Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/234dbb-9fe4-4bb8-a974-df1d5205c5d0/1/XHDV7Dok1AaTGVP1h8rUaQd5zDI.roa
File:                     XHDV7Dok1AaTGVP1h8rUaQd5zDI.roa (raw, json)
Hash identifier:          3xd3PlI/hQZgoKHGo9N6r6620yhqIasltWgm0BgfVGQ=
Subject key identifier:   5C:70:D5:EC:3A:24:D4:06:93:19:53:F5:87:CA:D4:69:07:79:CC:32
Certificate issuer:       /CN=d251392cd7e6e40a45c1b8a4479880eef960f330
Certificate serial:       018CC348DA138D75EDFD0AE9B8315521639C
Authority key identifier: D2:51:39:2C:D7:E6:E4:0A:45:C1:B8:A4:47:98:80:EE:F9:60:F3:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0lE5LNfm5ApFwbikR5iA7vlg8zA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/234dbb-9fe4-4bb8-a974-df1d5205c5d0/1/XHDV7Dok1AaTGVP1h8rUaQd5zDI.roa
Signing time:             Mon 01 Jan 2024 04:29:40 +0000
ROA not before:           Mon 01 Jan 2024 04:29:40 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39389
IP address blocks:        45.131.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/234dbb-9fe4-4bb8-a974-df1d5205c5d0/1/0lE5LNfm5ApFwbikR5iA7vlg8zA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/234dbb-9fe4-4bb8-a974-df1d5205c5d0/1/0lE5LNfm5ApFwbikR5iA7vlg8zA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0lE5LNfm5ApFwbikR5iA7vlg8zA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:da:13:8d:75:ed:fd:0a:e9:b8:31:55:21:63:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d251392cd7e6e40a45c1b8a4479880eef960f330
        Validity
            Not Before: Jan  1 04:29:40 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5c70d5ec3a24d406931953f587cad4690779cc32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:08:5e:52:89:15:bb:35:b5:ee:69:f9:13:35:
                    17:e4:84:5c:15:fd:67:44:dd:f7:b0:3b:8d:26:13:
                    07:ac:73:73:14:08:a6:e1:49:15:88:e4:08:b4:78:
                    8a:71:86:22:0f:55:05:e4:6b:28:1d:23:9e:22:83:
                    ad:1d:2c:0f:38:7f:83:68:1a:6c:90:66:2f:cf:b7:
                    31:61:b8:c6:ca:0e:b4:89:4d:34:9c:75:12:7b:44:
                    ab:d5:e1:5b:52:9a:6c:bd:1e:c6:fa:73:53:7b:d3:
                    f9:5d:63:36:b9:0a:a8:2b:c7:ee:f2:21:e2:94:6a:
                    d8:1d:3d:5b:2f:1f:20:9a:2b:fc:77:a8:b1:7a:8d:
                    a9:55:97:30:39:e6:ff:a9:f9:55:cd:cb:4e:b4:bc:
                    6d:e3:66:94:d4:83:ed:70:df:37:e4:54:9e:54:16:
                    c7:8a:01:00:24:14:fa:ad:2a:e6:c3:77:bc:5d:b6:
                    d8:98:3c:09:84:36:6d:8e:24:9b:17:30:5a:8a:44:
                    f3:86:38:90:93:71:f0:10:8f:ed:07:7b:29:c6:4f:
                    61:2d:77:ca:b2:17:2c:9f:14:62:92:51:a6:f4:ff:
                    b9:d1:7c:d9:2d:0c:e3:6a:db:7d:47:81:e5:f1:2e:
                    b6:67:21:ca:91:fb:90:65:c2:90:ab:6d:25:96:e7:
                    f1:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:70:D5:EC:3A:24:D4:06:93:19:53:F5:87:CA:D4:69:07:79:CC:32
            X509v3 Authority Key Identifier:
