Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/r0DYgnUeVdObisiIwNF7n-tVeLE.roa
File:                     r0DYgnUeVdObisiIwNF7n-tVeLE.roa (raw, json)
Hash identifier:          r+gndHoYrUj2cKGFo0r2rmQc+ZJPHgxc02PRb+433AU=
Subject key identifier:   AF:40:D8:82:75:1E:55:D3:9B:8A:C8:88:C0:D1:7B:9F:EB:55:78:B1
Certificate issuer:       /CN=a1d0315373b09b061aa59f129d592eabf7b3aaef
Certificate serial:       018CC94AC7C01222D257E38DEEDBD7BAFFBE
Authority key identifier: A1:D0:31:53:73:B0:9B:06:1A:A5:9F:12:9D:59:2E:AB:F7:B3:AA:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/odAxU3OwmwYapZ8SnVkuq_ezqu8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/r0DYgnUeVdObisiIwNF7n-tVeLE.roa
Signing time:             Tue 02 Jan 2024 08:29:30 +0000
ROA not before:           Tue 02 Jan 2024 08:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139471
IP address blocks:        45.157.68.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/odAxU3OwmwYapZ8SnVkuq_ezqu8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/odAxU3OwmwYapZ8SnVkuq_ezqu8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/odAxU3OwmwYapZ8SnVkuq_ezqu8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4a:c7:c0:12:22:d2:57:e3:8d:ee:db:d7:ba:ff:be
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a1d0315373b09b061aa59f129d592eabf7b3aaef
        Validity
            Not Before: Jan  2 08:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=af40d882751e55d39b8ac888c0d17b9feb5578b1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:6a:16:6e:c6:4f:a2:ae:75:e8:76:44:0e:1a:
                    97:f1:fa:2c:0f:40:97:0e:d0:69:a7:50:36:20:f5:
                    80:45:a9:8e:7b:28:64:08:43:be:95:83:3a:83:31:
                    7e:fc:cf:30:b8:f2:fb:18:3f:7e:72:bd:d5:2c:f2:
                    02:cd:47:03:99:44:8b:93:ab:1b:bc:98:1f:31:ae:
                    76:85:67:8b:2b:f7:d4:63:3f:e6:fe:e9:4b:b3:18:
                    f8:de:98:81:96:84:55:e7:3a:78:5f:3b:35:3e:dd:
                    23:f7:79:25:76:d2:e7:64:be:86:27:d3:f0:94:2f:
                    f3:c8:90:6e:f6:ab:c1:54:c5:2d:63:f4:bc:ec:70:
                    97:9f:a6:8c:95:1d:ab:14:f8:d9:83:f4:7f:d7:ed:
                    f0:0d:17:3b:3b:49:49:1b:f3:dd:25:c8:28:ef:8f:
                    08:44:69:00:52:0b:8f:2e:6a:f0:66:e6:36:8e:da:
                    10:f4:37:16:cb:0c:14:70:92:bf:34:bd:8c:4e:32:
                    f1:7e:5f:6b:07:c5:87:cb:10:4b:b2:45:99:a4:3b:
                    4e:ff:a1:ca:e7:6b:04:c6:d0:4c:6a:fb:9a:38:68:
                    45:0a:f7:a7:57:79:1b:90:6e:e1:24:b8:7c:8f:a4:
                    2f:11:a6:f4:1c:5b:21:b6:47:c7:10:17:5e:18:b2:
                    6b:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:40:D8:82:75:1E:55:D3:9B:8A:C8:88:C0:D1:7B:9F:EB:55:78:B1
            X509v3 Authority Key Identifier:
