Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/f09759-6ceb-4754-bbe5-3b9e3c53bab0/1/85JLMokwkKC7oA7YXSRw5d9Xv8Q.roa
File:                     85JLMokwkKC7oA7YXSRw5d9Xv8Q.roa (raw, json)
Hash identifier:          FVF9xdAN9F6QNOPfkeZEb3JaOgzAVYO0NY3+rOMouQc=
Subject key identifier:   F3:92:4B:32:89:30:90:A0:BB:A0:0E:D8:5D:24:70:E5:DF:57:BF:C4
Certificate issuer:       /CN=e2dac150848325f0f72587064f8aba37c5ff3790
Certificate serial:       018CC7948198CFA144CAA91B9C8B0BBC69F1
Authority key identifier: E2:DA:C1:50:84:83:25:F0:F7:25:87:06:4F:8A:BA:37:C5:FF:37:90
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4trBUISDJfD3JYcGT4q6N8X_N5A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a8/f09759-6ceb-4754-bbe5-3b9e3c53bab0/1/85JLMokwkKC7oA7YXSRw5d9Xv8Q.roa
Signing time:             Tue 02 Jan 2024 00:30:47 +0000
ROA not before:           Tue 02 Jan 2024 00:30:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39257
IP address blocks:        45.67.28.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a8/f09759-6ceb-4754-bbe5-3b9e3c53bab0/1/4trBUISDJfD3JYcGT4q6N8X_N5A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a8/f09759-6ceb-4754-bbe5-3b9e3c53bab0/1/4trBUISDJfD3JYcGT4q6N8X_N5A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4trBUISDJfD3JYcGT4q6N8X_N5A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 21:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:81:98:cf:a1:44:ca:a9:1b:9c:8b:0b:bc:69:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2dac150848325f0f72587064f8aba37c5ff3790
        Validity
            Not Before: Jan  2 00:30:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f3924b32893090a0bba00ed85d2470e5df57bfc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:07:22:83:4f:fd:d9:a1:9c:b8:d3:e0:02:46:
                    db:01:bd:85:c9:51:07:cc:cf:09:4b:1e:75:c5:66:
                    1e:46:54:52:ac:92:16:80:bb:76:d0:22:0f:d1:da:
                    29:09:1a:c3:51:20:4c:03:3d:68:51:2d:eb:78:9c:
                    65:83:d5:2d:26:b6:96:bd:f0:60:30:cb:6c:7c:40:
                    15:b2:31:2e:a2:65:43:d9:b3:ed:67:9a:9f:7e:0b:
                    70:b0:e3:64:6c:48:38:f3:ea:66:87:6b:f7:b8:c9:
                    62:3e:c3:04:7d:53:da:a5:d8:dd:2c:ce:47:8d:e0:
                    cf:55:77:5c:9b:9e:52:db:5f:17:ba:08:ed:33:3f:
                    82:60:ec:7d:99:46:b8:df:18:12:ac:3f:20:50:59:
                    46:af:b5:8d:32:36:d2:a4:d3:29:20:b4:4c:d8:7c:
                    fb:29:49:3b:62:94:8c:c9:3d:4f:81:07:a2:97:ed:
                    1b:70:b2:3b:09:e1:63:d4:83:f7:f3:ff:83:74:78:
                    83:88:6e:c4:23:98:27:b6:8b:cb:72:cf:6d:95:e1:
                    c0:59:3f:67:2e:33:d8:d5:4f:45:68:46:4c:64:13:
                    a9:66:cf:ab:62:56:3e:27:53:2e:30:15:8b:ce:2e:
                    fa:ae:a3:6f:71:f2:b6:da:f2:13:33:dd:97:46:08:
                    23:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:92:4B:32:89:30:90:A0:BB:A0:0E:D8:5D:24:70:E5:DF:57:BF:C4
            X509v3 Authority Key Identifier:
                keyid:E2:DA:C1:50:84:83:25:F0:F7:25:87:06:4F:8A:BA:37:C5:FF:37:90

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4trBUISDJfD3JYcGT4q6N8X_N5A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/f09759-6ceb-4754-bbe5-3b9e3c53bab0/1/85JLMokwkKC7oA7YXSRw5d9Xv8Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/f09759-6ceb-4754-bbe5-3b9e3c53bab0/1/4trBUISDJfD3JYcGT4q6N8X_N5A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3f:80:d5:ed:12:7a:7f:44:34:69:e3:12:78:ca:84:c7:b2:fa:
         26:6f:9e:1b:b1:07:b5:8c:0f:3a:1c:85:ff:ca:54:97:cd:48:
         48:20:50:69:52:15:3d:6e:fc:2d:3e:c4:05:66:31:af:c8:9d:
         fc:bc:ac:10:e5:d0:36:b1:eb:b6:ed:f8:04:8d:cd:44:8c:13:
         be:f7:4e:90:fa:a4:ac:dc:f1:1e:c4:f1:35:68:08:61:d5:46:
         22:bc:d8:95:b7:93:f8:1e:c8:9f:7f:e7:b6:72:f0:a6:25:76:
         2e:69:6d:2a:f9:4e:f0:8e:39:88:9d:34:99:cd:30:5f:98:9b:
         95:31:93:71:27:c4:1f:94:a9:de:a0:2b:ad:c0:28:f4:dc:30:
         ea:1c:0b:c8:97:d8:69:e9:ed:cf:06:a2:43:60:8c:58:c1:5a:
         dc:ef:9c:f9:25:ae:86:c9:20:1d:59:6b:9d:71:04:28:0f:2b:
         cb:6c:84:74:40:76:d7:85:cd:27:3d:a9:5c:22:04:b8:aa:86:
         ba:97:76:9d:3e:01:3e:15:4a:8e:bf:5f:d6:ed:fa:3d:0e:17:
         d4:f7:0e:e0:38:82:19:5e:75:9b:f1:98:b3:3d:03:1f:bb:96:
         0e:16:9c:21:02:c5:48:17:6e:31:a4:79:ba:d1:26:f3:08:02:
         bc:7d:8c:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlIGYz6FEyqkbnIsLvGnxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZGFjMTUwODQ4MzI1ZjBmNzI1ODcwNjRmOGFiYTM3YzVm
ZjM3OTAwHhcNMjQwMTAyMDAzMDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzkyNGIzMjg5MzA5MGEwYmJhMDBlZDg1ZDI0NzBlNWRmNTdiZmM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQcig0/92aGcuNPgAkbbAb2FyVEH
zM8JSx51xWYeRlRSrJIWgLt20CIP0dopCRrDUSBMAz1oUS3reJxlg9UtJraWvfBg
MMtsfEAVsjEuomVD2bPtZ5qffgtwsONkbEg48+pmh2v3uMliPsMEfVPapdjdLM5H
jeDPVXdcm55S218XugjtMz+CYOx9mUa43xgSrD8gUFlGr7WNMjbSpNMpILRM2Hz7
KUk7YpSMyT1PgQeil+0bcLI7CeFj1IP38/+DdHiDiG7EI5gntovLcs9tleHAWT9n
LjPY1U9FaEZMZBOpZs+rYlY+J1MuMBWLzi76rqNvcfK22vITM92XRggjxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPOSSzKJMJCgu6AO2F0kcOXfV7/EMB8GA1UdIwQY
MBaAFOLawVCEgyXw9yWHBk+KujfF/zeQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRyQlVJU0RKZkQzSlljR1Q0cTZOOFhfTjVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9mMDk3NTktNmNlYi00NzU0LWJiZTUt
M2I5ZTNjNTNiYWIwLzEvODVKTE1va3drS0M3b0E3WVhTUnc1ZDlYdjhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC9mMDk3NTktNmNlYi00NzU0LWJiZTUtM2I5ZTNjNTNiYWIw
LzEvNHRyQlVJU0RKZkQzSlljR1Q0cTZOOFhfTjVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLUMcMA0G
CSqGSIb3DQEBCwUAA4IBAQA/gNXtEnp/RDRp4xJ4yoTHsvomb54bsQe1jA86HIX/
ylSXzUhIIFBpUhU9bvwtPsQFZjGvyJ38vKwQ5dA2seu27fgEjc1EjBO+906Q+qSs
3PEexPE1aAhh1UYivNiVt5P4Hsiff+e2cvCmJXYuaW0q+U7wjjmInTSZzTBfmJuV
MZNxJ8QflKneoCutwCj03DDqHAvIl9hp6e3PBqJDYIxYwVrc75z5Ja6GySAdWWud
cQQoDyvLbIR0QHbXhc0nPalcIgS4qoa6l3adPgE+FUqOv1/W7fo9DhfU9w7gOIIZ
XnWb8ZizPQMfu5YOFpwhAsVIF24xpHm60SbzCAK8fYxY
-----END CERTIFICATE-----