Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/xZPi0VZa5oWvUKQfrpnsmMtXxkI.roa
File:                     xZPi0VZa5oWvUKQfrpnsmMtXxkI.roa (raw, json)
Hash identifier:          eHUs9uM0Y/xpXym5j8yEaEOU2/lmD6cEfWjjFfu7Hwk=
Subject key identifier:   C5:93:E2:D1:56:5A:E6:85:AF:50:A4:1F:AE:99:EC:98:CB:57:C6:42
Certificate issuer:       /CN=ded7239db81d61f98d586383ccc125d66106cb30
Certificate serial:       018CC9BBF8AB903D0AB40F08B2870185463D
Authority key identifier: DE:D7:23:9D:B8:1D:61:F9:8D:58:63:83:CC:C1:25:D6:61:06:CB:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3tcjnbgdYfmNWGODzMEl1mEGyzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/xZPi0VZa5oWvUKQfrpnsmMtXxkI.roa
Signing time:             Tue 02 Jan 2024 10:33:08 +0000
ROA not before:           Tue 02 Jan 2024 10:33:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51827
IP address blocks:        45.151.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/3tcjnbgdYfmNWGODzMEl1mEGyzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/3tcjnbgdYfmNWGODzMEl1mEGyzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3tcjnbgdYfmNWGODzMEl1mEGyzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:f8:ab:90:3d:0a:b4:0f:08:b2:87:01:85:46:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ded7239db81d61f98d586383ccc125d66106cb30
        Validity
            Not Before: Jan  2 10:33:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c593e2d1565ae685af50a41fae99ec98cb57c642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:5d:ba:d2:5c:85:b1:20:15:76:5f:ba:99:46:
                    40:42:ac:64:c3:4d:30:5b:b9:1c:55:96:2b:79:df:
                    7f:7c:12:45:11:23:7e:bf:3a:40:54:85:46:80:8f:
                    0e:9a:a8:19:b4:23:3d:2d:ea:6b:35:4e:98:64:3a:
                    6b:f3:e5:ee:6e:42:5a:69:97:3b:d4:e8:93:6a:08:
                    33:a2:6c:b5:f6:b8:f4:65:c1:ad:26:48:3c:b6:00:
                    71:33:86:6b:54:19:ac:c2:3e:25:a8:c9:7b:06:fb:
                    97:da:3f:d9:40:10:e1:e1:5f:f2:03:f9:bb:27:0d:
                    9d:78:59:1e:ec:03:3a:9f:1f:e9:42:02:22:89:ce:
                    a8:1c:35:22:ee:06:20:b2:09:69:d5:cd:12:d1:87:
                    91:5c:5f:50:d9:1e:75:b2:2e:ff:22:b9:0e:16:8c:
                    86:20:61:0c:61:f1:b8:6e:55:05:02:37:2e:9f:b3:
                    4e:5e:19:43:5e:b0:a1:25:ca:de:56:30:ea:33:f1:
                    3f:b5:df:c4:b2:2a:fe:f2:18:07:ba:df:92:85:10:
                    80:ac:50:14:65:77:25:9b:70:62:e5:ac:3a:09:01:
                    8f:02:11:63:a8:09:c5:ac:13:85:ec:b1:a3:12:3b:
                    ab:3a:30:12:2f:a5:9d:f7:37:b4:ff:8b:8a:24:e7:
                    eb:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C5:93:E2:D1:56:5A:E6:85:AF:50:A4:1F:AE:99:EC:98:CB:57:C6:42
            X509v3 Authority Key Identifier:
                keyid:DE:D7:23:9D:B8:1D:61:F9:8D:58:63:83:CC:C1:25:D6:61:06:CB:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3tcjnbgdYfmNWGODzMEl1mEGyzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/xZPi0VZa5oWvUKQfrpnsmMtXxkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b6c426-76d5-4a82-9b5f-856b65c75c26/1/3tcjnbgdYfmNWGODzMEl1mEGyzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.243.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:6d:67:ac:74:53:0f:78:68:a3:24:a0:43:7e:90:55:a4:01:
         ae:fa:fe:d3:b2:d9:26:e4:25:31:77:77:97:7b:7a:fe:6f:cd:
         1a:05:66:b7:42:2b:fd:7a:fd:8c:81:7d:53:16:05:0a:7f:de:
         2a:ea:34:83:68:8d:31:5a:1f:08:55:46:d5:d9:5c:54:08:db:
         b2:5b:2a:e2:46:cc:49:12:37:e2:9f:80:e7:ea:fc:e6:ac:2d:
         96:dd:58:48:33:e8:a3:3a:87:52:62:74:7a:5b:c5:84:d7:b4:
         f5:a9:de:be:7c:2c:95:cf:1a:00:1a:5b:b7:d0:82:f7:6e:48:
         47:1d:b6:03:84:61:41:7f:59:82:ab:1a:0b:f8:29:03:ed:ed:
         95:b3:b3:04:80:d9:f5:a8:ae:1b:9e:27:c7:1b:e7:21:db:7b:
         a6:ec:ff:28:6f:83:04:70:84:bb:25:e4:e9:9a:a5:ab:75:1b:
         ea:5e:0a:ea:8e:cd:e3:f6:2c:ac:59:ba:19:a1:c1:14:a9:e8:
         c8:a4:64:80:03:15:9d:29:5e:8c:fa:bf:44:87:9a:65:c2:a2:
         87:dc:58:d9:65:e1:0f:4d:99:4e:ab:ff:b0:49:58:ca:c7:ff:
         f6:be:f0:84:ee:0d:68:32:34:35:60:49:3d:58:96:2c:d0:16:
         ef:c9:13:63
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu/irkD0KtA8IsocBhUY9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZDcyMzlkYjgxZDYxZjk4ZDU4NjM4M2NjYzEyNWQ2NjEw
NmNiMzAwHhcNMjQwMTAyMTAzMzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTkzZTJkMTU2NWFlNjg1YWY1MGE0MWZhZTk5ZWM5OGNiNTdjNjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxF260lyFsSAVdl+6mUZAQqxkw00w
W7kcVZYred9/fBJFESN+vzpAVIVGgI8OmqgZtCM9LeprNU6YZDpr8+XubkJaaZc7
1OiTaggzomy19rj0ZcGtJkg8tgBxM4ZrVBmswj4lqMl7BvuX2j/ZQBDh4V/yA/m7
Jw2deFke7AM6nx/pQgIiic6oHDUi7gYgsglp1c0S0YeRXF9Q2R51si7/IrkOFoyG
IGEMYfG4blUFAjcun7NOXhlDXrChJcreVjDqM/E/td/Esir+8hgHut+ShRCArFAU
ZXclm3Bi5aw6CQGPAhFjqAnFrBOF7LGjEjurOjASL6Wd9ze0/4uKJOfrdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMWT4tFWWuaFr1CkH66Z7JjLV8ZCMB8GA1UdIwQY
MBaAFN7XI524HWH5jVhjg8zBJdZhBsswMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3Rjam5iZ2RZZm1OV0dPRHpNRWwxbUVHeXpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9iNmM0MjYtNzZkNS00YTgyLTliNWYt
ODU2YjY1Yzc1YzI2LzEveFpQaTBWWmE1b1d2VUtRZnJwbnNtTXRYeGtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9iNmM0MjYtNzZkNS00YTgyLTliNWYtODU2YjY1Yzc1YzI2
LzEvM3Rjam5iZ2RZZm1OV0dPRHpNRWwxbUVHeXpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZfzMA0G
CSqGSIb3DQEBCwUAA4IBAQC4bWesdFMPeGijJKBDfpBVpAGu+v7Tstkm5CUxd3eX
e3r+b80aBWa3Qiv9ev2MgX1TFgUKf94q6jSDaI0xWh8IVUbV2VxUCNuyWyriRsxJ
Ejfin4Dn6vzmrC2W3VhIM+ijOodSYnR6W8WE17T1qd6+fCyVzxoAGlu30IL3bkhH
HbYDhGFBf1mCqxoL+CkD7e2Vs7MEgNn1qK4bnifHG+ch23um7P8ob4MEcIS7JeTp
mqWrdRvqXgrqjs3j9iysWboZocEUqejIpGSAAxWdKV6M+r9Eh5plwqKH3FjZZeEP
TZlOq/+wSVjKx//2vvCE7g1oMjQ1YEk9WJYs0BbvyRNj
-----END CERTIFICATE-----