Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/2Mufcs0_Pbjm-obbRq8GQbNHoJQ.roa
File:                     2Mufcs0_Pbjm-obbRq8GQbNHoJQ.roa (raw, json)
Hash identifier:          HDHIi3PzDgnslOetSXzUAK9K51tu4zmrVtvAcGyNZYQ=
Subject key identifier:   D8:CB:9F:72:CD:3F:3D:B8:E6:FA:86:DB:46:AF:06:41:B3:47:A0:94
Certificate issuer:       /CN=23446da7a70bce773ec2bc1655aae30c3c18412c
Certificate serial:       019325301C05713001FD62E4C31FAC1E01CB
Authority key identifier: 23:44:6D:A7:A7:0B:CE:77:3E:C2:BC:16:55:AA:E3:0C:3C:18:41:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/2Mufcs0_Pbjm-obbRq8GQbNHoJQ.roa
Signing time:             Wed 13 Nov 2024 11:02:10 +0000
ROA not before:           Wed 13 Nov 2024 11:02:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55410
IP address blocks:        45.142.52.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/I0Rtp6cLznc-wrwWVarjDDwYQSw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/I0Rtp6cLznc-wrwWVarjDDwYQSw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:25:30:1c:05:71:30:01:fd:62:e4:c3:1f:ac:1e:01:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=23446da7a70bce773ec2bc1655aae30c3c18412c
        Validity
            Not Before: Nov 13 11:02:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d8cb9f72cd3f3db8e6fa86db46af0641b347a094
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:07:cd:8e:a9:cf:8c:ca:84:b9:90:5b:e6:6d:
                    a0:ba:0f:72:52:80:59:61:58:5a:82:bd:7b:11:ac:
                    38:10:34:f2:20:ea:18:9f:52:21:d0:67:12:1f:85:
                    8e:c8:de:d9:ed:85:06:87:a6:a3:7b:17:20:a6:5c:
                    d2:a6:f2:63:b3:b1:66:74:ae:ca:3a:58:0b:6e:be:
                    7b:e0:91:fe:b4:90:06:88:ec:a9:c9:7b:9e:0d:b6:
                    a3:29:26:4f:77:27:b1:6a:d5:1e:b2:c2:fe:4f:8c:
                    c8:a0:a3:f5:ef:64:ba:9a:88:1a:c1:2a:15:29:7d:
                    38:74:20:33:67:64:67:31:6c:48:01:73:0f:b6:db:
                    16:3a:12:c2:74:c6:a9:e5:97:c3:c8:46:76:ae:06:
                    73:6d:25:e5:25:c9:03:ae:c9:6e:f7:ab:fa:64:19:
                    96:c6:62:81:a6:fb:2b:29:25:b5:8b:ad:7d:e9:ce:
                    f6:0b:76:69:d9:41:6c:bf:65:aa:12:17:e1:d4:0c:
                    9e:dd:44:2a:12:b3:b3:0e:c2:4b:f6:b8:4d:3e:a8:
                    76:ae:f1:82:86:21:59:32:ac:96:01:bd:a7:ea:ae:
                    77:33:39:4c:b8:78:47:09:6d:db:ed:a2:08:ed:83:
                    fe:ea:43:12:1e:dc:98:dc:19:10:ef:36:45:bb:16:
                    2f:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:CB:9F:72:CD:3F:3D:B8:E6:FA:86:DB:46:AF:06:41:B3:47:A0:94
            X509v3 Authority Key Identifier:
                keyid:23:44:6D:A7:A7:0B:CE:77:3E:C2:BC:16:55:AA:E3:0C:3C:18:41:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/I0Rtp6cLznc-wrwWVarjDDwYQSw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/2Mufcs0_Pbjm-obbRq8GQbNHoJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f3549f-18f7-48b0-901d-25cc9d6cfbb9/1/I0Rtp6cLznc-wrwWVarjDDwYQSw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:a5:2f:d0:a1:31:66:ac:cf:68:86:e3:dd:d9:e9:bf:24:1c:
         2d:3f:e9:dd:ae:e1:68:5e:43:c8:b2:de:82:cc:a9:37:f2:67:
         c7:22:9d:bf:c0:bc:6b:b8:b2:e6:6a:d9:66:69:60:b4:b9:8a:
         7a:9a:1f:35:34:24:0b:3f:f2:37:3f:8e:ba:d8:2f:7a:94:b7:
         93:fe:e4:d4:cf:95:11:84:ed:f4:8d:f7:0e:73:0c:3d:d4:58:
         b1:f2:78:a3:b7:83:ff:c7:32:43:f9:c5:e6:43:2b:8b:79:b9:
         69:a7:13:49:51:c2:c6:be:56:9c:05:65:af:ce:67:cf:01:98:
         ad:ed:31:de:e1:29:bb:1f:58:3d:b7:d7:24:c7:c8:d3:9f:46:
         8c:dd:f9:e6:79:a1:39:15:77:8e:3f:1b:97:37:11:47:c7:60:
         b9:80:86:f9:be:2d:a2:5e:d0:41:d4:3b:d4:6e:6a:12:89:d3:
         b3:16:b0:c1:a7:18:39:35:15:5e:4c:53:4e:f5:d0:c7:e8:fa:
         ea:51:1b:0d:6f:80:cb:6e:97:68:2c:14:54:91:a0:15:94:a9:
         ec:25:9a:e8:45:6e:7f:e0:04:65:53:0e:fd:97:d7:f3:79:df:
         3d:00:f0:fe:ca:e7:c0:09:05:37:48:ac:f5:34:33:fa:77:cb:
         47:f2:fc:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMlMBwFcTAB/WLkwx+sHgHLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzNDQ2ZGE3YTcwYmNlNzczZWMyYmMxNjU1YWFlMzBjM2Mx
ODQxMmMwHhcNMjQxMTEzMTEwMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGNiOWY3MmNkM2YzZGI4ZTZmYTg2ZGI0NmFmMDY0MWIzNDdhMDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtwfNjqnPjMqEuZBb5m2gug9yUoBZ
YVhagr17Eaw4EDTyIOoYn1Ih0GcSH4WOyN7Z7YUGh6ajexcgplzSpvJjs7FmdK7K
OlgLbr574JH+tJAGiOypyXueDbajKSZPdyexatUessL+T4zIoKP172S6mogawSoV
KX04dCAzZ2RnMWxIAXMPttsWOhLCdMap5ZfDyEZ2rgZzbSXlJckDrslu96v6ZBmW
xmKBpvsrKSW1i6196c72C3Zp2UFsv2WqEhfh1Aye3UQqErOzDsJL9rhNPqh2rvGC
hiFZMqyWAb2n6q53MzlMuHhHCW3b7aII7YP+6kMSHtyY3BkQ7zZFuxYvMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNjLn3LNPz245vqG20avBkGzR6CUMB8GA1UdIwQY
MBaAFCNEbaenC853PsK8FlWq4ww8GEEsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSTBSdHA2Y0x6bmMtd3J3V1ZhcmpERHdZUVN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mMzU0OWYtMThmNy00OGIwLTkwMWQt
MjVjYzlkNmNmYmI5LzEvMk11ZmNzMF9QYmptLW9iYlJxOEdRYk5Ib0pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mMzU0OWYtMThmNy00OGIwLTkwMWQtMjVjYzlkNmNmYmI5
LzEvSTBSdHA2Y0x6bmMtd3J3V1ZhcmpERHdZUVN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLY40MA0G
CSqGSIb3DQEBCwUAA4IBAQB0pS/QoTFmrM9ohuPd2em/JBwtP+ndruFoXkPIst6C
zKk38mfHIp2/wLxruLLmatlmaWC0uYp6mh81NCQLP/I3P4662C96lLeT/uTUz5UR
hO30jfcOcww91Fix8nijt4P/xzJD+cXmQyuLeblppxNJUcLGvlacBWWvzmfPAZit
7THe4Sm7H1g9t9ckx8jTn0aM3fnmeaE5FXeOPxuXNxFHx2C5gIb5vi2iXtBB1DvU
bmoSidOzFrDBpxg5NRVeTFNO9dDH6PrqURsNb4DLbpdoLBRUkaAVlKnsJZroRW5/
4ARlUw79l9fzed89APD+yufACQU3SKz1NDP6d8tH8vxf
-----END CERTIFICATE-----