Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/9cc5ce-8fba-4da6-834f-ea042c325f88/1/5AsXbjN_hMsMqzgYf-VssENDos8.roa
File:                     5AsXbjN_hMsMqzgYf-VssENDos8.roa (raw, json)
Hash identifier:          4OAw4OV63HD12Oaoqr5E/RSG+2gtFtO/2Wprrr4Kf04=
Subject key identifier:   E4:0B:17:6E:33:7F:84:CB:0C:AB:38:18:7F:E5:6C:B0:43:43:A2:CF
Certificate issuer:       /CN=ea88982593665739dbb1a61a6a20e56f0be25fb7
Certificate serial:       018CC86F9763214975878E790790F8A54109
Authority key identifier: EA:88:98:25:93:66:57:39:DB:B1:A6:1A:6A:20:E5:6F:0B:E2:5F:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6oiYJZNmVznbsaYaaiDlbwviX7c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/9cc5ce-8fba-4da6-834f-ea042c325f88/1/5AsXbjN_hMsMqzgYf-VssENDos8.roa
Signing time:             Tue 02 Jan 2024 04:30:05 +0000
ROA not before:           Tue 02 Jan 2024 04:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205112
IP address blocks:        45.157.240.0/22 maxlen: 24
                          2a0f:6480::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/9cc5ce-8fba-4da6-834f-ea042c325f88/1/6oiYJZNmVznbsaYaaiDlbwviX7c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/9cc5ce-8fba-4da6-834f-ea042c325f88/1/6oiYJZNmVznbsaYaaiDlbwviX7c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6oiYJZNmVznbsaYaaiDlbwviX7c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:97:63:21:49:75:87:8e:79:07:90:f8:a5:41:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ea88982593665739dbb1a61a6a20e56f0be25fb7
        Validity
            Not Before: Jan  2 04:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e40b176e337f84cb0cab38187fe56cb04343a2cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:5d:a8:4d:6c:cd:7c:1b:d4:7d:13:99:c7:5d:
                    90:9a:10:a2:e9:d6:a8:c1:b8:7e:5e:20:2a:e9:3a:
                    f1:c7:d4:a6:cc:80:c9:42:03:6a:3f:66:b3:71:72:
                    6f:28:20:18:8f:eb:cb:4f:f1:00:65:44:8f:a6:59:
                    2f:f0:cf:5e:7f:cd:7a:fa:76:7b:df:d3:88:0d:c3:
                    76:96:88:c4:62:de:89:5b:65:cb:da:0f:87:25:da:
                    c9:e8:50:15:d7:c5:c3:14:ce:5d:a9:e0:12:28:c7:
                    c5:08:94:7e:13:44:c1:21:60:5b:cc:d5:e2:49:c2:
                    3f:64:f1:e5:8c:6e:a1:91:28:23:be:bc:e3:7c:91:
                    11:6d:ea:63:f1:3f:92:8d:64:f6:90:ec:86:4f:31:
                    c7:d7:f1:42:64:24:d1:77:b4:8d:0a:27:28:6f:e9:
                    0e:61:2f:0f:94:ba:41:fc:7c:cf:34:b5:c5:5b:c2:
                    53:04:33:a7:62:32:ea:2d:8c:04:24:c1:f0:39:3a:
                    e6:67:13:c9:b7:a4:8e:18:e8:dc:75:a0:e4:0c:5e:
                    37:c5:19:dc:23:60:0c:c4:8c:fd:fd:43:23:c8:4b:
                    01:4d:f0:ba:18:77:26:33:9e:1e:3c:86:28:f5:14:
                    86:34:14:26:05:73:91:ee:97:3e:01:b4:29:3d:a1:
                    fa:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:0B:17:6E:33:7F:84:CB:0C:AB:38:18:7F:E5:6C:B0:43:43:A2:CF
            X509v3 Authority Key Identifier:
