Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/w1_RheosfAjaFhbhasQCReiNaOk.roa
File:                     w1_RheosfAjaFhbhasQCReiNaOk.roa (raw, json)
Hash identifier:          NM3o37KbaA3Ycl2XSNbhTvoG+HB25wsdoWN9Nhvg+Zg=
Subject key identifier:   C3:5F:D1:85:EA:2C:7C:08:DA:16:16:E1:6A:C4:02:45:E8:8D:68:E9
Certificate issuer:       /CN=09f0dcceb74f1185acd97aeeaac25dda5e9b0936
Certificate serial:       018CCA29FF82122C7FAE198F414FFA40763B
Authority key identifier: 09:F0:DC:CE:B7:4F:11:85:AC:D9:7A:EE:AA:C2:5D:DA:5E:9B:09:36
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/w1_RheosfAjaFhbhasQCReiNaOk.roa
Signing time:             Tue 02 Jan 2024 12:33:19 +0000
ROA not before:           Tue 02 Jan 2024 12:33:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     133301
IP address blocks:        178.248.116.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:ff:82:12:2c:7f:ae:19:8f:41:4f:fa:40:76:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=09f0dcceb74f1185acd97aeeaac25dda5e9b0936
        Validity
            Not Before: Jan  2 12:33:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c35fd185ea2c7c08da1616e16ac40245e88d68e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:eb:ca:6a:de:b9:08:97:90:b8:4e:0c:3a:2c:
                    fc:9f:07:7b:9f:3a:84:d8:4c:5a:af:3f:31:b8:74:
                    3b:84:c9:3e:c5:18:09:1d:68:11:88:4c:3b:bd:99:
                    cb:db:9b:ad:28:e6:16:26:71:e4:a3:8b:14:d4:0e:
                    4d:fb:33:a3:07:6a:a3:e4:6c:35:64:7d:10:91:1c:
                    68:ec:d8:b7:7e:18:f1:ab:1f:c1:3c:59:36:66:50:
                    4c:9c:2d:ad:44:38:4b:b4:06:15:4c:84:3a:9a:e7:
                    6c:15:3d:bd:0e:df:d2:4c:79:34:58:16:e6:ce:1a:
                    f9:4c:af:f7:11:64:5b:9f:44:f2:1a:48:d8:ba:58:
                    64:aa:97:73:3d:e1:5c:ca:cf:24:21:55:db:19:74:
                    76:db:4d:25:46:cd:46:e1:16:42:12:64:5a:07:b6:
                    5e:70:6f:22:85:5e:04:4f:c7:32:6a:6f:c3:27:2c:
                    77:69:fa:94:d6:be:42:06:74:a7:08:56:25:a1:e9:
                    4c:5e:59:2f:41:4d:52:9d:9a:d3:b1:a3:a7:92:83:
                    af:33:59:9d:d7:2b:ee:e4:72:3d:d5:d5:5d:9e:a6:
                    9a:e9:3e:eb:14:f0:b9:4b:2c:ac:4e:a5:ab:24:15:
                    81:00:d1:3d:94:c0:d5:35:4e:19:b2:5f:b6:82:bd:
                    25:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C3:5F:D1:85:EA:2C:7C:08:DA:16:16:E1:6A:C4:02:45:E8:8D:68:E9
            X509v3 Authority Key Identifier:
                keyid:09:F0:DC:CE:B7:4F:11:85:AC:D9:7A:EE:AA:C2:5D:DA:5E:9B:09:36

