Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/Y5tBOnYBsjtqPhDcLgPZiyIj9M4.roa
File:                     Y5tBOnYBsjtqPhDcLgPZiyIj9M4.roa (raw, json)
Hash identifier:          2RYCQ7+7DKVhEvwDSDftTOwFc/fPpUinfyMS4D8jTxg=
Subject key identifier:   63:9B:41:3A:76:01:B2:3B:6A:3E:10:DC:2E:03:D9:8B:22:23:F4:CE
Certificate issuer:       /CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
Certificate serial:       018CC49357EF433AEEB3AD9235EDD18EC853
Authority key identifier: B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/Y5tBOnYBsjtqPhDcLgPZiyIj9M4.roa
Signing time:             Mon 01 Jan 2024 10:30:39 +0000
ROA not before:           Mon 01 Jan 2024 10:30:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60995
IP address blocks:        45.13.136.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:57:ef:43:3a:ee:b3:ad:92:35:ed:d1:8e:c8:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b0c20ae1dacca31815b274702927c1a5a9dbc7b3
        Validity
            Not Before: Jan  1 10:30:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=639b413a7601b23b6a3e10dc2e03d98b2223f4ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:6d:44:b4:20:04:fb:2a:41:c1:6e:ab:b2:bc:
                    5f:73:6e:21:38:4b:e8:76:30:77:6d:27:79:d4:e7:
                    52:f0:2c:f8:30:18:98:ec:db:b1:f9:c5:15:dc:75:
                    75:66:ca:8d:e5:41:df:a6:70:b6:e3:9f:be:f5:20:
                    d5:3c:0a:e1:b9:22:37:7c:95:c4:38:19:1b:41:bc:
                    3a:44:3e:09:4a:ed:61:38:f3:bc:a1:bc:eb:10:c4:
                    32:d8:be:9c:9e:54:70:38:0d:dc:4c:22:8c:09:13:
                    c5:f6:22:b3:26:fe:ee:63:68:80:bd:66:d3:c8:41:
                    ba:78:1c:69:fb:72:f0:4d:2a:2d:74:4f:2f:ec:3d:
                    a1:c9:7e:18:fc:14:04:64:da:ec:f1:e4:8d:7a:f4:
                    31:dc:95:17:a4:ce:98:8b:65:31:d4:de:d4:57:33:
                    dc:38:b6:62:ad:ea:05:63:e8:23:25:95:f1:48:c8:
                    34:7a:ab:df:23:2a:b0:71:39:1c:b5:81:3c:56:29:
                    ab:00:39:bd:2e:71:2c:3e:8c:42:1f:74:3c:3a:d7:
                    cd:93:be:ff:7f:01:43:27:69:51:0f:5f:4b:55:68:
                    13:13:b8:50:bf:46:d1:55:b5:42:fc:9b:dc:42:da:
                    e5:63:72:55:1d:45:d8:ed:28:b8:37:10:4c:eb:f6:
                    cf:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:9B:41:3A:76:01:B2:3B:6A:3E:10:DC:2E:03:D9:8B:22:23:F4:CE
            X509v3 Authority Key Identifier:
                keyid:B0:C2:0A:E1:DA:CC:A3:18:15:B2:74:70:29:27:C1:A5:A9:DB:C7:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sMIK4drMoxgVsnRwKSfBpanbx7M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/Y5tBOnYBsjtqPhDcLgPZiyIj9M4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/888869-7a65-415b-b68f-5484402ceb7a/1/sMIK4drMoxgVsnRwKSfBpanbx7M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.136.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:9e:0b:e9:7a:38:09:0e:a6:d5:46:07:a1:c2:ba:e0:30:a9:
