Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/464660-7a6e-49a7-903d-5cbc636bd7e7/1/ZuZ2EyMptxSAWwdoTwBi_cItAtw.roa
File:                     ZuZ2EyMptxSAWwdoTwBi_cItAtw.roa (raw, json)
Hash identifier:          CMC+AXvZKTw16JIuhg27MM4r9y9yX5M4tgL7jj37NSY=
Subject key identifier:   66:E6:76:13:23:29:B7:14:80:5B:07:68:4F:00:62:FD:C2:2D:02:DC
Certificate issuer:       /CN=a018d68115dc4b730f157906b04426e599b3a8ca
Certificate serial:       018CC5DC20159638967EE8139D84F25C5DAD
Authority key identifier: A0:18:D6:81:15:DC:4B:73:0F:15:79:06:B0:44:26:E5:99:B3:A8:CA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oBjWgRXcS3MPFXkGsEQm5ZmzqMo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/464660-7a6e-49a7-903d-5cbc636bd7e7/1/ZuZ2EyMptxSAWwdoTwBi_cItAtw.roa
Signing time:             Mon 01 Jan 2024 16:29:46 +0000
ROA not before:           Mon 01 Jan 2024 16:29:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8749
IP address blocks:        45.140.92.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/464660-7a6e-49a7-903d-5cbc636bd7e7/1/oBjWgRXcS3MPFXkGsEQm5ZmzqMo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/464660-7a6e-49a7-903d-5cbc636bd7e7/1/oBjWgRXcS3MPFXkGsEQm5ZmzqMo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oBjWgRXcS3MPFXkGsEQm5ZmzqMo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:20:15:96:38:96:7e:e8:13:9d:84:f2:5c:5d:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a018d68115dc4b730f157906b04426e599b3a8ca
        Validity
            Not Before: Jan  1 16:29:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66e676132329b714805b07684f0062fdc22d02dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:02:9f:15:a3:34:38:8b:6d:48:07:a7:ed:2a:
                    9a:9d:a5:ef:12:d3:24:c8:b7:52:1f:96:c3:5c:ba:
                    8a:93:4e:21:91:a4:81:f4:ac:0e:3b:c1:e7:e9:03:
                    1d:c4:db:00:4b:48:cb:1c:fa:f5:4e:ce:a0:03:a2:
                    a1:97:ef:1a:7a:33:ce:75:ad:24:58:98:42:c5:d9:
                    b8:c0:e1:e3:c5:d2:be:63:c9:b5:2d:70:23:92:49:
                    30:3c:47:01:fa:54:7c:a0:74:3d:42:af:16:20:cc:
                    fa:db:9d:90:d2:04:b7:31:59:9e:d7:ca:84:45:d1:
                    30:06:04:aa:89:b3:02:55:61:09:81:35:ea:d0:91:
                    21:d1:3b:d8:d8:a4:19:82:27:20:2f:ec:e4:a7:47:
                    4f:58:e8:30:90:a0:b7:8e:aa:be:d3:89:c9:37:2c:
                    d4:03:e3:49:ab:5e:8a:a2:31:91:40:ef:48:dc:a3:
                    5e:a1:1e:61:75:18:a4:ee:e1:92:59:21:c3:eb:ff:
                    f3:e1:4a:1a:31:0e:e0:20:ca:dc:bb:8b:e5:cd:cf:
                    1b:8d:5e:e6:27:3f:9b:f3:e8:0f:d1:23:9c:5a:10:
                    14:51:8c:ae:cb:d0:70:4d:ad:a7:43:1c:0b:4f:16:
                    df:30:99:64:57:67:1e:e2:1e:54:08:d6:4b:a4:75:
                    9c:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:E6:76:13:23:29:B7:14:80:5B:07:68:4F:00:62:FD:C2:2D:02:DC
            X509v3 Authority Key Identifier:
