Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/2ab785-2f86-489e-ac1c-b72557668b01/1/_Df5Gsv3TRHtHnP3-JVq1cLx_00.roa
File:                     _Df5Gsv3TRHtHnP3-JVq1cLx_00.roa (raw, json)
Hash identifier:          gqPg1SuRrnFnCP4QLevuz3X2p5asc/6RC+Tc47Nxtyo=
Subject key identifier:   FC:37:F9:1A:CB:F7:4D:11:ED:1E:73:F7:F8:95:6A:D5:C2:F1:FF:4D
Certificate issuer:       /CN=f2fe6f2a937838df2b15da1743bcd9fb0e29cf2e
Certificate serial:       018CC726AFADD379FDBF421163466FFAF512
Authority key identifier: F2:FE:6F:2A:93:78:38:DF:2B:15:DA:17:43:BC:D9:FB:0E:29:CF:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8v5vKpN4ON8rFdoXQ7zZ-w4pzy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/2ab785-2f86-489e-ac1c-b72557668b01/1/_Df5Gsv3TRHtHnP3-JVq1cLx_00.roa
Signing time:             Mon 01 Jan 2024 22:30:50 +0000
ROA not before:           Mon 01 Jan 2024 22:30:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34309
IP address blocks:        45.82.172.0/24 maxlen: 24
                          45.82.174.0/24 maxlen: 24
                          45.82.173.0/24 maxlen: 24
                          45.82.175.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/2ab785-2f86-489e-ac1c-b72557668b01/1/8v5vKpN4ON8rFdoXQ7zZ-w4pzy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/2ab785-2f86-489e-ac1c-b72557668b01/1/8v5vKpN4ON8rFdoXQ7zZ-w4pzy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8v5vKpN4ON8rFdoXQ7zZ-w4pzy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:af:ad:d3:79:fd:bf:42:11:63:46:6f:fa:f5:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2fe6f2a937838df2b15da1743bcd9fb0e29cf2e
        Validity
            Not Before: Jan  1 22:30:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fc37f91acbf74d11ed1e73f7f8956ad5c2f1ff4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:ea:4c:4c:13:d0:ce:5a:ba:89:68:e2:4c:92:
                    e5:cc:8c:65:d8:f3:4a:01:31:2f:6f:e3:20:42:75:
                    e3:29:18:bb:af:d8:b1:6d:bc:bc:8c:dc:3d:4d:b9:
                    1e:bf:32:05:ef:7e:e2:74:4a:b6:87:ef:25:6e:1b:
                    a3:54:3e:8c:8a:7f:0d:99:b9:c9:b2:a7:58:2e:92:
                    d1:a1:d2:6a:83:85:cf:10:7d:63:72:3b:90:84:c3:
                    a2:2a:6a:0c:f8:83:44:89:76:9a:ad:9b:22:1c:80:
                    62:a7:9f:98:6d:d6:d6:83:56:29:0f:71:c7:3a:b5:
                    1e:ea:b5:d7:c3:72:cc:03:f3:b6:f5:bf:53:8a:05:
                    51:c1:3f:3c:00:03:e4:68:e1:42:e4:0b:e9:e3:78:
                    63:15:52:be:b2:e3:ca:ad:ee:f9:cc:7a:e2:8b:6a:
                    03:50:7f:82:5d:41:a4:a0:00:7b:dc:e6:2b:9e:17:
                    6a:1d:b6:c0:95:60:a2:07:d2:3d:f1:88:83:a4:36:
                    d8:4c:ac:2e:20:13:2b:bd:32:98:fa:a0:26:5f:65:
                    41:6a:d0:c9:85:11:eb:68:55:b8:ac:3a:2d:ac:cf:
                    f8:fa:f7:d1:b3:f9:13:ef:e0:77:3a:51:f4:d4:30:
                    72:09:b8:92:93:e9:84:d5:15:6c:5c:82:1f:1f:b6:
                    d9:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:37:F9:1A:CB:F7:4D:11:ED:1E:73:F7:F8:95:6A:D5:C2:F1:FF:4D
