Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/ELpB27xnqDBjtz7cuFCY15QJjOk.roa
File:                     ELpB27xnqDBjtz7cuFCY15QJjOk.roa (raw, json)
Hash identifier:          46dUd1+IiGRKMfxdezd6TC6QkKM3KDUvG7yHJXtQKAc=
Subject key identifier:   10:BA:41:DB:BC:67:A8:30:63:B7:3E:DC:B8:50:98:D7:94:09:8C:E9
Certificate issuer:       /CN=6cf9b24f2c0847d041c1e66a12f01eaba478b4fc
Certificate serial:       018CC64A394D10719FCBBF4A4559184EEA0D
Authority key identifier: 6C:F9:B2:4F:2C:08:47:D0:41:C1:E6:6A:12:F0:1E:AB:A4:78:B4:FC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bPmyTywIR9BBweZqEvAeq6R4tPw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/ELpB27xnqDBjtz7cuFCY15QJjOk.roa
Signing time:             Mon 01 Jan 2024 18:30:02 +0000
ROA not before:           Mon 01 Jan 2024 18:30:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208168
IP address blocks:        45.156.152.0/22 maxlen: 24
                          2a0f:2480::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/bPmyTywIR9BBweZqEvAeq6R4tPw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/bPmyTywIR9BBweZqEvAeq6R4tPw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bPmyTywIR9BBweZqEvAeq6R4tPw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:39:4d:10:71:9f:cb:bf:4a:45:59:18:4e:ea:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cf9b24f2c0847d041c1e66a12f01eaba478b4fc
        Validity
            Not Before: Jan  1 18:30:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10ba41dbbc67a83063b73edcb85098d794098ce9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:7f:e8:61:22:dc:0e:58:99:3a:87:06:31:91:
                    c1:a2:c9:a2:a5:f8:ed:17:58:f0:a1:86:df:26:57:
                    31:c1:39:77:4f:8f:29:09:eb:be:32:37:a8:73:ab:
                    6d:fc:04:85:2b:3c:4c:de:57:02:80:87:4c:ae:d2:
                    ed:41:c7:8f:aa:ea:b7:2d:3e:24:15:82:01:d8:e0:
                    f7:b9:60:bc:8d:ec:db:8d:fe:f0:c1:e3:ae:f8:c6:
                    97:a7:49:25:f9:2d:4f:1e:ae:6b:7e:7c:50:9a:71:
                    f8:f9:35:98:2f:1a:95:e8:7b:b3:ac:d7:8e:1f:a4:
                    ae:92:69:46:aa:74:97:20:8c:b2:30:cc:72:9d:6d:
                    62:21:2d:ca:71:ca:03:88:d9:3a:98:78:4e:0d:98:
                    85:4a:79:63:77:b3:59:db:dc:12:f5:a0:04:c7:72:
                    38:aa:25:cd:42:d7:c2:9d:e7:73:a1:e8:44:45:a0:
                    f4:83:2d:06:f7:48:b6:b2:4e:05:b7:e1:b6:48:bf:
                    1e:ab:df:cd:bf:ca:95:72:b7:d8:bb:d4:20:1d:c6:
                    03:7d:83:e0:1a:57:00:ea:e9:e3:e3:9f:c0:92:fd:
                    b5:87:c6:a9:e7:b2:a9:ac:2d:8a:58:f8:02:dc:6c:
                    c6:51:69:7b:d5:fb:51:b8:00:e1:cc:cd:7a:8c:22:
                    cf:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:BA:41:DB:BC:67:A8:30:63:B7:3E:DC:B8:50:98:D7:94:09:8C:E9
            X509v3 Authority Key Identifier:
