Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/CNvCS0uHdDNJw0-yqcu4BsHFo_0.roa
File:                     CNvCS0uHdDNJw0-yqcu4BsHFo_0.roa (raw, json)
Hash identifier:          gnTGw8yq/GCJw759sOhx94tnO5WRe984Uyk5/sBmvao=
Subject key identifier:   08:DB:C2:4B:4B:87:74:33:49:C3:4F:B2:A9:CB:B8:06:C1:C5:A3:FD
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       018D0DFB20A20EED48C812B68F995FA0B62C
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/CNvCS0uHdDNJw0-yqcu4BsHFo_0.roa
Signing time:             Mon 15 Jan 2024 16:36:18 +0000
ROA not before:           Mon 15 Jan 2024 16:36:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60566
IP address blocks:        45.140.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 05:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:0d:fb:20:a2:0e:ed:48:c8:12:b6:8f:99:5f:a0:b6:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan 15 16:36:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=08dbc24b4b87743349c34fb2a9cbb806c1c5a3fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:6e:3e:dd:c9:28:9b:d4:14:e2:5e:5a:1e:77:
                    77:bf:e6:8e:7c:be:e5:84:b0:1f:5d:be:92:a9:e9:
                    69:04:e7:98:b9:63:a1:87:7d:85:39:a6:7e:ec:17:
                    ef:e9:ad:fb:33:0d:ce:25:f3:32:f6:9f:04:25:e0:
                    04:df:02:7e:43:b9:bf:01:49:c4:7c:49:05:e2:34:
                    18:ca:13:b3:cc:4c:f0:ad:b1:c4:fb:c5:cd:22:bf:
                    a8:3c:40:45:5c:30:f5:2d:0b:a1:1b:83:ef:3c:39:
                    31:68:92:a9:75:d8:2a:7e:e3:e3:4e:a6:dd:39:58:
                    7d:5d:df:0f:2e:4e:d7:4f:03:bc:99:84:b1:7b:84:
                    e6:9c:43:a9:7d:5f:13:10:ed:63:a5:f6:35:f2:ec:
                    f4:7f:43:29:bf:b8:a6:cb:b8:a1:38:d7:04:94:a0:
                    65:5c:60:f7:87:74:73:ee:c0:aa:90:fd:bf:46:9b:
                    d2:01:f3:bf:05:ec:08:ef:3f:75:91:f4:68:ca:e2:
                    59:95:09:58:f1:da:5f:55:a3:bc:e8:c2:71:cd:02:
                    1c:46:e8:a1:31:40:89:b6:42:fe:5a:8b:3a:cb:8d:
                    bd:d7:32:20:b8:20:29:6c:65:e2:c3:4f:d6:ab:80:
                    63:f5:a7:87:1d:49:2d:2b:5b:3b:dd:a4:8f:fc:84:
                    da:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:DB:C2:4B:4B:87:74:33:49:C3:4F:B2:A9:CB:B8:06:C1:C5:A3:FD
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/CNvCS0uHdDNJw0-yqcu4BsHFo_0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:63:46:19:56:81:bb:3a:0a:2b:2e:5e:ff:79:40:16:52:a9:
         18:f5:ff:a0:5d:bd:eb:d8:9f:46:cf:cb:d8:5c:03:a3:ec:6b:
         43:46:c2:ad:69:8b:c9:8f:b2:8c:63:cf:f6:c2:39:df:78:65:
         47:49:bb:6d:96:5a:f5:ab:f2:2b:14:93:de:1f:5b:ba:94:80:
         0d:1f:17:f5:64:77:e4:e1:6c:56:c6:fc:f9:59:f3:9a:70:4a:
         89:c3:a2:6c:aa:29:13:1d:eb:96:cb:bb:24:80:5e:db:6b:d0:
         41:58:4c:3f:d6:2e:7f:3d:da:6d:9c:42:4e:52:ce:72:bf:aa:
         80:29:7b:51:61:cf:a2:99:7c:10:1b:04:1d:e7:e8:30:4e:a4:
         e9:21:dc:f2:37:07:9d:77:38:c1:af:f4:e7:21:4e:eb:1e:0b:
         73:1f:0f:3c:5a:30:30:a9:9d:02:52:e4:56:e7:ee:df:08:53:
         2e:13:62:fe:9d:38:f7:7d:08:76:86:01:f5:39:26:9a:d9:40:
         b8:30:d5:ca:14:4c:c5:0b:25:c4:8e:89:fc:71:ee:98:34:ae:
         5b:8d:6d:69:31:e2:97:cf:b7:a9:cd:cf:79:90:39:c9:b9:65:
         f5:2b:61:28:14:1f:06:d4:0d:71:91:af:5e:24:84:00:34:77:
         89:b4:42:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0N+yCiDu1IyBK2j5lfoLYsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjQwMTE1MTYzNjE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGRiYzI0YjRiODc3NDMzNDljMzRmYjJhOWNiYjgwNmMxYzVhM2ZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhG4+3ckom9QU4l5aHnd3v+aOfL7l
hLAfXb6SqelpBOeYuWOhh32FOaZ+7Bfv6a37Mw3OJfMy9p8EJeAE3wJ+Q7m/AUnE
fEkF4jQYyhOzzEzwrbHE+8XNIr+oPEBFXDD1LQuhG4PvPDkxaJKpddgqfuPjTqbd
OVh9Xd8PLk7XTwO8mYSxe4TmnEOpfV8TEO1jpfY18uz0f0Mpv7imy7ihONcElKBl
XGD3h3Rz7sCqkP2/RpvSAfO/BewI7z91kfRoyuJZlQlY8dpfVaO86MJxzQIcRuih
MUCJtkL+Wos6y4291zIguCApbGXiw0/Wq4Bj9aeHHUktK1s73aSP/ITaAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjbwktLh3QzScNPsqnLuAbBxaP9MB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvQ052Q1MwdUhkRE5KdzAteXFjdTRCc0hGb18wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYwSMA0G
CSqGSIb3DQEBCwUAA4IBAQBCY0YZVoG7OgorLl7/eUAWUqkY9f+gXb3r2J9Gz8vY
XAOj7GtDRsKtaYvJj7KMY8/2wjnfeGVHSbttllr1q/IrFJPeH1u6lIANHxf1ZHfk
4WxWxvz5WfOacEqJw6JsqikTHeuWy7skgF7ba9BBWEw/1i5/PdptnEJOUs5yv6qA
KXtRYc+imXwQGwQd5+gwTqTpIdzyNweddzjBr/TnIU7rHgtzHw88WjAwqZ0CUuRW
5+7fCFMuE2L+nTj3fQh2hgH1OSaa2UC4MNXKFEzFCyXEjon8ce6YNK5bjW1pMeKX
z7epzc95kDnJuWX1K2EoFB8G1A1xka9eJIQANHeJtELW
-----END CERTIFICATE-----