Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/vMZHKYrtgDSs0NGYYmeElB4HCm0.roa
File:                     vMZHKYrtgDSs0NGYYmeElB4HCm0.roa (raw, json)
Hash identifier:          3Bdu4/aDZjbClJKfvCGBcxxjQEKlHF9xiIm3mYufv0E=
Subject key identifier:   BC:C6:47:29:8A:ED:80:34:AC:D0:D1:98:62:67:84:94:1E:07:0A:6D
Certificate issuer:       /CN=4a644c1156851803f37adeec0876ccf989d5aef0
Certificate serial:       018CC2DAFAEBEC19799044FA2771747EF51E
Authority key identifier: 4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/vMZHKYrtgDSs0NGYYmeElB4HCm0.roa
Signing time:             Mon 01 Jan 2024 02:29:40 +0000
ROA not before:           Mon 01 Jan 2024 02:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48646
IP address blocks:        45.152.124.0/24 maxlen: 24
                          2a0f:5707:aac0::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:fa:eb:ec:19:79:90:44:fa:27:71:74:7e:f5:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a644c1156851803f37adeec0876ccf989d5aef0
        Validity
            Not Before: Jan  1 02:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bcc647298aed8034acd0d198626784941e070a6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:37:22:92:9e:26:4a:1b:37:b5:4f:50:07:61:
                    d9:19:93:29:28:89:8d:2b:1f:7c:cc:9d:83:51:52:
                    26:a1:d2:2a:4f:31:c3:8b:e6:7e:fc:03:3f:56:e9:
                    a1:0b:12:9e:bc:34:53:f1:4f:87:de:83:94:57:a9:
                    e0:08:ee:f9:85:b0:81:b1:3e:5c:d6:d0:57:b5:d0:
                    1b:37:56:f8:1b:8e:3a:c6:b0:b1:bb:a1:53:5b:09:
                    97:86:05:31:5a:8a:89:40:a1:13:00:da:be:84:55:
                    8f:0e:86:17:6f:88:f3:ba:c4:78:5a:8d:c0:8b:1f:
                    13:b7:a0:1f:ae:64:db:71:73:25:10:2f:b2:e8:82:
                    35:be:7c:f1:2a:c1:38:29:a7:67:7f:b8:ab:ca:ef:
                    4d:fb:09:76:90:6f:7c:17:54:ea:de:37:1f:66:66:
                    2c:84:7d:0b:58:b2:1c:a2:39:fd:6a:09:9f:25:bb:
                    b9:9f:1f:5a:d8:cf:bd:03:7b:61:39:9f:f4:67:fa:
                    52:6d:14:05:6b:7e:9c:fb:cf:64:1a:26:11:88:73:
                    24:3d:3e:4d:dd:96:40:9d:9a:42:95:11:85:c4:c5:
                    f4:e9:3f:8c:ba:ff:4e:fa:6e:4c:e0:8b:b1:02:42:
                    d0:4b:52:df:15:33:a1:b6:02:e6:a5:74:c1:36:56:
                    26:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:C6:47:29:8A:ED:80:34:AC:D0:D1:98:62:67:84:94:1E:07:0A:6D
            X509v3 Authority Key Identifier:
                keyid:4A:64:4C:11:56:85:18:03:F3:7A:DE:EC:08:76:CC:F9:89:D5:AE:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SmRMEVaFGAPzet7sCHbM-YnVrvA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/vMZHKYrtgDSs0NGYYmeElB4HCm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/6b0798-3d4f-40e6-b739-cc1c9b5f6640/1/SmRMEVaFGAPzet7sCHbM-YnVrvA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.124.0/24
