Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/4a395c-5185-42ee-948b-8fc2b71d030f/1/vkU3hJgBSLtVnTjvAcGXm6kFuRQ.roa
File:                     vkU3hJgBSLtVnTjvAcGXm6kFuRQ.roa (raw, json)
Hash identifier:          eGEDJmT+XNMJcM9h6dbkCbObRW7oBBLsl4cSq4m0ono=
Subject key identifier:   BE:45:37:84:98:01:48:BB:55:9D:38:EF:01:C1:97:9B:A9:05:B9:14
Certificate issuer:       /CN=32ed014577ac73ff87ef20ca6f75795e4c937fce
Certificate serial:       018CC4255F8A291CFCE78F779FB63BFF3BE6
Authority key identifier: 32:ED:01:45:77:AC:73:FF:87:EF:20:CA:6F:75:79:5E:4C:93:7F:CE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Mu0BRXesc_-H7yDKb3V5XkyTf84.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e7/4a395c-5185-42ee-948b-8fc2b71d030f/1/vkU3hJgBSLtVnTjvAcGXm6kFuRQ.roa
Signing time:             Mon 01 Jan 2024 08:30:32 +0000
ROA not before:           Mon 01 Jan 2024 08:30:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206551
IP address blocks:        45.90.64.0/22 maxlen: 22
                          2a0c:ab80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e7/4a395c-5185-42ee-948b-8fc2b71d030f/1/Mu0BRXesc_-H7yDKb3V5XkyTf84.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e7/4a395c-5185-42ee-948b-8fc2b71d030f/1/Mu0BRXesc_-H7yDKb3V5XkyTf84.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Mu0BRXesc_-H7yDKb3V5XkyTf84.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5f:8a:29:1c:fc:e7:8f:77:9f:b6:3b:ff:3b:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=32ed014577ac73ff87ef20ca6f75795e4c937fce
        Validity
            Not Before: Jan  1 08:30:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=be453784980148bb559d38ef01c1979ba905b914
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:03:6d:f9:0f:bb:6d:d6:be:bf:07:1c:b8:4e:
                    3b:23:ac:0a:02:a0:5a:85:9a:a0:0a:a0:3b:79:b0:
                    b6:6b:2a:11:af:83:08:d4:c3:d2:e5:a2:ea:1c:17:
                    4e:c0:22:1a:08:4f:a4:b1:61:47:3f:29:20:4e:63:
                    ea:ce:6e:9e:d1:e1:0f:f3:b2:08:32:dd:f2:af:2e:
                    8f:e6:3a:37:55:ab:ed:16:c6:f6:8e:f1:af:a9:78:
                    69:a6:b3:2a:0b:9f:9a:6c:a7:7e:9c:cc:e9:65:ed:
                    72:5e:7a:fc:6d:64:c4:8f:fc:71:d0:15:f5:c5:f6:
                    71:61:85:01:e5:d7:8e:a0:b5:f9:02:e8:45:4b:38:
                    d2:cc:7d:d8:a8:0d:18:75:61:34:e9:e2:e3:cf:20:
                    f7:e8:b6:db:e6:6a:79:0b:e7:e5:f3:71:7b:b9:63:
                    b5:df:01:69:72:4a:7e:06:30:06:40:18:e2:88:41:
                    0e:00:d2:e0:56:fd:f7:17:d4:c4:b8:3c:c7:b8:a3:
                    91:85:e1:a5:d6:e3:11:6d:f6:a2:94:e6:cc:0d:29:
                    b0:62:a8:61:9a:f6:38:aa:fb:d8:56:74:40:ae:17:
                    75:34:8a:3f:97:8b:11:10:02:78:be:ce:91:bb:1b:
                    4f:bc:40:19:7c:63:5d:5c:c2:ce:8c:cc:f5:29:14:
                    5e:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:45:37:84:98:01:48:BB:55:9D:38:EF:01:C1:97:9B:A9:05:B9:14
            X509v3 Authority Key Identifier:
