Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/OI0ouhfkNMHl-dyhdxvS-36TqHs.roa
File:                     OI0ouhfkNMHl-dyhdxvS-36TqHs.roa (raw, json)
Hash identifier:          4zQ8g5DbZ/V9wAKj+GchIVuhl5XocF5c4fpqaAbcd90=
Subject key identifier:   38:8D:28:BA:17:E4:34:C1:E5:F9:DC:A1:77:1B:D2:FB:7E:93:A8:7B
Certificate issuer:       /CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
Certificate serial:       018CC6B918789C9CAF13300B415020932910
Authority key identifier: 1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/OI0ouhfkNMHl-dyhdxvS-36TqHs.roa
Signing time:             Mon 01 Jan 2024 20:31:08 +0000
ROA not before:           Mon 01 Jan 2024 20:31:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20454
IP address blocks:        45.156.146.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 04:01:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:18:78:9c:9c:af:13:30:0b:41:50:20:93:29:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a7f036e2592391fb45a3dd33caf0b07956973cf
        Validity
            Not Before: Jan  1 20:31:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=388d28ba17e434c1e5f9dca1771bd2fb7e93a87b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:65:da:b2:ff:23:4c:d1:80:11:78:5f:11:77:
                    f6:f0:d6:c7:5c:11:f6:4b:b7:a0:5a:f4:72:ce:a1:
                    f5:8c:ac:ef:a0:7b:eb:77:d3:78:af:89:1d:53:89:
                    d2:7a:8e:b6:38:54:d7:e1:61:ba:96:3e:f7:e2:88:
                    d3:03:d2:3a:91:c5:b2:7f:b6:88:02:31:36:48:f9:
                    23:3a:16:06:b7:a0:4c:9a:37:9a:75:2e:b0:e8:17:
                    17:da:8c:1a:d5:a6:c1:43:d6:a9:7b:57:3c:de:77:
                    73:2f:72:14:df:d9:f6:d2:4e:32:ab:e2:4b:ca:96:
                    00:2b:5b:2a:b5:3c:64:aa:3c:6e:76:68:ec:b9:6e:
                    fa:ad:20:69:24:82:f9:fe:17:12:1e:a9:e0:c9:e1:
                    7f:92:b6:60:02:14:87:90:83:0d:a2:4e:af:41:39:
                    6c:1b:d8:59:39:bb:93:e8:39:39:ef:d8:2d:59:2a:
                    c0:11:f9:2c:f1:02:b9:f8:6a:53:20:9f:69:c8:4e:
                    22:16:f8:2e:93:0b:7a:5c:35:94:36:86:80:62:be:
                    76:e0:80:ba:d9:91:c9:e4:64:26:31:66:41:db:1f:
                    a4:c0:81:98:38:ee:fd:c4:f6:1d:66:92:5d:40:8e:
                    fc:42:a8:23:c8:6d:22:a5:9c:99:3d:30:0c:69:c5:
                    52:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:8D:28:BA:17:E4:34:C1:E5:F9:DC:A1:77:1B:D2:FB:7E:93:A8:7B
            X509v3 Authority Key Identifier:
