Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Nm9oSX4Sonb_MR5KVwTNCJAugto.roa
File:                     Nm9oSX4Sonb_MR5KVwTNCJAugto.roa (raw, json)
Hash identifier:          ksZ1AOGT1qZwfsnHsfvLYm296CkfD28ddyAe8S7LZ5o=
Subject key identifier:   36:6F:68:49:7E:12:A2:76:FF:31:1E:4A:57:04:CD:08:90:2E:82:DA
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018E0DC421C0600E371FD776D7661927ED68
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Nm9oSX4Sonb_MR5KVwTNCJAugto.roa
Signing time:             Tue 05 Mar 2024 08:39:01 +0000
ROA not before:           Tue 05 Mar 2024 08:39:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     151487
IP address blocks:        45.8.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 23:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0d:c4:21:c0:60:0e:37:1f:d7:76:d7:66:19:27:ed:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Mar  5 08:39:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=366f68497e12a276ff311e4a5704cd08902e82da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:ac:dd:16:92:40:8b:50:00:61:b4:cf:0b:b1:
                    39:b4:39:90:89:40:d8:af:a0:c3:b8:75:9d:11:49:
                    ce:5c:2d:f2:b6:75:bd:b3:72:a2:e8:34:de:4c:ca:
                    11:4c:0a:d4:30:8c:f5:0b:fb:a1:35:8e:96:7a:cd:
                    7e:17:73:0b:c0:2b:1f:bb:4a:0d:90:fd:ba:fe:28:
                    25:3e:32:28:1a:eb:75:84:1e:62:94:90:fd:3c:20:
                    e4:0a:f4:cd:a3:1f:71:17:02:d9:09:94:05:39:50:
                    0f:81:08:b5:9b:ce:7b:fe:2a:92:2a:00:8f:42:2d:
                    8e:04:af:31:7a:be:29:aa:36:0f:5a:68:97:54:e8:
                    8f:c7:e8:b1:25:09:b6:d9:54:38:a1:a7:d5:e1:c5:
                    38:91:e9:6c:71:31:b5:9a:a1:62:81:8d:3c:37:7c:
                    ed:88:b7:c3:82:48:58:aa:11:d4:5b:3c:49:3c:92:
                    5a:5a:ba:da:91:fd:fe:71:7a:e3:45:c5:20:85:dc:
                    7b:8d:f3:40:4f:73:23:05:3c:e2:5f:79:4f:c1:93:
                    5d:82:8a:fb:b3:08:6a:de:83:13:bc:73:f4:1c:a0:
                    e3:9e:1b:34:66:61:af:3b:bc:e5:e0:90:e4:24:47:
                    3e:14:ca:ca:35:6f:dc:b9:e0:0a:b6:70:ae:08:73:
                    5d:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:6F:68:49:7E:12:A2:76:FF:31:1E:4A:57:04:CD:08:90:2E:82:DA
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Nm9oSX4Sonb_MR5KVwTNCJAugto.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:0c:7a:f7:e0:3d:84:42:5a:23:86:b7:47:df:2c:98:9c:fa:
         7a:b5:8d:6b:d2:cf:5b:89:f9:06:a0:ed:24:9e:28:a2:ab:9e:
         7b:ce:74:f5:bf:6c:19:25:11:1c:43:e4:fc:8b:82:d3:f2:52:
         a3:11:3f:1a:f9:55:92:10:cc:e2:09:29:e6:e9:84:c8:3b:f1:
         34:f7:56:31:53:0e:42:2b:15:77:e3:86:0d:48:bd:90:e3:e2:
         ea:d9:6e:21:f4:56:3a:6e:e4:83:f4:25:65:69:d0:de:60:e2:
         46:bc:8f:6b:dc:9b:74:59:ff:52:d9:09:e0:ed:80:ea:14:ba:
         9c:7c:bc:18:2c:7a:11:59:ae:28:20:3d:d8:c4:51:9d:aa:af:
         2b:8c:e0:84:ae:10:a8:00:16:fc:27:32:49:8e:33:f5:48:e7:
         c8:2b:0b:0e:2d:75:4d:fe:ee:86:fd:df:79:ac:15:14:b5:a8:
         93:19:b2:f0:73:da:04:42:bc:77:4e:5f:bd:03:eb:33:49:92:
         d0:b1:6d:1b:76:66:db:91:6b:bd:31:ce:30:3f:78:64:87:dd:
         b4:a6:9b:53:fc:fa:8c:1e:b8:70:b8:73:ea:6b:9f:07:99:c3:
         40:bd:89:fc:24:1c:e9:49:5f:88:6d:76:90:bb:41:17:06:23:
         38:07:c3:43
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4NxCHAYA43H9d212YZJ+1oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMzA1MDgzOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjZmNjg0OTdlMTJhMjc2ZmYzMTFlNGE1NzA0Y2QwODkwMmU4MmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkazdFpJAi1AAYbTPC7E5tDmQiUDY
r6DDuHWdEUnOXC3ytnW9s3Ki6DTeTMoRTArUMIz1C/uhNY6Wes1+F3MLwCsfu0oN
kP26/iglPjIoGut1hB5ilJD9PCDkCvTNox9xFwLZCZQFOVAPgQi1m857/iqSKgCP
Qi2OBK8xer4pqjYPWmiXVOiPx+ixJQm22VQ4oafV4cU4kelscTG1mqFigY08N3zt
iLfDgkhYqhHUWzxJPJJaWrrakf3+cXrjRcUghdx7jfNAT3MjBTziX3lPwZNdgor7
swhq3oMTvHP0HKDjnhs0ZmGvO7zl4JDkJEc+FMrKNW/cueAKtnCuCHNdNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDZvaEl+EqJ2/zEeSlcEzQiQLoLaMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvTm05b1NYNFNvbmJfTVI1S1Z3VE5DSkF1Z3RvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQjNMA0G
CSqGSIb3DQEBCwUAA4IBAQAXDHr34D2EQlojhrdH3yyYnPp6tY1r0s9bifkGoO0k
niiiq557znT1v2wZJREcQ+T8i4LT8lKjET8a+VWSEMziCSnm6YTIO/E091YxUw5C
KxV344YNSL2Q4+Lq2W4h9FY6buSD9CVladDeYOJGvI9r3Jt0Wf9S2Qng7YDqFLqc
fLwYLHoRWa4oID3YxFGdqq8rjOCErhCoABb8JzJJjjP1SOfIKwsOLXVN/u6G/d95
rBUUtaiTGbLwc9oEQrx3Tl+9A+szSZLQsW0bdmbbkWu9Mc4wP3hkh920pptT/PqM
HrhwuHPqa58HmcNAvYn8JBzpSV+IbXaQu0EXBiM4B8ND
-----END CERTIFICATE-----