Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/7S1yriW896cy9WWlLV4ytAi4z4g.roa
File:                     7S1yriW896cy9WWlLV4ytAi4z4g.roa (raw, json)
Hash identifier:          wX8XdaRxVVR7jc9MA+roeGg78sRsEqZn4myLA5KcdA8=
Subject key identifier:   ED:2D:72:AE:25:BC:F7:A7:32:F5:65:A5:2D:5E:32:B4:08:B8:CF:88
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       018CC86FA30B7E103E5DD24F5CA25980F252
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/7S1yriW896cy9WWlLV4ytAi4z4g.roa
Signing time:             Tue 02 Jan 2024 04:30:08 +0000
ROA not before:           Tue 02 Jan 2024 04:30:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13335
IP address blocks:        45.85.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 12 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:a3:0b:7e:10:3e:5d:d2:4f:5c:a2:59:80:f2:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 04:30:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ed2d72ae25bcf7a732f565a52d5e32b408b8cf88
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:d1:ff:f3:8e:57:6b:54:73:01:b9:f2:d4:62:
                    f0:4c:2f:d3:68:8f:53:d5:50:ba:fa:24:0e:0a:7f:
                    13:47:7c:46:8c:1c:56:e4:00:22:22:18:58:1f:7d:
                    b6:e3:17:40:b7:28:37:a4:07:90:0e:70:5e:1f:dd:
                    2b:0a:b1:fd:e6:75:e0:e7:62:da:77:04:58:0f:c3:
                    1f:c9:81:f1:6b:1a:73:ec:18:13:33:17:50:7d:1a:
                    ac:f7:99:12:51:6d:e1:ad:b1:3e:e4:29:0f:fd:8f:
                    89:c3:fd:1b:d2:22:32:d9:3c:49:a9:77:1c:5d:44:
                    95:75:2b:bc:9e:b5:e6:24:2f:ed:1c:e0:60:04:5e:
                    ac:60:fe:7f:24:98:ed:ea:9a:18:98:a7:34:e9:36:
                    60:5d:c6:1c:b7:2b:36:f8:07:a2:30:d2:ae:ad:37:
                    83:57:fa:51:58:c4:ea:33:97:7a:9c:6b:b4:7c:c3:
                    32:22:e8:22:3f:85:22:12:70:d1:5f:e7:07:3e:55:
                    84:35:a5:3b:a2:2e:96:31:97:55:79:24:62:10:5b:
                    c2:e6:b0:80:f3:a0:83:25:e6:0b:5b:55:0c:07:35:
                    07:6c:2a:13:d0:54:0e:4c:b0:d9:0a:51:93:28:84:
                    e7:74:a9:6a:4c:be:9c:e1:5a:52:ef:0e:d2:47:47:
                    e7:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:2D:72:AE:25:BC:F7:A7:32:F5:65:A5:2D:5E:32:B4:08:B8:CF:88
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/7S1yriW896cy9WWlLV4ytAi4z4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:3d:62:97:dd:29:35:c2:31:11:93:77:68:6b:96:39:46:0d:
         11:1c:e4:4e:d0:17:db:aa:19:75:a3:ea:f5:b5:cf:ae:cd:c2:
         df:68:b9:12:6d:52:c7:10:e7:f9:f2:fe:04:5c:c7:3e:15:ae:
         42:65:ca:6d:43:55:56:b3:95:d4:b6:1b:b4:e5:48:36:7c:5a:
         55:8a:d3:4d:5a:08:71:38:10:88:22:da:36:5d:48:fa:05:cc:
         af:38:fd:6c:3e:a4:45:a7:3c:28:c0:58:11:b8:c3:1d:3f:44:
         21:11:1f:6b:49:49:30:73:04:c2:31:0a:6f:63:51:6c:e0:c1:
         4d:14:01:ce:ac:ad:f8:fe:d3:c4:3d:d3:e3:b2:f8:ea:ac:32:
         32:33:fe:fc:c7:bc:97:ca:b2:a8:e8:89:d7:10:ed:31:a0:7a:
         2e:07:12:c7:fb:e2:4b:dd:95:a8:31:6e:c8:4a:84:cb:57:cd:
         52:4c:23:42:84:81:20:0e:0b:67:7f:d5:4f:06:fc:91:58:aa:
         1a:66:80:fe:38:c0:6a:28:65:6e:d9:b5:5f:77:2e:52:66:50:
         56:bf:2b:c2:4a:1c:07:8e:6a:ee:ef:df:d9:37:16:55:cb:7f:
         e9:a4:dd:94:8b:ec:31:4e:94:df:f8:82:0e:bc:7c:91:be:29:
         81:0f:d4:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb6MLfhA+XdJPXKJZgPJSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjQwMTAyMDQzMDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDJkNzJhZTI1YmNmN2E3MzJmNTY1YTUyZDVlMzJiNDA4YjhjZjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9H/845Xa1RzAbny1GLwTC/TaI9T
1VC6+iQOCn8TR3xGjBxW5AAiIhhYH3224xdAtyg3pAeQDnBeH90rCrH95nXg52La
dwRYD8MfyYHxaxpz7BgTMxdQfRqs95kSUW3hrbE+5CkP/Y+Jw/0b0iIy2TxJqXcc
XUSVdSu8nrXmJC/tHOBgBF6sYP5/JJjt6poYmKc06TZgXcYctys2+AeiMNKurTeD
V/pRWMTqM5d6nGu0fMMyIugiP4UiEnDRX+cHPlWENaU7oi6WMZdVeSRiEFvC5rCA
86CDJeYLW1UMBzUHbCoT0FQOTLDZClGTKITndKlqTL6c4VpS7w7SR0fn6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO0tcq4lvPenMvVlpS1eMrQIuM+IMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvN1MxeXJpVzg5NmN5OVdXbExWNHl0QWk0ejRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVVZMA0G
CSqGSIb3DQEBCwUAA4IBAQC8PWKX3Sk1wjERk3doa5Y5Rg0RHORO0Bfbqhl1o+r1
tc+uzcLfaLkSbVLHEOf58v4EXMc+Fa5CZcptQ1VWs5XUthu05Ug2fFpVitNNWghx
OBCIIto2XUj6BcyvOP1sPqRFpzwowFgRuMMdP0QhER9rSUkwcwTCMQpvY1Fs4MFN
FAHOrK34/tPEPdPjsvjqrDIyM/78x7yXyrKo6InXEO0xoHouBxLH++JL3ZWoMW7I
SoTLV81STCNChIEgDgtnf9VPBvyRWKoaZoD+OMBqKGVu2bVfdy5SZlBWvyvCShwH
jmru79/ZNxZVy3/ppN2Ui+wxTpTf+IIOvHyRvimBD9SN
-----END CERTIFICATE-----