Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/vs6t8YyrtZuDnITwn4N-Us9XAUU.roa
File:                     vs6t8YyrtZuDnITwn4N-Us9XAUU.roa (raw, json)
Hash identifier:          S3ZIaYWCALhrIAkedJfMMsT7d2mKYP5nWh0zTlghvRA=
Subject key identifier:   BE:CE:AD:F1:8C:AB:B5:9B:83:9C:84:F0:9F:83:7E:52:CF:57:01:45
Certificate issuer:       /CN=72ca1a5cff52ebe2f22b669dcc2c9027cea0b81c
Certificate serial:       018CCA2997F25E424C626852145C0EF27796
Authority key identifier: 72:CA:1A:5C:FF:52:EB:E2:F2:2B:66:9D:CC:2C:90:27:CE:A0:B8:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/csoaXP9S6-LyK2adzCyQJ86guBw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/vs6t8YyrtZuDnITwn4N-Us9XAUU.roa
Signing time:             Tue 02 Jan 2024 12:32:52 +0000
ROA not before:           Tue 02 Jan 2024 12:32:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35120
IP address blocks:        45.8.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/csoaXP9S6-LyK2adzCyQJ86guBw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/csoaXP9S6-LyK2adzCyQJ86guBw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/csoaXP9S6-LyK2adzCyQJ86guBw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:97:f2:5e:42:4c:62:68:52:14:5c:0e:f2:77:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72ca1a5cff52ebe2f22b669dcc2c9027cea0b81c
        Validity
            Not Before: Jan  2 12:32:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=beceadf18cabb59b839c84f09f837e52cf570145
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:34:9a:39:85:5f:e0:21:93:16:5d:71:96:23:
                    7b:49:a8:a0:0a:03:55:39:f8:5a:d8:2f:2d:59:86:
                    65:8c:8b:13:a5:a5:92:ca:f0:e8:b1:60:38:93:67:
                    fa:96:9c:11:81:19:b5:af:d9:3b:cd:64:95:a1:ee:
                    f7:82:b7:10:56:47:50:86:c1:c7:1c:35:60:9e:ae:
                    63:d0:ff:a0:80:56:3b:c7:9d:c0:21:ae:17:f5:9e:
                    58:be:53:0d:d7:e9:ae:3c:77:b1:6c:b0:92:92:41:
                    22:91:f5:fe:37:95:17:2f:f3:47:76:eb:74:5b:65:
                    0b:94:29:b0:98:62:6f:16:d3:19:3b:f2:99:5c:0a:
                    64:04:43:f0:86:14:7e:40:17:c4:30:ab:a8:15:54:
                    b1:88:43:0e:f2:ed:23:92:44:da:9f:22:5a:5f:a0:
                    c1:61:56:a5:68:b2:4c:05:af:c8:ef:9c:87:16:28:
                    0e:ba:26:73:31:b6:79:d3:a3:a9:6c:b2:fc:40:28:
                    dc:39:c0:80:3f:dd:86:c6:bd:48:b6:d3:b5:35:23:
                    9c:99:6c:bc:4a:70:37:f0:46:9a:9f:bc:36:17:12:
                    1e:99:57:07:a2:d3:ae:50:28:ea:99:a6:e3:a0:ee:
                    89:e2:79:f4:77:48:7b:dc:1c:9c:32:78:4a:de:6e:
                    1e:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:CE:AD:F1:8C:AB:B5:9B:83:9C:84:F0:9F:83:7E:52:CF:57:01:45
            X509v3 Authority Key Identifier:
                keyid:72:CA:1A:5C:FF:52:EB:E2:F2:2B:66:9D:CC:2C:90:27:CE:A0:B8:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/csoaXP9S6-LyK2adzCyQJ86guBw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/vs6t8YyrtZuDnITwn4N-Us9XAUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/94/12ac0e-5474-45d5-8def-6a414f184706/1/csoaXP9S6-LyK2adzCyQJ86guBw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:aa:b1:13:7c:3a:a3:9f:25:62:d4:71:b2:bc:ef:27:f5:f3:
         da:53:4b:d9:ea:39:74:1b:0f:09:ae:cb:40:d4:11:ed:2f:8b:
         4c:19:b8:e3:cd:f5:a5:fc:94:29:42:9e:da:31:62:ca:a4:46:
         47:f8:dc:0d:92:b0:fa:48:ff:8f:58:16:e6:14:0f:ae:d0:61:
         a0:0d:4f:ba:43:93:64:ea:f7:21:3b:e0:d2:de:55:92:d7:0a:
         fb:3e:18:51:2c:42:0e:97:62:ef:d4:e1:ff:df:65:e2:41:c4:
         2a:53:bd:aa:c9:ab:76:a3:d5:4b:ac:86:08:35:2a:ff:64:9e:
         57:3d:23:bc:ed:41:11:04:0d:6a:6d:99:ba:1e:5b:e6:2e:08:
         a3:9e:96:51:e9:c0:13:32:ca:0f:53:04:36:fa:8e:d7:a0:77:
         8d:04:d4:6d:6c:5f:5c:e3:9b:dc:fc:70:2c:c3:01:4b:05:b3:
         ed:4e:d2:7f:d8:86:76:82:29:a2:03:ad:36:a9:6f:1f:ab:dc:
         62:f9:76:24:1a:2d:0d:90:0e:b1:93:12:5b:59:9e:54:8c:8c:
         df:52:2a:18:c3:8f:36:bc:b3:7c:f2:82:33:0e:24:e4:ab:64:
         d2:c2:3c:77:eb:d1:72:76:a9:47:c6:32:82:f4:3d:a0:06:f4:
         95:6e:90:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKZfyXkJMYmhSFFwO8neWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyY2ExYTVjZmY1MmViZTJmMjJiNjY5ZGNjMmM5MDI3Y2Vh
MGI4MWMwHhcNMjQwMTAyMTIzMjUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWNlYWRmMThjYWJiNTliODM5Yzg0ZjA5ZjgzN2U1MmNmNTcwMTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkjSaOYVf4CGTFl1xliN7SaigCgNV
Ofha2C8tWYZljIsTpaWSyvDosWA4k2f6lpwRgRm1r9k7zWSVoe73grcQVkdQhsHH
HDVgnq5j0P+ggFY7x53AIa4X9Z5YvlMN1+muPHexbLCSkkEikfX+N5UXL/NHdut0
W2ULlCmwmGJvFtMZO/KZXApkBEPwhhR+QBfEMKuoFVSxiEMO8u0jkkTanyJaX6DB
YValaLJMBa/I75yHFigOuiZzMbZ506OpbLL8QCjcOcCAP92Gxr1IttO1NSOcmWy8
SnA38Eaan7w2FxIemVcHotOuUCjqmabjoO6J4nn0d0h73BycMnhK3m4erQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL7OrfGMq7Wbg5yE8J+DflLPVwFFMB8GA1UdIwQY
MBaAFHLKGlz/Uuvi8itmncwskCfOoLgcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3NvYVhQOVM2LUx5SzJhZHpDeVFKODZndUJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NC8xMmFjMGUtNTQ3NC00NWQ1LThkZWYt
NmE0MTRmMTg0NzA2LzEvdnM2dDhZeXJ0WnVEbklUd240Ti1VczlYQVVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NC8xMmFjMGUtNTQ3NC00NWQ1LThkZWYtNmE0MTRmMTg0NzA2
LzEvY3NvYVhQOVM2LUx5SzJhZHpDeVFKODZndUJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQgIMA0G
CSqGSIb3DQEBCwUAA4IBAQAyqrETfDqjnyVi1HGyvO8n9fPaU0vZ6jl0Gw8JrstA
1BHtL4tMGbjjzfWl/JQpQp7aMWLKpEZH+NwNkrD6SP+PWBbmFA+u0GGgDU+6Q5Nk
6vchO+DS3lWS1wr7PhhRLEIOl2Lv1OH/32XiQcQqU72qyat2o9VLrIYINSr/ZJ5X
PSO87UERBA1qbZm6HlvmLgijnpZR6cATMsoPUwQ2+o7XoHeNBNRtbF9c45vc/HAs
wwFLBbPtTtJ/2IZ2gimiA602qW8fq9xi+XYkGi0NkA6xkxJbWZ5UjIzfUioYw482
vLN88oIzDiTkq2TSwjx369FydqlHxjKC9D2gBvSVbpCD
-----END CERTIFICATE-----