                keyid:A1:D0:31:53:73:B0:9B:06:1A:A5:9F:12:9D:59:2E:AB:F7:B3:AA:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/odAxU3OwmwYapZ8SnVkuq_ezqu8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/r0DYgnUeVdObisiIwNF7n-tVeLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/1bcb2d-f58b-4e44-b133-dfcbdf3b1058/1/odAxU3OwmwYapZ8SnVkuq_ezqu8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:fe:61:ae:b0:68:cd:6c:59:4b:d8:6f:7d:e0:a5:71:55:37:
         97:12:79:80:92:66:3a:ef:54:fc:57:cf:11:c9:e4:b4:b2:f9:
         ca:b8:de:65:12:40:4c:a8:59:f7:00:8b:0c:39:aa:81:d6:53:
         b0:e8:ab:f7:37:c8:4d:5c:6a:f4:d8:d3:6f:46:1d:d6:35:d4:
         49:36:a6:01:24:26:d6:83:f4:d6:fe:67:de:6a:b4:65:c0:10:
         97:f3:b1:96:6c:b9:36:2e:06:db:50:6b:d3:4b:28:a4:06:c3:
         4f:e6:75:5b:39:79:fd:26:71:24:c6:d3:59:fa:72:d2:4b:3e:
         61:e5:41:bd:24:02:38:49:02:b1:27:cf:2f:94:9c:ce:91:20:
         72:7c:a3:28:5f:14:90:7a:bb:65:67:90:24:31:ed:8c:23:a7:
         00:d5:a6:b0:38:b7:b8:ca:02:61:25:2b:c0:7b:a7:ed:85:a1:
         e7:e1:12:d3:88:51:85:92:90:ee:a2:17:6f:b0:3e:77:a2:e5:
         eb:88:e7:be:e4:7d:85:46:3c:0c:a3:58:f2:c6:8a:36:78:ee:
         15:30:9e:55:8c:1f:95:1f:d1:eb:45:c8:46:32:06:30:53:1c:
         2b:f5:d0:a9:21:45:6e:d9:3f:f8:d8:ba:9b:d0:91:2e:cc:bc:
         d4:c9:2c:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJSsfAEiLSV+ON7tvXuv++MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExZDAzMTUzNzNiMDliMDYxYWE1OWYxMjlkNTkyZWFiZjdi
M2FhZWYwHhcNMjQwMTAyMDgyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjQwZDg4Mjc1MWU1NWQzOWI4YWM4ODhjMGQxN2I5ZmViNTU3OGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoGoWbsZPoq516HZEDhqX8fosD0CX
DtBpp1A2IPWARamOeyhkCEO+lYM6gzF+/M8wuPL7GD9+cr3VLPICzUcDmUSLk6sb
vJgfMa52hWeLK/fUYz/m/ulLsxj43piBloRV5zp4Xzs1Pt0j93kldtLnZL6GJ9Pw
lC/zyJBu9qvBVMUtY/S87HCXn6aMlR2rFPjZg/R/1+3wDRc7O0lJG/PdJcgo748I
RGkAUguPLmrwZuY2jtoQ9DcWywwUcJK/NL2MTjLxfl9rB8WHyxBLskWZpDtO/6HK
52sExtBMavuaOGhFCvenV3kbkG7hJLh8j6QvEab0HFshtkfHEBdeGLJr5wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK9A2IJ1HlXTm4rIiMDRe5/rVXixMB8GA1UdIwQY
MBaAFKHQMVNzsJsGGqWfEp1ZLqv3s6rvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb2RBeFUzT3dtd1lhcFo4U25Wa3VxX2V6cXU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy8xYmNiMmQtZjU4Yi00ZTQ0LWIxMzMt
ZGZjYmRmM2IxMDU4LzEvcjBEWWduVWVWZE9iaXNpSXdORjduLXRWZUxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy8xYmNiMmQtZjU4Yi00ZTQ0LWIxMzMtZGZjYmRmM2IxMDU4
LzEvb2RBeFUzT3dtd1lhcFo4U25Wa3VxX2V6cXU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ1EMA0G
CSqGSIb3DQEBCwUAA4IBAQAJ/mGusGjNbFlL2G994KVxVTeXEnmAkmY671T8V88R
yeS0svnKuN5lEkBMqFn3AIsMOaqB1lOw6Kv3N8hNXGr02NNvRh3WNdRJNqYBJCbW
g/TW/mfearRlwBCX87GWbLk2LgbbUGvTSyikBsNP5nVbOXn9JnEkxtNZ+nLSSz5h
5UG9JAI4SQKxJ88vlJzOkSByfKMoXxSQertlZ5AkMe2MI6cA1aawOLe4ygJhJSvA
e6fthaHn4RLTiFGFkpDuohdvsD53ouXriOe+5H2FRjwMo1jyxoo2eO4VMJ5VjB+V
H9HrRchGMgYwUxwr9dCpIUVu2T/42Lqb0JEuzLzUySxW
-----END CERTIFICATE-----