Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/u68rvslim_OyQcX6Vof_B_wGZf8.roa
File:                     u68rvslim_OyQcX6Vof_B_wGZf8.roa (raw, json)
Hash identifier:          efDTrPOVx0Svp5+CqAXenAMezaXI4A6PLOmCrYKZQ44=
Subject key identifier:   BB:AF:2B:BE:C9:62:9B:F3:B2:41:C5:FA:56:87:FF:07:FC:06:65:FF
Certificate issuer:       /CN=338d42fbb3f43f56ddb8782e65490a23d85b72e1
Certificate serial:       018CC348C43759F5DC38CED1AD72850904AF
Authority key identifier: 33:8D:42:FB:B3:F4:3F:56:DD:B8:78:2E:65:49:0A:23:D8:5B:72:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M41C-7P0P1bduHguZUkKI9hbcuE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/u68rvslim_OyQcX6Vof_B_wGZf8.roa
Signing time:             Mon 01 Jan 2024 04:29:35 +0000
ROA not before:           Mon 01 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12884
IP address blocks:        45.95.94.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/M41C-7P0P1bduHguZUkKI9hbcuE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/M41C-7P0P1bduHguZUkKI9hbcuE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M41C-7P0P1bduHguZUkKI9hbcuE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:c4:37:59:f5:dc:38:ce:d1:ad:72:85:09:04:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=338d42fbb3f43f56ddb8782e65490a23d85b72e1
        Validity
            Not Before: Jan  1 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bbaf2bbec9629bf3b241c5fa5687ff07fc0665ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f4:06:a4:46:a5:87:bf:0c:ce:57:e2:d7:07:
                    67:13:25:84:c1:64:22:c5:33:81:e4:3f:68:e7:37:
                    e8:44:ee:83:e6:e4:58:ed:36:f0:8c:c6:a8:1f:f3:
                    a9:2d:1c:13:2b:07:c1:0a:bf:8c:3f:ea:c9:1c:4b:
                    36:4a:3e:2d:81:67:7c:16:d3:0a:24:b1:2f:aa:06:
                    0b:3e:32:83:50:ea:bb:9a:ca:6a:bc:4e:03:7b:a6:
                    8d:42:b1:5c:34:84:17:3e:94:b6:ea:9a:8f:07:5e:
                    15:b5:45:e8:5d:32:92:20:e0:ff:2c:6a:b0:65:67:
                    2a:b2:28:69:30:84:9d:47:d9:c1:b4:9c:c6:cc:fb:
                    b8:2a:2b:fc:de:df:00:32:1a:5f:d5:1d:b1:bd:04:
                    50:0a:6a:70:15:ae:56:87:7e:89:db:9e:33:ad:4c:
                    20:29:ce:e7:e9:67:3a:0d:cd:7e:bb:ed:d6:cf:95:
                    18:e8:e8:25:e7:84:19:78:9b:73:6e:5b:d3:88:a5:
                    cf:f5:42:de:16:ab:2a:4c:83:76:f3:bd:cc:bd:50:
                    97:c5:40:47:7a:dd:97:3e:b8:62:2d:bd:c0:5b:bb:
                    91:d8:0a:68:46:f3:39:ea:64:ac:8f:38:03:9e:0d:
                    63:47:cc:07:6b:72:3a:ae:bd:cc:2e:5d:b4:2d:2a:
                    b3:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:AF:2B:BE:C9:62:9B:F3:B2:41:C5:FA:56:87:FF:07:FC:06:65:FF
            X509v3 Authority Key Identifier:
                keyid:33:8D:42:FB:B3:F4:3F:56:DD:B8:78:2E:65:49:0A:23:D8:5B:72:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M41C-7P0P1bduHguZUkKI9hbcuE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/u68rvslim_OyQcX6Vof_B_wGZf8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/9166b8-5e54-458d-9b32-557a7d11e2ae/1/M41C-7P0P1bduHguZUkKI9hbcuE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.95.94.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ab:3c:b8:58:28:bf:e6:6e:a6:9e:bc:11:12:bb:01:c7:f9:ee:
         57:05:de:0a:e1:fe:fe:d8:86:16:1b:b2:3a:d5:13:6f:cd:b1:
         e0:8e:4f:76:a0:40:0a:ac:39:d6:f7:4e:e3:d5:19:88:16:d3:
         6a:3b:7d:40:c1:e8:fc:e6:e6:6f:f8:30:92:e6:5f:33:68:df:
         ac:d7:9d:65:fe:9b:c9:82:13:47:25:9b:da:d6:6d:b2:c7:90:
         49:fb:ae:f0:46:e7:77:3e:81:75:c4:c4:fe:71:07:8f:d9:e4:
         b1:27:d6:4f:99:ce:ab:86:d8:d3:42:f5:d3:bc:f8:97:a8:99:
         49:d2:26:bb:14:8e:90:1a:24:c2:09:b5:72:7d:7f:68:0e:4c:
         bc:7c:8d:57:50:a7:a0:b4:ad:77:7f:c4:73:88:48:07:84:bb:
         d4:93:a2:1b:34:4e:b1:08:99:e0:b7:6d:67:17:36:a6:81:3c:
         d8:be:a7:02:08:4c:e1:6b:7d:b7:f4:2a:30:8d:08:b1:27:a9:
         09:7e:71:a1:36:3b:58:b6:b6:a9:02:25:1f:f8:be:18:97:d1:
         82:21:42:11:7a:f2:82:77:c7:76:1e:3c:cc:e8:99:83:a3:8d:
         14:29:39:45:6a:26:83:f0:6a:88:e5:27:21:a4:ab:a0:46:b3:
         9a:bf:be:f9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSMQ3WfXcOM7RrXKFCQSvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzOGQ0MmZiYjNmNDNmNTZkZGI4NzgyZTY1NDkwYTIzZDg1
YjcyZTEwHhcNMjQwMTAxMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmFmMmJiZWM5NjI5YmYzYjI0MWM1ZmE1Njg3ZmYwN2ZjMDY2NWZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqPQGpEalh78Mzlfi1wdnEyWEwWQi
xTOB5D9o5zfoRO6D5uRY7TbwjMaoH/OpLRwTKwfBCr+MP+rJHEs2Sj4tgWd8FtMK
JLEvqgYLPjKDUOq7mspqvE4De6aNQrFcNIQXPpS26pqPB14VtUXoXTKSIOD/LGqw
ZWcqsihpMISdR9nBtJzGzPu4Kiv83t8AMhpf1R2xvQRQCmpwFa5Wh36J254zrUwg
Kc7n6Wc6Dc1+u+3Wz5UY6Ogl54QZeJtzblvTiKXP9ULeFqsqTIN2873MvVCXxUBH
et2XPrhiLb3AW7uR2ApoRvM56mSsjzgDng1jR8wHa3I6rr3MLl20LSqzvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLuvK77JYpvzskHF+laH/wf8BmX/MB8GA1UdIwQY
MBaAFDONQvuz9D9W3bh4LmVJCiPYW3LhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTQxQy03UDBQMWJkdUhndVpVa0tJOWhiY3VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi85MTY2YjgtNWU1NC00NThkLTliMzIt
NTU3YTdkMTFlMmFlLzEvdTY4cnZzbGltX095UWNYNlZvZl9CX3dHWmY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi85MTY2YjgtNWU1NC00NThkLTliMzItNTU3YTdkMTFlMmFl
LzEvTTQxQy03UDBQMWJkdUhndVpVa0tJOWhiY3VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALV9eMA0G
CSqGSIb3DQEBCwUAA4IBAQCrPLhYKL/mbqaevBESuwHH+e5XBd4K4f7+2IYWG7I6
1RNvzbHgjk92oEAKrDnW907j1RmIFtNqO31Awej85uZv+DCS5l8zaN+s151l/pvJ
ghNHJZva1m2yx5BJ+67wRud3PoF1xMT+cQeP2eSxJ9ZPmc6rhtjTQvXTvPiXqJlJ
0ia7FI6QGiTCCbVyfX9oDky8fI1XUKegtK13f8RziEgHhLvUk6IbNE6xCJngt21n
FzamgTzYvqcCCEzha3239CowjQixJ6kJfnGhNjtYtrapAiUf+L4Yl9GCIUIRevKC
d8d2HjzM6JmDo40UKTlFaiaD8GqI5SchpKugRrOav775
-----END CERTIFICATE-----