                IPv6:
                  2a0f:5707:aac0::/44

    Signature Algorithm: sha256WithRSAEncryption
         28:73:c0:84:59:de:4a:d1:3e:7a:58:c2:ed:c4:bd:8c:c2:ea:
         49:75:c0:24:1f:e6:92:a3:f5:05:cf:64:ed:00:13:ed:c1:4f:
         53:a5:c7:8f:f4:6a:8c:f3:a2:95:97:32:8b:14:7d:d3:e1:7d:
         ef:72:80:32:ce:9b:12:3c:ee:af:39:c9:fa:fa:ee:9a:99:70:
         00:e2:d9:14:43:64:80:6f:dc:0e:4e:35:f8:06:ca:f7:45:9b:
         ad:0e:c3:39:e5:3c:c9:e6:82:8c:c2:55:d6:88:97:e4:a3:f4:
         20:2a:0c:d0:01:12:cb:6f:c4:3e:78:bf:8c:83:41:3e:fd:7c:
         e5:04:3b:92:07:8c:b4:3b:1f:ee:27:67:47:3c:14:2f:f8:9c:
         c2:d5:d4:67:da:2a:e6:ec:c4:5f:a3:54:05:04:93:93:b4:4a:
         39:5c:ab:d6:ac:03:e3:17:83:d7:3b:86:e4:72:98:87:f2:b5:
         d1:80:9d:3f:9c:0b:31:f7:c1:43:bf:78:04:f1:0d:3b:22:65:
         1c:75:8f:c7:1c:6d:b7:24:0a:fe:b1:91:d0:9f:15:19:fe:bd:
         2a:8d:ff:34:12:83:8e:66:47:be:b0:29:14:10:31:0e:f5:40:
         45:e0:4b:f8:02:22:f6:10:aa:9a:90:27:94:01:2a:45:d5:85:
         c0:6b:69:7e
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzC2vrr7Bl5kET6J3F0fvUeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhNjQ0YzExNTY4NTE4MDNmMzdhZGVlYzA4NzZjY2Y5ODlk
NWFlZjAwHhcNMjQwMTAxMDIyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2M2NDcyOThhZWQ4MDM0YWNkMGQxOTg2MjY3ODQ5NDFlMDcwYTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAijcikp4mShs3tU9QB2HZGZMpKImN
Kx98zJ2DUVImodIqTzHDi+Z+/AM/VumhCxKevDRT8U+H3oOUV6ngCO75hbCBsT5c
1tBXtdAbN1b4G446xrCxu6FTWwmXhgUxWoqJQKETANq+hFWPDoYXb4jzusR4Wo3A
ix8Tt6AfrmTbcXMlEC+y6II1vnzxKsE4Kadnf7iryu9N+wl2kG98F1Tq3jcfZmYs
hH0LWLIcojn9agmfJbu5nx9a2M+9A3thOZ/0Z/pSbRQFa36c+89kGiYRiHMkPT5N
3ZZAnZpClRGFxMX06T+Muv9O+m5M4IuxAkLQS1LfFTOhtgLmpXTBNlYmjwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLzGRymK7YA0rNDRmGJnhJQeBwptMB8GA1UdIwQY
MBaAFEpkTBFWhRgD83re7Ah2zPmJ1a7wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3Mzkt
Y2MxYzliNWY2NjQwLzEvdk1aSEtZcnRnRFNzME5HWVltZUVsQjRIQ20wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS82YjA3OTgtM2Q0Zi00MGU2LWI3MzktY2MxYzliNWY2NjQw
LzEvU21STUVWYUZHQVB6ZXQ3c0NIYk0tWW5WcnZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALZh8MA8E
AgACMAkDBwQqD1cHqsAwDQYJKoZIhvcNAQELBQADggEBAChzwIRZ3krRPnpYwu3E
vYzC6kl1wCQf5pKj9QXPZO0AE+3BT1Olx4/0aozzopWXMosUfdPhfe9ygDLOmxI8
7q85yfr67pqZcADi2RRDZIBv3A5ONfgGyvdFm60OwznlPMnmgozCVdaIl+Sj9CAq
DNABEstvxD54v4yDQT79fOUEO5IHjLQ7H+4nZ0c8FC/4nMLV1GfaKubsxF+jVAUE
k5O0Sjlcq9asA+MXg9c7huRymIfytdGAnT+cCzH3wUO/eATxDTsiZRx1j8ccbbck
Cv6xkdCfFRn+vSqN/zQSg45mR76wKRQQMQ71QEXgS/gCIvYQqpqQJ5QBKkXVhcBr
aX4=
-----END CERTIFICATE-----