Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/6f857d-c398-4d14-9074-3749d95dcd1f/1/R38kz3uxuBhXSh5aO1OkmNmO21c.roa
File:                     R38kz3uxuBhXSh5aO1OkmNmO21c.roa (raw, json)
Hash identifier:          dtAu6cWZ080SQmFjhDDc5HSI9Ycj7EPUJrsMHS4fwGw=
Subject key identifier:   47:7F:24:CF:7B:B1:B8:18:57:4A:1E:5A:3B:53:A4:98:D9:8E:DB:57
Certificate issuer:       /CN=156d70330ec51e9ff1f7727b1781c47a7a9aa56d
Certificate serial:       018CC3B6F6A12DA116F042898541C5CE711C
Authority key identifier: 15:6D:70:33:0E:C5:1E:9F:F1:F7:72:7B:17:81:C4:7A:7A:9A:A5:6D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FW1wMw7FHp_x93J7F4HEenqapW0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/6f857d-c398-4d14-9074-3749d95dcd1f/1/R38kz3uxuBhXSh5aO1OkmNmO21c.roa
Signing time:             Mon 01 Jan 2024 06:29:56 +0000
ROA not before:           Mon 01 Jan 2024 06:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     199524
IP address blocks:        45.147.160.0/24 maxlen: 24
                          45.147.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/6f857d-c398-4d14-9074-3749d95dcd1f/1/FW1wMw7FHp_x93J7F4HEenqapW0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/6f857d-c398-4d14-9074-3749d95dcd1f/1/FW1wMw7FHp_x93J7F4HEenqapW0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FW1wMw7FHp_x93J7F4HEenqapW0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:02:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:f6:a1:2d:a1:16:f0:42:89:85:41:c5:ce:71:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=156d70330ec51e9ff1f7727b1781c47a7a9aa56d
        Validity
            Not Before: Jan  1 06:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=477f24cf7bb1b818574a1e5a3b53a498d98edb57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:4f:da:59:ed:e7:98:13:b5:a3:5a:d8:48:52:
                    65:ed:e5:06:f0:1c:88:1b:b1:2d:91:e5:17:19:7a:
                    61:2b:a3:7a:22:29:37:7b:0b:13:e8:4d:ee:dd:9f:
                    54:1c:b9:e0:64:10:4e:69:17:67:57:e2:97:a1:fb:
                    a3:01:81:17:73:05:ca:73:10:38:0b:77:db:6b:ac:
                    07:7a:7f:07:b9:f9:71:58:2b:d1:71:7f:a9:93:67:
                    ea:69:52:51:38:97:45:14:2a:37:97:1b:b1:50:8c:
                    4b:ff:de:02:2c:8c:5f:e3:4d:65:60:11:ea:b3:27:
                    3b:85:b0:48:9e:b7:4d:06:b3:6d:f0:84:c9:b3:c2:
                    2d:f9:e7:fa:20:c3:a2:27:e0:50:51:bf:27:a0:c8:
                    4a:86:68:7a:b5:08:37:34:d1:c3:f8:e5:71:ae:0e:
                    58:a7:e8:fa:fb:18:3c:99:25:c6:66:63:49:15:6e:
                    19:7a:7d:a3:bb:17:90:d3:73:fa:0c:02:2c:31:b7:
                    31:e1:eb:5b:a9:84:09:28:34:dd:1e:8d:69:ca:90:
                    46:cf:c1:ad:fe:97:43:02:8f:95:ef:b6:e1:7c:90:
                    0c:e6:6b:d4:21:51:fb:24:f0:8c:3c:a9:15:f0:12:
                    81:cd:8e:60:1c:2f:fb:32:48:d7:fd:13:e3:e4:9c:
                    36:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:7F:24:CF:7B:B1:B8:18:57:4A:1E:5A:3B:53:A4:98:D9:8E:DB:57
