Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/57b414-5091-4657-a9b4-e9af566f2c14/1/lEkjH1eHejqcCKhaZx8X23fiWT4.roa
File:                     lEkjH1eHejqcCKhaZx8X23fiWT4.roa (raw, json)
Hash identifier:          933OQ1bQyQKBOMor93Uuf44ryEgGEQhbcB4NcFNrckQ=
Subject key identifier:   94:49:23:1F:57:87:7A:3A:9C:08:A8:5A:67:1F:17:DB:77:E2:59:3E
Certificate issuer:       /CN=783f2e92ad59c70c8cdc28b28029e229705c6c91
Certificate serial:       018CC5DC2CF7105EEE3E71FEB9DCE9CCFA77
Authority key identifier: 78:3F:2E:92:AD:59:C7:0C:8C:DC:28:B2:80:29:E2:29:70:5C:6C:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eD8ukq1ZxwyM3CiygCniKXBcbJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/57b414-5091-4657-a9b4-e9af566f2c14/1/lEkjH1eHejqcCKhaZx8X23fiWT4.roa
Signing time:             Mon 01 Jan 2024 16:29:50 +0000
ROA not before:           Mon 01 Jan 2024 16:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8075
IP address blocks:        45.143.224.0/24 maxlen: 24
                          45.143.225.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/57b414-5091-4657-a9b4-e9af566f2c14/1/eD8ukq1ZxwyM3CiygCniKXBcbJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/57b414-5091-4657-a9b4-e9af566f2c14/1/eD8ukq1ZxwyM3CiygCniKXBcbJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eD8ukq1ZxwyM3CiygCniKXBcbJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:2c:f7:10:5e:ee:3e:71:fe:b9:dc:e9:cc:fa:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=783f2e92ad59c70c8cdc28b28029e229705c6c91
        Validity
            Not Before: Jan  1 16:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9449231f57877a3a9c08a85a671f17db77e2593e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:e7:ad:c5:23:22:71:02:e5:fc:cc:24:2c:ac:
                    0c:23:3d:fa:71:02:99:2f:02:63:a5:ce:5a:48:a6:
                    cd:c6:a0:b4:21:94:83:73:3d:18:12:14:23:a4:d7:
                    8d:72:b8:b7:11:18:20:4c:a5:e2:99:2f:44:09:e2:
                    49:ba:c5:bc:16:39:1c:0c:93:c9:b0:b2:86:13:b6:
                    84:52:91:c9:06:88:fe:eb:d2:5d:eb:07:ce:1d:f2:
                    64:ae:88:03:31:57:73:e7:8d:b1:f6:92:da:bb:96:
                    fd:a6:6c:dd:1e:9e:7c:93:38:e2:aa:ed:a5:90:85:
                    02:04:45:8f:cd:f7:c0:8a:e6:fd:28:08:07:f5:f2:
                    d5:bc:83:36:59:bd:89:51:d4:ff:e9:20:07:36:0c:
                    91:4b:39:25:13:fe:48:91:26:bd:b9:12:b4:64:54:
                    ba:78:ce:ff:f1:a6:c7:0d:9e:66:80:f9:70:d8:83:
                    3c:88:18:e4:79:bf:2c:e6:b4:bc:2e:c2:73:f4:a6:
                    47:c4:d0:72:2d:3d:d8:ad:3d:32:5d:df:86:42:3b:
                    19:e0:31:1c:d6:5b:f9:51:fe:f1:c0:04:1b:58:30:
                    76:7f:a7:8c:1c:3d:33:9d:37:ee:66:5a:2e:12:c8:
                    35:16:c7:37:41:e6:a1:81:8e:38:f6:6f:a6:b4:c8:
                    44:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:49:23:1F:57:87:7A:3A:9C:08:A8:5A:67:1F:17:DB:77:E2:59:3E
            X509v3 Authority Key Identifier:
                keyid:78:3F:2E:92:AD:59:C7:0C:8C:DC:28:B2:80:29:E2:29:70:5C:6C:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eD8ukq1ZxwyM3CiygCniKXBcbJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/57b414-5091-4657-a9b4-e9af566f2c14/1/lEkjH1eHejqcCKhaZx8X23fiWT4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/57b414-5091-4657-a9b4-e9af566f2c14/1/eD8ukq1ZxwyM3CiygCniKXBcbJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.224.0/23

    Signature Algorithm: sha256WithRSAEncryption
         af:32:a3:e4:37:4f:fd:0f:2c:90:c7:a8:4d:5d:b8:b5:0a:33:
         38:7e:45:2d:4e:9f:30:20:08:48:f3:5c:d6:20:b4:c9:a4:c4:
         8f:f3:2b:ef:92:33:0c:b7:db:e4:19:e2:6e:1c:80:f1:e0:63:
         32:9d:23:f2:53:ac:6d:51:c0:ba:90:a7:5f:7c:a3:fb:02:a2:
         f8:c1:e2:3e:c0:e1:91:06:6a:87:16:c4:6b:5f:3b:ce:fd:d6:
         c2:91:75:50:c1:e9:8c:d7:3d:2f:0e:8e:90:ae:b8:fa:19:d1:
         24:bf:f6:8c:76:97:d8:47:04:48:7c:49:80:43:8a:37:a8:4d:
         8b:d4:0f:b4:29:d9:7a:1f:bb:36:f0:7a:84:3d:71:b5:b0:8d:
         2f:a4:2c:d1:3f:38:61:70:4a:40:0c:52:ec:3a:c0:dd:03:b1:
         0f:d9:29:61:21:fc:c3:8d:55:e7:52:19:7a:4f:b6:fd:6f:79:
         47:97:7d:dd:f4:28:af:66:e6:5b:05:34:a5:ba:a0:e1:17:3f:
         6a:a3:2c:d2:91:46:30:b8:6e:82:c1:39:36:ee:a5:aa:fb:e2:
         82:d5:43:a5:0d:b6:5c:c9:5f:9f:6c:ee:bc:f2:54:ff:1d:a5:
         56:8e:c5:3b:74:bf:72:6c:3c:a2:00:ba:24:46:7e:a6:98:64:
         1d:82:34:e6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3Cz3EF7uPnH+udzpzPp3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc4M2YyZTkyYWQ1OWM3MGM4Y2RjMjhiMjgwMjllMjI5NzA1
YzZjOTEwHhcNMjQwMTAxMTYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDQ5MjMxZjU3ODc3YTNhOWMwOGE4NWE2NzFmMTdkYjc3ZTI1OTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmeetxSMicQLl/MwkLKwMIz36cQKZ
LwJjpc5aSKbNxqC0IZSDcz0YEhQjpNeNcri3ERggTKXimS9ECeJJusW8FjkcDJPJ
sLKGE7aEUpHJBoj+69Jd6wfOHfJkrogDMVdz542x9pLau5b9pmzdHp58kzjiqu2l
kIUCBEWPzffAiub9KAgH9fLVvIM2Wb2JUdT/6SAHNgyRSzklE/5IkSa9uRK0ZFS6
eM7/8abHDZ5mgPlw2IM8iBjkeb8s5rS8LsJz9KZHxNByLT3YrT0yXd+GQjsZ4DEc
1lv5Uf7xwAQbWDB2f6eMHD0znTfuZlouEsg1Fsc3QeahgY449m+mtMhE4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJRJIx9Xh3o6nAioWmcfF9t34lk+MB8GA1UdIwQY
MBaAFHg/LpKtWccMjNwosoAp4ilwXGyRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZUQ4dWtxMVp4d3lNM0NpeWdDbmlLWEJjYkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS81N2I0MTQtNTA5MS00NjU3LWE5YjQt
ZTlhZjU2NmYyYzE0LzEvbEVrakgxZUhlanFjQ0toYVp4OFgyM2ZpV1Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS81N2I0MTQtNTA5MS00NjU3LWE5YjQtZTlhZjU2NmYyYzE0
LzEvZUQ4dWtxMVp4d3lNM0NpeWdDbmlLWEJjYkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLY/gMA0G
CSqGSIb3DQEBCwUAA4IBAQCvMqPkN0/9DyyQx6hNXbi1CjM4fkUtTp8wIAhI81zW
ILTJpMSP8yvvkjMMt9vkGeJuHIDx4GMynSPyU6xtUcC6kKdffKP7AqL4weI+wOGR
BmqHFsRrXzvO/dbCkXVQwemM1z0vDo6Qrrj6GdEkv/aMdpfYRwRIfEmAQ4o3qE2L
1A+0Kdl6H7s28HqEPXG1sI0vpCzRPzhhcEpADFLsOsDdA7EP2SlhIfzDjVXnUhl6
T7b9b3lHl33d9CivZuZbBTSluqDhFz9qoyzSkUYwuG6CwTk27qWq++KC1UOlDbZc
yV+fbO688lT/HaVWjsU7dL9ybDyiALokRn6mmGQdgjTm
-----END CERTIFICATE-----