Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/R7VSHY1cGRAxN3ixC2KnA5cNz6Q.roa
File:                     R7VSHY1cGRAxN3ixC2KnA5cNz6Q.roa (raw, json)
Hash identifier:          IVTpOqxzWWQe0ctuVUV+3UwkZ0Hps/uEiWqwcKHRbPc=
Subject key identifier:   47:B5:52:1D:8D:5C:19:10:31:37:78:B1:0B:62:A7:03:97:0D:CF:A4
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC501328DB7D755FE0EF71E145BB24444
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/R7VSHY1cGRAxN3ixC2KnA5cNz6Q.roa
Signing time:             Mon 01 Jan 2024 12:30:39 +0000
ROA not before:           Mon 01 Jan 2024 12:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     399498
IP address blocks:        45.85.105.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:32:8d:b7:d7:55:fe:0e:f7:1e:14:5b:b2:44:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47b5521d8d5c1910313778b10b62a703970dcfa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:85:19:26:7a:d9:30:86:e7:19:75:2e:ea:4a:
                    55:05:e0:60:2a:d0:7b:aa:08:97:91:a0:a0:e9:cc:
                    2b:ab:e8:48:30:2f:9d:e7:32:d9:62:c9:75:c1:f7:
                    9a:2a:8e:4e:4b:05:f8:37:76:37:ba:2e:d3:c8:07:
                    0d:be:71:8f:c4:28:cd:86:3b:30:96:a9:ae:71:83:
                    31:5f:b7:1f:24:00:58:f5:c8:93:e7:29:ba:b7:a8:
                    3d:78:60:08:8f:69:6f:be:1f:27:59:48:2d:18:0f:
                    f1:e1:e7:3a:a8:91:91:2a:d5:64:7a:a5:2c:40:70:
                    1b:3c:50:89:d0:8c:e2:8e:71:58:db:19:3d:23:b3:
                    c3:cc:c1:0d:70:22:fc:db:b2:30:8e:8d:30:75:42:
                    c0:f2:44:4e:32:af:31:87:f4:1f:99:48:f6:ad:fd:
                    f6:f2:60:f3:9f:71:db:ec:d4:00:95:a1:34:b4:ed:
                    55:2d:bb:06:d8:69:81:4c:84:d1:01:7c:5b:62:1b:
                    88:bd:f1:63:11:2d:ce:ef:b5:e8:1e:7c:cf:09:55:
                    31:ab:31:0e:1b:c5:5c:0a:15:45:82:b6:8a:31:aa:
                    9a:0a:ef:53:ab:1d:76:79:43:71:d0:0b:1c:d7:01:
                    18:35:d3:6f:74:4d:78:32:df:99:aa:06:a9:ae:61:
                    b4:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:B5:52:1D:8D:5C:19:10:31:37:78:B1:0B:62:A7:03:97:0D:CF:A4
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/R7VSHY1cGRAxN3ixC2KnA5cNz6Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.85.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         17:22:be:67:8d:ce:1f:3f:c1:63:56:99:35:0b:91:4a:8d:68:
         bb:5b:ee:0d:41:01:01:f5:ec:b9:68:88:6d:7a:6f:26:92:d5:
         39:e8:79:02:04:d6:d2:0d:b9:29:44:55:88:04:c9:14:98:09:
         19:aa:64:71:42:50:17:1b:db:f6:2f:8d:89:2c:65:de:d8:97:
         de:1e:db:23:e3:7c:68:b2:a3:62:fe:af:7b:06:1a:15:39:65:
         43:df:d6:f5:af:a1:f9:70:ac:f2:47:e9:b8:61:b0:16:83:b3:
         d2:e9:74:3b:67:94:82:93:fe:14:ca:f3:a1:6c:05:9c:57:d1:
         04:99:44:ed:36:00:d3:2d:59:45:23:21:d5:e4:dc:77:6f:ad:
         51:b3:15:47:c8:81:e1:87:e6:a9:c1:d1:a1:69:c6:87:b9:83:
         a5:f9:c4:44:07:ac:a8:23:95:0d:36:5f:93:2b:07:b7:a8:9c:
         12:3b:0f:ab:b2:e2:82:91:29:28:a3:3e:38:bb:47:cc:6e:9e:
         b0:42:34:d1:b8:7c:63:bc:90:3b:8f:61:04:99:fb:d7:ef:bc:
         68:4e:3c:5e:d8:d2:56:03:1b:06:b1:b4:4a:82:69:bf:7b:76:
         b0:5c:63:e6:87:99:fd:6c:45:23:76:17:dd:c4:8a:d1:b2:15:
         24:22:67:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFATKNt9dV/g73HhRbskREMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2I1NTIxZDhkNWMxOTEwMzEzNzc4YjEwYjYyYTcwMzk3MGRjZmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvoUZJnrZMIbnGXUu6kpVBeBgKtB7
qgiXkaCg6cwrq+hIMC+d5zLZYsl1wfeaKo5OSwX4N3Y3ui7TyAcNvnGPxCjNhjsw
lqmucYMxX7cfJABY9ciT5ym6t6g9eGAIj2lvvh8nWUgtGA/x4ec6qJGRKtVkeqUs
QHAbPFCJ0IzijnFY2xk9I7PDzMENcCL827Iwjo0wdULA8kROMq8xh/QfmUj2rf32
8mDzn3Hb7NQAlaE0tO1VLbsG2GmBTITRAXxbYhuIvfFjES3O77XoHnzPCVUxqzEO
G8VcChVFgraKMaqaCu9Tqx12eUNx0Asc1wEYNdNvdE14Mt+ZqgaprmG0aQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEe1Uh2NXBkQMTd4sQtipwOXDc+kMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvUjdWU0hZMWNHUkF4TjNpeEMyS25BNWNOejZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVVpMA0G
CSqGSIb3DQEBCwUAA4IBAQAXIr5njc4fP8FjVpk1C5FKjWi7W+4NQQEB9ey5aIht
em8mktU56HkCBNbSDbkpRFWIBMkUmAkZqmRxQlAXG9v2L42JLGXe2JfeHtsj43xo
sqNi/q97BhoVOWVD39b1r6H5cKzyR+m4YbAWg7PS6XQ7Z5SCk/4UyvOhbAWcV9EE
mUTtNgDTLVlFIyHV5Nx3b61RsxVHyIHhh+apwdGhacaHuYOl+cREB6yoI5UNNl+T
Kwe3qJwSOw+rsuKCkSkooz44u0fMbp6wQjTRuHxjvJA7j2EEmfvX77xoTjxe2NJW
AxsGsbRKgmm/e3awXGPmh5n9bEUjdhfdxIrRshUkImeW
-----END CERTIFICATE-----