Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/w_ki409zJD-tKpCDVwFMIrq1ttQ.roa
File:                     w_ki409zJD-tKpCDVwFMIrq1ttQ.roa (raw, json)
Hash identifier:          WUgPSbzLgbsZ/jta/dEnhfx1PCZgV2HTbokYZSxYqkc=
Subject key identifier:   C3:F9:22:E3:4F:73:24:3F:AD:2A:90:83:57:01:4C:22:BA:B5:B6:D4
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       018CC50108051C7EFA8E6497E36C41C57919
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/w_ki409zJD-tKpCDVwFMIrq1ttQ.roa
Signing time:             Mon 01 Jan 2024 12:30:28 +0000
ROA not before:           Mon 01 Jan 2024 12:30:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9335
IP address blocks:        141.98.16.0/22 maxlen: 24
                          45.154.24.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:01:08:05:1c:7e:fa:8e:64:97:e3:6c:41:c5:79:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 12:30:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c3f922e34f73243fad2a908357014c22bab5b6d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:a9:ef:a7:75:8b:c5:d2:bc:8e:36:17:27:18:
                    48:89:27:b3:b8:16:41:e2:0f:44:22:76:7a:97:03:
                    e6:35:47:5f:3d:6c:13:2b:cc:c5:d4:77:a8:1d:e2:
                    d5:23:4e:bb:19:f4:4c:ea:28:3d:e9:f1:8a:66:b6:
                    e7:25:d8:dd:f2:3b:02:87:24:97:a5:cc:3a:64:9c:
                    8e:5d:de:f5:06:cb:d1:bb:b0:a0:38:f7:f2:71:0f:
                    ba:19:d9:8f:a4:32:8c:b5:26:43:9a:d5:d6:d2:3e:
                    72:44:f7:1f:6f:6f:71:6e:c8:53:0c:97:da:4c:f3:
                    e8:d4:ac:ee:77:c3:3d:40:fc:4d:c8:87:cd:b1:31:
                    00:c0:2f:7e:8f:45:c8:cf:e8:3d:f7:23:bd:7a:1e:
                    e1:58:91:71:1f:11:60:20:00:be:3e:ab:92:2e:f2:
                    38:cb:57:e5:12:df:aa:f0:26:a0:44:9a:a2:67:3d:
                    60:e9:22:03:22:7a:80:f3:3d:e3:18:cc:39:6a:fc:
                    6f:05:da:79:ca:de:81:75:0b:7c:a9:80:5f:6b:9b:
                    54:92:70:e0:2c:15:dc:61:72:46:eb:c8:ea:ce:5e:
                    02:be:be:43:d5:6e:9d:6d:d0:d9:66:f1:82:39:6e:
                    e0:4e:9f:91:c9:4f:7a:bf:ce:ae:8e:df:50:c0:3f:
                    a1:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:F9:22:E3:4F:73:24:3F:AD:2A:90:83:57:01:4C:22:BA:B5:B6:D4
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/w_ki409zJD-tKpCDVwFMIrq1ttQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.24.0/22
                  141.98.16.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3e:f4:74:0f:f8:87:c3:88:60:73:f1:73:bb:58:e5:03:60:4c:
         56:01:78:0e:1d:87:f1:76:e8:ee:71:f6:cd:e1:7e:de:28:1c:
         7e:31:bb:9c:4b:eb:e2:24:89:b8:c5:4c:08:9f:e3:b8:e5:54:
         8c:33:5e:90:5e:29:e7:c4:7c:61:8f:3f:9b:f9:96:e2:9b:49:
         6f:0f:3b:88:51:33:50:6c:97:a3:bc:6d:19:31:3c:1d:2c:ce:
         39:85:cc:34:14:72:fa:35:d8:ec:d1:92:86:82:49:15:4a:a0:
         32:11:52:b4:4b:4c:29:8d:38:68:20:c3:ca:d9:c0:64:e6:97:
         9c:a4:92:db:6c:1c:3f:8b:32:01:97:a7:9e:61:9b:d0:8e:3a:
         f5:5f:1e:81:ef:6e:48:3a:ef:10:5c:77:bf:d3:f0:e5:96:fb:
         2d:c9:5b:86:d9:fe:63:f1:05:f6:00:18:10:e5:b3:c5:f1:bc:
         bd:bb:d6:bd:ea:64:7f:3f:44:fa:f3:aa:7d:1b:2d:46:c1:c2:
         0e:fd:a8:3f:05:42:eb:e8:31:28:11:55:e0:f3:74:f2:5f:7a:
         9e:f2:a9:da:f8:c7:0e:59:0c:7a:bd:ba:ae:9d:ad:41:f1:10:
         51:54:40:fd:68:70:d2:8b:a4:78:0c:32:fd:6a:42:67:cb:f9:
         f6:c9:cd:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAQgFHH76jmSX42xBxXkZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjQwMTAxMTIzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2Y5MjJlMzRmNzMyNDNmYWQyYTkwODM1NzAxNGMyMmJhYjViNmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6qnvp3WLxdK8jjYXJxhIiSezuBZB
4g9EInZ6lwPmNUdfPWwTK8zF1HeoHeLVI067GfRM6ig96fGKZrbnJdjd8jsChySX
pcw6ZJyOXd71BsvRu7CgOPfycQ+6GdmPpDKMtSZDmtXW0j5yRPcfb29xbshTDJfa
TPPo1Kzud8M9QPxNyIfNsTEAwC9+j0XIz+g99yO9eh7hWJFxHxFgIAC+PquSLvI4
y1flEt+q8CagRJqiZz1g6SIDInqA8z3jGMw5avxvBdp5yt6BdQt8qYBfa5tUknDg
LBXcYXJG68jqzl4Cvr5D1W6dbdDZZvGCOW7gTp+RyU96v86ujt9QwD+hHwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMP5IuNPcyQ/rSqQg1cBTCK6tbbUMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvd19raTQwOXpKRC10S3BDRFZ3Rk1JcnExdHRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLZoYAwQC
jWIQMA0GCSqGSIb3DQEBCwUAA4IBAQA+9HQP+IfDiGBz8XO7WOUDYExWAXgOHYfx
dujucfbN4X7eKBx+MbucS+viJIm4xUwIn+O45VSMM16QXinnxHxhjz+b+Zbim0lv
DzuIUTNQbJejvG0ZMTwdLM45hcw0FHL6Ndjs0ZKGgkkVSqAyEVK0S0wpjThoIMPK
2cBk5pecpJLbbBw/izIBl6eeYZvQjjr1Xx6B725IOu8QXHe/0/DllvstyVuG2f5j
8QX2ABgQ5bPF8by9u9a96mR/P0T686p9Gy1GwcIO/ag/BULr6DEoEVXg83TyX3qe
8qna+McOWQx6vbquna1B8RBRVED9aHDSi6R4DDL9akJny/n2yc0s
-----END CERTIFICATE-----