Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/5ee6f9-b025-48a3-ad85-f06bbfb8408f/1/xeQs3RHCkIDhQJsL80y4nDyuC_s.roa
File:                     xeQs3RHCkIDhQJsL80y4nDyuC_s.roa (raw, json)
Hash identifier:          Qx0umRjUCKJw/VUHODa9LWrvtUI7d1ipq7AAKs9SBbI=
Subject key identifier:   C5:E4:2C:DD:11:C2:90:80:E1:40:9B:0B:F3:4C:B8:9C:3C:AE:0B:FB
Certificate issuer:       /CN=da24c30b3c3fe94606283fe985e9a6ba8b8fdfcb
Certificate serial:       018CC425201275302B056F2CB0F2447DA36F
Authority key identifier: DA:24:C3:0B:3C:3F:E9:46:06:28:3F:E9:85:E9:A6:BA:8B:8F:DF:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2iTDCzw_6UYGKD_phemmuouP38s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/da/5ee6f9-b025-48a3-ad85-f06bbfb8408f/1/xeQs3RHCkIDhQJsL80y4nDyuC_s.roa
Signing time:             Mon 01 Jan 2024 08:30:16 +0000
ROA not before:           Mon 01 Jan 2024 08:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49981
IP address blocks:        45.150.156.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/da/5ee6f9-b025-48a3-ad85-f06bbfb8408f/1/2iTDCzw_6UYGKD_phemmuouP38s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/da/5ee6f9-b025-48a3-ad85-f06bbfb8408f/1/2iTDCzw_6UYGKD_phemmuouP38s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2iTDCzw_6UYGKD_phemmuouP38s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 08 May 2024 04:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:20:12:75:30:2b:05:6f:2c:b0:f2:44:7d:a3:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=da24c30b3c3fe94606283fe985e9a6ba8b8fdfcb
        Validity
            Not Before: Jan  1 08:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c5e42cdd11c29080e1409b0bf34cb89c3cae0bfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:95:76:f7:ac:21:fb:7d:fa:09:ca:27:c6:39:
                    07:2e:07:13:59:bd:36:9e:da:ba:87:cc:4e:24:6e:
                    3a:0d:91:3b:e7:dd:a0:cc:82:d9:fe:80:0d:81:c9:
                    92:92:eb:e6:54:af:6f:7b:28:05:63:d0:a6:f3:c8:
                    3f:e9:a4:a5:52:c7:b5:bc:88:34:ea:d2:df:34:45:
                    4e:78:44:6a:b8:76:a2:9a:63:c4:f0:66:1f:a8:cb:
                    31:0a:bd:fc:0d:c6:8f:fb:9b:db:ef:ed:5c:c8:c2:
                    c5:40:67:e8:33:2d:43:d3:9a:86:bc:26:70:24:57:
                    05:35:fa:0d:31:e4:5d:bc:fc:3d:10:b6:a8:fb:a6:
                    33:ce:ad:a6:c2:c3:fb:37:54:03:67:06:e2:33:9b:
                    bb:41:58:07:bf:2e:35:85:c7:95:c3:a1:c8:ff:54:
                    9c:63:c0:91:91:28:46:68:ac:9f:ae:9f:0d:4c:57:
                    1f:c3:e1:01:dc:3c:9e:7d:57:24:34:1e:e3:51:72:
                    6f:74:7f:32:dc:cd:b0:b1:b7:40:7b:de:58:92:91:
                    1d:d0:45:97:36:d4:1c:f2:de:99:a8:80:15:3f:54:
                    50:bd:e9:0c:62:22:fa:1d:bc:99:4e:a5:9f:4c:d9:
                    9d:90:06:a3:72:ca:90:9d:8b:2b:0a:24:95:41:ba:
                    26:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:E4:2C:DD:11:C2:90:80:E1:40:9B:0B:F3:4C:B8:9C:3C:AE:0B:FB
            X509v3 Authority Key Identifier:
