Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/WBtDJJfr2LkMRXxKSF30r5PevV8.roa
File:                     WBtDJJfr2LkMRXxKSF30r5PevV8.roa (raw, json)
Hash identifier:          KIVlLFAjf2TkyGDdpaHmPeOTxfir0X83YQpjCqSIMvo=
Subject key identifier:   58:1B:43:24:97:EB:D8:B9:0C:45:7C:4A:48:5D:F4:AF:93:DE:BD:5F
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       018E3236081059B562577371141C121255F2
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/WBtDJJfr2LkMRXxKSF30r5PevV8.roa
Signing time:             Tue 12 Mar 2024 10:29:45 +0000
ROA not before:           Tue 12 Mar 2024 10:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        45.155.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:32:36:08:10:59:b5:62:57:73:71:14:1c:12:12:55:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Mar 12 10:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=581b432497ebd8b90c457c4a485df4af93debd5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:46:96:6a:7c:88:b0:74:f0:a7:d6:b2:e3:ee:
                    c8:e4:47:5d:fa:35:ab:2b:65:aa:01:a8:3c:51:64:
                    93:3d:f3:58:ef:90:03:2b:d7:0b:75:3f:a4:1e:89:
                    57:ca:89:da:79:a0:3e:7a:0f:fd:8f:11:a3:78:33:
                    69:84:f2:82:42:a1:da:3c:ab:60:98:e8:44:c4:f7:
                    65:ab:ef:6b:c3:04:21:4d:5f:c5:b9:b1:e7:37:b9:
                    53:67:2b:92:04:de:40:4b:53:6f:f6:ba:59:6f:8e:
                    47:6e:4f:23:e4:36:8b:6c:eb:6d:45:6f:be:26:22:
                    fe:a6:95:e5:5d:5c:73:df:e2:0f:4f:96:3f:ef:cd:
                    01:d8:29:8c:d0:7d:04:fa:81:d5:5d:ad:47:74:6a:
                    c4:f8:72:37:41:22:96:1d:90:05:c8:4a:41:a6:8b:
                    18:e9:ed:e0:1a:6c:37:8c:26:c0:e6:36:20:aa:2d:
                    c8:f7:78:33:92:0b:70:3e:22:41:54:cb:b2:3f:22:
                    ad:df:33:16:db:25:77:2e:67:c8:bf:32:b5:48:c8:
                    28:7c:86:05:6b:78:39:66:4d:b0:9d:f6:db:a6:a5:
                    19:5b:6a:f4:45:81:1e:89:81:f2:b0:0d:92:c5:00:
                    2f:1a:54:28:fd:bf:a5:77:1e:6e:c8:ba:21:81:ed:
                    b3:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:1B:43:24:97:EB:D8:B9:0C:45:7C:4A:48:5D:F4:AF:93:DE:BD:5F
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/WBtDJJfr2LkMRXxKSF30r5PevV8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:b5:37:7d:55:cf:0e:46:f2:a3:fd:e3:a5:3d:40:5f:87:9a:
         c6:9d:fd:88:c2:72:e8:a2:78:90:47:ff:42:62:99:54:10:a6:
         49:fe:0f:ba:7f:3e:9c:70:d8:e7:65:f5:8f:af:d1:84:42:78:
         ec:30:10:da:b1:3a:9f:7a:7c:ee:fc:7b:ee:6b:18:6f:4c:ea:
         61:97:57:ad:6e:18:01:0e:d6:d4:d4:e9:69:76:a5:16:67:89:
         24:d1:e1:b4:b3:34:cd:31:fe:28:ea:25:32:2c:fe:a7:13:a7:
         2b:9c:f7:f4:d8:b2:b3:ee:59:5f:12:7d:be:d3:3a:09:56:5a:
         9a:2b:a0:e2:39:5b:2b:bb:c4:1d:27:f0:ba:be:79:43:6a:5c:
         1c:7e:17:fb:e5:d8:f0:e9:7b:3d:e6:13:43:f9:0c:a9:77:d7:
         ec:21:52:c4:f5:48:2d:77:ec:c5:d9:6d:00:a2:cf:36:7e:99:
         c9:45:9e:20:42:46:c5:2a:1d:76:4f:76:17:1d:c9:39:cd:25:
         a5:02:16:e1:d3:f0:8d:17:0f:aa:f7:51:ee:cf:7f:05:8a:7b:
         91:28:38:dc:35:66:5b:21:b6:a3:1f:28:93:30:50:4d:0c:cd:
         67:c9:e5:ea:b4:c6:47:ad:29:04:e4:10:de:e8:d6:1d:df:b0:
         8e:53:65:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4yNggQWbViV3NxFBwSElXyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjQwMzEyMTAyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ODFiNDMyNDk3ZWJkOGI5MGM0NTdjNGE0ODVkZjRhZjkzZGViZDVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA60aWanyIsHTwp9ay4+7I5Edd+jWr
K2WqAag8UWSTPfNY75ADK9cLdT+kHolXyonaeaA+eg/9jxGjeDNphPKCQqHaPKtg
mOhExPdlq+9rwwQhTV/FubHnN7lTZyuSBN5AS1Nv9rpZb45Hbk8j5DaLbOttRW++
JiL+ppXlXVxz3+IPT5Y/780B2CmM0H0E+oHVXa1HdGrE+HI3QSKWHZAFyEpBposY
6e3gGmw3jCbA5jYgqi3I93gzkgtwPiJBVMuyPyKt3zMW2yV3LmfIvzK1SMgofIYF
a3g5Zk2wnfbbpqUZW2r0RYEeiYHysA2SxQAvGlQo/b+ldx5uyLohge2zDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFgbQySX69i5DEV8Skhd9K+T3r1fMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEvV0J0REpKZnIyTGtNUlh4S1NGMzByNVBldlY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZvyMA0G
CSqGSIb3DQEBCwUAA4IBAQB3tTd9Vc8ORvKj/eOlPUBfh5rGnf2IwnLooniQR/9C
YplUEKZJ/g+6fz6ccNjnZfWPr9GEQnjsMBDasTqfenzu/HvuaxhvTOphl1etbhgB
DtbU1OlpdqUWZ4kk0eG0szTNMf4o6iUyLP6nE6crnPf02LKz7llfEn2+0zoJVlqa
K6DiOVsru8QdJ/C6vnlDalwcfhf75djw6Xs95hND+Qypd9fsIVLE9Ugtd+zF2W0A
os82fpnJRZ4gQkbFKh12T3YXHck5zSWlAhbh0/CNFw+q91Huz38FinuRKDjcNWZb
IbajHyiTMFBNDM1nyeXqtMZHrSkE5BDe6NYd37COU2Xi
-----END CERTIFICATE-----