Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/tx2Teufl_xgZI3A4VxyaIf3zbMs.roa
File:                     tx2Teufl_xgZI3A4VxyaIf3zbMs.roa (raw, json)
Hash identifier:          OKEXO0LyJ84TiYriP8zUZ5+iDw3vyxgvgRQBMhlBvhE=
Subject key identifier:   B7:1D:93:7A:E7:E5:FF:18:19:23:70:38:57:1C:9A:21:FD:F3:6C:CB
Certificate issuer:       /CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
Certificate serial:       018D5EC18FF607F22BD090997C0C46D7943D
Authority key identifier: FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/tx2Teufl_xgZI3A4VxyaIf3zbMs.roa
Signing time:             Wed 31 Jan 2024 09:02:39 +0000
ROA not before:           Wed 31 Jan 2024 09:02:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39877
IP address blocks:        45.133.154.0/23 maxlen: 24
                          45.150.82.0/24 maxlen: 24
                          45.150.83.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5e:c1:8f:f6:07:f2:2b:d0:90:99:7c:0c:46:d7:94:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff82309a6814678ad72e3f31a4fe0272f40bd986
        Validity
            Not Before: Jan 31 09:02:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b71d937ae7e5ff1819237038571c9a21fdf36ccb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:72:cd:4e:a8:a5:7a:f9:f4:33:1f:c8:dd:e3:
                    96:68:a2:fa:79:e7:76:b0:3f:44:62:96:58:d3:f9:
                    9e:c0:07:1c:b0:cc:a3:04:00:48:ae:52:b6:bd:ff:
                    39:5d:cc:54:8c:ca:84:2e:79:77:0c:47:32:7b:3f:
                    3e:d1:6d:0d:35:50:6c:c7:e7:90:0d:3e:74:54:09:
                    a3:7c:ba:ef:32:a4:ff:1b:2c:17:da:02:39:c0:1e:
                    39:d1:79:d7:36:a3:ff:8c:86:a5:74:52:ef:9c:32:
                    3f:0e:e4:bc:30:06:14:87:60:dd:b1:70:0e:ae:f9:
                    2b:7c:08:6a:77:6d:78:f7:68:20:f6:b0:ac:98:52:
                    aa:79:df:e4:20:4f:ad:57:2b:46:6c:c0:59:ff:06:
                    80:53:54:b5:88:4e:24:21:48:70:8b:f6:ea:94:b5:
                    70:75:16:7c:7d:56:6d:18:30:7c:69:d3:7d:b1:09:
                    43:e4:f3:7b:12:5e:8a:d5:2d:90:d6:ee:27:73:27:
                    d1:b9:e9:dd:11:3d:f7:1a:91:71:46:2c:cb:f5:58:
                    2b:01:c1:44:e4:5b:91:89:b2:0e:76:7d:93:9c:71:
                    8f:00:ea:6c:9d:8e:37:bb:dd:70:d4:58:29:61:5d:
                    e7:bd:43:1f:27:b1:e3:46:54:e6:87:ef:79:3a:6e:
                    77:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:1D:93:7A:E7:E5:FF:18:19:23:70:38:57:1C:9A:21:FD:F3:6C:CB
            X509v3 Authority Key Identifier:
                keyid:FF:82:30:9A:68:14:67:8A:D7:2E:3F:31:A4:FE:02:72:F4:0B:D9:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/tx2Teufl_xgZI3A4VxyaIf3zbMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/9fa83d-b2a3-45e4-8499-f525816402bd/1/_4IwmmgUZ4rXLj8xpP4CcvQL2YY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.154.0/23
                  45.150.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9d:21:bd:53:a8:37:6e:93:68:25:19:77:d9:57:65:ef:bd:27:
         c0:b0:72:b9:67:2b:52:2f:5a:12:65:e7:85:b1:33:32:43:14:
         e4:8f:45:d6:af:b7:af:00:83:6b:fa:51:51:a0:76:92:81:22:
         d1:f1:d8:24:cb:c9:54:7a:86:bb:96:ea:0d:0d:40:1f:cb:ef:
         5e:1f:2f:4c:55:c4:64:77:f1:4a:4e:2a:c2:52:25:e6:61:4e:
         48:9d:92:35:48:94:97:db:e2:31:cd:f1:3e:a4:82:5e:44:85:
         53:81:c8:88:c6:83:4c:af:b7:8c:0c:7b:db:e7:83:a7:c6:9d:
         b8:99:6b:86:6e:27:17:95:45:1f:83:f6:c7:50:6f:a9:1d:69:
         35:56:15:17:29:66:00:7a:95:2a:8b:c4:01:6d:02:6e:5e:11:
         7f:64:92:f5:2f:8d:18:8b:ab:11:64:57:84:09:1b:0a:79:40:
         eb:b0:07:ef:01:70:51:7c:ab:8b:bb:54:af:4e:97:6c:8a:bb:
         0e:7c:de:d3:1a:4c:b6:b0:64:e5:8c:43:22:3a:09:1f:2a:92:
         c6:da:a7:f4:56:df:84:a1:01:e0:6a:42:7f:4a:78:f3:3d:e6:
         16:71:a1:a5:56:7b:85:50:da:12:60:14:99:8d:c4:d0:1c:61:
         f0:12:07:00
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY1ewY/2B/Ir0JCZfAxG15Q9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmODIzMDlhNjgxNDY3OGFkNzJlM2YzMWE0ZmUwMjcyZjQw
YmQ5ODYwHhcNMjQwMTMxMDkwMjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzFkOTM3YWU3ZTVmZjE4MTkyMzcwMzg1NzFjOWEyMWZkZjM2Y2NiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3LNTqilevn0Mx/I3eOWaKL6eed2
sD9EYpZY0/mewAccsMyjBABIrlK2vf85XcxUjMqELnl3DEcyez8+0W0NNVBsx+eQ
DT50VAmjfLrvMqT/GywX2gI5wB450XnXNqP/jIaldFLvnDI/DuS8MAYUh2DdsXAO
rvkrfAhqd21492gg9rCsmFKqed/kIE+tVytGbMBZ/waAU1S1iE4kIUhwi/bqlLVw
dRZ8fVZtGDB8adN9sQlD5PN7El6K1S2Q1u4ncyfRuendET33GpFxRizL9VgrAcFE
5FuRibIOdn2TnHGPAOpsnY43u91w1FgpYV3nvUMfJ7HjRlTmh+95Om53EQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLcdk3rn5f8YGSNwOFccmiH982zLMB8GA1UdIwQY
MBaAFP+CMJpoFGeK1y4/MaT+AnL0C9mGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTkt
ZjUyNTgxNjQwMmJkLzEvdHgyVGV1ZmxfeGdaSTNBNFZ4eWFJZjN6Yk1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC85ZmE4M2QtYjJhMy00NWU0LTg0OTktZjUyNTgxNjQwMmJk
LzEvXzRJd21tZ1VaNHJYTGo4eHBQNENjdlFMMllZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLYWaAwQB
LZZSMA0GCSqGSIb3DQEBCwUAA4IBAQCdIb1TqDduk2glGXfZV2XvvSfAsHK5ZytS
L1oSZeeFsTMyQxTkj0XWr7evAINr+lFRoHaSgSLR8dgky8lUeoa7luoNDUAfy+9e
Hy9MVcRkd/FKTirCUiXmYU5InZI1SJSX2+IxzfE+pIJeRIVTgciIxoNMr7eMDHvb
54Onxp24mWuGbicXlUUfg/bHUG+pHWk1VhUXKWYAepUqi8QBbQJuXhF/ZJL1L40Y
i6sRZFeECRsKeUDrsAfvAXBRfKuLu1SvTpdsirsOfN7TGky2sGTljEMiOgkfKpLG
2qf0Vt+EoQHgakJ/SnjzPeYWcaGlVnuFUNoSYBSZjcTQHGHwEgcA
-----END CERTIFICATE-----