                keyid:6C:F9:B2:4F:2C:08:47:D0:41:C1:E6:6A:12:F0:1E:AB:A4:78:B4:FC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bPmyTywIR9BBweZqEvAeq6R4tPw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/ELpB27xnqDBjtz7cuFCY15QJjOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/b45765-2c33-4a49-91eb-946892f88beb/1/bPmyTywIR9BBweZqEvAeq6R4tPw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.152.0/22
                IPv6:
                  2a0f:2480::/29

    Signature Algorithm: sha256WithRSAEncryption
         43:e6:f6:80:82:93:15:fd:26:6b:2a:91:a6:a8:43:f5:25:f4:
         68:ee:a2:bf:ea:7a:26:f9:a3:99:5b:ed:08:f2:17:00:ef:86:
         ad:cc:21:84:85:9d:9c:e8:e9:96:c8:75:2c:6f:9e:36:3e:52:
         1d:e6:33:18:37:09:e7:09:ce:67:eb:c9:db:ba:4c:5d:90:3f:
         4f:cd:ab:db:e2:45:e4:79:22:2d:c5:b4:cb:1d:b8:bb:bb:11:
         5c:dc:dc:40:7a:96:6f:c0:e0:85:7d:cf:33:84:7a:f5:5d:73:
         0f:be:f8:11:4d:24:d6:d2:0d:e4:8d:ff:26:1a:0a:bc:c8:fa:
         ad:83:b3:40:75:f4:15:45:2a:06:e9:70:e2:bf:4d:65:2a:d0:
         46:8d:18:ce:41:cb:2a:c7:2a:87:d1:40:d0:47:73:0c:c6:2e:
         16:14:38:88:64:d9:49:45:8c:01:1f:f2:6f:06:2e:f8:e9:26:
         de:78:9d:94:53:91:9a:e0:9b:6a:3d:12:d1:7d:73:ca:7b:31:
         a7:bb:70:ba:32:96:8c:97:f1:b7:d3:6a:83:e9:36:87:38:83:
         79:80:5e:3c:79:07:d9:fe:a1:29:4a:16:f2:d7:12:96:b8:42:
         41:87:5b:ab:a5:ea:04:9d:ad:52:42:f6:e4:00:80:fd:1f:3a:
         81:b8:d0:8e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzGSjlNEHGfy79KRVkYTuoNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZjliMjRmMmMwODQ3ZDA0MWMxZTY2YTEyZjAxZWFiYTQ3
OGI0ZmMwHhcNMjQwMTAxMTgzMDAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGJhNDFkYmJjNjdhODMwNjNiNzNlZGNiODUwOThkNzk0MDk4Y2U5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAin/oYSLcDliZOocGMZHBosmipfjt
F1jwoYbfJlcxwTl3T48pCeu+Mjeoc6tt/ASFKzxM3lcCgIdMrtLtQcePquq3LT4k
FYIB2OD3uWC8jezbjf7wweOu+MaXp0kl+S1PHq5rfnxQmnH4+TWYLxqV6HuzrNeO
H6SukmlGqnSXIIyyMMxynW1iIS3KccoDiNk6mHhODZiFSnljd7NZ29wS9aAEx3I4
qiXNQtfCnedzoehERaD0gy0G90i2sk4Ft+G2SL8eq9/Nv8qVcrfYu9QgHcYDfYPg
GlcA6unj45/Akv21h8ap57KprC2KWPgC3GzGUWl71ftRuADhzM16jCLPwwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBC6Qdu8Z6gwY7c+3LhQmNeUCYzpMB8GA1UdIwQY
MBaAFGz5sk8sCEfQQcHmahLwHqukeLT8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlBteVR5d0lSOUJCd2VacUV2QWVxNlI0dFB3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi9iNDU3NjUtMmMzMy00YTQ5LTkxZWIt
OTQ2ODkyZjg4YmViLzEvRUxwQjI3eG5xREJqdHo3Y3VGQ1kxNVFKak9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi9iNDU3NjUtMmMzMy00YTQ5LTkxZWItOTQ2ODkyZjg4YmVi
LzEvYlBteVR5d0lSOUJCd2VacUV2QWVxNlI0dFB3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZyYMA0E
AgACMAcDBQMqDySAMA0GCSqGSIb3DQEBCwUAA4IBAQBD5vaAgpMV/SZrKpGmqEP1
JfRo7qK/6nom+aOZW+0I8hcA74atzCGEhZ2c6OmWyHUsb542PlId5jMYNwnnCc5n
68nbukxdkD9Pzavb4kXkeSItxbTLHbi7uxFc3NxAepZvwOCFfc8zhHr1XXMPvvgR
TSTW0g3kjf8mGgq8yPqtg7NAdfQVRSoG6XDiv01lKtBGjRjOQcsqxyqH0UDQR3MM
xi4WFDiIZNlJRYwBH/JvBi746SbeeJ2UU5Ga4JtqPRLRfXPKezGnu3C6MpaMl/G3
02qD6TaHOIN5gF48eQfZ/qEpShby1xKWuEJBh1urpeoEna1SQvbkAID9HzqBuNCO
-----END CERTIFICATE-----