                keyid:32:ED:01:45:77:AC:73:FF:87:EF:20:CA:6F:75:79:5E:4C:93:7F:CE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mu0BRXesc_-H7yDKb3V5XkyTf84.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/4a395c-5185-42ee-948b-8fc2b71d030f/1/vkU3hJgBSLtVnTjvAcGXm6kFuRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/4a395c-5185-42ee-948b-8fc2b71d030f/1/Mu0BRXesc_-H7yDKb3V5XkyTf84.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.64.0/22
                IPv6:
                  2a0c:ab80::/32

    Signature Algorithm: sha256WithRSAEncryption
         aa:64:0b:e2:b8:32:f6:ed:da:9a:38:55:90:80:83:a6:89:1b:
         24:64:36:ab:2b:b7:6c:06:fc:60:a1:c9:5c:9c:7e:55:dd:6d:
         f3:f6:48:09:4a:b6:e7:b9:d9:89:83:95:f3:a9:68:39:35:d2:
         11:0e:c5:37:32:d3:e0:bf:d2:de:71:53:e7:ae:9a:27:4d:e8:
         6a:58:4f:e4:00:0c:22:0e:6f:be:67:97:84:d9:78:07:cb:f8:
         4b:27:fe:47:9d:c4:61:33:fc:7c:60:fd:1b:b3:b4:65:46:17:
         6d:eb:89:91:f3:d3:c6:f3:62:fc:32:5a:08:10:e1:25:61:ba:
         66:46:72:52:6f:df:c0:82:ed:b8:85:fe:82:df:4a:28:b2:fd:
         9e:61:01:c8:a5:e2:cb:a0:52:72:38:bd:2a:33:cc:ae:82:ef:
         e4:ee:71:11:27:59:b7:56:8b:fa:19:cc:9b:c6:29:e1:f2:cf:
         8b:31:d8:f6:92:1f:e5:c6:4c:b3:0c:58:f9:ff:3f:ed:74:8f:
         9a:9f:bf:b3:6e:84:1e:77:9d:8e:10:6f:1f:e2:72:b9:fa:20:
         ce:ea:01:f8:bf:25:5e:d1:f5:6a:5e:6b:9c:d9:58:a1:31:fd:
         ce:0f:ec:c7:e0:1d:09:f4:20:2e:8a:2f:9f:7c:68:7b:a9:a2:
         e2:db:73:f8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzEJV+KKRz85493n7Y7/zvmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMyZWQwMTQ1NzdhYzczZmY4N2VmMjBjYTZmNzU3OTVlNGM5
MzdmY2UwHhcNMjQwMTAxMDgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTQ1Mzc4NDk4MDE0OGJiNTU5ZDM4ZWYwMWMxOTc5YmE5MDViOTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwNt+Q+7bda+vwccuE47I6wKAqBa
hZqgCqA7ebC2ayoRr4MI1MPS5aLqHBdOwCIaCE+ksWFHPykgTmPqzm6e0eEP87II
Mt3yry6P5jo3VavtFsb2jvGvqXhpprMqC5+abKd+nMzpZe1yXnr8bWTEj/xx0BX1
xfZxYYUB5deOoLX5AuhFSzjSzH3YqA0YdWE06eLjzyD36Lbb5mp5C+fl83F7uWO1
3wFpckp+BjAGQBjiiEEOANLgVv33F9TEuDzHuKORheGl1uMRbfailObMDSmwYqhh
mvY4qvvYVnRArhd1NIo/l4sREAJ4vs6RuxtPvEAZfGNdXMLOjMz1KRReUwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL5FN4SYAUi7VZ047wHBl5upBbkUMB8GA1UdIwQY
MBaAFDLtAUV3rHP/h+8gym91eV5Mk3/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXUwQlJYZXNjXy1IN3lES2IzVjVYa3lUZjg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy80YTM5NWMtNTE4NS00MmVlLTk0OGIt
OGZjMmI3MWQwMzBmLzEvdmtVM2hKZ0JTTHRWblRqdkFjR1htNmtGdVJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy80YTM5NWMtNTE4NS00MmVlLTk0OGItOGZjMmI3MWQwMzBm
LzEvTXUwQlJYZXNjXy1IN3lES2IzVjVYa3lUZjg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLVpAMA0E
AgACMAcDBQAqDKuAMA0GCSqGSIb3DQEBCwUAA4IBAQCqZAviuDL27dqaOFWQgIOm
iRskZDarK7dsBvxgoclcnH5V3W3z9kgJSrbnudmJg5XzqWg5NdIRDsU3MtPgv9Le
cVPnrponTehqWE/kAAwiDm++Z5eE2XgHy/hLJ/5HncRhM/x8YP0bs7RlRhdt64mR
89PG82L8MloIEOElYbpmRnJSb9/Agu24hf6C30oosv2eYQHIpeLLoFJyOL0qM8yu
gu/k7nERJ1m3Vov6Gcybxinh8s+LMdj2kh/lxkyzDFj5/z/tdI+an7+zboQed52O
EG8f4nK5+iDO6gH4vyVe0fVqXmuc2VihMf3OD+zH4B0J9CAuii+ffGh7qaLi23P4
-----END CERTIFICATE-----