         68:21:c3:df:fe:fc:00:c9:68:47:0e:e0:7a:db:04:df:ec:b0:
         12:09:5e:75:f9:ea:dc:e9:95:5f:40:ef:db:c9:17:84:5c:e6:
         53:7f:43:64:cd:a1:f6:e7:8b:68:df:70:86:b0:a5:33:c2:41:
         92:f0:a1:53:f6:68:34:1d:f0:b3:7a:68:24:6f:5a:25:80:a8:
         d4:79:2b:99:f6:30:60:52:bc:8e:b3:0c:ce:dd:66:01:64:61:
         85:0b:77:26:29:a9:02:8d:e6:0b:bb:f5:48:62:ba:95:7e:0b:
         56:27:94:21:37:db:f4:63:43:80:9f:8a:82:5b:a3:31:c0:1a:
         10:d9:07:a6:76:2d:db:a6:3d:b9:52:0f:e0:1a:93:fc:65:09:
         58:c8:84:71:f9:2b:3f:94:90:14:53:1c:15:85:eb:99:42:91:
         2a:b2:fe:25:06:79:27:a7:bf:d3:f9:6d:a4:7e:ea:18:70:7e:
         66:05:08:fe:c1:fd:68:48:d0:a2:1e:73:2e:fd:62:0c:f3:de:
         6e:f2:0f:28:d1:68:ea:39:eb:a2:62:6a:ab:47:d1:39:41:f9:
         dd:17:10:7e:0c:0e:cf:eb:d4:f2:64:52:64:86:10:63:6b:66:
         ed:93:37:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk1fvQzrus62SNe3RjshTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYzIwYWUxZGFjY2EzMTgxNWIyNzQ3MDI5MjdjMWE1YTlk
YmM3YjMwHhcNMjQwMTAxMTAzMDM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzliNDEzYTc2MDFiMjNiNmEzZTEwZGMyZTAzZDk4YjIyMjNmNGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsm1EtCAE+ypBwW6rsrxfc24hOEvo
djB3bSd51OdS8Cz4MBiY7Nux+cUV3HV1ZsqN5UHfpnC245++9SDVPArhuSI3fJXE
OBkbQbw6RD4JSu1hOPO8obzrEMQy2L6cnlRwOA3cTCKMCRPF9iKzJv7uY2iAvWbT
yEG6eBxp+3LwTSotdE8v7D2hyX4Y/BQEZNrs8eSNevQx3JUXpM6Yi2Ux1N7UVzPc
OLZireoFY+gjJZXxSMg0eqvfIyqwcTkctYE8VimrADm9LnEsPoxCH3Q8OtfNk77/
fwFDJ2lRD19LVWgTE7hQv0bRVbVC/JvcQtrlY3JVHUXY7Si4NxBM6/bPHwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGObQTp2AbI7aj4Q3C4D2YsiI/TOMB8GA1UdIwQY
MBaAFLDCCuHazKMYFbJ0cCknwaWp28ezMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc01JSzRkck1veGdWc25Sd0tTZkJwYW5ieDdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ODg4NjktN2E2NS00MTViLWI2OGYt
NTQ4NDQwMmNlYjdhLzEvWTV0Qk9uWUJzanRxUGhEY0xnUFppeUlqOU00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ODg4NjktN2E2NS00MTViLWI2OGYtNTQ4NDQwMmNlYjdh
LzEvc01JSzRkck1veGdWc25Sd0tTZkJwYW5ieDdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ2IMA0G
CSqGSIb3DQEBCwUAA4IBAQAdngvpejgJDqbVRgehwrrgMKloIcPf/vwAyWhHDuB6
2wTf7LASCV51+erc6ZVfQO/byReEXOZTf0NkzaH254to33CGsKUzwkGS8KFT9mg0
HfCzemgkb1olgKjUeSuZ9jBgUryOswzO3WYBZGGFC3cmKakCjeYLu/VIYrqVfgtW
J5QhN9v0Y0OAn4qCW6MxwBoQ2Qemdi3bpj25Ug/gGpP8ZQlYyIRx+Ss/lJAUUxwV
heuZQpEqsv4lBnknp7/T+W2kfuoYcH5mBQj+wf1oSNCiHnMu/WIM895u8g8o0Wjq
OeuiYmqrR9E5QfndFxB+DA7P69TyZFJkhhBja2btkze3
-----END CERTIFICATE-----