Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d8/d51211-d0bb-4a57-9390-ce2a496fee86/1/vtUmvZqkjRWLMXQdqNDoO1hWltM.roa
File:                     vtUmvZqkjRWLMXQdqNDoO1hWltM.roa (raw, json)
Hash identifier:          3Jl54Zm/86t3VpzpSb/5MnxT/UQF+ro1pWAG8pqA4fg=
Subject key identifier:   BE:D5:26:BD:9A:A4:8D:15:8B:31:74:1D:A8:D0:E8:3B:58:56:96:D3
Certificate issuer:       /CN=307a039502d46a6b9909110ce2ab1396877bd08e
Certificate serial:       018CC5DC16E7704207BEE23794CD86717E19
Authority key identifier: 30:7A:03:95:02:D4:6A:6B:99:09:11:0C:E2:AB:13:96:87:7B:D0:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MHoDlQLUamuZCREM4qsTlod70I4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d8/d51211-d0bb-4a57-9390-ce2a496fee86/1/vtUmvZqkjRWLMXQdqNDoO1hWltM.roa
Signing time:             Mon 01 Jan 2024 16:29:44 +0000
ROA not before:           Mon 01 Jan 2024 16:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1764
IP address blocks:        194.45.144.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d8/d51211-d0bb-4a57-9390-ce2a496fee86/1/MHoDlQLUamuZCREM4qsTlod70I4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d8/d51211-d0bb-4a57-9390-ce2a496fee86/1/MHoDlQLUamuZCREM4qsTlod70I4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MHoDlQLUamuZCREM4qsTlod70I4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:16:e7:70:42:07:be:e2:37:94:cd:86:71:7e:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=307a039502d46a6b9909110ce2ab1396877bd08e
        Validity
            Not Before: Jan  1 16:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bed526bd9aa48d158b31741da8d0e83b585696d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:33:5a:ad:9e:76:38:c9:ff:b0:c2:03:82:26:
                    d9:1d:8f:d2:84:d7:41:cf:4b:89:92:df:43:9f:75:
                    94:e1:c9:bc:2d:5a:14:3b:2b:ee:98:1d:44:6a:15:
                    72:86:bd:b9:87:83:50:01:51:aa:3a:09:9e:1a:a2:
                    bb:b0:22:fa:4e:a5:e9:2e:3c:e6:15:f9:9c:22:ac:
                    68:b3:66:ed:01:94:6c:16:8c:4a:70:44:0b:35:e9:
                    8b:1c:1f:15:3b:ff:43:5f:ab:53:05:66:8e:bf:e2:
                    b7:e0:6d:ee:fe:d1:21:8e:96:28:30:91:cb:b8:87:
                    c1:f0:7d:cf:c2:f2:64:fd:19:55:b7:a9:0c:38:a5:
                    68:6f:99:1e:db:e1:d2:64:e5:53:4a:32:24:a4:64:
                    d2:29:1b:22:16:5f:72:11:2b:e6:38:52:b1:63:44:
                    6f:09:3d:73:14:e1:6b:a0:3c:4e:82:20:f6:80:ca:
                    5c:0f:ad:87:d7:aa:8b:01:99:36:ee:8a:b0:81:88:
                    72:f1:77:08:2a:e4:03:4f:5a:13:fc:0c:85:1a:88:
                    ce:8e:35:f8:73:b5:88:64:a7:78:5a:8f:d2:a5:86:
                    23:64:0b:a8:be:5a:bf:70:9a:f4:df:71:c4:ee:52:
                    45:74:36:26:3a:65:17:59:d9:4d:cd:71:68:8e:af:
                    73:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:D5:26:BD:9A:A4:8D:15:8B:31:74:1D:A8:D0:E8:3B:58:56:96:D3
            X509v3 Authority Key Identifier:
                keyid:30:7A:03:95:02:D4:6A:6B:99:09:11:0C:E2:AB:13:96:87:7B:D0:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MHoDlQLUamuZCREM4qsTlod70I4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/d51211-d0bb-4a57-9390-ce2a496fee86/1/vtUmvZqkjRWLMXQdqNDoO1hWltM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d8/d51211-d0bb-4a57-9390-ce2a496fee86/1/MHoDlQLUamuZCREM4qsTlod70I4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.45.144.0/21

    Signature Algorithm: sha256WithRSAEncryption
         ba:51:32:40:31:67:d0:1c:f6:66:ba:6b:72:33:35:e8:7a:93:
         64:57:36:bd:2e:b7:c1:f2:c9:9d:0e:44:60:5d:e9:e6:eb:98:
         d5:22:db:e4:49:2c:1e:9a:39:5c:50:72:65:c0:f7:7c:ed:8a:
         8d:5c:f4:64:73:22:ee:47:17:18:11:58:75:1a:c6:a0:ad:9b:
         0f:4b:ae:93:de:a9:a1:37:e4:5f:f0:71:cd:e7:b7:b7:3c:a0:
         81:bd:40:e5:67:76:c2:33:a3:d1:32:cc:38:5c:da:69:d3:19:
         1a:a1:6f:1a:92:85:b2:51:f4:f2:28:a3:ca:7f:2f:79:73:c6:
         d7:88:ad:7b:cc:a9:7f:c4:92:d4:1d:36:df:c0:8e:36:b0:c4:
         cd:e8:a1:f9:a5:e2:93:b5:91:bf:73:0a:13:7d:e9:55:0e:88:
         34:22:97:8d:b1:cd:b5:8e:b1:72:23:bb:bc:51:a3:61:fd:04:
         36:0e:6c:bf:43:33:5b:ac:8d:a3:7d:c0:63:bf:d6:ba:e9:53:
         97:38:61:28:b1:76:8e:29:9d:6a:40:a8:60:f3:c3:65:a4:44:
         41:ac:3a:71:1c:f5:c9:27:4b:fc:f7:a5:1c:09:cc:74:db:74:
         a4:5b:21:b8:00:4c:28:45:94:cf:dd:b6:32:bb:1f:40:3e:b7:
         96:74:4d:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3BbncEIHvuI3lM2GcX4ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwN2EwMzk1MDJkNDZhNmI5OTA5MTEwY2UyYWIxMzk2ODc3
YmQwOGUwHhcNMjQwMTAxMTYyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZWQ1MjZiZDlhYTQ4ZDE1OGIzMTc0MWRhOGQwZTgzYjU4NTY5NmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DNarZ52OMn/sMIDgibZHY/ShNdB
z0uJkt9Dn3WU4cm8LVoUOyvumB1EahVyhr25h4NQAVGqOgmeGqK7sCL6TqXpLjzm
FfmcIqxos2btAZRsFoxKcEQLNemLHB8VO/9DX6tTBWaOv+K34G3u/tEhjpYoMJHL
uIfB8H3PwvJk/RlVt6kMOKVob5ke2+HSZOVTSjIkpGTSKRsiFl9yESvmOFKxY0Rv
CT1zFOFroDxOgiD2gMpcD62H16qLAZk27oqwgYhy8XcIKuQDT1oT/AyFGojOjjX4
c7WIZKd4Wo/SpYYjZAuovlq/cJr033HE7lJFdDYmOmUXWdlNzXFojq9zIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL7VJr2apI0VizF0HajQ6DtYVpbTMB8GA1UdIwQY
MBaAFDB6A5UC1GprmQkRDOKrE5aHe9COMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUhvRGxRTFVhbXVaQ1JFTTRxc1Rsb2Q3MEk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOC9kNTEyMTEtZDBiYi00YTU3LTkzOTAt
Y2UyYTQ5NmZlZTg2LzEvdnRVbXZacWtqUldMTVhRZHFORG9PMWhXbHRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOC9kNTEyMTEtZDBiYi00YTU3LTkzOTAtY2UyYTQ5NmZlZTg2
LzEvTUhvRGxRTFVhbXVaQ1JFTTRxc1Rsb2Q3MEk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDwi2QMA0G
CSqGSIb3DQEBCwUAA4IBAQC6UTJAMWfQHPZmumtyMzXoepNkVza9LrfB8smdDkRg
Xenm65jVItvkSSwemjlcUHJlwPd87YqNXPRkcyLuRxcYEVh1GsagrZsPS66T3qmh
N+Rf8HHN57e3PKCBvUDlZ3bCM6PRMsw4XNpp0xkaoW8akoWyUfTyKKPKfy95c8bX
iK17zKl/xJLUHTbfwI42sMTN6KH5peKTtZG/cwoTfelVDog0IpeNsc21jrFyI7u8
UaNh/QQ2Dmy/QzNbrI2jfcBjv9a66VOXOGEosXaOKZ1qQKhg88NlpERBrDpxHPXJ
J0v896UcCcx023SkWyG4AEwoRZTP3bYyux9APreWdE0f
-----END CERTIFICATE-----