Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/B9PE28-D5_64V8XltZo76h1Lra8.roa
File:                     B9PE28-D5_64V8XltZo76h1Lra8.roa (raw, json)
Hash identifier:          +siG5D460q/Ea9RvmNarI8m+phvT8UHs0phzg7BtEBI=
Subject key identifier:   07:D3:C4:DB:CF:83:E7:FE:B8:57:C5:E5:B5:9A:3B:EA:1D:4B:AD:AF
Certificate issuer:       /CN=b960b14746c5875244ae3b694162ec6d8c63255e
Certificate serial:       018CC26D033D4A5DA8FB93215FEEC7793644
Authority key identifier: B9:60:B1:47:46:C5:87:52:44:AE:3B:69:41:62:EC:6D:8C:63:25:5E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uWCxR0bFh1JErjtpQWLsbYxjJV4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/B9PE28-D5_64V8XltZo76h1Lra8.roa
Signing time:             Mon 01 Jan 2024 00:29:33 +0000
ROA not before:           Mon 01 Jan 2024 00:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21221
IP address blocks:        45.135.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/uWCxR0bFh1JErjtpQWLsbYxjJV4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/uWCxR0bFh1JErjtpQWLsbYxjJV4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uWCxR0bFh1JErjtpQWLsbYxjJV4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:03:3d:4a:5d:a8:fb:93:21:5f:ee:c7:79:36:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b960b14746c5875244ae3b694162ec6d8c63255e
        Validity
            Not Before: Jan  1 00:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07d3c4dbcf83e7feb857c5e5b59a3bea1d4badaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:fc:a3:ec:e1:b5:e3:9c:a9:0d:67:c1:e0:1a:
                    72:2a:b6:7f:b7:3f:95:77:3d:fb:3a:0c:a2:4b:ad:
                    33:d0:c5:c4:05:83:dd:2f:a2:67:ba:53:ac:3d:d2:
                    f5:ec:e4:89:41:09:7c:b5:64:af:ea:3d:40:46:ee:
                    ed:2e:a3:d9:e8:26:07:2e:9e:42:6b:65:e1:cf:7e:
                    5a:4d:99:32:e8:f2:4c:42:ca:cf:6c:ba:af:91:e6:
                    a8:36:c8:e9:b3:bd:37:cb:38:5e:7c:17:c6:01:a7:
                    b3:a5:b9:a0:2c:2b:78:3e:d8:71:d2:fb:ed:25:94:
                    ce:30:9c:52:31:34:cf:31:95:64:18:1a:90:6a:1e:
                    bc:83:77:c3:2a:39:fb:e0:0d:ac:57:42:59:a1:44:
                    73:3b:58:08:cb:ee:28:1c:8b:2d:32:a1:a0:e3:41:
                    37:60:34:ed:5e:70:24:cb:f4:18:64:26:f9:a0:be:
                    3a:42:25:af:a9:7a:ca:13:ef:19:cc:f1:de:9f:20:
                    1a:d6:be:c3:91:3e:a8:ba:5d:a1:b3:d0:66:ea:f4:
                    d7:cb:bb:b2:1f:c0:89:0b:08:d7:26:bc:78:81:35:
                    76:0a:f0:d4:b1:96:78:19:c4:29:49:7b:80:3d:7c:
                    4b:24:93:5d:7a:ae:d2:71:e9:99:04:05:43:79:10:
                    de:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:D3:C4:DB:CF:83:E7:FE:B8:57:C5:E5:B5:9A:3B:EA:1D:4B:AD:AF
            X509v3 Authority Key Identifier:
                keyid:B9:60:B1:47:46:C5:87:52:44:AE:3B:69:41:62:EC:6D:8C:63:25:5E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uWCxR0bFh1JErjtpQWLsbYxjJV4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/B9PE28-D5_64V8XltZo76h1Lra8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/458078-426e-4449-a2a9-18882a2809b2/1/uWCxR0bFh1JErjtpQWLsbYxjJV4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         32:c1:e1:93:dd:04:f9:1c:17:9b:69:b7:64:50:65:dc:d1:b3:
         f0:d6:3a:39:cf:5f:18:2d:00:e9:26:78:77:d5:5b:a8:46:6d:
         b7:10:73:ef:9d:8a:2e:0a:c7:e5:78:50:0d:10:38:1c:7e:77:
         fd:fc:ec:8f:8a:f3:84:b3:39:60:44:c2:fc:ef:85:7c:41:1d:
         c6:a7:12:54:a1:c2:c9:b2:06:ff:34:33:bc:c9:c8:c6:59:17:
         ab:26:24:52:c7:cd:a9:a2:43:2d:d5:bc:89:67:71:ac:f1:ba:
         f9:de:f4:67:1e:8a:9f:8b:4b:3d:b3:9c:45:08:01:ee:50:c0:
         5a:eb:e0:ae:03:c4:4f:51:c9:0a:0e:bc:53:87:d7:ca:68:85:
         29:b5:66:7b:9a:a5:06:83:83:2e:fd:9e:42:d7:e9:82:8d:4d:
         e6:af:15:93:a9:7d:78:b9:16:63:c6:d6:5b:b9:72:15:40:91:
         5e:7c:f4:4a:f3:42:ac:d9:f1:39:b4:a5:b6:78:0a:6f:8c:d2:
         45:44:59:b1:eb:46:99:c2:36:8b:30:c6:a2:95:43:ee:16:1d:
         09:42:cc:66:1c:6f:83:36:b1:b1:08:01:ed:d5:2c:ed:59:da:
         9d:cd:6e:86:ec:bd:86:5d:cb:d8:7b:9c:6e:28:b0:e9:8e:c8:
         57:df:01:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbQM9Sl2o+5MhX+7HeTZEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5NjBiMTQ3NDZjNTg3NTI0NGFlM2I2OTQxNjJlYzZkOGM2
MzI1NWUwHhcNMjQwMTAxMDAyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2QzYzRkYmNmODNlN2ZlYjg1N2M1ZTViNTlhM2JlYTFkNGJhZGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAifyj7OG145ypDWfB4BpyKrZ/tz+V
dz37OgyiS60z0MXEBYPdL6JnulOsPdL17OSJQQl8tWSv6j1ARu7tLqPZ6CYHLp5C
a2Xhz35aTZky6PJMQsrPbLqvkeaoNsjps703yzhefBfGAaezpbmgLCt4Pthx0vvt
JZTOMJxSMTTPMZVkGBqQah68g3fDKjn74A2sV0JZoURzO1gIy+4oHIstMqGg40E3
YDTtXnAky/QYZCb5oL46QiWvqXrKE+8ZzPHenyAa1r7DkT6oul2hs9Bm6vTXy7uy
H8CJCwjXJrx4gTV2CvDUsZZ4GcQpSXuAPXxLJJNdeq7ScemZBAVDeRDehwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAfTxNvPg+f+uFfF5bWaO+odS62vMB8GA1UdIwQY
MBaAFLlgsUdGxYdSRK47aUFi7G2MYyVeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVdDeFIwYkZoMUpFcmp0cFFXTHNiWXhqSlY0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy80NTgwNzgtNDI2ZS00NDQ5LWEyYTkt
MTg4ODJhMjgwOWIyLzEvQjlQRTI4LUQ1XzY0VjhYbHRabzc2aDFMcmE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy80NTgwNzgtNDI2ZS00NDQ5LWEyYTktMTg4ODJhMjgwOWIy
LzEvdVdDeFIwYkZoMUpFcmp0cFFXTHNiWXhqSlY0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYfSMA0G
CSqGSIb3DQEBCwUAA4IBAQAyweGT3QT5HBebabdkUGXc0bPw1jo5z18YLQDpJnh3
1VuoRm23EHPvnYouCsfleFANEDgcfnf9/OyPivOEszlgRML874V8QR3GpxJUocLJ
sgb/NDO8ycjGWRerJiRSx82pokMt1byJZ3Gs8br53vRnHoqfi0s9s5xFCAHuUMBa
6+CuA8RPUckKDrxTh9fKaIUptWZ7mqUGg4Mu/Z5C1+mCjU3mrxWTqX14uRZjxtZb
uXIVQJFefPRK80Ks2fE5tKW2eApvjNJFRFmx60aZwjaLMMailUPuFh0JQsxmHG+D
NrGxCAHt1SztWdqdzW6G7L2GXcvYe5xuKLDpjshX3wHz
-----END CERTIFICATE-----