Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/785m9a2lXTkXLAJwZMKukWrRN-Q.roa
File:                     785m9a2lXTkXLAJwZMKukWrRN-Q.roa (raw, json)
Hash identifier:          0MQyJAvAhOvDIZmJ5j0YtRBA+jaaG6iZSPLR6cTqTBY=
Subject key identifier:   EF:CE:66:F5:AD:A5:5D:39:17:2C:02:70:64:C2:AE:91:6A:D1:37:E4
Certificate issuer:       /CN=733b0728b7a0543584c2cd0b48b7478c4194ef0a
Certificate serial:       018CC26D327ED3D44B2CC110F2374BCE26AF
Authority key identifier: 73:3B:07:28:B7:A0:54:35:84:C2:CD:0B:48:B7:47:8C:41:94:EF:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/czsHKLegVDWEws0LSLdHjEGU7wo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/785m9a2lXTkXLAJwZMKukWrRN-Q.roa
Signing time:             Mon 01 Jan 2024 00:29:45 +0000
ROA not before:           Mon 01 Jan 2024 00:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13127
IP address blocks:        145.83.2.0/24 maxlen: 24
                          145.83.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/czsHKLegVDWEws0LSLdHjEGU7wo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/czsHKLegVDWEws0LSLdHjEGU7wo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/czsHKLegVDWEws0LSLdHjEGU7wo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:32:7e:d3:d4:4b:2c:c1:10:f2:37:4b:ce:26:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=733b0728b7a0543584c2cd0b48b7478c4194ef0a
        Validity
            Not Before: Jan  1 00:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=efce66f5ada55d39172c027064c2ae916ad137e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:4f:22:42:09:b4:e3:7d:1c:86:b0:dd:79:3b:
                    c7:51:58:4e:f1:4d:e1:82:2c:83:81:cd:19:42:58:
                    13:18:2f:ba:56:f0:12:59:c1:3a:69:88:af:fb:0d:
                    04:a3:ea:4a:2b:7a:d7:27:e1:bc:d2:07:53:98:87:
                    9c:a0:84:ef:95:46:5d:15:2f:35:2a:73:ee:f2:8c:
                    fe:71:0e:cb:3e:c6:c4:77:2d:b5:1a:1e:31:16:41:
                    46:44:1e:af:6f:31:50:29:96:3a:32:86:0d:c7:c1:
                    eb:a4:25:65:aa:31:62:be:aa:f5:b8:d7:7f:8f:53:
                    46:58:8d:88:c9:d6:88:b7:f8:35:e4:ee:bc:4f:ad:
                    4c:f3:82:40:14:d8:2e:d6:e0:a7:f7:eb:3a:67:63:
                    ff:00:c5:ad:78:22:bd:12:c7:6f:0e:86:cc:ab:e0:
                    af:40:55:6f:63:13:bd:6d:cd:32:64:3a:58:26:4d:
                    07:5e:a1:c0:e4:c5:5d:f6:13:13:8a:a1:d7:7a:17:
                    a9:8e:5c:b4:c5:a3:f9:e0:68:a4:87:dd:78:20:47:
                    c7:dc:68:74:1b:df:68:c7:d7:fa:94:68:f0:8a:44:
                    81:5f:b4:08:cb:79:2f:a8:f1:69:3f:a7:c8:e3:56:
                    18:32:c2:8d:9f:e1:c9:d8:c6:67:f5:62:09:18:5d:
                    0f:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:CE:66:F5:AD:A5:5D:39:17:2C:02:70:64:C2:AE:91:6A:D1:37:E4
            X509v3 Authority Key Identifier:
