Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/bf8bca-c4a0-429d-9f4d-0eb6bbf65b1f/1/3IZT_q9np-bsnycB_W2wN_7HTnw.roa
File:                     3IZT_q9np-bsnycB_W2wN_7HTnw.roa (raw, json)
Hash identifier:          U2uZdsQBN/FogVAjv2xmiwaTa/hjSUeLHVGfOkRhNqs=
Subject key identifier:   DC:86:53:FE:AF:67:A7:E6:EC:9F:27:01:FD:6D:B0:37:FE:C7:4E:7C
Certificate issuer:       /CN=618855635e4794f5878e3b985fed8935ae06c5a1
Certificate serial:       018CC500599CAEDCE0E3FCC3FAF5D6CAE539
Authority key identifier: 61:88:55:63:5E:47:94:F5:87:8E:3B:98:5F:ED:89:35:AE:06:C5:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYhVY15HlPWHjjuYX-2JNa4GxaE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/bf8bca-c4a0-429d-9f4d-0eb6bbf65b1f/1/3IZT_q9np-bsnycB_W2wN_7HTnw.roa
Signing time:             Mon 01 Jan 2024 12:29:43 +0000
ROA not before:           Mon 01 Jan 2024 12:29:43 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15830
IP address blocks:        45.142.128.0/22 maxlen: 24
                          2a12:21c4::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/bf8bca-c4a0-429d-9f4d-0eb6bbf65b1f/1/YYhVY15HlPWHjjuYX-2JNa4GxaE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/bf8bca-c4a0-429d-9f4d-0eb6bbf65b1f/1/YYhVY15HlPWHjjuYX-2JNa4GxaE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYhVY15HlPWHjjuYX-2JNa4GxaE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 14:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:59:9c:ae:dc:e0:e3:fc:c3:fa:f5:d6:ca:e5:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618855635e4794f5878e3b985fed8935ae06c5a1
        Validity
            Not Before: Jan  1 12:29:43 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=dc8653feaf67a7e6ec9f2701fd6db037fec74e7c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:4c:77:7d:2e:6e:00:91:73:d3:71:2f:a3:4e:
                    39:ae:8d:37:e8:d8:c7:da:b1:cd:36:c0:17:fa:88:
                    15:62:2c:fc:af:fd:b4:4b:08:70:25:97:a6:fc:ba:
                    c5:7c:79:53:ab:ec:99:00:97:fe:fe:e3:77:b3:78:
                    ba:cb:42:92:57:ae:9e:43:e4:ef:60:02:7e:7e:18:
                    2d:ca:a7:38:3e:1c:59:0b:e4:59:cd:5d:85:ef:c8:
                    3d:b8:a8:44:09:9f:64:25:67:c3:37:52:cf:27:cf:
                    33:7b:6e:84:c7:37:ae:0d:1c:1f:ff:d6:18:c0:a7:
                    96:c7:6d:7f:47:42:ca:a9:86:a7:ce:a7:a3:1e:c9:
                    c0:c9:63:32:ce:8e:2b:75:59:49:66:fc:96:df:c4:
                    55:0e:dc:6b:a4:c8:60:06:f8:71:42:cf:c2:d5:30:
                    a8:4f:b4:71:dd:73:d6:74:10:0f:db:d7:c9:db:c3:
                    ac:88:ec:5d:e3:d8:f5:3d:ce:e0:0b:fc:b0:a2:7e:
                    20:6c:4e:15:da:6f:c3:bb:d7:31:34:f6:be:64:cd:
                    e6:f2:b5:2a:b6:0d:e9:ec:e7:20:98:61:48:f4:fa:
                    5c:9e:fe:17:2f:db:4f:45:c9:59:eb:9d:ec:cb:1d:
                    ad:05:04:c4:bb:57:45:1f:85:f9:85:7b:2c:8d:bd:
                    56:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:86:53:FE:AF:67:A7:E6:EC:9F:27:01:FD:6D:B0:37:FE:C7:4E:7C
            X509v3 Authority Key Identifier:
                keyid:61:88:55:63:5E:47:94:F5:87:8E:3B:98:5F:ED:89:35:AE:06:C5:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYhVY15HlPWHjjuYX-2JNa4GxaE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/bf8bca-c4a0-429d-9f4d-0eb6bbf65b1f/1/3IZT_q9np-bsnycB_W2wN_7HTnw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/bf8bca-c4a0-429d-9f4d-0eb6bbf65b1f/1/YYhVY15HlPWHjjuYX-2JNa4GxaE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.128.0/22
                IPv6:
                  2a12:21c4::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:ed:12:1f:8a:38:77:a7:01:c0:a9:54:43:60:82:4d:a2:cf:
         7d:3e:f3:41:1b:7b:77:a0:4f:9b:a8:f8:c0:c8:52:14:94:4b:
         a5:24:4d:b0:0a:35:47:55:6d:a0:6c:d1:4c:cf:a9:b9:a2:b6:
         9c:87:d0:43:99:3b:05:39:1f:79:c2:8c:54:1f:8d:32:de:63:
         12:09:60:04:b1:a8:d4:78:35:25:9f:a8:76:b0:e3:47:91:34:
         cc:5c:b8:e8:70:ce:3b:0b:79:97:03:48:dc:ff:86:7d:a7:43:
         9b:22:1a:81:9b:06:f3:5b:8d:80:40:54:20:bf:cc:1e:88:e0:
         2b:e8:20:7a:c4:1c:96:1c:d2:58:56:6f:97:44:ef:5f:fe:db:
         8a:5f:1d:08:7f:96:65:be:8b:84:5c:e9:fd:a1:ba:f8:db:92:
         e0:ef:b8:b2:de:81:ef:5a:2d:21:68:7f:8b:35:88:ca:44:2d:
         7e:30:43:ce:cc:eb:a5:a3:cd:13:b7:08:a8:b7:e1:cd:07:aa:
         d5:60:d0:05:65:7c:e8:79:71:38:61:ce:84:3a:5d:46:b9:27:
         03:a4:dd:12:78:d8:a7:59:f0:e1:4a:42:a4:ef:1e:8c:55:75:
         2e:60:68:4d:1d:38:0f:6f:24:4e:ee:4f:45:4a:ef:58:48:ec:
         2f:82:57:cd
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAFmcrtzg4/zD+vXWyuU5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODg1NTYzNWU0Nzk0ZjU4NzhlM2I5ODVmZWQ4OTM1YWUw
NmM1YTEwHhcNMjQwMTAxMTIyOTQzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYzg2NTNmZWFmNjdhN2U2ZWM5ZjI3MDFmZDZkYjAzN2ZlYzc0ZTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkx3fS5uAJFz03Evo045ro036NjH
2rHNNsAX+ogVYiz8r/20SwhwJZem/LrFfHlTq+yZAJf+/uN3s3i6y0KSV66eQ+Tv
YAJ+fhgtyqc4PhxZC+RZzV2F78g9uKhECZ9kJWfDN1LPJ88ze26ExzeuDRwf/9YY
wKeWx21/R0LKqYanzqejHsnAyWMyzo4rdVlJZvyW38RVDtxrpMhgBvhxQs/C1TCo
T7Rx3XPWdBAP29fJ28OsiOxd49j1Pc7gC/ywon4gbE4V2m/Du9cxNPa+ZM3m8rUq
tg3p7OcgmGFI9Ppcnv4XL9tPRclZ653syx2tBQTEu1dFH4X5hXssjb1WmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNyGU/6vZ6fm7J8nAf1tsDf+x058MB8GA1UdIwQY
MBaAFGGIVWNeR5T1h447mF/tiTWuBsWhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVloVlkxNUhsUFdIamp1WVgtMkpOYTRHeGFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9iZjhiY2EtYzRhMC00MjlkLTlmNGQt
MGViNmJiZjY1YjFmLzEvM0laVF9xOW5wLWJzbnljQl9XMndOXzdIVG53LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9iZjhiY2EtYzRhMC00MjlkLTlmNGQtMGViNmJiZjY1YjFm
LzEvWVloVlkxNUhsUFdIamp1WVgtMkpOYTRHeGFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLY6AMA0E
AgACMAcDBQAqEiHEMA0GCSqGSIb3DQEBCwUAA4IBAQBA7RIfijh3pwHAqVRDYIJN
os99PvNBG3t3oE+bqPjAyFIUlEulJE2wCjVHVW2gbNFMz6m5orach9BDmTsFOR95
woxUH40y3mMSCWAEsajUeDUln6h2sONHkTTMXLjocM47C3mXA0jc/4Z9p0ObIhqB
mwbzW42AQFQgv8weiOAr6CB6xByWHNJYVm+XRO9f/tuKXx0If5ZlvouEXOn9obr4
25Lg77iy3oHvWi0haH+LNYjKRC1+MEPOzOulo80Ttwiot+HNB6rVYNAFZXzoeXE4
Yc6EOl1GuScDpN0SeNinWfDhSkKk7x6MVXUuYGhNHTgPbyRO7k9FSu9YSOwvglfN
-----END CERTIFICATE-----