Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/9a0ef7-dd34-4671-bf51-5f2c1050375d/1/beLNIxvCGM1D2Ejjh_ApFV9o66o.roa
File:                     beLNIxvCGM1D2Ejjh_ApFV9o66o.roa (raw, json)
Hash identifier:          yVohaS6NotzziOaXdlJnof5hFwtYibT441z6BbNMV9Y=
Subject key identifier:   6D:E2:CD:23:1B:C2:18:CD:43:D8:48:E3:87:F0:29:15:5F:68:EB:AA
Certificate issuer:       /CN=905deafea3bad9248217b1629e42cffc7e491bd9
Certificate serial:       018CC793346205372805AEDF39C03C0D1873
Authority key identifier: 90:5D:EA:FE:A3:BA:D9:24:82:17:B1:62:9E:42:CF:FC:7E:49:1B:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kF3q_qO62SSCF7FinkLP_H5JG9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/9a0ef7-dd34-4671-bf51-5f2c1050375d/1/beLNIxvCGM1D2Ejjh_ApFV9o66o.roa
Signing time:             Tue 02 Jan 2024 00:29:22 +0000
ROA not before:           Tue 02 Jan 2024 00:29:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208609
IP address blocks:        45.92.68.0/23 maxlen: 23
                          45.92.69.0/24 maxlen: 24
                          45.92.68.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/9a0ef7-dd34-4671-bf51-5f2c1050375d/1/kF3q_qO62SSCF7FinkLP_H5JG9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/9a0ef7-dd34-4671-bf51-5f2c1050375d/1/kF3q_qO62SSCF7FinkLP_H5JG9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kF3q_qO62SSCF7FinkLP_H5JG9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:93:34:62:05:37:28:05:ae:df:39:c0:3c:0d:18:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=905deafea3bad9248217b1629e42cffc7e491bd9
        Validity
            Not Before: Jan  2 00:29:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6de2cd231bc218cd43d848e387f029155f68ebaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:0a:e1:fe:51:a9:97:68:90:4a:64:e2:86:d5:
                    13:9b:00:1c:af:6a:be:42:e5:e7:a0:f5:21:f6:6f:
                    4d:a8:0f:34:8a:57:23:80:61:a9:c0:1a:ea:9a:67:
                    4f:0b:bb:5f:d5:92:e4:9b:58:23:61:11:62:97:17:
                    97:81:e2:56:56:63:fc:40:ba:f4:15:93:a5:e0:ad:
                    6d:d7:ef:7b:4d:aa:b1:35:64:67:c2:f6:c3:82:e8:
                    a6:3c:f9:e5:e3:9f:54:6a:52:0a:99:de:fb:9a:1c:
                    8f:9e:1a:00:45:20:b1:39:b0:2a:a5:92:93:e3:21:
                    52:ba:6e:92:2d:2e:fd:2e:dc:2c:2d:cc:11:07:36:
                    01:e4:89:fe:e5:ff:83:db:7c:75:0a:97:35:96:8d:
                    c4:79:a3:ab:fe:d5:14:5b:63:4a:b0:b0:a6:b1:ed:
                    fd:08:bd:eb:00:6d:33:a2:d6:3c:ae:a1:cd:e4:dd:
                    ac:6d:a8:1b:9b:3a:b5:da:dd:ac:21:be:c0:31:bd:
                    02:48:32:ff:90:70:e0:a4:eb:e5:e3:26:65:8e:53:
                    31:3d:78:99:80:cf:4a:92:f3:7c:52:f6:f7:2e:6b:
                    b2:94:42:fc:bf:a0:a5:36:21:d2:08:72:0a:a7:1d:
                    f6:e2:19:19:80:1f:57:c8:1a:82:88:e5:b8:a3:0b:
                    cc:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:E2:CD:23:1B:C2:18:CD:43:D8:48:E3:87:F0:29:15:5F:68:EB:AA
            X509v3 Authority Key Identifier:
                keyid:90:5D:EA:FE:A3:BA:D9:24:82:17:B1:62:9E:42:CF:FC:7E:49:1B:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kF3q_qO62SSCF7FinkLP_H5JG9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/9a0ef7-dd34-4671-bf51-5f2c1050375d/1/beLNIxvCGM1D2Ejjh_ApFV9o66o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/9a0ef7-dd34-4671-bf51-5f2c1050375d/1/kF3q_qO62SSCF7FinkLP_H5JG9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         70:3f:d7:d0:ac:11:81:59:b9:42:fa:c9:39:5f:5a:24:5e:0a:
         e2:8d:7e:8d:bf:e3:21:b9:d3:a1:46:6b:9e:2a:93:a3:49:23:
         b5:09:bb:96:e4:51:2b:49:ae:07:27:65:17:a9:75:a3:24:1c:
         82:30:fc:69:06:dd:dc:ef:d1:b5:04:79:d8:eb:ca:f7:1f:5c:
         6d:1d:2d:64:c7:e4:e3:cf:79:f7:1b:49:72:30:04:c4:9e:b4:
         1c:ca:a1:ca:9b:42:69:3b:8f:db:3c:d5:da:be:f1:09:39:d2:
         11:49:fd:c4:15:9d:43:fe:73:a5:24:bc:38:62:a3:43:63:af:
         13:38:63:c5:98:f9:06:cc:70:dd:8e:e5:8a:93:7c:9b:44:06:
         de:78:01:8f:83:91:69:f9:6b:bc:f8:82:58:da:61:e4:aa:60:
         72:19:e5:06:db:b5:8a:32:28:f9:73:39:95:ed:65:1b:74:f9:
         9a:e5:c9:c6:9e:13:1c:c4:75:88:ca:09:ea:36:95:48:e6:15:
         d8:99:4b:5a:17:d2:6e:2e:d1:35:6b:16:0a:c1:02:92:1b:cd:
         42:5a:77:3a:e8:28:73:a3:66:0f:42:a2:85:2e:48:39:ed:47:
         86:8a:54:05:47:46:dd:f2:84:3a:0d:9c:cf:5b:41:b0:4f:88:
         73:b2:27:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHkzRiBTcoBa7fOcA8DRhzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwNWRlYWZlYTNiYWQ5MjQ4MjE3YjE2MjllNDJjZmZjN2U0
OTFiZDkwHhcNMjQwMTAyMDAyOTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZGUyY2QyMzFiYzIxOGNkNDNkODQ4ZTM4N2YwMjkxNTVmNjhlYmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgrh/lGpl2iQSmTihtUTmwAcr2q+
QuXnoPUh9m9NqA80ilcjgGGpwBrqmmdPC7tf1ZLkm1gjYRFilxeXgeJWVmP8QLr0
FZOl4K1t1+97TaqxNWRnwvbDguimPPnl459UalIKmd77mhyPnhoARSCxObAqpZKT
4yFSum6SLS79LtwsLcwRBzYB5In+5f+D23x1Cpc1lo3EeaOr/tUUW2NKsLCmse39
CL3rAG0zotY8rqHN5N2sbagbmzq12t2sIb7AMb0CSDL/kHDgpOvl4yZljlMxPXiZ
gM9KkvN8Uvb3LmuylEL8v6ClNiHSCHIKpx324hkZgB9XyBqCiOW4owvMpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG3izSMbwhjNQ9hI44fwKRVfaOuqMB8GA1UdIwQY
MBaAFJBd6v6jutkkghexYp5Cz/x+SRvZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0YzcV9xTzYyU1NDRjdGaW5rTFBfSDVKRzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi85YTBlZjctZGQzNC00NjcxLWJmNTEt
NWYyYzEwNTAzNzVkLzEvYmVMTkl4dkNHTTFEMkVqamhfQXBGVjlvNjZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi85YTBlZjctZGQzNC00NjcxLWJmNTEtNWYyYzEwNTAzNzVk
LzEva0YzcV9xTzYyU1NDRjdGaW5rTFBfSDVKRzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLVxEMA0G
CSqGSIb3DQEBCwUAA4IBAQBwP9fQrBGBWblC+sk5X1okXgrijX6Nv+MhudOhRmue
KpOjSSO1CbuW5FErSa4HJ2UXqXWjJByCMPxpBt3c79G1BHnY68r3H1xtHS1kx+Tj
z3n3G0lyMATEnrQcyqHKm0JpO4/bPNXavvEJOdIRSf3EFZ1D/nOlJLw4YqNDY68T
OGPFmPkGzHDdjuWKk3ybRAbeeAGPg5Fp+Wu8+IJY2mHkqmByGeUG27WKMij5czmV
7WUbdPma5cnGnhMcxHWIygnqNpVI5hXYmUtaF9JuLtE1axYKwQKSG81CWnc66Chz
o2YPQqKFLkg57UeGilQFR0bd8oQ6DZzPW0GwT4hzsier
-----END CERTIFICATE-----