Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/MtORRkj6KzBYdubYDseSTdp0h1I.roa
File:                     MtORRkj6KzBYdubYDseSTdp0h1I.roa (raw, json)
Hash identifier:          BKam7PcrRKZE7SE6qK2CoqqGToCrXa4T9X6XMC+0n8I=
Subject key identifier:   32:D3:91:46:48:FA:2B:30:58:76:E6:D8:0E:C7:92:4D:DA:74:87:52
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       018CC6B918CC1294560EEA829BD3CFF68236
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/MtORRkj6KzBYdubYDseSTdp0h1I.roa
Signing time:             Mon 01 Jan 2024 20:31:08 +0000
ROA not before:           Mon 01 Jan 2024 20:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20473
IP address blocks:        45.156.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:18:cc:12:94:56:0e:ea:82:9b:d3:cf:f6:82:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: Jan  1 20:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=32d3914648fa2b305876e6d80ec7924dda748752
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:7a:48:c1:6d:f7:8f:1a:e7:77:f2:f0:19:a0:
                    c7:3a:91:c5:7f:d8:5a:a6:8c:9a:70:23:21:5f:de:
                    7c:58:2c:54:87:e1:89:d8:e0:12:ba:cd:12:60:09:
                    01:9e:11:34:9c:c4:da:3d:a3:ed:9b:3e:7d:31:99:
                    ba:98:e4:45:8a:2e:43:99:b2:d1:d9:0b:9e:93:99:
                    92:9e:9b:52:05:26:f7:14:be:c7:34:c1:46:de:db:
                    dd:3a:72:99:bf:65:21:d7:fa:93:4f:5f:95:84:e0:
                    80:06:45:eb:25:86:75:32:77:37:3b:e8:e8:2c:a1:
                    fd:3b:e5:21:f8:db:d8:d1:1b:c1:ed:2c:5b:0d:2b:
                    5d:69:a6:a0:0b:8e:b5:d1:fc:72:f2:8e:bb:c7:a2:
                    44:99:fe:18:16:ba:6b:5c:1c:54:53:9f:df:14:24:
                    60:4a:d4:c8:b4:ce:e4:ba:75:9b:47:8d:57:f7:53:
                    ea:45:ac:22:14:81:32:21:03:25:3e:72:57:60:0c:
                    56:36:4c:2e:a5:e8:5a:c1:e6:1a:a8:35:d9:01:8b:
                    f1:ef:65:8b:13:c9:bd:9a:99:4a:57:ab:31:03:a1:
                    46:a8:41:37:21:01:97:a7:9e:b0:94:db:72:cc:a9:
                    70:ef:c8:e2:f6:ea:27:b6:e8:d8:04:19:27:b8:18:
                    c1:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:D3:91:46:48:FA:2B:30:58:76:E6:D8:0E:C7:92:4D:DA:74:87:52
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/MtORRkj6KzBYdubYDseSTdp0h1I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:55:dd:1c:11:46:94:f2:1d:c6:3a:e6:66:92:fc:61:ac:4e:
         da:a3:06:a5:23:16:1c:b7:26:5d:4f:66:8b:93:e1:52:50:19:
         b3:bd:8d:18:9e:db:3c:08:74:9b:b2:1f:f0:8c:a2:6a:1c:7c:
         81:29:6d:f7:a7:d6:6d:07:87:8a:55:d0:aa:47:71:19:02:dc:
         b9:3d:55:32:d5:55:c3:58:4f:17:95:e1:61:ef:06:2d:6a:2a:
         14:25:1e:5d:97:3d:53:5e:b2:6e:9a:8d:f5:4a:81:62:d6:45:
         77:3f:d2:52:ed:ed:f1:65:ee:de:3a:a7:fb:51:ab:6f:8d:0f:
         50:94:7d:cb:c6:51:96:53:1b:e3:cc:17:a8:7d:07:8b:33:bf:
         3d:98:da:71:47:16:3e:c5:82:ce:cb:98:51:bc:11:e1:f4:30:
         a1:22:1c:f5:32:2f:47:e0:63:bf:48:f4:a2:45:8e:0c:9f:31:
         e8:bd:39:a5:e6:57:01:ae:f3:20:15:0f:cc:b5:04:0a:e6:b6:
         bc:8c:d4:40:6e:78:bf:86:b9:cc:21:7f:b7:6b:07:81:fb:98:
         e6:29:62:d5:ba:f9:90:80:70:d9:52:a1:6e:1f:cd:89:44:9e:
         6e:ad:9c:9b:4d:a9:29:54:0e:42:e9:ec:e4:14:d5:ef:d6:a7:
         58:0e:88:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuRjMEpRWDuqCm9PP9oI2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhN2YwMzZlMjU5MjM5MWZiNDVhM2RkMzNjYWYwYjA3OTU2
OTczY2YwHhcNMjQwMTAxMjAzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMmQzOTE0NjQ4ZmEyYjMwNTg3NmU2ZDgwZWM3OTI0ZGRhNzQ4NzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuHpIwW33jxrnd/LwGaDHOpHFf9ha
poyacCMhX958WCxUh+GJ2OASus0SYAkBnhE0nMTaPaPtmz59MZm6mORFii5DmbLR
2Quek5mSnptSBSb3FL7HNMFG3tvdOnKZv2Uh1/qTT1+VhOCABkXrJYZ1Mnc3O+jo
LKH9O+Uh+NvY0RvB7SxbDStdaaagC4610fxy8o67x6JEmf4YFrprXBxUU5/fFCRg
StTItM7kunWbR41X91PqRawiFIEyIQMlPnJXYAxWNkwupehaweYaqDXZAYvx72WL
E8m9mplKV6sxA6FGqEE3IQGXp56wlNtyzKlw78ji9uontujYBBknuBjB7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDLTkUZI+iswWHbm2A7Hkk3adIdSMB8GA1UdIwQY
MBaAFBp/A24lkjkftFo90zyvCweVaXPPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2It
MzQwZDYyNWM2ZGJhLzEvTXRPUlJrajZLekJZZHViWURzZVNUZHAwaDFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2ItMzQwZDYyNWM2ZGJh
LzEvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZyTMA0G
CSqGSIb3DQEBCwUAA4IBAQA9Vd0cEUaU8h3GOuZmkvxhrE7aowalIxYctyZdT2aL
k+FSUBmzvY0Ynts8CHSbsh/wjKJqHHyBKW33p9ZtB4eKVdCqR3EZAty5PVUy1VXD
WE8XleFh7wYtaioUJR5dlz1TXrJumo31SoFi1kV3P9JS7e3xZe7eOqf7UatvjQ9Q
lH3LxlGWUxvjzBeofQeLM789mNpxRxY+xYLOy5hRvBHh9DChIhz1Mi9H4GO/SPSi
RY4MnzHovTml5lcBrvMgFQ/MtQQK5ra8jNRAbni/hrnMIX+3aweB+5jmKWLVuvmQ
gHDZUqFuH82JRJ5urZybTakpVA5C6ezkFNXv1qdYDogA
-----END CERTIFICATE-----