjU0LTk2ZmMtZDNiOTBhOWI5YjQx
LzEvVnhNUGVaLUtpWVZRS2k2ak5XQTNaMENGejhvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZUlMA0G
CSqGSIb3DQEBCwUAA4IBAQAyG9FFdFBYM74kKYTdMvCxDl08UtFTm54is0i70Egy
ey+GGJNAWcTwt5dPwScQGg11eZrGTG+hf9MTVKPcP21hYEJnMv157NaNQUybJQfi
MUYHluUKsvyQSsG4i0NIcAepboxu5pnOUlYqbV82bZcRVo/BryTyBt61Po4Tmbot
IQqHovBSTtzaDhTo/s6yt+Ae5b5/6xB5C9nQDgssIURX9uzzfzQK0wIGOHn94EyQ
M7NjDos2DJNZ+6R/wLB8fBrVdWax3KjWNV6uPf/NOib/ibEGmXy8YO9bPXGGLC54
Bd2c+5bUArv4Xe+fYa/JosMlL366QwzKWkqBvgzjPFxs
-----END CERTIFICATE-----