                keyid:D2:51:39:2C:D7:E6:E4:0A:45:C1:B8:A4:47:98:80:EE:F9:60:F3:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0lE5LNfm5ApFwbikR5iA7vlg8zA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/234dbb-9fe4-4bb8-a974-df1d5205c5d0/1/XHDV7Dok1AaTGVP1h8rUaQd5zDI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/234dbb-9fe4-4bb8-a974-df1d5205c5d0/1/0lE5LNfm5ApFwbikR5iA7vlg8zA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.131.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:70:86:07:41:8f:a2:bb:68:36:79:8a:2c:37:9a:3d:05:0f:
         7b:0c:05:31:8b:84:01:9a:e9:c3:2b:f3:c9:38:9a:65:ca:ed:
         bc:c4:33:6d:6b:28:c2:02:29:64:b1:09:59:00:bc:6a:ff:65:
         38:be:47:5e:12:96:d5:32:6a:26:1f:af:4c:3f:dd:24:4d:76:
         cc:82:bd:c7:e7:21:fb:80:89:28:c9:cf:69:22:18:ed:d6:de:
         1b:45:70:82:6d:a6:56:ad:61:63:d1:82:fa:99:9b:e2:37:44:
         7b:4d:61:fa:6f:58:dd:f5:73:f8:3d:6f:a2:c8:6a:43:71:4d:
         ef:19:2d:58:a9:55:7c:99:2a:15:c3:20:9b:58:9f:31:73:31:
         30:f0:54:6c:2b:38:fb:d8:36:5e:c1:e0:1f:03:24:ef:2a:1c:
         6f:66:07:0a:93:a4:e6:2a:ad:50:f9:d8:19:95:dc:84:25:65:
         3b:0a:1a:af:35:d8:aa:ce:61:27:27:50:19:97:9b:71:10:70:
         df:6c:c0:81:63:47:4a:d0:22:85:78:ab:00:ff:57:39:2d:6b:
         9f:9a:ec:e0:44:39:68:0f:48:9f:55:70:a4:c0:6a:af:50:e7:
         62:4d:5c:eb:d1:65:a6:5f:75:06:39:08:0e:04:0d:03:d3:8b:
         5f:43:9f:ec
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSNoTjXXt/QrpuDFVIWOcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNTEzOTJjZDdlNmU0MGE0NWMxYjhhNDQ3OTg4MGVlZjk2
MGYzMzAwHhcNMjQwMTAxMDQyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YzcwZDVlYzNhMjRkNDA2OTMxOTUzZjU4N2NhZDQ2OTA3NzljYzMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6gheUokVuzW17mn5EzUX5IRcFf1n
RN33sDuNJhMHrHNzFAim4UkViOQItHiKcYYiD1UF5GsoHSOeIoOtHSwPOH+DaBps
kGYvz7cxYbjGyg60iU00nHUSe0Sr1eFbUppsvR7G+nNTe9P5XWM2uQqoK8fu8iHi
lGrYHT1bLx8gmiv8d6ixeo2pVZcwOeb/qflVzctOtLxt42aU1IPtcN835FSeVBbH
igEAJBT6rSrmw3e8XbbYmDwJhDZtjiSbFzBaikTzhjiQk3HwEI/tB3spxk9hLXfK
shcsnxRiklGm9P+50XzZLQzjatt9R4Hl8S62ZyHKkfuQZcKQq20llufx9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFxw1ew6JNQGkxlT9YfK1GkHecwyMB8GA1UdIwQY
MBaAFNJROSzX5uQKRcG4pEeYgO75YPMwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGxFNUxOZm01QXBGd2Jpa1I1aUE3dmxnOHpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC8yMzRkYmItOWZlNC00YmI4LWE5NzQt
ZGYxZDUyMDVjNWQwLzEvWEhEVjdEb2sxQWFUR1ZQMWg4clVhUWQ1ekRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC8yMzRkYmItOWZlNC00YmI4LWE5NzQtZGYxZDUyMDVjNWQw
LzEvMGxFNUxOZm01QXBGd2Jpa1I1aUE3dmxnOHpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYNYMA0G
CSqGSIb3DQEBCwUAA4IBAQB+cIYHQY+iu2g2eYosN5o9BQ97DAUxi4QBmunDK/PJ
OJplyu28xDNtayjCAilksQlZALxq/2U4vkdeEpbVMmomH69MP90kTXbMgr3H5yH7
gIkoyc9pIhjt1t4bRXCCbaZWrWFj0YL6mZviN0R7TWH6b1jd9XP4PW+iyGpDcU3v
GS1YqVV8mSoVwyCbWJ8xczEw8FRsKzj72DZeweAfAyTvKhxvZgcKk6TmKq1Q+dgZ
ldyEJWU7ChqvNdiqzmEnJ1AZl5txEHDfbMCBY0dK0CKFeKsA/1c5LWufmuzgRDlo
D0ifVXCkwGqvUOdiTVzr0WWmX3UGOQgOBA0D04tfQ5/s
-----END CERTIFICATE-----