Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/Z-3ME1SBiLsUgnT1WB3AJG3LHsw.roa
File:                     Z-3ME1SBiLsUgnT1WB3AJG3LHsw.roa (raw, json)
Hash identifier:          u5ILhK/oK7hJlirwJTDbP4EIBv5aib/WuWkeAFYe5pQ=
Subject key identifier:   67:ED:CC:13:54:81:88:BB:14:82:74:F5:58:1D:C0:24:6D:CB:1E:CC
Certificate issuer:       /CN=9a6e147448289634b98688ee5a5af447d42cbb07
Certificate serial:       018CC2DACA54CFD39198A918E5118C5A98E6
Authority key identifier: 9A:6E:14:74:48:28:96:34:B9:86:88:EE:5A:5A:F4:47:D4:2C:BB:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mm4UdEgoljS5hojuWlr0R9Qsuwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/Z-3ME1SBiLsUgnT1WB3AJG3LHsw.roa
Signing time:             Mon 01 Jan 2024 02:29:27 +0000
ROA not before:           Mon 01 Jan 2024 02:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     6643
IP address blocks:        45.12.196.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/mm4UdEgoljS5hojuWlr0R9Qsuwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/mm4UdEgoljS5hojuWlr0R9Qsuwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mm4UdEgoljS5hojuWlr0R9Qsuwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 04 Jun 2024 07:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:ca:54:cf:d3:91:98:a9:18:e5:11:8c:5a:98:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a6e147448289634b98688ee5a5af447d42cbb07
        Validity
            Not Before: Jan  1 02:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=67edcc13548188bb148274f5581dc0246dcb1ecc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:37:42:30:1c:b8:e3:04:bb:e3:dd:b1:f8:6f:
                    e1:43:3c:f5:4a:fb:d5:96:af:3c:5d:6a:cf:c1:23:
                    56:2a:cd:07:70:e4:a4:fb:36:dc:c7:b3:a2:90:fb:
                    c5:04:37:21:33:0f:f9:a4:d0:b2:81:c6:25:8c:2a:
                    6b:d8:ce:c4:39:95:8d:62:95:cc:9d:d9:f9:1f:63:
                    fa:33:aa:9d:5f:e4:a9:fc:0a:41:19:31:cd:81:98:
                    66:97:ab:f5:99:ae:54:ed:de:c3:bc:04:54:62:c7:
                    16:9a:89:7d:6c:2a:df:38:86:ff:7c:e1:e8:5a:f9:
                    16:59:3c:e0:6d:bb:4c:ee:d7:12:0c:42:9c:bc:84:
                    2b:4e:35:b1:ba:32:72:b0:7c:72:2f:3f:24:fd:f5:
                    a7:07:ec:73:4e:2d:d2:0d:0c:96:4c:e6:04:c9:a9:
                    6d:4d:a9:cb:09:f5:fd:5e:f1:ab:ad:15:ef:34:d3:
                    e8:2e:2c:a3:1f:dd:2e:51:dd:e1:45:f8:bb:42:04:
                    c6:80:e9:78:b0:96:2e:4e:c1:29:f1:7d:ac:48:a9:
                    8d:2f:98:e3:30:cc:04:07:73:9d:c9:c3:45:be:92:
                    51:c1:54:bd:51:b6:45:8a:46:cd:2f:00:f5:6a:67:
                    dc:9c:d8:7f:3e:ea:b6:32:a2:05:c1:4e:c4:b6:0b:
                    06:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:ED:CC:13:54:81:88:BB:14:82:74:F5:58:1D:C0:24:6D:CB:1E:CC
            X509v3 Authority Key Identifier:
                keyid:9A:6E:14:74:48:28:96:34:B9:86:88:EE:5A:5A:F4:47:D4:2C:BB:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mm4UdEgoljS5hojuWlr0R9Qsuwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/Z-3ME1SBiLsUgnT1WB3AJG3LHsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/661dad-00c9-4f17-94d8-2bbd01f9e500/1/mm4UdEgoljS5hojuWlr0R9Qsuwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.196.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:18:54:fa:2b:89:4b:dd:b8:74:09:44:77:90:2b:c7:d3:8b:
         1a:0d:1d:44:9c:1d:3e:92:b8:9c:9b:de:b9:3c:87:da:53:83:
         81:4b:71:1d:bb:52:a6:ac:7c:a0:b1:fd:3c:0a:dd:03:08:1c:
         1c:49:e0:e1:9c:ab:a6:b3:d4:c0:52:6d:35:f0:a6:65:d8:e6:
         c7:62:c6:f8:0a:d7:32:54:13:c2:f3:ce:bb:be:27:77:4f:a9:
         ab:30:ca:e5:c5:f6:1d:ff:d0:5b:50:ae:e2:7d:f6:32:88:dd:
         f3:e9:b6:34:31:a2:d1:02:e6:83:55:a8:8d:c0:10:b3:82:8a:
         bb:9b:76:28:af:ab:bd:be:8e:ec:90:1b:85:3e:0b:c5:33:68:
         0e:f2:25:58:19:3d:8c:4f:c2:16:df:5b:42:f9:bc:ae:9a:58:
         ee:f4:0c:8d:52:29:97:9d:79:f3:f0:02:76:9a:49:d3:7d:ac:
         d8:64:b5:bb:ce:39:d7:22:4e:79:53:03:ad:ba:35:b8:3d:77:
         19:47:d3:15:61:c2:a3:6c:d9:a6:57:97:15:9d:bd:c0:2a:17:
         79:47:67:2b:2d:ef:d9:39:09:f2:eb:81:2d:f3:5a:a2:b9:fe:
         3a:7b:1d:60:75:7f:4c:85:3a:fa:cf:10:b6:af:b1:7c:0b:ef:
         24:dc:28:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2spUz9ORmKkY5RGMWpjmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNmUxNDc0NDgyODk2MzRiOTg2ODhlZTVhNWFmNDQ3ZDQy
Y2JiMDcwHhcNMjQwMTAxMDIyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2VkY2MxMzU0ODE4OGJiMTQ4Mjc0ZjU1ODFkYzAyNDZkY2IxZWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtjdCMBy44wS7492x+G/hQzz1SvvV
lq88XWrPwSNWKs0HcOSk+zbcx7OikPvFBDchMw/5pNCygcYljCpr2M7EOZWNYpXM
ndn5H2P6M6qdX+Sp/ApBGTHNgZhml6v1ma5U7d7DvARUYscWmol9bCrfOIb/fOHo
WvkWWTzgbbtM7tcSDEKcvIQrTjWxujJysHxyLz8k/fWnB+xzTi3SDQyWTOYEyalt
TanLCfX9XvGrrRXvNNPoLiyjH90uUd3hRfi7QgTGgOl4sJYuTsEp8X2sSKmNL5jj
MMwEB3OdycNFvpJRwVS9UbZFikbNLwD1amfcnNh/Puq2MqIFwU7EtgsGDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGftzBNUgYi7FIJ09VgdwCRtyx7MMB8GA1UdIwQY
MBaAFJpuFHRIKJY0uYaI7lpa9EfULLsHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbW00VWRFZ29salM1aG9qdVdscjBSOVFzdXdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC82NjFkYWQtMDBjOS00ZjE3LTk0ZDgt
MmJiZDAxZjllNTAwLzEvWi0zTUUxU0JpTHNVZ25UMVdCM0FKRzNMSHN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC82NjFkYWQtMDBjOS00ZjE3LTk0ZDgtMmJiZDAxZjllNTAw
LzEvbW00VWRFZ29salM1aG9qdVdscjBSOVFzdXdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQzEMA0G
CSqGSIb3DQEBCwUAA4IBAQBDGFT6K4lL3bh0CUR3kCvH04saDR1EnB0+kricm965
PIfaU4OBS3Edu1KmrHygsf08Ct0DCBwcSeDhnKums9TAUm018KZl2ObHYsb4Ctcy
VBPC8867vid3T6mrMMrlxfYd/9BbUK7iffYyiN3z6bY0MaLRAuaDVaiNwBCzgoq7
m3Yor6u9vo7skBuFPgvFM2gO8iVYGT2MT8IW31tC+byumlju9AyNUimXnXnz8AJ2
mknTfazYZLW7zjnXIk55UwOtujW4PXcZR9MVYcKjbNmmV5cVnb3AKhd5R2crLe/Z
OQny64Et81qiuf46ex1gdX9MhTr6zxC2r7F8C+8k3CgO
-----END CERTIFICATE-----