Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/Cf6NocSP1adBOMwk7-DwGWmImEw.roa
File:                     Cf6NocSP1adBOMwk7-DwGWmImEw.roa (raw, json)
Hash identifier:          yJbffVhxo+oaIu8F0k057R/EoU2Mxo2rxWe3F33WCnc=
Subject key identifier:   09:FE:8D:A1:C4:8F:D5:A7:41:38:CC:24:EF:E0:F0:19:69:88:98:4C
Certificate issuer:       /CN=67ea698abcdee10dca9d6703a56e87a6b359bfcc
Certificate serial:       018CC5DC2D7A81221A7AACF292317A8BF4C6
Authority key identifier: 67:EA:69:8A:BC:DE:E1:0D:CA:9D:67:03:A5:6E:87:A6:B3:59:BF:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z-ppirze4Q3KnWcDpW6HprNZv8w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/Cf6NocSP1adBOMwk7-DwGWmImEw.roa
Signing time:             Mon 01 Jan 2024 16:29:50 +0000
ROA not before:           Mon 01 Jan 2024 16:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21221
IP address blocks:        45.14.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/Z-ppirze4Q3KnWcDpW6HprNZv8w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/Z-ppirze4Q3KnWcDpW6HprNZv8w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z-ppirze4Q3KnWcDpW6HprNZv8w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:2d:7a:81:22:1a:7a:ac:f2:92:31:7a:8b:f4:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67ea698abcdee10dca9d6703a56e87a6b359bfcc
        Validity
            Not Before: Jan  1 16:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=09fe8da1c48fd5a74138cc24efe0f0196988984c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:95:0b:f8:2d:4f:4a:89:11:80:ff:97:5b:ae:
                    a1:5e:9d:e5:8d:e1:47:e4:70:89:cc:b2:50:cd:f5:
                    13:90:4a:29:95:a9:88:d1:65:bb:9f:49:50:2d:77:
                    10:9a:6f:3f:d9:cf:29:ef:70:8e:dc:c7:0d:3f:af:
                    9c:53:98:6a:0a:23:1e:ae:cf:cf:b5:5c:a9:f1:16:
                    c0:af:14:5a:f8:5a:10:79:0f:37:3a:0d:b5:c3:c7:
                    5d:2f:78:df:db:ba:8f:53:d0:69:56:67:02:21:56:
                    3f:a5:cf:83:fc:a3:0f:b4:d7:03:a8:f4:3e:84:47:
                    8d:73:91:42:e1:01:3b:c0:f8:f9:c2:fb:f4:d9:f7:
                    fd:14:e0:c6:80:36:4f:69:5e:69:6f:f1:ec:cb:c4:
                    24:86:52:b2:0e:e4:a6:18:82:f2:f0:66:43:c4:34:
                    ba:fa:96:3a:46:83:fe:86:6e:a9:86:71:bd:d6:26:
                    74:c7:af:11:4c:c6:ce:ee:e1:ac:59:ef:98:60:12:
                    22:df:7d:db:b9:7a:62:8d:82:25:84:9f:6c:9a:92:
                    e5:2b:ac:8c:25:d3:b3:a3:78:85:ce:83:88:d8:44:
                    09:6d:a7:fd:17:c2:db:f7:09:60:f7:f7:18:52:ea:
                    04:6b:22:29:1a:e2:bc:02:c3:d8:0a:2a:9b:6e:9f:
                    53:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:FE:8D:A1:C4:8F:D5:A7:41:38:CC:24:EF:E0:F0:19:69:88:98:4C
            X509v3 Authority Key Identifier:
                keyid:67:EA:69:8A:BC:DE:E1:0D:CA:9D:67:03:A5:6E:87:A6:B3:59:BF:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z-ppirze4Q3KnWcDpW6HprNZv8w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/Cf6NocSP1adBOMwk7-DwGWmImEw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/a322ba-c964-465b-8989-b32d974c210e/1/Z-ppirze4Q3KnWcDpW6HprNZv8w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:22:29:d7:06:4c:f5:c8:e0:50:56:c6:a3:a4:d5:ba:01:6b:
         e4:3a:d9:42:8f:dd:cc:89:56:74:ba:b4:ff:a5:63:87:3e:e8:
         9b:5f:ac:49:5d:8d:f6:a1:c3:8f:62:d5:e7:3c:23:40:f3:5c:
         42:bf:99:ee:e0:d3:76:cb:52:76:66:bf:70:0a:95:31:02:20:
         c8:0b:9c:7e:c0:40:66:58:c4:a4:b3:84:6c:f4:c4:c8:0d:13:
         ee:89:d8:80:af:73:90:6f:3c:83:ee:94:16:50:9e:f9:30:55:
         e9:fb:a3:c1:95:87:d2:0e:a2:4d:76:c0:b5:2e:ef:e1:ce:14:
         e8:60:d5:07:8e:a6:f0:47:be:bd:97:fa:52:91:a7:6c:b4:71:
         83:ea:94:04:eb:fc:b1:56:70:bd:f4:bd:09:4c:f8:1c:f1:48:
         65:46:47:c5:66:0e:fa:b9:d2:a5:cb:77:f1:cb:79:37:fc:cf:
         95:ee:91:5a:90:74:71:43:db:6d:a8:43:6b:7e:07:09:26:50:
         07:e5:e1:bc:3e:75:60:88:ef:50:6f:8e:96:7a:e0:57:77:30:
         97:1d:50:b2:8d:b9:04:b8:88:4a:14:c8:74:f8:7e:e9:09:56:
         e3:34:ab:72:dc:e7:50:1f:cd:3b:a7:ad:13:38:1e:8d:29:07:
         82:83:47:e4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3C16gSIaeqzykjF6i/TGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3ZWE2OThhYmNkZWUxMGRjYTlkNjcwM2E1NmU4N2E2YjM1
OWJmY2MwHhcNMjQwMTAxMTYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOWZlOGRhMWM0OGZkNWE3NDEzOGNjMjRlZmUwZjAxOTY5ODg5ODRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs5UL+C1PSokRgP+XW66hXp3ljeFH
5HCJzLJQzfUTkEoplamI0WW7n0lQLXcQmm8/2c8p73CO3McNP6+cU5hqCiMers/P
tVyp8RbArxRa+FoQeQ83Og21w8ddL3jf27qPU9BpVmcCIVY/pc+D/KMPtNcDqPQ+
hEeNc5FC4QE7wPj5wvv02ff9FODGgDZPaV5pb/Hsy8QkhlKyDuSmGILy8GZDxDS6
+pY6RoP+hm6phnG91iZ0x68RTMbO7uGsWe+YYBIi333buXpijYIlhJ9smpLlK6yM
JdOzo3iFzoOI2EQJbaf9F8Lb9wlg9/cYUuoEayIpGuK8AsPYCiqbbp9T0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAn+jaHEj9WnQTjMJO/g8BlpiJhMMB8GA1UdIwQY
MBaAFGfqaYq83uENyp1nA6Vuh6azWb/MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWi1wcGlyemU0UTNLbldjRHBXNkhwck5adjh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS9hMzIyYmEtYzk2NC00NjViLTg5ODkt
YjMyZDk3NGMyMTBlLzEvQ2Y2Tm9jU1AxYWRCT013azctRHdHV21JbUV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMS9hMzIyYmEtYzk2NC00NjViLTg5ODktYjMyZDk3NGMyMTBl
LzEvWi1wcGlyemU0UTNLbldjRHBXNkhwck5adjh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ4DMA0G
CSqGSIb3DQEBCwUAA4IBAQCSIinXBkz1yOBQVsajpNW6AWvkOtlCj93MiVZ0urT/
pWOHPuibX6xJXY32ocOPYtXnPCNA81xCv5nu4NN2y1J2Zr9wCpUxAiDIC5x+wEBm
WMSks4Rs9MTIDRPuidiAr3OQbzyD7pQWUJ75MFXp+6PBlYfSDqJNdsC1Lu/hzhTo
YNUHjqbwR769l/pSkadstHGD6pQE6/yxVnC99L0JTPgc8UhlRkfFZg76udKly3fx
y3k3/M+V7pFakHRxQ9ttqENrfgcJJlAH5eG8PnVgiO9Qb46WeuBXdzCXHVCyjbkE
uIhKFMh0+H7pCVbjNKty3OdQH807p60TOB6NKQeCg0fk
-----END CERTIFICATE-----