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CfDczrdPEYWs2XruqsJd2l6bCTY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/w1_RheosfAjaFhbhasQCReiNaOk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/45ac0f-383a-4eb4-b188-996189f9ce14/1/CfDczrdPEYWs2XruqsJd2l6bCTY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.248.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b0:9e:c7:79:3e:b4:8d:14:2f:b5:f4:df:c8:65:dc:fb:c9:ae:
         6d:e9:b2:d6:36:bc:bb:08:ea:3a:6d:37:63:9f:11:1e:d1:3a:
         b9:f6:cf:fe:50:96:bb:b4:37:0a:a8:b0:00:00:2f:15:33:64:
         d8:51:fb:f3:52:e8:72:00:35:29:59:fc:3e:ef:3d:b4:25:45:
         e0:06:62:d5:93:21:dd:ac:c9:76:90:ae:c6:ca:4a:15:22:77:
         2a:c1:12:09:36:f2:1e:d3:51:84:fa:26:9c:c1:e0:15:d0:47:
         85:90:1d:d1:4d:ee:6f:b1:07:fe:a6:45:09:14:eb:bd:e9:3c:
         33:98:40:4f:e0:62:43:17:4b:cd:a1:f5:e8:8a:f1:12:39:02:
         5b:b9:97:e1:b5:46:29:a5:f4:07:77:aa:de:cf:30:36:73:97:
         34:bc:7a:21:8b:bd:22:9b:f4:33:47:cb:51:65:19:ea:ed:b0:
         69:05:9d:c8:dc:b7:f8:9d:5e:b2:0f:49:8f:74:ef:96:73:a3:
         1b:38:cf:13:c3:44:d8:ee:b2:52:a7:63:9d:55:46:9a:bf:c8:
         c0:e8:17:33:76:7c:b0:0f:76:fa:3b:cc:8e:15:30:6b:94:dd:
         a5:ae:c2:5f:62:ba:1d:1c:d0:21:48:48:dd:33:2e:9b:f4:5f:
         ff:c1:00:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKf+CEix/rhmPQU/6QHY7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5ZjBkY2NlYjc0ZjExODVhY2Q5N2FlZWFhYzI1ZGRhNWU5
YjA5MzYwHhcNMjQwMTAyMTIzMzE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMzVmZDE4NWVhMmM3YzA4ZGExNjE2ZTE2YWM0MDI0NWU4OGQ2OGU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0evKat65CJeQuE4MOiz8nwd7nzqE
2Exarz8xuHQ7hMk+xRgJHWgRiEw7vZnL25utKOYWJnHko4sU1A5N+zOjB2qj5Gw1
ZH0QkRxo7Ni3fhjxqx/BPFk2ZlBMnC2tRDhLtAYVTIQ6mudsFT29Dt/STHk0WBbm
zhr5TK/3EWRbn0TyGkjYulhkqpdzPeFcys8kIVXbGXR2200lRs1G4RZCEmRaB7Ze
cG8ihV4ET8cyam/DJyx3afqU1r5CBnSnCFYloelMXlkvQU1SnZrTsaOnkoOvM1md
1yvu5HI91dVdnqaa6T7rFPC5SyysTqWrJBWBANE9lMDVNU4Zsl+2gr0lVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMNf0YXqLHwI2hYW4WrEAkXojWjpMB8GA1UdIwQY
MBaAFAnw3M63TxGFrNl67qrCXdpemwk2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2ZEY3pyZFBFWVdzMlhydXFzSmQybDZiQ1RZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi80NWFjMGYtMzgzYS00ZWI0LWIxODgt
OTk2MTg5ZjljZTE0LzEvdzFfUmhlb3NmQWphRmhiaGFzUUNSZWlOYU9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi80NWFjMGYtMzgzYS00ZWI0LWIxODgtOTk2MTg5ZjljZTE0
LzEvQ2ZEY3pyZFBFWVdzMlhydXFzSmQybDZiQ1RZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBsvh0MA0G
CSqGSIb3DQEBCwUAA4IBAQCwnsd5PrSNFC+19N/IZdz7ya5t6bLWNry7COo6bTdj
nxEe0Tq59s/+UJa7tDcKqLAAAC8VM2TYUfvzUuhyADUpWfw+7z20JUXgBmLVkyHd
rMl2kK7GykoVIncqwRIJNvIe01GE+iacweAV0EeFkB3RTe5vsQf+pkUJFOu96Twz
mEBP4GJDF0vNofXoivESOQJbuZfhtUYppfQHd6rezzA2c5c0vHohi70im/QzR8tR
ZRnq7bBpBZ3I3Lf4nV6yD0mPdO+Wc6MbOM8Tw0TY7rJSp2OdVUaav8jA6Bczdnyw
D3b6O8yOFTBrlN2lrsJfYrodHNAhSEjdMy6b9F//wQDj
-----END CERTIFICATE-----