Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/CT9vU81rsujqc068eDhVSAV-dtE.roa
File:                     CT9vU81rsujqc068eDhVSAV-dtE.roa (raw, json)
Hash identifier:          ytu6UwNdHP1VeMpHHdAMbYWMWT1krHvpJYOtO81VzJM=
Subject key identifier:   09:3F:6F:53:CD:6B:B2:E8:EA:73:4E:BC:78:38:55:48:05:7E:76:D1
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       01906AED5B76BE5A4647613A492E34EAD6F9
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/CT9vU81rsujqc068eDhVSAV-dtE.roa
Signing time:             Sun 30 Jun 2024 20:54:18 +0000
ROA not before:           Sun 30 Jun 2024 20:54:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42831
IP address blocks:        45.8.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:6a:ed:5b:76:be:5a:46:47:61:3a:49:2e:34:ea:d6:f9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jun 30 20:54:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=093f6f53cd6bb2e8ea734ebc78385548057e76d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6b:ff:10:9c:fd:b5:84:21:14:14:4b:33:3a:
                    20:3b:74:57:3d:aa:52:ca:25:3d:fe:74:19:4f:be:
                    f0:3e:d9:d3:cc:66:4c:a1:c1:79:09:a7:69:d8:07:
                    65:b3:0f:95:78:99:b4:64:bb:52:3e:fa:cf:66:8e:
                    93:1f:4e:24:2c:95:c1:7a:0e:12:82:96:e9:64:3a:
                    64:ea:9a:fb:65:50:43:1a:95:1c:4c:23:d6:e4:63:
                    fe:3d:49:7d:05:85:09:54:70:d9:66:a5:97:e8:62:
                    f1:8d:a0:40:a2:59:db:e1:c1:6f:ac:f6:23:0c:41:
                    ed:75:5b:83:27:86:fe:a8:90:2f:0c:34:59:bf:bc:
                    0b:18:cb:ad:c6:be:79:76:d9:eb:cd:20:c9:e2:c4:
                    2c:e5:f2:28:b9:cd:5f:c7:1c:3f:a9:af:b8:ef:ca:
                    a7:b4:32:16:10:25:e0:9b:ad:cf:2f:34:6e:dd:a1:
                    36:0e:9e:65:bf:0a:dd:cd:16:ba:ce:de:17:7e:bb:
                    32:d4:b1:74:53:e6:3e:3c:40:65:05:85:b6:b4:62:
                    0f:f9:76:a6:e7:7f:9c:0d:16:a8:bf:f6:38:cd:f2:
                    27:14:82:e8:53:06:23:55:aa:c7:0f:7c:df:5f:33:
                    dd:65:c2:49:34:dd:5f:7b:9f:7b:06:05:75:0d:d8:
                    27:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:3F:6F:53:CD:6B:B2:E8:EA:73:4E:BC:78:38:55:48:05:7E:76:D1
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/CT9vU81rsujqc068eDhVSAV-dtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         51:78:fd:3d:9a:19:85:ee:bf:63:7d:19:d4:04:cf:b2:2a:65:
         5d:2b:92:5f:9f:6f:ea:41:f9:f6:02:da:44:ed:af:e1:10:13:
         be:33:94:f9:b5:2f:25:5c:e0:80:cc:ed:25:80:f4:40:c3:22:
         8b:79:20:d1:42:4d:d4:8f:1e:a3:e9:d8:b0:9a:50:38:ae:5a:
         8c:d7:55:a0:c9:17:bd:48:f1:67:49:5b:fd:13:34:c5:dc:ee:
         78:79:5d:c8:ed:77:89:d8:ac:58:fa:61:43:42:cb:ad:d1:74:
         48:be:1f:e7:f8:0b:81:92:eb:b3:95:ec:2a:11:1c:81:bb:29:
         23:7e:27:7f:88:7d:8a:86:a8:ec:70:0f:61:ee:c3:61:46:e1:
         58:36:72:04:79:dd:86:07:e9:f7:5a:4e:31:e1:17:3d:f8:59:
         a4:70:69:dc:2a:ca:4b:3d:bf:0f:b6:33:a8:bb:fd:bc:47:be:
         7b:48:d1:8f:68:83:55:be:21:84:34:36:90:96:58:a4:fc:18:
         31:c3:82:ee:18:92:89:72:0c:d4:ff:aa:54:02:4e:ee:85:60:
         4f:09:f1:3d:8d:cf:2a:a6:1f:ad:26:66:33:d0:61:45:52:91:
         b9:79:f8:90:06:ff:45:fc:56:5d:c3:b6:49:6f:59:ec:a8:88:
         43:e8:c7:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBq7Vt2vlpGR2E6SS406tb5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwNjMwMjA1NDE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTNmNmY1M2NkNmJiMmU4ZWE3MzRlYmM3ODM4NTU0ODA1N2U3NmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwGv/EJz9tYQhFBRLMzogO3RXPapS
yiU9/nQZT77wPtnTzGZMocF5Cadp2Adlsw+VeJm0ZLtSPvrPZo6TH04kLJXBeg4S
gpbpZDpk6pr7ZVBDGpUcTCPW5GP+PUl9BYUJVHDZZqWX6GLxjaBAolnb4cFvrPYj
DEHtdVuDJ4b+qJAvDDRZv7wLGMutxr55dtnrzSDJ4sQs5fIouc1fxxw/qa+478qn
tDIWECXgm63PLzRu3aE2Dp5lvwrdzRa6zt4Xfrsy1LF0U+Y+PEBlBYW2tGIP+Xam
53+cDRaov/Y4zfInFILoUwYjVarHD3zfXzPdZcJJNN1fe597BgV1DdgnwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAk/b1PNa7Lo6nNOvHg4VUgFfnbRMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvQ1Q5dlU4MXJzdWpxYzA2OGVEaFZTQVYtZHRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQi4MA0G
CSqGSIb3DQEBCwUAA4IBAQBReP09mhmF7r9jfRnUBM+yKmVdK5Jfn2/qQfn2AtpE
7a/hEBO+M5T5tS8lXOCAzO0lgPRAwyKLeSDRQk3Ujx6j6diwmlA4rlqM11WgyRe9
SPFnSVv9EzTF3O54eV3I7XeJ2KxY+mFDQsut0XRIvh/n+AuBkuuzlewqERyBuykj
fid/iH2KhqjscA9h7sNhRuFYNnIEed2GB+n3Wk4x4Rc9+FmkcGncKspLPb8PtjOo
u/28R757SNGPaINVviGENDaQllik/Bgxw4LuGJKJcgzU/6pUAk7uhWBPCfE9jc8q
ph+tJmYz0GFFUpG5efiQBv9F/FZdw7ZJb1nsqIhD6Mc/
-----END CERTIFICATE-----