Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/JtiKKVee7G4AlnuVRIk98Kp3bBw.roa
File:                     JtiKKVee7G4AlnuVRIk98Kp3bBw.roa (raw, json)
Hash identifier:          EnLiUkNQgUzHG+7DXQZH13YTAwYgb38bNmWdC5oJLvQ=
Subject key identifier:   26:D8:8A:29:57:9E:EC:6E:00:96:7B:95:44:89:3D:F0:AA:77:6C:1C
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018CC9BC70A4E6A499764A41C89643561C9A
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/JtiKKVee7G4AlnuVRIk98Kp3bBw.roa
Signing time:             Tue 02 Jan 2024 10:33:39 +0000
ROA not before:           Tue 02 Jan 2024 10:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209242
IP address blocks:        45.12.30.0/23 maxlen: 23
                          45.85.118.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 13:02:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:70:a4:e6:a4:99:76:4a:41:c8:96:43:56:1c:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  2 10:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=26d88a29579eec6e00967b9544893df0aa776c1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:36:21:4e:6a:97:b9:f4:69:26:9e:49:9e:54:
                    64:46:bf:da:f7:57:d4:8f:c6:fa:a9:cd:c7:c6:3e:
                    3b:72:a2:8b:c6:42:f6:3c:99:17:1b:08:24:39:9c:
                    07:33:2f:dd:2e:60:e3:0c:d1:2d:7a:ac:12:3a:50:
                    71:c6:47:b4:68:47:91:20:a3:e5:c8:f0:0b:da:9d:
                    5d:47:dd:62:5b:4e:a7:0f:8d:ca:ab:cc:eb:c6:81:
                    20:1f:13:f2:a2:ed:00:87:05:80:25:9f:0d:9a:5e:
                    d5:02:83:bf:4e:51:82:4a:8e:28:bb:d8:b6:9c:69:
                    0b:70:5e:ac:53:98:e1:d5:2d:b5:e5:a7:46:42:3a:
                    c5:b1:ff:c9:d0:27:9c:ec:6c:92:95:c5:22:93:bb:
                    16:3a:c7:61:2e:f0:01:ff:17:60:4e:b8:44:d9:1c:
                    0c:75:ea:4d:2f:0a:a7:b1:11:e9:07:63:67:aa:2c:
                    b1:41:68:6f:84:d0:d8:5e:e5:da:43:cb:25:16:8f:
                    20:08:1b:c7:6f:2d:21:1c:02:b6:05:f3:ca:30:c0:
                    b7:9f:c1:ee:4e:d7:2d:63:3a:49:88:fb:13:68:3f:
                    55:48:ad:8f:35:28:c4:2c:e8:dc:0a:54:c2:80:3d:
                    7d:81:a7:77:be:06:fe:6a:59:6b:4a:c1:2c:95:a7:
                    18:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:D8:8A:29:57:9E:EC:6E:00:96:7B:95:44:89:3D:F0:AA:77:6C:1C
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/JtiKKVee7G4AlnuVRIk98Kp3bBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.30.0/23
                  45.85.118.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:74:de:6d:de:10:01:8b:33:78:a3:43:18:18:84:47:c7:0d:
         b5:28:51:01:41:3a:b5:8c:91:70:99:f2:5d:f4:9f:7e:6b:56:
         a7:aa:ef:91:e9:ef:b5:c2:68:a5:ee:43:c8:e4:13:a2:37:7d:
         5a:a5:b6:3f:0e:67:f5:d7:58:72:db:2f:d4:07:53:05:e3:64:
         b8:d7:e6:d6:05:39:7d:76:74:d8:c5:84:75:24:5c:e3:ff:9a:
         30:d5:e3:53:15:b1:ee:75:b0:41:04:4e:68:8c:e5:52:10:38:
         da:b2:d7:e6:68:c1:03:81:2d:7d:1e:12:8a:7a:f1:e7:c9:cd:
         63:d4:88:ba:b3:28:03:a3:24:f3:f4:03:47:fb:08:de:5b:57:
         fb:e8:20:e2:86:4a:8f:3d:c9:ac:67:5d:50:d3:c3:8a:a1:8f:
         68:c4:2a:46:5b:3f:1c:f5:ce:3c:9f:a2:f1:eb:1c:a7:6b:a9:
         f0:b5:1a:95:4c:f3:3a:d4:6e:4c:6a:7c:80:fb:61:7f:d5:92:
         6b:b9:51:c1:3c:64:32:95:0f:51:cb:0d:39:3c:8f:1a:ce:7d:
         8b:10:4f:5e:f0:45:ff:b6:8b:7b:32:5e:b0:53:46:9f:8d:15:
         92:c5:1d:ad:ec:9d:28:83:7f:d2:67:64:35:0b:ef:54:a1:51:
         f5:5f:ea:7b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvHCk5qSZdkpByJZDVhyaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwMTAyMTAzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNmQ4OGEyOTU3OWVlYzZlMDA5NjdiOTU0NDg5M2RmMGFhNzc2YzFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzDYhTmqXufRpJp5JnlRkRr/a91fU
j8b6qc3Hxj47cqKLxkL2PJkXGwgkOZwHMy/dLmDjDNEteqwSOlBxxke0aEeRIKPl
yPAL2p1dR91iW06nD43Kq8zrxoEgHxPyou0AhwWAJZ8Nml7VAoO/TlGCSo4ou9i2
nGkLcF6sU5jh1S215adGQjrFsf/J0Cec7GySlcUik7sWOsdhLvAB/xdgTrhE2RwM
depNLwqnsRHpB2NnqiyxQWhvhNDYXuXaQ8slFo8gCBvHby0hHAK2BfPKMMC3n8Hu
TtctYzpJiPsTaD9VSK2PNSjELOjcClTCgD19gad3vgb+allrSsEslacYOwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCbYiilXnuxuAJZ7lUSJPfCqd2wcMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvSnRpS0tWZWU3RzRBbG51VlJJazk4S3AzYkJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLQweAwQB
LVV2MA0GCSqGSIb3DQEBCwUAA4IBAQBRdN5t3hABizN4o0MYGIRHxw21KFEBQTq1
jJFwmfJd9J9+a1anqu+R6e+1wmil7kPI5BOiN31apbY/Dmf111hy2y/UB1MF42S4
1+bWBTl9dnTYxYR1JFzj/5ow1eNTFbHudbBBBE5ojOVSEDjastfmaMEDgS19HhKK
evHnyc1j1Ii6sygDoyTz9ANH+wjeW1f76CDihkqPPcmsZ11Q08OKoY9oxCpGWz8c
9c48n6Lx6xyna6nwtRqVTPM61G5ManyA+2F/1ZJruVHBPGQylQ9Ryw05PI8azn2L
EE9e8EX/tot7Ml6wU0afjRWSxR2t7J0og3/SZ2Q1C+9UoVH1X+p7
-----END CERTIFICATE-----