Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/8nrmtvqjbhpzGLhDUUGaEie_jYU.roa
File:                     8nrmtvqjbhpzGLhDUUGaEie_jYU.roa (raw, json)
Hash identifier:          bn2G5zvgbfgmoPibvoG3yOr3sPXJoX5UWeYVFdJnNPY=
Subject key identifier:   F2:7A:E6:B6:FA:A3:6E:1A:73:18:B8:43:51:41:9A:12:27:BF:8D:85
Certificate issuer:       /CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Certificate serial:       0191B33AD540F23824B3F401DC0B366850B8
Authority key identifier: 46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/8nrmtvqjbhpzGLhDUUGaEie_jYU.roa
Signing time:             Mon 02 Sep 2024 14:54:22 +0000
ROA not before:           Mon 02 Sep 2024 14:54:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     41789
IP address blocks:        45.82.14.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:b3:3a:d5:40:f2:38:24:b3:f4:01:dc:0b:36:68:50:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=465eba5c1a80f86a4589278edd9304b3f5169f83
        Validity
            Not Before: Sep  2 14:54:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f27ae6b6faa36e1a7318b84351419a1227bf8d85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:57:d0:f7:13:1b:79:b7:96:91:2d:2e:30:35:
                    78:dd:6e:f3:8e:b6:41:da:83:91:be:0b:f4:ef:39:
                    42:b3:24:2c:83:d9:21:f7:15:62:d5:80:7e:17:9c:
                    ad:52:e9:5f:93:a5:e0:b0:44:ab:9a:33:d1:74:35:
                    6a:6c:5f:bd:4c:83:8c:cc:ec:99:50:01:e1:4b:c4:
                    bd:d0:6c:e3:7d:a8:f6:d9:f6:f5:b3:07:c3:67:69:
                    c0:d8:29:fa:e9:1d:ff:01:b5:dd:72:8f:ab:e9:fa:
                    63:69:9a:ef:69:e1:96:13:bc:dc:82:84:fc:71:cf:
                    8a:53:07:df:82:28:b2:7b:eb:17:b6:3c:b1:f9:89:
                    d6:f3:16:2a:56:2a:52:09:a8:b2:2d:76:97:e5:d8:
                    7b:9f:d3:5d:d1:0a:32:95:a0:ab:0a:90:59:fe:3d:
                    53:34:8c:2a:af:0c:b3:e7:0e:d2:07:32:fe:9a:e7:
                    2f:de:18:a6:33:04:43:0a:55:09:3e:b0:1b:d9:1f:
                    99:7d:e7:9c:fc:ce:a7:ff:dd:96:78:8c:6a:5b:ba:
                    bc:3c:8f:8f:db:c9:12:63:2e:ca:fa:28:e0:60:db:
                    8c:1e:1a:76:93:1a:f6:88:21:b6:06:d5:b2:e8:ac:
                    71:b6:c4:ae:ab:87:a8:28:a9:23:84:69:78:2e:4b:
                    7b:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:7A:E6:B6:FA:A3:6E:1A:73:18:B8:43:51:41:9A:12:27:BF:8D:85
            X509v3 Authority Key Identifier:
                keyid:46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/8nrmtvqjbhpzGLhDUUGaEie_jYU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ba:bd:ca:ed:ca:18:c7:03:e3:3a:f1:aa:0a:1f:89:bd:88:cd:
         2e:5f:b5:08:3e:82:b5:cb:b9:f3:0f:a3:da:02:ea:a0:33:a0:
         36:58:d9:9e:dc:42:74:7e:d4:70:e4:53:58:b4:b5:a6:25:93:
         ed:53:03:ae:2b:c4:40:a4:36:a4:21:16:17:a5:6a:14:5b:66:
         78:e5:37:69:3c:96:30:8b:4b:f5:65:b0:15:2f:5a:8a:a7:de:
         62:cf:8a:15:6f:ad:97:91:64:d6:77:99:2f:ff:47:6f:23:91:
         b9:89:7c:f9:a2:01:18:07:12:ce:94:48:1a:6f:4d:08:2a:b0:
         f4:27:f4:33:0a:af:65:cb:fa:17:1d:6d:ac:68:d6:3b:7c:05:
         99:a4:1c:be:b6:ae:2d:32:15:43:6f:34:0c:dc:66:42:9c:f4:
         62:67:46:36:a8:b5:26:d5:c3:86:fd:5b:eb:7c:e7:91:82:7b:
         65:a6:3f:4f:eb:09:64:03:32:46:ab:d9:dc:53:b5:6c:96:86:
         5e:cb:b3:c1:fe:aa:4a:95:89:93:2c:81:49:29:81:4a:3f:e9:
         7d:65:be:be:0c:98:8b:a3:35:df:08:62:8d:ec:ef:0b:41:5a:
         6f:40:1d:fa:38:16:71:b8:e3:c2:88:4e:70:74:e4:d2:9c:ae:
         75:33:42:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGzOtVA8jgks/QB3As2aFC4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWViYTVjMWE4MGY4NmE0NTg5Mjc4ZWRkOTMwNGIzZjUx
NjlmODMwHhcNMjQwOTAyMTQ1NDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjdhZTZiNmZhYTM2ZTFhNzMxOGI4NDM1MTQxOWExMjI3YmY4ZDg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArVfQ9xMbebeWkS0uMDV43W7zjrZB
2oORvgv07zlCsyQsg9kh9xVi1YB+F5ytUulfk6XgsESrmjPRdDVqbF+9TIOMzOyZ
UAHhS8S90Gzjfaj22fb1swfDZ2nA2Cn66R3/AbXdco+r6fpjaZrvaeGWE7zcgoT8
cc+KUwffgiiye+sXtjyx+YnW8xYqVipSCaiyLXaX5dh7n9Nd0QoylaCrCpBZ/j1T
NIwqrwyz5w7SBzL+mucv3himMwRDClUJPrAb2R+Zfeec/M6n/92WeIxqW7q8PI+P
28kSYy7K+ijgYNuMHhp2kxr2iCG2BtWy6KxxtsSuq4eoKKkjhGl4Lkt7uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPJ65rb6o24acxi4Q1FBmhInv42FMB8GA1UdIwQY
MBaAFEZeulwagPhqRYknjt2TBLP1Fp+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQt
NWM0NzZlMzMyNWY1LzEvOG5ybXR2cWpiaHB6R0xoRFVVR2FFaWVfallVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQtNWM0NzZlMzMyNWY1
LzEvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVIOMA0G
CSqGSIb3DQEBCwUAA4IBAQC6vcrtyhjHA+M68aoKH4m9iM0uX7UIPoK1y7nzD6Pa
AuqgM6A2WNme3EJ0ftRw5FNYtLWmJZPtUwOuK8RApDakIRYXpWoUW2Z45TdpPJYw
i0v1ZbAVL1qKp95iz4oVb62XkWTWd5kv/0dvI5G5iXz5ogEYBxLOlEgab00IKrD0
J/QzCq9ly/oXHW2saNY7fAWZpBy+tq4tMhVDbzQM3GZCnPRiZ0Y2qLUm1cOG/Vvr
fOeRgntlpj9P6wlkAzJGq9ncU7VsloZey7PB/qpKlYmTLIFJKYFKP+l9Zb6+DJiL
ozXfCGKN7O8LQVpvQB36OBZxuOPCiE5wdOTSnK51M0Jo
-----END CERTIFICATE-----