Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/zJd3z7yj1UMI3HsfOzDFOFajoMU.roa
File:                     zJd3z7yj1UMI3HsfOzDFOFajoMU.roa (raw, json)
Hash identifier:          lNwH2TDbfd59FunYQUXicuLKpPwBO1QgbfPDYCj6vCo=
Subject key identifier:   CC:97:77:CF:BC:A3:D5:43:08:DC:7B:1F:3B:30:C5:38:56:A3:A0:C5
Certificate issuer:       /CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
Certificate serial:       018CC2DB5DB3662B0BD2BEBAD4A3B2D9BBC1
Authority key identifier: 6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/zJd3z7yj1UMI3HsfOzDFOFajoMU.roa
Signing time:             Mon 01 Jan 2024 02:30:05 +0000
ROA not before:           Mon 01 Jan 2024 02:30:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198510
IP address blocks:        45.140.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:5d:b3:66:2b:0b:d2:be:ba:d4:a3:b2:d9:bb:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cd98c2c54b0cbea134e27a981cfdde73236e055
        Validity
            Not Before: Jan  1 02:30:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=cc9777cfbca3d54308dc7b1f3b30c53856a3a0c5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ec:60:73:e2:34:04:e7:bf:0f:21:aa:32:d9:
                    6b:42:43:d2:66:bc:27:5a:cb:80:56:e2:37:fe:0d:
                    b7:6c:6e:e8:65:99:f5:92:7b:0f:f5:69:21:31:80:
                    83:ab:33:b3:e2:fb:fe:3a:2a:27:51:7a:65:0b:7b:
                    a1:d6:52:ec:24:b9:fe:07:a2:b3:83:36:a4:cb:a2:
                    e2:7f:1f:31:ea:80:0c:b9:d6:fd:90:87:e5:d7:a1:
                    19:32:66:b7:72:92:65:14:8c:9b:4f:9e:c5:c1:29:
                    f8:45:7b:1a:04:8b:f9:fb:0a:0f:01:c3:c6:ee:9a:
                    3c:62:59:a9:59:71:05:bd:7f:94:92:80:bb:ba:1b:
                    3b:f2:77:30:0c:33:a2:ca:d2:0f:dd:76:65:00:7b:
                    d3:3a:e9:ef:a3:4f:ae:0b:93:ce:36:d4:8f:80:d6:
                    d4:92:fc:11:c3:2b:94:c5:dc:8f:9e:4a:ec:d1:73:
                    e9:45:2a:8d:82:e8:d7:3f:70:d3:50:42:f5:6b:a8:
                    43:51:ba:62:9f:d8:74:0c:b5:ba:6b:ca:ea:c1:e1:
                    c5:f4:80:7d:67:68:69:dc:12:5f:f0:32:2b:3b:74:
                    c8:54:c4:6e:23:25:4f:aa:3c:71:5b:14:66:22:02:
                    80:dd:73:9d:1a:7e:b0:99:80:f3:56:ab:20:0d:3e:
                    37:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:97:77:CF:BC:A3:D5:43:08:DC:7B:1F:3B:30:C5:38:56:A3:A0:C5
            X509v3 Authority Key Identifier:
