Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/rDqiDMFQgQtuVDMCw2Oy9-JGfO4.roa
File:                     rDqiDMFQgQtuVDMCw2Oy9-JGfO4.roa (raw, json)
Hash identifier:          hzOvR1N2kJSP5DdPDaRCa/batoh8kSj3bxC9qXCVYP0=
Subject key identifier:   AC:3A:A2:0C:C1:50:81:0B:6E:54:33:02:C3:63:B2:F7:E2:46:7C:EE
Certificate issuer:       /CN=e1b9a3ce0f593910819c3271e1e8d0bd1371a6be
Certificate serial:       018DC5C10DEED4D4CFEF9CC36542A3F9DF4E
Authority key identifier: E1:B9:A3:CE:0F:59:39:10:81:9C:32:71:E1:E8:D0:BD:13:71:A6:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4bmjzg9ZORCBnDJx4ejQvRNxpr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/rDqiDMFQgQtuVDMCw2Oy9-JGfO4.roa
Signing time:             Tue 20 Feb 2024 09:02:59 +0000
ROA not before:           Tue 20 Feb 2024 09:02:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136787
IP address blocks:        45.157.124.0/24 maxlen: 24
                          45.157.125.0/24 maxlen: 24
                          45.157.126.0/24 maxlen: 24
                          45.157.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/4bmjzg9ZORCBnDJx4ejQvRNxpr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/4bmjzg9ZORCBnDJx4ejQvRNxpr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4bmjzg9ZORCBnDJx4ejQvRNxpr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 09 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:c5:c1:0d:ee:d4:d4:cf:ef:9c:c3:65:42:a3:f9:df:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1b9a3ce0f593910819c3271e1e8d0bd1371a6be
        Validity
            Not Before: Feb 20 09:02:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ac3aa20cc150810b6e543302c363b2f7e2467cee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:aa:9c:9c:4d:0b:d2:7a:cd:42:58:45:47:90:
                    1a:53:f7:56:57:51:c9:c3:d7:8f:14:15:12:dd:36:
                    44:c3:ca:7c:3b:e9:6f:b1:4b:ad:b0:be:37:22:f0:
                    d8:58:cb:db:04:68:0c:62:cf:55:cc:78:43:23:d4:
                    a8:92:40:1e:2b:4f:3d:27:c5:64:48:60:ee:74:7e:
                    b2:47:99:d5:7a:7e:27:bd:30:17:06:28:97:a0:cf:
                    c9:55:3c:31:0c:ab:8a:db:3d:fa:40:20:d6:c2:e8:
                    8f:23:46:88:64:e1:37:13:58:5c:b7:ad:54:6f:e4:
                    bf:98:42:ae:64:bb:0a:92:01:43:6d:05:56:8a:a0:
                    5b:c0:b3:0d:50:34:b4:8d:ca:31:55:eb:c2:f9:5c:
                    db:55:2e:03:17:96:db:4f:1b:27:e7:56:5b:9b:22:
                    e3:37:8e:f4:38:ba:3e:56:af:68:77:b6:3a:53:52:
                    66:6e:8e:0a:d4:e5:3e:41:c5:50:0f:ed:c4:82:c4:
                    2a:5b:63:40:e7:be:c3:ba:88:c2:63:b2:c1:5b:a1:
                    81:3b:32:90:fd:60:0b:7f:23:dc:17:ba:2e:24:ff:
                    84:b7:4d:bd:a0:00:44:31:ce:ba:9e:74:20:56:eb:
                    79:6e:71:ac:81:22:a4:83:0e:b5:33:b3:37:bd:75:
                    da:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:3A:A2:0C:C1:50:81:0B:6E:54:33:02:C3:63:B2:F7:E2:46:7C:EE
