Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/2a6eaa-e437-43bc-972e-3e3bfaa190df/1/ufv3lVEbNE5UWRkmGx3BQDZxFEw.roa
File:                     ufv3lVEbNE5UWRkmGx3BQDZxFEw.roa (raw, json)
Hash identifier:          CDZkP9lIRnvNR/m2/fPOKCr5sHE/r8Yt+zOz71WxBPo=
Subject key identifier:   B9:FB:F7:95:51:1B:34:4E:54:59:19:26:1B:1D:C1:40:36:71:14:4C
Certificate issuer:       /CN=4dcbef06ad05fd6e6e7e7b1084cb1d7d65e6426f
Certificate serial:       018CC4251084D350BFBA823BF525676F2EB0
Authority key identifier: 4D:CB:EF:06:AD:05:FD:6E:6E:7E:7B:10:84:CB:1D:7D:65:E6:42:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TcvvBq0F_W5ufnsQhMsdfWXmQm8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bd/2a6eaa-e437-43bc-972e-3e3bfaa190df/1/ufv3lVEbNE5UWRkmGx3BQDZxFEw.roa
Signing time:             Mon 01 Jan 2024 08:30:12 +0000
ROA not before:           Mon 01 Jan 2024 08:30:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202208
IP address blocks:        45.154.224.0/23 maxlen: 23
                          45.154.224.0/22 maxlen: 22
                          45.154.226.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bd/2a6eaa-e437-43bc-972e-3e3bfaa190df/1/TcvvBq0F_W5ufnsQhMsdfWXmQm8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bd/2a6eaa-e437-43bc-972e-3e3bfaa190df/1/TcvvBq0F_W5ufnsQhMsdfWXmQm8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TcvvBq0F_W5ufnsQhMsdfWXmQm8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 01:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:10:84:d3:50:bf:ba:82:3b:f5:25:67:6f:2e:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4dcbef06ad05fd6e6e7e7b1084cb1d7d65e6426f
        Validity
            Not Before: Jan  1 08:30:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b9fbf795511b344e545919261b1dc1403671144c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:9d:7c:ec:65:40:a3:06:0c:79:6e:54:84:14:
                    7d:1a:68:ab:4f:bc:25:e9:cc:60:12:5d:8e:4d:c7:
                    1f:ce:ab:d7:45:d1:84:aa:41:c3:58:27:49:43:a0:
                    31:ab:ab:ad:92:44:83:01:3e:71:24:08:84:f7:d2:
                    2c:81:b3:bd:7c:dc:67:8b:5d:fb:7e:b1:da:f2:e4:
                    61:71:ed:0c:65:8a:2e:51:65:63:82:7a:fa:57:01:
                    72:59:ae:2f:c9:11:a7:72:63:64:4d:ae:25:83:79:
                    20:13:b7:38:aa:cc:b1:c4:ea:80:18:70:bc:83:a5:
                    7b:7c:d0:0b:70:a9:95:96:30:cb:ae:44:04:38:fe:
                    38:d5:00:98:b6:52:cf:51:2f:22:9c:20:1b:f7:80:
                    62:10:74:e8:68:45:be:8a:46:3d:c3:af:f1:ca:01:
                    2d:47:90:3d:88:57:2e:9b:12:20:3b:f5:c1:c5:83:
                    c4:2a:21:e7:23:30:b2:4b:7a:7c:b3:b9:42:9b:08:
                    e8:ef:d1:bb:2f:58:f7:da:40:bc:d1:c7:a1:ed:39:
                    06:62:9e:44:9a:72:6b:44:ab:27:8e:26:b5:38:92:
                    7b:69:b8:68:2b:a7:3f:91:de:bc:ab:bd:59:0d:00:
                    f0:fc:44:3a:15:bb:d8:56:95:7a:29:27:d0:c7:aa:
                    38:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B9:FB:F7:95:51:1B:34:4E:54:59:19:26:1B:1D:C1:40:36:71:14:4C
