Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/pc8qn1Ntogq_hidEARExlAShhFo.roa
File:                     pc8qn1Ntogq_hidEARExlAShhFo.roa (raw, json)
Hash identifier:          eN7xswuKjo7EK2VcZIWHi72uEW4lLBYl9SL33jHkpTI=
Subject key identifier:   A5:CF:2A:9F:53:6D:A2:0A:BF:86:27:44:01:11:31:94:04:A1:84:5A
Certificate issuer:       /CN=8f8685dbadffb01ddcce6c4d82a97f33c040ed2d
Certificate serial:       018CC80119315A9F4E3B7D3D15ECE0B5E9CC
Authority key identifier: 8F:86:85:DB:AD:FF:B0:1D:DC:CE:6C:4D:82:A9:7F:33:C0:40:ED:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j4aF263_sB3czmxNgql_M8BA7S0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/pc8qn1Ntogq_hidEARExlAShhFo.roa
Signing time:             Tue 02 Jan 2024 02:29:24 +0000
ROA not before:           Tue 02 Jan 2024 02:29:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208262
IP address blocks:        45.150.136.0/22 maxlen: 22
                          2a0f:c600::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/j4aF263_sB3czmxNgql_M8BA7S0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/j4aF263_sB3czmxNgql_M8BA7S0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j4aF263_sB3czmxNgql_M8BA7S0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:19:31:5a:9f:4e:3b:7d:3d:15:ec:e0:b5:e9:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f8685dbadffb01ddcce6c4d82a97f33c040ed2d
        Validity
            Not Before: Jan  2 02:29:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a5cf2a9f536da20abf8627440111319404a1845a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:29:8a:99:c6:a8:a8:dd:fa:c2:19:f6:e6:c6:
                    23:5a:7a:ee:ef:2d:42:ef:c8:ce:be:e4:12:8a:15:
                    20:65:4a:e5:87:a5:5e:79:73:e5:2b:c0:f7:23:4e:
                    71:65:ea:2e:99:7f:f8:df:56:4f:80:23:91:80:65:
                    6c:f0:6d:1b:3f:36:c3:d4:6c:cd:c4:c4:96:c4:1c:
                    cb:24:7d:c0:f7:4b:3a:9a:b8:c2:ed:55:b1:19:c9:
                    cc:6a:87:ef:08:e4:32:a4:86:b8:4a:1a:39:d1:4e:
                    8c:21:08:2e:5c:81:35:df:22:9c:d1:54:aa:df:33:
                    0d:92:7b:a7:f1:d3:f9:70:2c:a9:6c:16:9e:fd:10:
                    21:ef:3f:47:e2:25:6a:f2:b4:ec:1f:b6:3e:20:69:
                    18:6f:e7:e0:b6:4e:06:14:24:50:1a:30:bc:44:4b:
                    74:da:ed:58:d8:c0:85:10:ad:26:2f:dc:a1:34:4f:
                    14:dd:34:37:d1:bb:92:9e:5b:4c:6f:a9:55:32:8e:
                    dc:bd:a7:d2:c7:a1:05:71:59:02:bd:15:7d:95:48:
                    e1:8d:4f:54:9c:2f:79:9f:a6:c6:55:bf:9b:fa:2b:
                    23:6b:7f:50:ad:2a:6d:06:fc:9d:b3:01:1a:93:80:
                    06:40:65:22:14:fd:85:75:47:22:de:02:77:24:fa:
                    19:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:CF:2A:9F:53:6D:A2:0A:BF:86:27:44:01:11:31:94:04:A1:84:5A
            X509v3 Authority Key Identifier:
                keyid:8F:86:85:DB:AD:FF:B0:1D:DC:CE:6C:4D:82:A9:7F:33:C0:40:ED:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j4aF263_sB3czmxNgql_M8BA7S0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/pc8qn1Ntogq_hidEARExlAShhFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/j4aF263_sB3czmxNgql_M8BA7S0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.136.0/22
                IPv6:
                  2a0f:c600::/29

    Signature Algorithm: sha256WithRSAEncryption
         a5:5e:da:1d:b3:58:d5:e4:00:11:12:a1:d3:0f:8a:64:21:e3:
         a0:30:89:3c:66:37:0d:3d:70:b8:1c:b8:01:4b:a5:b7:eb:97:
         35:ff:ed:1f:d9:54:30:76:5d:86:b4:79:b9:0f:c1:d6:fe:3b:
         ef:99:95:0f:5e:39:9c:86:10:5c:84:ef:f4:5f:44:7a:80:a8:
         e8:fa:7f:30:b8:8f:0f:7d:2c:73:7e:41:dc:2d:78:8d:2a:45:
         45:b1:53:c0:37:9c:d2:77:c2:62:ea:dd:14:87:11:27:82:28:
         81:d3:85:66:aa:d5:c2:63:2b:1b:84:b8:43:40:f5:22:54:2d:
         81:0d:ac:07:d8:08:b9:63:d5:06:43:43:a6:9c:77:ad:46:cf:
         ea:67:c5:8b:01:f1:57:5f:66:26:8e:84:04:c0:cd:03:0a:0d:
         a1:ac:09:39:93:58:6b:9c:b0:15:67:9e:de:ce:84:a9:f2:09:
         06:af:a2:cc:b1:a0:82:53:7d:91:2b:6e:23:34:0c:6c:07:c6:
         81:f8:79:5d:03:ee:6c:0c:6a:ca:dd:7e:30:dc:c9:37:c2:b6:
         e6:c4:09:c2:98:81:ab:63:3c:f2:e1:8c:a9:e3:05:d1:6d:c9:
         03:b0:e5:c4:ff:ec:f4:41:65:8f:9e:c1:c3:cb:6f:15:62:17:
         43:b9:b3:e3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIARkxWp9OO309FezgtenMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmODY4NWRiYWRmZmIwMWRkY2NlNmM0ZDgyYTk3ZjMzYzA0
MGVkMmQwHhcNMjQwMTAyMDIyOTI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNWNmMmE5ZjUzNmRhMjBhYmY4NjI3NDQwMTExMzE5NDA0YTE4NDVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkymKmcaoqN36whn25sYjWnru7y1C
78jOvuQSihUgZUrlh6VeeXPlK8D3I05xZeoumX/431ZPgCORgGVs8G0bPzbD1GzN
xMSWxBzLJH3A90s6mrjC7VWxGcnMaofvCOQypIa4Sho50U6MIQguXIE13yKc0VSq
3zMNknun8dP5cCypbBae/RAh7z9H4iVq8rTsH7Y+IGkYb+fgtk4GFCRQGjC8REt0
2u1Y2MCFEK0mL9yhNE8U3TQ30buSnltMb6lVMo7cvafSx6EFcVkCvRV9lUjhjU9U
nC95n6bGVb+b+isja39QrSptBvydswEak4AGQGUiFP2FdUci3gJ3JPoZowIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFKXPKp9TbaIKv4YnRAERMZQEoYRaMB8GA1UdIwQY
MBaAFI+Ghdut/7Ad3M5sTYKpfzPAQO0tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajRhRjI2M19zQjNjem14TmdxbF9NOEJBN1MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS83MTJmMDMtYWZlOS00ZjY1LWFjZWMt
NjdjZmUzMDY3YjJhLzEvcGM4cW4xTnRvZ3FfaGlkRUFSRXhsQVNoaEZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS83MTJmMDMtYWZlOS00ZjY1LWFjZWMtNjdjZmUzMDY3YjJh
LzEvajRhRjI2M19zQjNjem14TmdxbF9NOEJBN1MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZaIMA0E
AgACMAcDBQMqD8YAMA0GCSqGSIb3DQEBCwUAA4IBAQClXtods1jV5AAREqHTD4pk
IeOgMIk8ZjcNPXC4HLgBS6W365c1/+0f2VQwdl2GtHm5D8HW/jvvmZUPXjmchhBc
hO/0X0R6gKjo+n8wuI8PfSxzfkHcLXiNKkVFsVPAN5zSd8Ji6t0UhxEngiiB04Vm
qtXCYysbhLhDQPUiVC2BDawH2Ai5Y9UGQ0OmnHetRs/qZ8WLAfFXX2YmjoQEwM0D
Cg2hrAk5k1hrnLAVZ57ezoSp8gkGr6LMsaCCU32RK24jNAxsB8aB+HldA+5sDGrK
3X4w3Mk3wrbmxAnCmIGrYzzy4Yyp4wXRbckDsOXE/+z0QWWPnsHDy28VYhdDubPj
-----END CERTIFICATE-----