            X509v3 Authority Key Identifier:
                keyid:E1:B9:A3:CE:0F:59:39:10:81:9C:32:71:E1:E8:D0:BD:13:71:A6:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4bmjzg9ZORCBnDJx4ejQvRNxpr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/rDqiDMFQgQtuVDMCw2Oy9-JGfO4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/4bmjzg9ZORCBnDJx4ejQvRNxpr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         58:55:5e:67:1f:d8:1f:64:43:e4:5c:8c:8c:ab:fe:e7:80:68:
         75:e8:24:42:c3:31:c0:d7:2c:81:ac:f7:8f:d8:df:4d:f9:b2:
         bc:d2:9e:6a:68:1c:70:7b:cb:fc:d0:72:26:bf:6e:4f:8a:9d:
         1b:94:4f:39:72:73:35:4d:21:91:03:7e:c4:ac:8b:f6:56:ba:
         58:e9:16:3f:4a:fc:4c:59:f9:da:af:09:a0:45:c6:a8:ce:7b:
         78:0e:11:ae:96:53:48:23:4e:cb:c0:6a:4a:85:41:c0:ec:41:
         a8:91:fe:9b:ae:b9:38:7b:11:88:57:9c:98:a1:1b:8e:95:41:
         22:44:76:0b:b3:c7:63:0a:a0:a1:d7:b0:60:23:39:72:1c:d1:
         ce:74:87:5e:41:91:d2:b2:96:76:48:ea:1f:05:b6:5a:3e:8b:
         4c:a7:7a:64:bf:6f:b5:ee:02:23:60:bf:ea:39:f0:62:75:4a:
         d4:63:dc:bc:dc:20:35:f1:bf:a8:8c:7a:42:db:0c:d2:78:bf:
         08:e9:03:cb:6b:33:23:4f:f2:e0:2c:45:ab:e0:8f:43:cb:b0:
         aa:d7:e5:11:18:dc:45:e3:25:15:43:56:a2:01:5d:c4:97:20:
         78:d9:41:65:1c:8d:29:5c:f0:25:dd:04:9d:97:d1:ca:12:70:
         8b:81:f8:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY3FwQ3u1NTP75zDZUKj+d9OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxYjlhM2NlMGY1OTM5MTA4MTljMzI3MWUxZThkMGJkMTM3
MWE2YmUwHhcNMjQwMjIwMDkwMjU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzNhYTIwY2MxNTA4MTBiNmU1NDMzMDJjMzYzYjJmN2UyNDY3Y2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnKqcnE0L0nrNQlhFR5AaU/dWV1HJ
w9ePFBUS3TZEw8p8O+lvsUutsL43IvDYWMvbBGgMYs9VzHhDI9SokkAeK089J8Vk
SGDudH6yR5nVen4nvTAXBiiXoM/JVTwxDKuK2z36QCDWwuiPI0aIZOE3E1hct61U
b+S/mEKuZLsKkgFDbQVWiqBbwLMNUDS0jcoxVevC+VzbVS4DF5bbTxsn51ZbmyLj
N470OLo+Vq9od7Y6U1Jmbo4K1OU+QcVQD+3EgsQqW2NA577DuojCY7LBW6GBOzKQ
/WALfyPcF7ouJP+Et029oABEMc66nnQgVut5bnGsgSKkgw61M7M3vXXa5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKw6ogzBUIELblQzAsNjsvfiRnzuMB8GA1UdIwQY
MBaAFOG5o84PWTkQgZwyceHo0L0Tcaa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGJtanpnOVpPUkNCbkRKeDRlalF2Uk54cHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8wZDhiZTgtYjRiNC00MzZlLTg2ZTIt
YmE0YzU2ZDhjMGNlLzEvckRxaURNRlFnUXR1VkRNQ3cyT3k5LUpHZk80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8wZDhiZTgtYjRiNC00MzZlLTg2ZTItYmE0YzU2ZDhjMGNl
LzEvNGJtanpnOVpPUkNCbkRKeDRlalF2Uk54cHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ18MA0G
CSqGSIb3DQEBCwUAA4IBAQBYVV5nH9gfZEPkXIyMq/7ngGh16CRCwzHA1yyBrPeP
2N9N+bK80p5qaBxwe8v80HImv25Pip0blE85cnM1TSGRA37ErIv2VrpY6RY/SvxM
WfnarwmgRcaoznt4DhGullNII07LwGpKhUHA7EGokf6brrk4exGIV5yYoRuOlUEi
RHYLs8djCqCh17BgIzlyHNHOdIdeQZHSspZ2SOofBbZaPotMp3pkv2+17gIjYL/q
OfBidUrUY9y83CA18b+ojHpC2wzSeL8I6QPLazMjT/LgLEWr4I9Dy7Cq1+URGNxF
4yUVQ1aiAV3ElyB42UFlHI0pXPAl3QSdl9HKEnCLgfhz
-----END CERTIFICATE-----