Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/fPrGJ3kbwTxrUImOzv9QqAvVOCQ.roa
File:                     fPrGJ3kbwTxrUImOzv9QqAvVOCQ.roa (raw, json)
Hash identifier:          MuuJlohZonfv0ejjI6AqmYuPEM10zigYCUzvqnDyqFE=
Subject key identifier:   7C:FA:C6:27:79:1B:C1:3C:6B:50:89:8E:CE:FF:50:A8:0B:D5:38:24
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       018CC8DE821FFCDC08087AE34F53463D3DFB
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/fPrGJ3kbwTxrUImOzv9QqAvVOCQ.roa
Signing time:             Tue 02 Jan 2024 06:31:14 +0000
ROA not before:           Tue 02 Jan 2024 06:31:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35409
IP address blocks:        45.8.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 03:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:82:1f:fc:dc:08:08:7a:e3:4f:53:46:3d:3d:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  2 06:31:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7cfac627791bc13c6b50898eceff50a80bd53824
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:aa:65:05:8e:3f:34:07:e7:a0:b5:64:a2:2c:
                    5a:10:66:1f:46:e9:53:9f:74:22:16:93:f9:5e:0a:
                    04:5e:91:b9:10:a9:f6:29:d5:d8:7f:4f:ef:91:24:
                    2d:ee:77:97:bf:53:7a:03:5e:f1:74:59:a2:ac:c3:
                    f1:bc:f6:4b:dc:c3:0b:0c:40:2d:41:bc:19:81:a7:
                    03:d4:79:ba:31:67:ce:e3:a8:4a:64:d0:4c:fc:1f:
                    e9:7f:5f:0e:1b:79:cf:03:13:42:cd:76:98:46:f0:
                    73:54:d2:ae:3f:d4:76:d1:66:33:8a:00:bd:99:4d:
                    e5:0a:0a:d3:98:f6:03:07:66:2a:85:6a:d4:55:3f:
                    6c:52:51:72:eb:9a:8d:14:70:69:87:94:fa:06:89:
                    7a:58:e4:9c:f0:bf:76:7f:cc:d5:f3:99:9b:a8:6c:
                    93:5e:ad:d0:93:6c:82:18:60:5e:c0:42:af:c9:e6:
                    8a:e6:91:f2:21:c1:f2:e5:36:e5:e4:50:4f:19:65:
                    c1:83:dc:a0:de:08:56:71:d0:6a:cc:05:1d:c4:de:
                    1d:80:a5:61:5b:16:ec:8b:84:f9:a8:98:8b:d3:83:
                    70:0e:c3:50:0c:7c:78:32:13:79:78:42:ba:16:a8:
                    c6:36:59:b8:49:3a:a3:58:ea:67:d2:55:ce:48:66:
                    71:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:FA:C6:27:79:1B:C1:3C:6B:50:89:8E:CE:FF:50:A8:0B:D5:38:24
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/fPrGJ3kbwTxrUImOzv9QqAvVOCQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:cd:80:0d:82:60:a8:a8:89:6a:6f:aa:e3:e0:68:1f:71:f3:
         74:66:c0:e2:ff:36:b4:b6:40:3d:67:12:af:f5:e1:7a:1c:63:
         5a:fe:ff:77:8e:0d:aa:cd:1e:0e:0b:5a:7e:ea:d3:7f:72:8c:
         79:ad:4c:86:d4:aa:7c:7c:91:20:cf:ad:dc:06:51:c1:42:8a:
         10:92:dc:1d:24:ec:a4:1d:06:53:d6:e8:f3:c0:5a:11:59:24:
         ab:22:0d:f1:54:35:11:5f:3c:35:54:55:23:9f:2d:3a:cd:91:
         79:69:2b:fc:c9:69:ac:1e:6b:d1:8f:a6:20:7f:8b:e2:15:42:
         9a:7d:a0:1b:b4:fa:23:c5:35:a5:ef:63:51:6f:b8:87:0b:d7:
         85:80:cc:dc:c1:1f:21:db:d6:c8:2e:ad:ef:30:bd:34:b3:e0:
         ba:18:0b:d0:d7:49:9a:84:53:24:f4:eb:94:ba:93:76:e5:36:
         57:ae:3d:82:f4:3d:86:cf:1c:88:37:74:df:d8:7e:84:93:d1:
         4b:05:cb:59:dd:6e:51:89:15:5b:99:e7:53:e4:d1:dd:f7:51:
         41:26:4c:c6:5f:b4:19:18:f5:49:73:74:13:93:85:5d:1e:04:
         3b:56:fc:30:57:e5:29:2b:53:e2:9d:4e:c3:ff:6b:d0:7c:61:
         18:90:8d:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3oIf/NwICHrjT1NGPT37MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjQwMTAyMDYzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2ZhYzYyNzc5MWJjMTNjNmI1MDg5OGVjZWZmNTBhODBiZDUzODI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt6plBY4/NAfnoLVkoixaEGYfRulT
n3QiFpP5XgoEXpG5EKn2KdXYf0/vkSQt7neXv1N6A17xdFmirMPxvPZL3MMLDEAt
QbwZgacD1Hm6MWfO46hKZNBM/B/pf18OG3nPAxNCzXaYRvBzVNKuP9R20WYzigC9
mU3lCgrTmPYDB2YqhWrUVT9sUlFy65qNFHBph5T6Bol6WOSc8L92f8zV85mbqGyT
Xq3Qk2yCGGBewEKvyeaK5pHyIcHy5Tbl5FBPGWXBg9yg3ghWcdBqzAUdxN4dgKVh
Wxbsi4T5qJiL04NwDsNQDHx4MhN5eEK6FqjGNlm4STqjWOpn0lXOSGZxfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHz6xid5G8E8a1CJjs7/UKgL1TgkMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvZlByR0oza2J3VHhyVUltT3p2OVFxQXZWT0NRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQj+MA0G
CSqGSIb3DQEBCwUAA4IBAQB2zYANgmCoqIlqb6rj4GgfcfN0ZsDi/za0tkA9ZxKv
9eF6HGNa/v93jg2qzR4OC1p+6tN/cox5rUyG1Kp8fJEgz63cBlHBQooQktwdJOyk
HQZT1ujzwFoRWSSrIg3xVDURXzw1VFUjny06zZF5aSv8yWmsHmvRj6Ygf4viFUKa
faAbtPojxTWl72NRb7iHC9eFgMzcwR8h29bILq3vML00s+C6GAvQ10mahFMk9OuU
upN25TZXrj2C9D2GzxyIN3Tf2H6Ek9FLBctZ3W5RiRVbmedT5NHd91FBJkzGX7QZ
GPVJc3QTk4VdHgQ7VvwwV+UpK1PinU7D/2vQfGEYkI3B
-----END CERTIFICATE-----