Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/BVb4YNYmeGb48ZH3aCkBilPHKaI.roa
File:                     BVb4YNYmeGb48ZH3aCkBilPHKaI.roa (raw, json)
Hash identifier:          NhbJCWxPbjS47QBb5LtnKkuOMhmtHDVC69zxa19mIFI=
Subject key identifier:   05:56:F8:60:D6:26:78:66:F8:F1:91:F7:68:29:01:8A:53:C7:29:A2
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       018CC8DF96F7D34A42E5AD217DA4B0E039E0
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/BVb4YNYmeGb48ZH3aCkBilPHKaI.roa
Signing time:             Tue 02 Jan 2024 06:32:25 +0000
ROA not before:           Tue 02 Jan 2024 06:32:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43077
IP address blocks:        45.142.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:96:f7:d3:4a:42:e5:ad:21:7d:a4:b0:e0:39:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  2 06:32:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0556f860d6267866f8f191f76829018a53c729a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f8:99:8f:5a:9c:b2:c6:37:d1:7d:cb:02:ff:
                    e8:3b:a3:04:95:bf:98:f7:c7:a6:c0:34:a0:48:90:
                    49:b8:3d:c4:83:43:e4:d1:b2:03:f8:e2:97:30:0f:
                    38:0b:35:d4:42:b0:dc:56:cc:a9:64:12:32:98:f3:
                    ba:0b:1e:31:f9:12:57:4a:ec:4d:02:33:5d:c0:26:
                    ed:02:ad:3f:6f:29:d9:c0:04:84:8a:80:2d:92:3a:
                    f4:15:ac:a6:42:ff:c0:ba:f6:11:79:00:21:e2:56:
                    61:be:70:fb:10:36:3e:6d:ff:8c:91:5d:f9:c1:fc:
                    9b:83:12:5b:a6:75:97:94:31:e8:4c:26:15:7b:70:
                    c5:ad:c0:81:8e:ea:d2:e0:b7:b4:1f:3d:59:9a:86:
                    e1:08:11:24:04:1e:d4:cd:97:67:e2:b0:33:05:c3:
                    68:48:8c:ab:d8:39:3e:9c:5b:d6:62:f8:83:5e:d7:
                    5e:11:c5:53:71:6e:e5:f5:57:a4:ce:73:e6:f7:79:
                    4d:8b:7a:f5:77:de:2c:2a:36:01:4d:f0:3c:ce:9b:
                    c5:74:40:d4:59:2c:9a:02:11:88:fe:cd:55:76:c5:
                    de:47:bb:e9:fe:77:d9:d4:3f:3a:0b:34:08:c5:be:
                    6e:4c:e1:f6:7e:9c:4f:dc:65:19:85:2e:dc:3d:c3:
                    94:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:56:F8:60:D6:26:78:66:F8:F1:91:F7:68:29:01:8A:53:C7:29:A2
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/BVb4YNYmeGb48ZH3aCkBilPHKaI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.121.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:87:5b:54:85:07:79:24:43:44:42:0f:8b:e0:b5:be:ed:a9:
         d5:9a:a5:bb:4d:f9:38:a5:db:70:13:62:c4:32:c0:7d:e6:8e:
         e8:5a:f7:2e:d6:8a:ed:02:cf:70:f8:ad:52:9d:cb:1f:84:ac:
         0a:a6:6b:15:71:59:f5:59:25:00:10:66:8f:9c:63:47:e6:f4:
         21:0c:32:e9:c3:31:7c:0e:37:b4:b8:ae:36:ea:42:0a:a9:97:
         4f:78:e5:6a:7e:e6:e8:89:90:35:49:0b:11:41:49:c4:49:1a:
         c4:99:e3:5d:91:88:e8:73:73:93:cb:28:50:b0:28:e5:4b:b4:
         c1:b6:64:48:4f:5d:07:bc:ba:8e:7a:e0:dd:3c:82:86:9d:55:
         6e:61:42:37:6d:03:b7:3e:e6:3c:61:91:76:2a:d0:57:b3:f9:
         5b:d8:3b:5d:37:45:14:f4:25:b6:a4:4c:c5:91:6e:29:6c:04:
         13:d8:c8:63:b4:44:fe:6d:7b:72:eb:c9:3e:e1:b4:a0:f3:42:
         ca:6a:f1:8c:cf:4e:8e:f1:e1:8b:69:09:26:1a:9e:b4:4f:7d:
         e9:8e:46:05:ab:86:93:8b:4d:2b:ca:4c:0e:61:c2:57:17:6e:
         fd:55:a0:f8:00:ab:37:09:28:cb:ac:72:e0:35:6b:c6:2f:7a:
         77:60:e3:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI35b300pC5a0hfaSw4DngMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTU2Zjg2MGQ2MjY3ODY2ZjhmMTkxZjc2ODI5MDE4YTUzYzcyOWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPiZj1qcssY30X3LAv/oO6MElb+Y
98emwDSgSJBJuD3Eg0Pk0bID+OKXMA84CzXUQrDcVsypZBIymPO6Cx4x+RJXSuxN
AjNdwCbtAq0/bynZwASEioAtkjr0FaymQv/AuvYReQAh4lZhvnD7EDY+bf+MkV35
wfybgxJbpnWXlDHoTCYVe3DFrcCBjurS4Le0Hz1ZmobhCBEkBB7UzZdn4rAzBcNo
SIyr2Dk+nFvWYviDXtdeEcVTcW7l9VekznPm93lNi3r1d94sKjYBTfA8zpvFdEDU
WSyaAhGI/s1VdsXeR7vp/nfZ1D86CzQIxb5uTOH2fpxP3GUZhS7cPcOUtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAVW+GDWJnhm+PGR92gpAYpTxymiMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvQlZiNFlOWW1lR2I0OFpIM2FDa0JpbFBIS2FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY55MA0G
CSqGSIb3DQEBCwUAA4IBAQBCh1tUhQd5JENEQg+L4LW+7anVmqW7Tfk4pdtwE2LE
MsB95o7oWvcu1ortAs9w+K1SncsfhKwKpmsVcVn1WSUAEGaPnGNH5vQhDDLpwzF8
Dje0uK426kIKqZdPeOVqfuboiZA1SQsRQUnESRrEmeNdkYjoc3OTyyhQsCjlS7TB
tmRIT10HvLqOeuDdPIKGnVVuYUI3bQO3PuY8YZF2KtBXs/lb2DtdN0UU9CW2pEzF
kW4pbAQT2MhjtET+bXty68k+4bSg80LKavGMz06O8eGLaQkmGp60T33pjkYFq4aT
i00rykwOYcJXF279VaD4AKs3CSjLrHLgNWvGL3p3YONq
-----END CERTIFICATE-----