            X509v3 Authority Key Identifier:
                keyid:4D:CB:EF:06:AD:05:FD:6E:6E:7E:7B:10:84:CB:1D:7D:65:E6:42:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TcvvBq0F_W5ufnsQhMsdfWXmQm8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/2a6eaa-e437-43bc-972e-3e3bfaa190df/1/ufv3lVEbNE5UWRkmGx3BQDZxFEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/2a6eaa-e437-43bc-972e-3e3bfaa190df/1/TcvvBq0F_W5ufnsQhMsdfWXmQm8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         01:02:7e:16:59:f3:3f:33:8b:36:2f:6d:50:bf:3e:82:b4:27:
         69:8a:fa:72:3a:f8:1e:4c:ea:8d:b0:80:6e:f2:12:3c:97:39:
         08:88:8c:9a:c5:49:93:02:ba:0a:ee:4c:27:b0:06:f6:55:c4:
         47:d3:2e:a6:94:df:78:10:16:7d:12:c0:23:c3:66:17:9c:2d:
         f1:38:ae:da:49:5a:7a:0b:a9:1c:5a:89:8d:ad:f6:f3:46:1c:
         19:da:cf:be:1b:83:b3:82:ba:34:ee:6f:aa:71:2b:17:ca:47:
         e0:08:a1:54:f6:0d:0e:78:76:82:b8:8b:1f:aa:b5:e9:08:8b:
         82:97:40:0d:c0:77:2c:80:4b:24:71:55:14:8e:90:a3:55:12:
         6e:ec:09:cd:98:ea:47:b0:4d:f1:9a:ad:e6:9b:c3:50:2c:62:
         81:d6:ef:d6:07:9c:c7:23:d6:cc:87:54:02:c9:e3:28:db:82:
         cd:ec:aa:d6:d4:33:93:5a:94:2c:4a:96:ed:91:16:00:a5:fb:
         5d:22:f4:1c:ae:38:71:61:5e:17:7d:38:1f:eb:eb:1d:b4:8d:
         8f:42:c3:e2:ad:0f:bc:0d:0f:fa:a9:19:a0:92:00:fa:95:66:
         ec:37:eb:87:05:39:db:52:91:c3:0b:c5:58:cf:13:b0:3d:23:
         1f:5c:ae:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJRCE01C/uoI79SVnby6wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkY2JlZjA2YWQwNWZkNmU2ZTdlN2IxMDg0Y2IxZDdkNjVl
NjQyNmYwHhcNMjQwMTAxMDgzMDEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOWZiZjc5NTUxMWIzNDRlNTQ1OTE5MjYxYjFkYzE0MDM2NzExNDRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5187GVAowYMeW5UhBR9GmirT7wl
6cxgEl2OTccfzqvXRdGEqkHDWCdJQ6Axq6utkkSDAT5xJAiE99IsgbO9fNxni137
frHa8uRhce0MZYouUWVjgnr6VwFyWa4vyRGncmNkTa4lg3kgE7c4qsyxxOqAGHC8
g6V7fNALcKmVljDLrkQEOP441QCYtlLPUS8inCAb94BiEHToaEW+ikY9w6/xygEt
R5A9iFcumxIgO/XBxYPEKiHnIzCyS3p8s7lCmwjo79G7L1j32kC80ceh7TkGYp5E
mnJrRKsnjia1OJJ7abhoK6c/kd68q71ZDQDw/EQ6FbvYVpV6KSfQx6o4yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLn795VRGzROVFkZJhsdwUA2cRRMMB8GA1UdIwQY
MBaAFE3L7watBf1ubn57EITLHX1l5kJvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGN2dkJxMEZfVzV1Zm5zUWhNc2RmV1htUW04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC8yYTZlYWEtZTQzNy00M2JjLTk3MmUt
M2UzYmZhYTE5MGRmLzEvdWZ2M2xWRWJORTVVV1JrbUd4M0JRRFp4RkV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC8yYTZlYWEtZTQzNy00M2JjLTk3MmUtM2UzYmZhYTE5MGRm
LzEvVGN2dkJxMEZfVzV1Zm5zUWhNc2RmV1htUW04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZrgMA0G
CSqGSIb3DQEBCwUAA4IBAQABAn4WWfM/M4s2L21Qvz6CtCdpivpyOvgeTOqNsIBu
8hI8lzkIiIyaxUmTAroK7kwnsAb2VcRH0y6mlN94EBZ9EsAjw2YXnC3xOK7aSVp6
C6kcWomNrfbzRhwZ2s++G4Ozgro07m+qcSsXykfgCKFU9g0OeHaCuIsfqrXpCIuC
l0ANwHcsgEskcVUUjpCjVRJu7AnNmOpHsE3xmq3mm8NQLGKB1u/WB5zHI9bMh1QC
yeMo24LN7KrW1DOTWpQsSpbtkRYApftdIvQcrjhxYV4XfTgf6+sdtI2PQsPirQ+8
DQ/6qRmgkgD6lWbsN+uHBTnbUpHDC8VYzxOwPSMfXK6j
-----END CERTIFICATE-----