                keyid:6C:D9:8C:2C:54:B0:CB:EA:13:4E:27:A9:81:CF:DD:E7:32:36:E0:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bNmMLFSwy-oTTiepgc_d5zI24FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/zJd3z7yj1UMI3HsfOzDFOFajoMU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/01638c-6cb9-4589-909b-d37df634a929/1/bNmMLFSwy-oTTiepgc_d5zI24FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:3c:59:39:45:ec:3f:2a:7d:22:91:fa:00:d6:b5:82:ae:54:
         aa:06:32:83:54:6d:41:f1:88:e7:c2:ed:bf:7f:25:95:d4:bb:
         3b:3b:51:6c:f9:2b:05:ca:73:b6:8c:3e:22:3d:82:df:78:d6:
         cd:58:10:af:39:c3:3b:94:4e:46:d0:0f:c5:be:d9:b9:d2:04:
         5b:3b:50:1b:d7:ee:dc:13:e5:44:41:05:f1:f9:e6:71:84:48:
         1b:9d:f8:63:a1:c2:41:d7:79:ec:15:36:af:cc:bf:c3:60:46:
         c7:fd:e9:30:d0:23:4e:d6:ef:aa:11:64:0e:8f:29:97:a3:a8:
         18:67:ad:fa:bb:2b:7d:9b:97:0e:53:f5:1e:22:40:a6:08:93:
         2b:70:ad:4f:6b:37:c5:22:a2:5b:e9:00:8e:1e:ba:d5:ca:43:
         92:06:67:fb:8a:04:c7:67:5b:71:70:ee:33:d8:21:17:d8:b4:
         df:3c:1e:c7:11:df:20:7b:28:ac:43:a5:23:10:cb:30:70:61:
         68:e4:55:ef:bf:97:42:98:4c:e0:58:bf:a3:c6:67:67:16:d1:
         ac:ce:57:f2:2b:78:f4:4c:8a:5a:b5:d7:9b:79:81:d7:a7:91:
         91:b5:40:50:54:ec:ef:55:b2:d6:38:9e:7d:40:2d:93:d9:d0:
         93:c1:d1:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC212zZisL0r661KOy2bvBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZDk4YzJjNTRiMGNiZWExMzRlMjdhOTgxY2ZkZGU3MzIz
NmUwNTUwHhcNMjQwMTAxMDIzMDA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzk3NzdjZmJjYTNkNTQzMDhkYzdiMWYzYjMwYzUzODU2YTNhMGM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtexgc+I0BOe/DyGqMtlrQkPSZrwn
WsuAVuI3/g23bG7oZZn1knsP9WkhMYCDqzOz4vv+OionUXplC3uh1lLsJLn+B6Kz
gzaky6Lifx8x6oAMudb9kIfl16EZMma3cpJlFIybT57FwSn4RXsaBIv5+woPAcPG
7po8YlmpWXEFvX+UkoC7uhs78ncwDDOiytIP3XZlAHvTOunvo0+uC5PONtSPgNbU
kvwRwyuUxdyPnkrs0XPpRSqNgujXP3DTUEL1a6hDUbpin9h0DLW6a8rqweHF9IB9
Z2hp3BJf8DIrO3TIVMRuIyVPqjxxWxRmIgKA3XOdGn6wmYDzVqsgDT43mQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMyXd8+8o9VDCNx7HzswxThWo6DFMB8GA1UdIwQY
MBaAFGzZjCxUsMvqE04nqYHP3ecyNuBVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWIt
ZDM3ZGY2MzRhOTI5LzEvekpkM3o3eWoxVU1JM0hzZk96REZPRmFqb01VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS8wMTYzOGMtNmNiOS00NTg5LTkwOWItZDM3ZGY2MzRhOTI5
LzEvYk5tTUxGU3d5LW9UVGllcGdjX2Q1ekkyNEZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYzCMA0G
CSqGSIb3DQEBCwUAA4IBAQCCPFk5Rew/Kn0ikfoA1rWCrlSqBjKDVG1B8Yjnwu2/
fyWV1Ls7O1Fs+SsFynO2jD4iPYLfeNbNWBCvOcM7lE5G0A/Fvtm50gRbO1Ab1+7c
E+VEQQXx+eZxhEgbnfhjocJB13nsFTavzL/DYEbH/ekw0CNO1u+qEWQOjymXo6gY
Z636uyt9m5cOU/UeIkCmCJMrcK1PazfFIqJb6QCOHrrVykOSBmf7igTHZ1txcO4z
2CEX2LTfPB7HEd8geyisQ6UjEMswcGFo5FXvv5dCmEzgWL+jxmdnFtGszlfyK3j0
TIpatdebeYHXp5GRtUBQVOzvVbLWOJ59QC2T2dCTwdEc
-----END CERTIFICATE-----