                keyid:A0:18:D6:81:15:DC:4B:73:0F:15:79:06:B0:44:26:E5:99:B3:A8:CA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oBjWgRXcS3MPFXkGsEQm5ZmzqMo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/464660-7a6e-49a7-903d-5cbc636bd7e7/1/ZuZ2EyMptxSAWwdoTwBi_cItAtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/464660-7a6e-49a7-903d-5cbc636bd7e7/1/oBjWgRXcS3MPFXkGsEQm5ZmzqMo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2f:4c:d7:25:0d:35:96:bd:82:c4:fd:9a:4d:68:b0:ab:ec:97:
         08:24:0d:70:0c:02:e4:de:37:91:90:fe:76:37:11:5f:4b:a4:
         75:0c:54:8a:bf:c4:8c:e4:05:3a:69:bc:7d:8d:f5:31:ad:e7:
         2f:9a:55:f9:c9:0c:86:da:c5:29:0a:ea:ee:58:f2:41:27:c4:
         c5:82:39:65:dd:b8:fc:3a:8b:ec:b1:b7:33:59:ff:60:b9:90:
         9a:86:42:51:ab:74:c4:a6:66:bb:87:d9:98:5d:cc:46:73:7c:
         82:bd:26:f3:72:f6:32:73:db:9e:b3:35:85:9f:07:4d:84:29:
         4d:ea:3c:4a:79:f7:b4:19:d1:95:b7:c7:ca:ad:eb:4a:e2:d8:
         c8:c7:cc:4e:03:ea:6d:2d:ca:9f:0f:98:6b:8f:a0:7d:86:b2:
         51:a4:42:58:e1:2b:b4:e3:13:7a:d8:b3:4c:c9:b5:c8:2e:e6:
         3b:eb:ee:b6:72:a2:59:01:9c:c6:8e:1f:d8:c8:e6:68:77:31:
         2e:fb:0d:52:eb:38:98:0e:33:98:ff:39:89:e6:a1:29:2f:25:
         cd:da:e3:18:79:f3:a5:fc:0a:ed:de:a0:53:6c:70:ef:b5:3f:
         05:03:f0:f8:5f:20:85:d7:f6:98:6a:51:27:c7:4b:90:95:9b:
         1b:72:ec:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3CAVljiWfugTnYTyXF2tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwMThkNjgxMTVkYzRiNzMwZjE1NzkwNmIwNDQyNmU1OTli
M2E4Y2EwHhcNMjQwMTAxMTYyOTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmU2NzYxMzIzMjliNzE0ODA1YjA3Njg0ZjAwNjJmZGMyMmQwMmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgKfFaM0OIttSAen7SqanaXvEtMk
yLdSH5bDXLqKk04hkaSB9KwOO8Hn6QMdxNsAS0jLHPr1Ts6gA6Khl+8aejPOda0k
WJhCxdm4wOHjxdK+Y8m1LXAjkkkwPEcB+lR8oHQ9Qq8WIMz6252Q0gS3MVme18qE
RdEwBgSqibMCVWEJgTXq0JEh0TvY2KQZgicgL+zkp0dPWOgwkKC3jqq+04nJNyzU
A+NJq16KojGRQO9I3KNeoR5hdRik7uGSWSHD6//z4UoaMQ7gIMrcu4vlzc8bjV7m
Jz+b8+gP0SOcWhAUUYyuy9BwTa2nQxwLTxbfMJlkV2ce4h5UCNZLpHWciQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGbmdhMjKbcUgFsHaE8AYv3CLQLcMB8GA1UdIwQY
MBaAFKAY1oEV3EtzDxV5BrBEJuWZs6jKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0JqV2dSWGNTM01QRlhrR3NFUW01Wm16cU1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC80NjQ2NjAtN2E2ZS00OWE3LTkwM2Qt
NWNiYzYzNmJkN2U3LzEvWnVaMkV5TXB0eFNBV3dkb1R3QmlfY0l0QXR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC80NjQ2NjAtN2E2ZS00OWE3LTkwM2QtNWNiYzYzNmJkN2U3
LzEvb0JqV2dSWGNTM01QRlhrR3NFUW01Wm16cU1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYxcMA0G
CSqGSIb3DQEBCwUAA4IBAQAvTNclDTWWvYLE/ZpNaLCr7JcIJA1wDALk3jeRkP52
NxFfS6R1DFSKv8SM5AU6abx9jfUxrecvmlX5yQyG2sUpCuruWPJBJ8TFgjll3bj8
OovssbczWf9guZCahkJRq3TEpma7h9mYXcxGc3yCvSbzcvYyc9ueszWFnwdNhClN
6jxKefe0GdGVt8fKretK4tjIx8xOA+ptLcqfD5hrj6B9hrJRpEJY4Su04xN62LNM
ybXILuY76+62cqJZAZzGjh/YyOZodzEu+w1S6ziYDjOY/zmJ5qEpLyXN2uMYefOl
/Art3qBTbHDvtT8FA/D4XyCF1/aYalEnx0uQlZsbcuwL
-----END CERTIFICATE-----