            X509v3 Authority Key Identifier:
                keyid:F2:FE:6F:2A:93:78:38:DF:2B:15:DA:17:43:BC:D9:FB:0E:29:CF:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8v5vKpN4ON8rFdoXQ7zZ-w4pzy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/2ab785-2f86-489e-ac1c-b72557668b01/1/_Df5Gsv3TRHtHnP3-JVq1cLx_00.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/2ab785-2f86-489e-ac1c-b72557668b01/1/8v5vKpN4ON8rFdoXQ7zZ-w4pzy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:f4:52:40:4a:1e:4b:c5:5a:be:28:c9:74:9f:9c:33:dd:50:
         22:c7:54:a9:70:18:ae:cd:f4:c5:07:bd:fe:ab:ff:9d:14:85:
         2b:a2:dd:cc:91:10:34:a5:75:6f:d1:c1:94:96:85:8e:80:e9:
         7e:fb:26:db:9c:44:f4:e2:2d:7a:91:55:3c:74:b4:17:c3:b0:
         26:23:04:7f:da:5f:53:0e:e3:08:59:00:db:5a:63:5b:bd:ee:
         29:d4:cf:51:2b:a3:c2:fe:6d:cf:11:a6:79:5d:44:0e:68:cb:
         ef:c9:82:ed:0d:28:e5:51:c8:44:28:04:ef:4d:d4:7d:0a:37:
         77:d9:d1:25:d7:47:8a:e1:22:11:a4:0e:e1:1f:ca:5d:01:97:
         fe:36:c3:9a:c5:e5:d2:32:bf:ce:00:6b:92:89:41:29:3a:11:
         a4:5d:54:32:f9:03:41:4f:44:16:cd:ca:ae:61:bc:f6:09:9d:
         8d:cc:36:b1:a8:5c:63:44:df:39:f7:e8:54:61:df:53:8c:91:
         cf:47:35:54:11:90:3e:46:ed:3f:68:97:ce:86:88:b3:36:c5:
         86:5a:08:14:10:5d:75:4d:d1:2d:2c:b7:f0:dc:66:1e:9c:2e:
         2c:39:f9:57:ea:6e:c4:3d:f5:6a:b4:f8:2b:f1:0e:f0:95:c6:
         09:92:72:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJq+t03n9v0IRY0Zv+vUSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyZmU2ZjJhOTM3ODM4ZGYyYjE1ZGExNzQzYmNkOWZiMGUy
OWNmMmUwHhcNMjQwMTAxMjIzMDUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzM3ZjkxYWNiZjc0ZDExZWQxZTczZjdmODk1NmFkNWMyZjFmZjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApepMTBPQzlq6iWjiTJLlzIxl2PNK
ATEvb+MgQnXjKRi7r9ixbby8jNw9TbkevzIF737idEq2h+8lbhujVD6Min8NmbnJ
sqdYLpLRodJqg4XPEH1jcjuQhMOiKmoM+INEiXaarZsiHIBip5+YbdbWg1YpD3HH
OrUe6rXXw3LMA/O29b9TigVRwT88AAPkaOFC5Avp43hjFVK+suPKre75zHrii2oD
UH+CXUGkoAB73OYrnhdqHbbAlWCiB9I98YiDpDbYTKwuIBMrvTKY+qAmX2VBatDJ
hRHraFW4rDotrM/4+vfRs/kT7+B3OlH01DByCbiSk+mE1RVsXIIfH7bZ8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPw3+RrL900R7R5z9/iVatXC8f9NMB8GA1UdIwQY
MBaAFPL+byqTeDjfKxXaF0O82fsOKc8uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOHY1dktwTjRPTjhyRmRvWFE3elotdzRwenk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS8yYWI3ODUtMmY4Ni00ODllLWFjMWMt
YjcyNTU3NjY4YjAxLzEvX0RmNUdzdjNUUkh0SG5QMy1KVnExY0x4XzAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS8yYWI3ODUtMmY4Ni00ODllLWFjMWMtYjcyNTU3NjY4YjAx
LzEvOHY1dktwTjRPTjhyRmRvWFE3elotdzRwenk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVKsMA0G
CSqGSIb3DQEBCwUAA4IBAQB29FJASh5LxVq+KMl0n5wz3VAix1SpcBiuzfTFB73+
q/+dFIUrot3MkRA0pXVv0cGUloWOgOl++ybbnET04i16kVU8dLQXw7AmIwR/2l9T
DuMIWQDbWmNbve4p1M9RK6PC/m3PEaZ5XUQOaMvvyYLtDSjlUchEKATvTdR9Cjd3
2dEl10eK4SIRpA7hH8pdAZf+NsOaxeXSMr/OAGuSiUEpOhGkXVQy+QNBT0QWzcqu
Ybz2CZ2NzDaxqFxjRN859+hUYd9TjJHPRzVUEZA+Ru0/aJfOhoizNsWGWggUEF11
TdEtLLfw3GYenC4sOflX6m7EPfVqtPgr8Q7wlcYJknJQ
-----END CERTIFICATE-----