                keyid:DA:24:C3:0B:3C:3F:E9:46:06:28:3F:E9:85:E9:A6:BA:8B:8F:DF:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2iTDCzw_6UYGKD_phemmuouP38s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/5ee6f9-b025-48a3-ad85-f06bbfb8408f/1/xeQs3RHCkIDhQJsL80y4nDyuC_s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/da/5ee6f9-b025-48a3-ad85-f06bbfb8408f/1/2iTDCzw_6UYGKD_phemmuouP38s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:e5:6c:42:b7:ee:6b:db:66:41:8e:d5:c7:a7:6c:f8:f8:b0:
         ff:b9:4f:49:be:c8:47:60:c8:85:2e:60:da:24:10:0a:7f:26:
         2d:3f:c6:49:a9:39:d5:3e:93:1b:ff:9c:70:cc:19:a1:ba:47:
         18:03:42:1c:50:b5:0a:ed:c2:62:a5:bc:e3:6a:70:d3:d7:fb:
         6f:d1:e7:9c:9d:54:94:5a:ae:6b:c9:70:d7:b8:17:87:aa:04:
         3b:a1:9e:2c:7b:69:76:ba:33:a0:b3:40:1e:40:e3:58:bd:92:
         01:43:54:b5:28:a4:8b:c4:89:e6:00:bb:55:bd:68:fd:0a:ae:
         b1:a9:1f:3c:9a:05:75:c1:7b:cc:02:d0:80:6e:dd:ba:4c:a2:
         4e:5e:6c:30:2b:ee:73:35:06:30:56:49:0b:36:78:ed:c8:10:
         23:d8:8d:2b:cd:67:78:b5:d5:1a:65:fb:25:07:d6:f5:c0:76:
         d5:e3:ba:64:20:7a:b5:48:c8:4a:11:72:40:08:c9:e5:2f:31:
         27:42:48:38:e7:f9:34:de:0e:70:3d:74:aa:67:90:51:01:9c:
         14:74:22:d7:75:24:f0:b7:5d:91:b2:cf:28:d4:92:85:b5:8f:
         b1:71:bd:9e:15:5e:d6:08:b3:bf:d0:c7:d5:05:65:e7:94:09:
         80:84:8a:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJSASdTArBW8ssPJEfaNvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMjRjMzBiM2MzZmU5NDYwNjI4M2ZlOTg1ZTlhNmJhOGI4
ZmRmY2IwHhcNMjQwMTAxMDgzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWU0MmNkZDExYzI5MDgwZTE0MDliMGJmMzRjYjg5YzNjYWUwYmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZV296wh+336CconxjkHLgcTWb02
ntq6h8xOJG46DZE7592gzILZ/oANgcmSkuvmVK9veygFY9Cm88g/6aSlUse1vIg0
6tLfNEVOeERquHaimmPE8GYfqMsxCr38DcaP+5vb7+1cyMLFQGfoMy1D05qGvCZw
JFcFNfoNMeRdvPw9ELao+6Yzzq2mwsP7N1QDZwbiM5u7QVgHvy41hceVw6HI/1Sc
Y8CRkShGaKyfrp8NTFcfw+EB3DyefVckNB7jUXJvdH8y3M2wsbdAe95YkpEd0EWX
NtQc8t6ZqIAVP1RQvekMYiL6HbyZTqWfTNmdkAajcsqQnYsrCiSVQbom8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMXkLN0RwpCA4UCbC/NMuJw8rgv7MB8GA1UdIwQY
MBaAFNokwws8P+lGBig/6YXpprqLj9/LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmlUREN6d182VVlHS0RfcGhlbW11b3VQMzhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYS81ZWU2ZjktYjAyNS00OGEzLWFkODUt
ZjA2YmJmYjg0MDhmLzEveGVRczNSSENrSURoUUpzTDgweTRuRHl1Q19zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYS81ZWU2ZjktYjAyNS00OGEzLWFkODUtZjA2YmJmYjg0MDhm
LzEvMmlUREN6d182VVlHS0RfcGhlbW11b3VQMzhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZacMA0G
CSqGSIb3DQEBCwUAA4IBAQAq5WxCt+5r22ZBjtXHp2z4+LD/uU9JvshHYMiFLmDa
JBAKfyYtP8ZJqTnVPpMb/5xwzBmhukcYA0IcULUK7cJipbzjanDT1/tv0eecnVSU
Wq5ryXDXuBeHqgQ7oZ4se2l2ujOgs0AeQONYvZIBQ1S1KKSLxInmALtVvWj9Cq6x
qR88mgV1wXvMAtCAbt26TKJOXmwwK+5zNQYwVkkLNnjtyBAj2I0rzWd4tdUaZfsl
B9b1wHbV47pkIHq1SMhKEXJACMnlLzEnQkg45/k03g5wPXSqZ5BRAZwUdCLXdSTw
t12Rss8o1JKFtY+xcb2eFV7WCLO/0MfVBWXnlAmAhIoQ
-----END CERTIFICATE-----