Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/D-hE4n1bXicqNfeDE7ZvbtkQlTA.roa
File:                     D-hE4n1bXicqNfeDE7ZvbtkQlTA.roa (raw, json)
Hash identifier:          qhFsLgQb4olfqryZa6dqCEPsLJK2L8ZNZ4hbRex6rmA=
Subject key identifier:   0F:E8:44:E2:7D:5B:5E:27:2A:35:F7:83:13:B6:6F:6E:D9:10:95:30
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       0191BDED2E0C7C4DCFC3A3191C2AB6803628
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/D-hE4n1bXicqNfeDE7ZvbtkQlTA.roa
Signing time:             Wed 04 Sep 2024 16:45:23 +0000
ROA not before:           Wed 04 Sep 2024 16:45:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52044
IP address blocks:        45.135.224.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:bd:ed:2e:0c:7c:4d:cf:c3:a3:19:1c:2a:b6:80:36:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Sep  4 16:45:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0fe844e27d5b5e272a35f78313b66f6ed9109530
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:ef:61:23:6a:4f:47:8a:90:db:65:2e:22:94:
                    20:d6:ef:ce:51:02:a6:60:a6:5d:48:8f:5c:55:5b:
                    5b:1e:75:78:cc:4c:d6:48:c7:9a:8c:e3:7f:75:ca:
                    87:c3:82:b6:45:44:2d:4f:95:9a:3a:37:a7:6a:d3:
                    d1:ca:80:82:d4:02:05:bb:a4:0f:49:88:f0:65:0b:
                    cc:03:6d:ee:62:c4:e9:05:8c:d1:ad:29:39:7c:0a:
                    15:f2:0a:6d:86:17:9c:15:c1:b9:7d:34:cb:52:fd:
                    3d:1d:39:e6:d2:16:6b:8b:0d:d8:c3:49:ad:ae:c8:
                    1e:e4:65:d8:01:62:b1:d0:c8:19:d7:2d:cc:0b:4b:
                    4a:52:74:68:fd:63:3b:9e:14:ac:c7:92:7f:af:aa:
                    15:7b:52:f5:f6:0d:bf:7e:58:76:7b:f9:ad:f8:32:
                    fc:03:7c:6d:2c:ca:88:14:c5:99:6e:80:b3:58:bb:
                    94:87:b6:19:c3:ff:3a:49:a8:f1:94:87:a0:c0:73:
                    ee:ca:00:de:12:65:7d:4e:93:f8:f2:1e:23:4b:5a:
                    f4:d4:9a:54:49:c8:41:70:3b:54:83:43:62:ab:e5:
                    74:26:85:1e:c3:00:c9:96:92:4c:0f:65:35:fd:ee:
                    5c:3b:3d:22:4f:12:7b:f0:0e:bc:71:2a:b6:4d:ce:
                    ab:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:E8:44:E2:7D:5B:5E:27:2A:35:F7:83:13:B6:6F:6E:D9:10:95:30
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/D-hE4n1bXicqNfeDE7ZvbtkQlTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:87:8d:4e:d7:f5:9e:6b:d4:3b:7b:41:84:90:c0:84:0a:b0:
         e0:17:10:49:91:73:7c:3b:60:a1:5b:d4:95:f1:bf:ad:fe:cb:
         c8:44:9e:14:73:8e:1a:61:c3:9f:41:47:65:3e:08:21:3f:44:
         ba:74:ae:0e:2f:33:38:ef:c2:da:9a:14:40:b2:b5:d5:ca:f4:
         34:c1:ca:1c:5b:f6:56:89:de:c7:18:5b:24:72:72:5e:0a:f7:
         9a:aa:32:c9:8a:01:17:48:ef:25:40:c1:8b:b6:e0:9d:f7:e4:
         6a:fb:36:ec:22:60:2b:81:62:ba:e2:75:fd:13:8d:8a:df:0f:
         38:2e:76:93:e4:f5:df:a3:8a:71:be:16:6f:f7:79:10:94:1b:
         a1:af:88:f1:7e:51:73:a7:28:29:0f:6a:ea:1b:4b:7f:8d:d0:
         b3:b7:5e:92:e1:92:44:4e:c8:e4:e6:b7:76:a7:d7:b1:40:4d:
         59:61:10:5d:58:94:b5:65:b5:8e:0c:8e:5a:d2:4a:da:7a:70:
         a3:13:0a:cc:8d:bc:fa:38:7b:ee:01:76:1e:0d:60:f5:0a:38:
         36:a8:5c:18:87:55:49:96:ee:48:78:23:0c:ae:b1:28:61:b1:
         b9:c9:34:2f:5d:ca:18:18:ff:ad:d9:cb:3f:ac:69:4d:15:44:
         ae:08:6a:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZG97S4MfE3Pw6MZHCq2gDYoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjQwOTA0MTY0NTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmU4NDRlMjdkNWI1ZTI3MmEzNWY3ODMxM2I2NmY2ZWQ5MTA5NTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsO9hI2pPR4qQ22UuIpQg1u/OUQKm
YKZdSI9cVVtbHnV4zEzWSMeajON/dcqHw4K2RUQtT5WaOjenatPRyoCC1AIFu6QP
SYjwZQvMA23uYsTpBYzRrSk5fAoV8gpthhecFcG5fTTLUv09HTnm0hZriw3Yw0mt
rsge5GXYAWKx0MgZ1y3MC0tKUnRo/WM7nhSsx5J/r6oVe1L19g2/flh2e/mt+DL8
A3xtLMqIFMWZboCzWLuUh7YZw/86SajxlIegwHPuygDeEmV9TpP48h4jS1r01JpU
SchBcDtUg0Niq+V0JoUewwDJlpJMD2U1/e5cOz0iTxJ78A68cSq2Tc6rVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA/oROJ9W14nKjX3gxO2b27ZEJUwMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvRC1oRTRuMWJYaWNxTmZlREU3WnZidGtRbFRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYfgMA0G
CSqGSIb3DQEBCwUAA4IBAQAqh41O1/Wea9Q7e0GEkMCECrDgFxBJkXN8O2ChW9SV
8b+t/svIRJ4Uc44aYcOfQUdlPgghP0S6dK4OLzM478LamhRAsrXVyvQ0wcocW/ZW
id7HGFskcnJeCveaqjLJigEXSO8lQMGLtuCd9+Rq+zbsImArgWK64nX9E42K3w84
LnaT5PXfo4pxvhZv93kQlBuhr4jxflFzpygpD2rqG0t/jdCzt16S4ZJETsjk5rd2
p9exQE1ZYRBdWJS1ZbWODI5a0kraenCjEwrMjbz6OHvuAXYeDWD1Cjg2qFwYh1VJ
lu5IeCMMrrEoYbG5yTQvXcoYGP+t2cs/rGlNFUSuCGoQ
-----END CERTIFICATE-----