Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/czlJ0Kgps9uv1S7noyiObfEs5Dg.roa
File:                     czlJ0Kgps9uv1S7noyiObfEs5Dg.roa (raw, json)
Hash identifier:          1Zy/132BawHWpRP29DD8rwBG1s6mo9b0m1uGUcKDH08=
Subject key identifier:   73:39:49:D0:A8:29:B3:DB:AF:D5:2E:E7:A3:28:8E:6D:F1:2C:E4:38
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC802753F4274B326B71899DEDCDF93B1
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/czlJ0Kgps9uv1S7noyiObfEs5Dg.roa
Signing time:             Tue 02 Jan 2024 02:30:53 +0000
ROA not before:           Tue 02 Jan 2024 02:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29119
IP address blocks:        45.8.23.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:75:3f:42:74:b3:26:b7:18:99:de:dc:df:93:b1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=733949d0a829b3dbafd52ee7a3288e6df12ce438
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:16:8b:d1:77:fb:cd:53:e6:38:4f:38:32:d9:
                    fb:6d:0d:48:a9:b0:cf:32:ce:c6:10:0c:04:14:76:
                    bf:fc:a8:51:27:6b:7a:20:b6:74:31:94:93:f8:a2:
                    b8:56:d5:ef:e7:13:3e:fe:3e:1b:fb:d1:c7:ae:79:
                    bf:91:53:f5:6b:e1:b2:80:1a:72:7b:73:b2:c6:86:
                    0c:20:0a:69:a5:0a:6c:6c:2a:3b:fe:47:72:e1:16:
                    ff:11:fa:77:82:bf:5e:04:2a:72:8e:f4:36:2f:e8:
                    0f:ba:63:b6:f9:bf:b7:2d:f9:9a:9c:21:4e:b5:7b:
                    59:42:2e:dc:a5:65:af:0c:48:19:53:85:40:92:7a:
                    26:92:b1:40:a1:94:de:00:44:65:04:bc:16:aa:ac:
                    b1:44:7d:ab:fe:79:80:bd:56:3c:c9:2b:d9:48:f4:
                    a1:35:c7:22:fd:39:a7:da:6f:08:38:9a:07:e1:4a:
                    53:35:41:2b:a7:11:51:12:97:28:98:38:3d:47:e2:
                    50:bb:8f:19:9b:a9:b2:46:86:bf:ac:88:0d:da:59:
                    c1:77:ab:04:5d:1e:be:dc:b1:58:d4:e1:4a:88:21:
                    b5:d3:61:d4:22:3a:5e:13:27:86:d4:02:e7:25:4a:
                    1a:6f:16:2f:bb:a4:2e:ad:81:99:8b:a4:59:0d:46:
                    31:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:39:49:D0:A8:29:B3:DB:AF:D5:2E:E7:A3:28:8E:6D:F1:2C:E4:38
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/czlJ0Kgps9uv1S7noyiObfEs5Dg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.23.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:06:0c:b8:36:24:5b:99:79:0f:18:6d:79:57:16:48:b4:65:
         1a:a7:bd:f2:c3:a1:78:dd:3f:e4:47:12:5f:39:ce:52:a1:8c:
         be:7d:57:2c:2e:80:7a:f2:ac:e4:c9:ec:bf:79:77:cb:28:1b:
         08:88:3b:18:2f:47:b9:41:f8:33:61:27:1c:ab:c6:69:5b:2b:
         09:08:7b:0b:0a:29:a6:1b:de:d2:8f:9a:b4:a2:62:f7:ab:e1:
         4b:19:ed:61:0d:96:8e:ca:72:e2:5e:61:36:fa:9e:4b:81:46:
         02:87:1f:d6:9f:fa:1f:53:06:0f:95:6e:be:18:40:5f:13:52:
         f1:a1:61:47:dc:79:8e:77:c8:ed:0c:0c:a0:f3:88:ec:6a:53:
         36:62:2c:ff:e8:f0:92:9f:bf:97:87:f2:bd:44:5e:33:a3:b2:
         0d:ad:43:98:ae:5a:51:fc:0f:0a:b2:98:ea:13:49:f1:aa:2c:
         f7:cd:48:5c:7a:fe:8a:9a:2a:6d:7e:02:9b:f6:34:59:84:0b:
         b6:f3:d4:63:09:68:22:cf:4e:95:d2:03:1d:3a:a6:85:8d:b9:
         ea:a4:f5:81:5c:e5:f3:66:0e:11:f1:0d:de:a8:6b:5f:d4:1b:
         31:0c:c0:38:34:74:45:47:b4:d9:7b:89:4e:e1:d7:0b:2e:ad:
         c2:d9:41:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAnU/QnSzJrcYmd7c35OxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MzM5NDlkMGE4MjliM2RiYWZkNTJlZTdhMzI4OGU2ZGYxMmNlNDM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnBaL0Xf7zVPmOE84Mtn7bQ1IqbDP
Ms7GEAwEFHa//KhRJ2t6ILZ0MZST+KK4VtXv5xM+/j4b+9HHrnm/kVP1a+GygBpy
e3OyxoYMIApppQpsbCo7/kdy4Rb/Efp3gr9eBCpyjvQ2L+gPumO2+b+3LfmanCFO
tXtZQi7cpWWvDEgZU4VAknomkrFAoZTeAERlBLwWqqyxRH2r/nmAvVY8ySvZSPSh
Ncci/Tmn2m8IOJoH4UpTNUErpxFREpcomDg9R+JQu48Zm6myRoa/rIgN2lnBd6sE
XR6+3LFY1OFKiCG102HUIjpeEyeG1ALnJUoabxYvu6QurYGZi6RZDUYxrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHM5SdCoKbPbr9Uu56Mojm3xLOQ4MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvY3psSjBLZ3BzOXV2MVM3bm95aU9iZkVzNURnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQgXMA0G
CSqGSIb3DQEBCwUAA4IBAQCjBgy4NiRbmXkPGG15VxZItGUap73yw6F43T/kRxJf
Oc5SoYy+fVcsLoB68qzkyey/eXfLKBsIiDsYL0e5QfgzYSccq8ZpWysJCHsLCimm
G97Sj5q0omL3q+FLGe1hDZaOynLiXmE2+p5LgUYChx/Wn/ofUwYPlW6+GEBfE1Lx
oWFH3HmOd8jtDAyg84jsalM2Yiz/6PCSn7+Xh/K9RF4zo7INrUOYrlpR/A8Kspjq
E0nxqiz3zUhcev6KmiptfgKb9jRZhAu289RjCWgiz06V0gMdOqaFjbnqpPWBXOXz
Zg4R8Q3eqGtf1BsxDMA4NHRFR7TZe4lO4dcLLq3C2UFB
-----END CERTIFICATE-----