                keyid:EA:88:98:25:93:66:57:39:DB:B1:A6:1A:6A:20:E5:6F:0B:E2:5F:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6oiYJZNmVznbsaYaaiDlbwviX7c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/9cc5ce-8fba-4da6-834f-ea042c325f88/1/5AsXbjN_hMsMqzgYf-VssENDos8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/9cc5ce-8fba-4da6-834f-ea042c325f88/1/6oiYJZNmVznbsaYaaiDlbwviX7c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.240.0/22
                IPv6:
                  2a0f:6480::/29

    Signature Algorithm: sha256WithRSAEncryption
         22:94:a0:e6:5c:db:de:b0:80:e0:63:8e:86:9a:cd:77:a3:15:
         62:1e:c6:82:81:94:d4:e1:e0:6e:87:62:9c:ef:a2:10:b6:3d:
         a5:98:61:68:ed:bc:c1:4b:62:a9:32:65:dd:f4:92:7a:7f:a8:
         f5:a6:b8:8e:84:cf:bd:09:ad:c1:2b:51:85:de:b7:44:4d:53:
         fa:39:87:cf:ea:15:fc:a8:3e:ae:80:10:2c:09:de:de:04:66:
         ce:33:5b:f3:86:8b:92:28:ea:0d:fe:c4:e7:e2:07:9c:6f:d6:
         d9:ca:56:db:43:0d:2f:1b:af:c8:f6:42:01:59:59:0d:29:a4:
         d3:60:64:89:bd:42:74:4d:15:18:ae:e7:af:3b:46:eb:9f:16:
         b3:59:89:36:d7:2c:8f:19:69:3c:1b:f6:1f:49:3d:d2:5a:22:
         cd:af:4c:07:b6:34:df:92:da:12:b4:f3:7b:52:9c:91:82:fe:
         f5:d5:00:f1:83:a8:74:b2:ed:f8:4f:db:b4:12:c4:85:c9:6d:
         9c:8e:59:3d:5d:42:00:26:1e:fd:dc:91:46:86:8b:e9:55:3f:
         28:67:ce:14:23:75:e9:f7:11:7f:86:78:fd:ff:4b:8f:ba:ba:
         ed:0b:7d:c3:44:72:74:74:b6:5a:3f:24:c1:f7:87:8b:b6:60:
         8c:e1:05:76
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIb5djIUl1h455B5D4pUEJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhODg5ODI1OTM2NjU3MzlkYmIxYTYxYTZhMjBlNTZmMGJl
MjVmYjcwHhcNMjQwMTAyMDQzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDBiMTc2ZTMzN2Y4NGNiMGNhYjM4MTg3ZmU1NmNiMDQzNDNhMmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArl2oTWzNfBvUfROZx12QmhCi6dao
wbh+XiAq6Trxx9SmzIDJQgNqP2azcXJvKCAYj+vLT/EAZUSPplkv8M9ef816+nZ7
39OIDcN2lojEYt6JW2XL2g+HJdrJ6FAV18XDFM5dqeASKMfFCJR+E0TBIWBbzNXi
ScI/ZPHljG6hkSgjvrzjfJERbepj8T+SjWT2kOyGTzHH1/FCZCTRd7SNCicob+kO
YS8PlLpB/HzPNLXFW8JTBDOnYjLqLYwEJMHwOTrmZxPJt6SOGOjcdaDkDF43xRnc
I2AMxIz9/UMjyEsBTfC6GHcmM54ePIYo9RSGNBQmBXOR7pc+AbQpPaH64QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOQLF24zf4TLDKs4GH/lbLBDQ6LPMB8GA1UdIwQY
MBaAFOqImCWTZlc527GmGmog5W8L4l+3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNm9pWUpaTm1Wem5ic2FZYWFpRGxid3ZpWDdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy85Y2M1Y2UtOGZiYS00ZGE2LTgzNGYt
ZWEwNDJjMzI1Zjg4LzEvNUFzWGJqTl9oTXNNcXpnWWYtVnNzRU5Eb3M4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy85Y2M1Y2UtOGZiYS00ZGE2LTgzNGYtZWEwNDJjMzI1Zjg4
LzEvNm9pWUpaTm1Wem5ic2FZYWFpRGxid3ZpWDdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZ3wMA0E
AgACMAcDBQMqD2SAMA0GCSqGSIb3DQEBCwUAA4IBAQAilKDmXNvesIDgY46Gms13
oxViHsaCgZTU4eBuh2Kc76IQtj2lmGFo7bzBS2KpMmXd9JJ6f6j1priOhM+9Ca3B
K1GF3rdETVP6OYfP6hX8qD6ugBAsCd7eBGbOM1vzhouSKOoN/sTn4gecb9bZylbb
Qw0vG6/I9kIBWVkNKaTTYGSJvUJ0TRUYruevO0brnxazWYk21yyPGWk8G/YfST3S
WiLNr0wHtjTfktoStPN7UpyRgv711QDxg6h0su34T9u0EsSFyW2cjlk9XUIAJh79
3JFGhovpVT8oZ84UI3Xp9xF/hnj9/0uPurrtC33DRHJ0dLZaPyTB94eLtmCM4QV2
-----END CERTIFICATE-----