                keyid:73:3B:07:28:B7:A0:54:35:84:C2:CD:0B:48:B7:47:8C:41:94:EF:0A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/czsHKLegVDWEws0LSLdHjEGU7wo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/785m9a2lXTkXLAJwZMKukWrRN-Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/a834da-1cca-4017-90b8-daee0aeafb2b/1/czsHKLegVDWEws0LSLdHjEGU7wo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.83.1.0-145.83.2.255

    Signature Algorithm: sha256WithRSAEncryption
         5d:11:5d:4e:24:86:8f:50:b6:69:df:03:53:fb:cf:fe:c8:6b:
         4b:8b:f4:0e:d9:32:08:97:9b:fe:8d:33:b8:99:a2:04:69:fe:
         b0:b9:a9:5a:77:06:36:af:cc:55:25:a3:0f:8f:a7:c2:0b:a1:
         e7:da:34:b0:43:51:1e:6a:47:66:3c:18:40:95:de:f2:f8:5a:
         e1:4a:03:1b:14:f8:dc:3f:c3:92:4f:43:70:53:23:52:fc:35:
         c4:7b:a8:ba:35:e5:da:a1:f5:cc:69:76:78:8e:8f:1e:43:58:
         e0:4d:a0:4c:e9:b7:37:f6:9c:b2:c1:1e:65:35:46:89:71:a2:
         bc:41:cc:e8:5a:4c:5e:ba:ed:37:45:31:f8:27:90:84:cf:cb:
         5b:99:fc:99:cf:12:1a:71:2e:1e:b5:1f:4f:74:4e:c8:8e:2e:
         9f:3d:77:1f:e1:ab:49:97:f9:d6:4f:28:14:a7:f0:6f:98:a7:
         ed:a0:00:4b:f0:35:87:1a:76:59:d0:fc:a6:87:73:b0:b7:30:
         5b:eb:2f:6d:63:9d:ac:d5:6f:d0:cd:f0:ac:f0:e5:b5:9d:66:
         5a:33:c8:bc:2a:56:57:cd:02:36:f2:15:3e:2c:fc:8d:7b:22:
         9d:a6:70:0e:5d:6c:a4:4e:19:1a:73:dd:ea:35:f3:70:71:ff:
         8c:67:e8:0d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzCbTJ+09RLLMEQ8jdLziavMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczM2IwNzI4YjdhMDU0MzU4NGMyY2QwYjQ4Yjc0NzhjNDE5
NGVmMGEwHhcNMjQwMTAxMDAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmNlNjZmNWFkYTU1ZDM5MTcyYzAyNzA2NGMyYWU5MTZhZDEzN2U0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlk8iQgm0430chrDdeTvHUVhO8U3h
giyDgc0ZQlgTGC+6VvASWcE6aYiv+w0Eo+pKK3rXJ+G80gdTmIecoITvlUZdFS81
KnPu8oz+cQ7LPsbEdy21Gh4xFkFGRB6vbzFQKZY6MoYNx8HrpCVlqjFivqr1uNd/
j1NGWI2IydaIt/g15O68T61M84JAFNgu1uCn9+s6Z2P/AMWteCK9EsdvDobMq+Cv
QFVvYxO9bc0yZDpYJk0HXqHA5MVd9hMTiqHXehepjly0xaP54Gikh914IEfH3Gh0
G99ox9f6lGjwikSBX7QIy3kvqPFpP6fI41YYMsKNn+HJ2MZn9WIJGF0PeQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFO/OZvWtpV05FywCcGTCrpFq0TfkMB8GA1UdIwQY
MBaAFHM7Byi3oFQ1hMLNC0i3R4xBlO8KMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3pzSEtMZWdWRFdFd3MwTFNMZEhqRUdVN3dvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9hODM0ZGEtMWNjYS00MDE3LTkwYjgt
ZGFlZTBhZWFmYjJiLzEvNzg1bTlhMmxYVGtYTEFKd1pNS3VrV3JSTi1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9hODM0ZGEtMWNjYS00MDE3LTkwYjgtZGFlZTBhZWFmYjJi
LzEvY3pzSEtMZWdWRFdFd3MwTFNMZEhqRUdVN3dvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBACRUwED
BACRUwIwDQYJKoZIhvcNAQELBQADggEBAF0RXU4kho9QtmnfA1P7z/7Ia0uL9A7Z
MgiXm/6NM7iZogRp/rC5qVp3BjavzFUlow+Pp8ILoefaNLBDUR5qR2Y8GECV3vL4
WuFKAxsU+Nw/w5JPQ3BTI1L8NcR7qLo15dqh9cxpdniOjx5DWOBNoEzptzf2nLLB
HmU1RolxorxBzOhaTF667TdFMfgnkITPy1uZ/JnPEhpxLh61H090TsiOLp89dx/h
q0mX+dZPKBSn8G+Yp+2gAEvwNYcadlnQ/KaHc7C3MFvrL21jnazVb9DN8Kzw5bWd
ZlozyLwqVlfNAjbyFT4s/I17Ip2mcA5dbKROGRpz3eo183Bx/4xn6A0=
-----END CERTIFICATE-----