                keyid:1A:7F:03:6E:25:92:39:1F:B4:5A:3D:D3:3C:AF:0B:07:95:69:73:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/OI0ouhfkNMHl-dyhdxvS-36TqHs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/24be1a-16da-481c-8bcb-340d625c6dba/1/Gn8DbiWSOR-0Wj3TPK8LB5Vpc88.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:1a:df:c4:db:09:ff:ac:4e:8d:0c:05:95:92:c5:c3:ba:e4:
         b2:a2:e0:94:3c:56:87:18:c5:56:7f:8c:45:ae:29:cc:1a:3f:
         2f:9a:ff:0b:5f:6e:3d:92:81:d9:3a:fa:85:0b:e6:17:83:18:
         a2:a2:bc:31:cb:43:35:38:f6:aa:12:8e:50:3d:68:89:2b:74:
         19:6a:e9:30:0d:40:46:36:1c:a3:8a:31:c7:8b:ea:ca:bd:d1:
         97:09:5a:c2:7d:ce:fc:f5:f7:02:7d:c3:c9:ea:b7:fd:9d:0a:
         9f:f0:a0:51:00:bb:d0:bf:99:1c:13:ab:8f:3f:fa:48:b3:68:
         f6:23:96:36:26:57:b7:36:f5:d6:ae:80:23:1d:2c:9d:1f:93:
         43:56:6b:8e:bc:45:aa:25:ea:9b:08:01:0d:72:8a:e6:a2:23:
         6a:1f:8f:37:d2:c4:df:5c:b1:34:59:9a:84:44:78:8e:09:fa:
         b0:3d:f2:13:86:81:e8:ef:db:bc:f9:0d:98:96:55:43:79:95:
         91:ff:2d:2a:da:30:65:89:cc:29:68:b7:09:24:21:c7:68:42:
         25:0d:57:1e:ee:78:24:8e:88:ac:36:4e:b0:18:b9:3a:0b:25:
         e2:2f:1d:31:18:5d:ec:3c:68:ea:e6:28:e1:ac:8d:b2:5f:a5:
         15:a7:6a:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuRh4nJyvEzALQVAgkykQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhN2YwMzZlMjU5MjM5MWZiNDVhM2RkMzNjYWYwYjA3OTU2
OTczY2YwHhcNMjQwMTAxMjAzMTA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODhkMjhiYTE3ZTQzNGMxZTVmOWRjYTE3NzFiZDJmYjdlOTNhODdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgGXasv8jTNGAEXhfEXf28NbHXBH2
S7egWvRyzqH1jKzvoHvrd9N4r4kdU4nSeo62OFTX4WG6lj734ojTA9I6kcWyf7aI
AjE2SPkjOhYGt6BMmjeadS6w6BcX2owa1abBQ9ape1c83ndzL3IU39n20k4yq+JL
ypYAK1sqtTxkqjxudmjsuW76rSBpJIL5/hcSHqngyeF/krZgAhSHkIMNok6vQTls
G9hZObuT6Dk579gtWSrAEfks8QK5+GpTIJ9pyE4iFvgukwt6XDWUNoaAYr524IC6
2ZHJ5GQmMWZB2x+kwIGYOO79xPYdZpJdQI78QqgjyG0ipZyZPTAMacVSZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDiNKLoX5DTB5fncoXcb0vt+k6h7MB8GA1UdIwQY
MBaAFBp/A24lkjkftFo90zyvCweVaXPPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2It
MzQwZDYyNWM2ZGJhLzEvT0kwb3VoZmtOTUhsLWR5aGR4dlMtMzZUcUhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC8yNGJlMWEtMTZkYS00ODFjLThiY2ItMzQwZDYyNWM2ZGJh
LzEvR244RGJpV1NPUi0wV2ozVFBLOExCNVZwYzg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZySMA0G
CSqGSIb3DQEBCwUAA4IBAQAZGt/E2wn/rE6NDAWVksXDuuSyouCUPFaHGMVWf4xF
rinMGj8vmv8LX249koHZOvqFC+YXgxiiorwxy0M1OPaqEo5QPWiJK3QZaukwDUBG
NhyjijHHi+rKvdGXCVrCfc789fcCfcPJ6rf9nQqf8KBRALvQv5kcE6uPP/pIs2j2
I5Y2Jle3NvXWroAjHSydH5NDVmuOvEWqJeqbCAENcormoiNqH4830sTfXLE0WZqE
RHiOCfqwPfIThoHo79u8+Q2YllVDeZWR/y0q2jBlicwpaLcJJCHHaEIlDVce7ngk
joisNk6wGLk6CyXiLx0xGF3sPGjq5ijhrI2yX6UVp2pz
-----END CERTIFICATE-----