            X509v3 Authority Key Identifier:
                keyid:15:6D:70:33:0E:C5:1E:9F:F1:F7:72:7B:17:81:C4:7A:7A:9A:A5:6D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FW1wMw7FHp_x93J7F4HEenqapW0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6f857d-c398-4d14-9074-3749d95dcd1f/1/R38kz3uxuBhXSh5aO1OkmNmO21c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/6f857d-c398-4d14-9074-3749d95dcd1f/1/FW1wMw7FHp_x93J7F4HEenqapW0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         46:58:ea:7a:09:a2:ea:d8:fa:6e:c2:66:c4:ba:65:42:4b:7a:
         54:f8:dd:6a:4f:28:37:29:f9:b5:74:90:66:7f:05:f1:a3:d5:
         30:df:04:ca:13:b7:54:41:4c:cc:8a:af:b3:9d:75:ff:5a:40:
         16:81:b0:3a:fa:22:d7:9e:54:61:90:a4:bd:92:e2:3f:ed:4c:
         e1:e7:6f:8e:26:f1:65:d5:09:73:65:49:77:ba:32:2a:9c:19:
         c7:81:79:c8:62:48:01:8b:8f:86:c1:57:f7:fa:85:65:c2:e3:
         bc:09:4c:8c:d7:ed:dd:16:ae:dd:1c:9e:53:c4:b9:92:50:e3:
         40:f6:76:cf:07:5c:94:88:c6:96:2d:5d:04:8e:c0:2c:df:3d:
         97:db:4b:80:b0:97:33:09:71:37:43:ac:ad:e3:63:87:d4:8b:
         41:81:2e:58:74:03:f2:15:7e:a4:22:5a:6d:01:1d:4e:f0:65:
         24:2a:61:a5:15:13:54:61:14:f2:dc:37:6f:b0:a7:76:e7:6d:
         ea:8a:9f:90:4a:e4:95:f0:b4:f7:95:0f:45:4e:91:46:74:62:
         b8:c0:92:7f:9d:55:37:4f:00:b6:92:34:f8:13:fa:63:bd:db:
         28:a6:e7:09:98:82:43:3b:8b:f6:c1:1b:88:5c:04:fe:fa:a0:
         2f:7f:82:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtvahLaEW8EKJhUHFznEcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1NmQ3MDMzMGVjNTFlOWZmMWY3NzI3YjE3ODFjNDdhN2E5
YWE1NmQwHhcNMjQwMTAxMDYyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NzdmMjRjZjdiYjFiODE4NTc0YTFlNWEzYjUzYTQ5OGQ5OGVkYjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0/aWe3nmBO1o1rYSFJl7eUG8ByI
G7EtkeUXGXphK6N6Iik3ewsT6E3u3Z9UHLngZBBOaRdnV+KXofujAYEXcwXKcxA4
C3fba6wHen8HuflxWCvRcX+pk2fqaVJROJdFFCo3lxuxUIxL/94CLIxf401lYBHq
syc7hbBInrdNBrNt8ITJs8It+ef6IMOiJ+BQUb8noMhKhmh6tQg3NNHD+OVxrg5Y
p+j6+xg8mSXGZmNJFW4Zen2juxeQ03P6DAIsMbcx4etbqYQJKDTdHo1pypBGz8Gt
/pdDAo+V77bhfJAM5mvUIVH7JPCMPKkV8BKBzY5gHC/7MkjX/RPj5Jw2/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEd/JM97sbgYV0oeWjtTpJjZjttXMB8GA1UdIwQY
MBaAFBVtcDMOxR6f8fdyexeBxHp6mqVtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlcxd013N0ZIcF94OTNKN0Y0SEVlbnFhcFcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy82Zjg1N2QtYzM5OC00ZDE0LTkwNzQt
Mzc0OWQ5NWRjZDFmLzEvUjM4a3ozdXh1QmhYU2g1YU8xT2ttTm1PMjFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy82Zjg1N2QtYzM5OC00ZDE0LTkwNzQtMzc0OWQ5NWRjZDFm
LzEvRlcxd013N0ZIcF94OTNKN0Y0SEVlbnFhcFcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZOgMA0G
CSqGSIb3DQEBCwUAA4IBAQBGWOp6CaLq2PpuwmbEumVCS3pU+N1qTyg3Kfm1dJBm
fwXxo9Uw3wTKE7dUQUzMiq+znXX/WkAWgbA6+iLXnlRhkKS9kuI/7Uzh52+OJvFl
1QlzZUl3ujIqnBnHgXnIYkgBi4+GwVf3+oVlwuO8CUyM1+3dFq7dHJ5TxLmSUONA
9nbPB1yUiMaWLV0EjsAs3z2X20uAsJczCXE3Q6yt42OH1ItBgS5YdAPyFX6kIlpt
AR1O8GUkKmGlFRNUYRTy3DdvsKd2523qip+QSuSV8LT3lQ9FTpFGdGK4wJJ/nVU3
TwC2kjT4E/pjvdsopucJmIJDO4v2wRuIXAT++qAvf4JX
-----END CERTIFICATE-----