Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/iiKC-8Hr_7NMM03tEB8gZCZoPIs.roa
File:                     iiKC-8Hr_7NMM03tEB8gZCZoPIs.roa (raw, json)
Hash identifier:          w7T2pWzXNRUrbgXJBysBlktHRAdSS6YngtQq+aQlTlA=
Subject key identifier:   8A:22:82:FB:C1:EB:FF:B3:4C:33:4D:ED:10:1F:20:64:26:68:3C:8B
Certificate issuer:       /CN=6a798f0fe4f4dffdfed2c8e62d235430f49377cd
Certificate serial:       018E51E4AF8D381CE04DA3D1D8495389815B
Authority key identifier: 6A:79:8F:0F:E4:F4:DF:FD:FE:D2:C8:E6:2D:23:54:30:F4:93:77:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/anmPD-T03_3-0sjmLSNUMPSTd80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/iiKC-8Hr_7NMM03tEB8gZCZoPIs.roa
Signing time:             Mon 18 Mar 2024 14:08:45 +0000
ROA not before:           Mon 18 Mar 2024 14:08:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     136268
IP address blocks:        45.154.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/anmPD-T03_3-0sjmLSNUMPSTd80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/anmPD-T03_3-0sjmLSNUMPSTd80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/anmPD-T03_3-0sjmLSNUMPSTd80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 02:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:51:e4:af:8d:38:1c:e0:4d:a3:d1:d8:49:53:89:81:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a798f0fe4f4dffdfed2c8e62d235430f49377cd
        Validity
            Not Before: Mar 18 14:08:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8a2282fbc1ebffb34c334ded101f206426683c8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:35:ce:c6:84:3b:8b:51:d5:d9:86:4f:6f:00:
                    4f:90:ee:07:96:29:6f:33:d3:c6:c4:c3:30:04:bd:
                    7f:95:12:f9:07:5e:0a:bf:28:16:74:90:07:a1:44:
                    9f:b3:fb:46:8f:9f:3c:8d:c7:1b:ea:81:b5:bc:ea:
                    22:27:88:cb:1d:c9:97:7c:c5:2d:f7:cd:66:e1:f4:
                    c8:e5:71:a4:9d:ae:a2:48:08:79:0c:21:49:d3:2f:
                    9f:21:10:2c:1d:1e:ce:8e:38:0f:96:58:ad:eb:40:
                    81:9e:e5:1b:ee:0f:be:dd:83:86:c7:49:35:87:7f:
                    e3:6a:1a:76:69:76:96:8e:03:f7:89:73:5d:62:de:
                    d2:fa:7a:b4:8e:7e:10:cf:9b:d5:f9:7e:25:59:bd:
                    6b:2e:9c:ac:8a:d2:34:96:96:21:80:08:34:7f:33:
                    58:6c:35:b5:d2:66:02:51:60:fc:14:33:ee:ef:93:
                    47:fd:a9:7c:d2:12:5c:df:85:0d:b0:1e:66:75:ae:
                    cc:a3:b4:3c:18:c3:79:b6:e3:69:f0:82:3a:e9:7c:
                    c6:67:76:d4:21:82:f9:e0:21:89:e6:87:10:b2:f0:
                    ef:e6:c4:01:aa:d8:0c:d4:fd:38:49:25:9d:d5:31:
                    16:63:6e:d1:c6:69:d9:51:ab:8d:e8:ab:9b:c3:d0:
                    26:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:22:82:FB:C1:EB:FF:B3:4C:33:4D:ED:10:1F:20:64:26:68:3C:8B
            X509v3 Authority Key Identifier:
                keyid:6A:79:8F:0F:E4:F4:DF:FD:FE:D2:C8:E6:2D:23:54:30:F4:93:77:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/anmPD-T03_3-0sjmLSNUMPSTd80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/iiKC-8Hr_7NMM03tEB8gZCZoPIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/anmPD-T03_3-0sjmLSNUMPSTd80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d8:6d:e8:da:25:c5:09:c0:58:db:09:05:2c:23:34:a5:b2:e3:
         a6:57:35:4d:d7:80:5a:f5:14:3e:d2:35:ad:1c:6b:74:8e:00:
         56:6d:6e:36:e2:85:7a:07:db:d3:72:f7:14:2d:ef:b7:6b:cf:
         4b:d1:5e:73:4e:66:c5:9d:44:07:4b:47:9c:f2:7d:37:4a:ab:
         d7:3d:42:99:39:11:d7:c4:2b:4a:2a:53:63:9d:b2:33:8d:c8:
         2d:47:52:a5:35:d2:c2:8a:66:06:3c:1e:ca:40:2b:52:6b:25:
         eb:5d:b0:bd:86:af:80:fa:86:9f:37:20:8a:e7:24:54:42:a4:
         26:3d:b5:a2:88:51:4a:ad:36:d9:7a:e8:66:91:0d:6f:c0:40:
         ab:89:29:1e:88:0a:de:9d:55:95:4c:f1:eb:11:bc:63:81:17:
         1e:0e:51:c3:64:0a:2f:34:96:10:3d:8f:69:9a:88:12:56:91:
         73:66:48:97:d1:7f:97:71:db:01:b5:c2:c5:f0:e1:55:5d:60:
         4d:48:8e:b8:ff:a6:88:de:cd:3a:bb:79:65:3d:30:08:25:f1:
         fe:01:15:92:ed:83:16:04:4a:c0:25:22:30:48:b1:4a:4c:87:
         ea:95:ad:40:30:b0:d9:5f:5a:af:2c:2d:bd:a2:2d:04:04:93:
         e4:94:60:62
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5R5K+NOBzgTaPR2ElTiYFbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNzk4ZjBmZTRmNGRmZmRmZWQyYzhlNjJkMjM1NDMwZjQ5
Mzc3Y2QwHhcNMjQwMzE4MTQwODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YTIyODJmYmMxZWJmZmIzNGMzMzRkZWQxMDFmMjA2NDI2NjgzYzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzXOxoQ7i1HV2YZPbwBPkO4Hlilv
M9PGxMMwBL1/lRL5B14KvygWdJAHoUSfs/tGj588jccb6oG1vOoiJ4jLHcmXfMUt
981m4fTI5XGkna6iSAh5DCFJ0y+fIRAsHR7OjjgPllit60CBnuUb7g++3YOGx0k1
h3/jahp2aXaWjgP3iXNdYt7S+nq0jn4Qz5vV+X4lWb1rLpysitI0lpYhgAg0fzNY
bDW10mYCUWD8FDPu75NH/al80hJc34UNsB5mda7Mo7Q8GMN5tuNp8II66XzGZ3bU
IYL54CGJ5ocQsvDv5sQBqtgM1P04SSWd1TEWY27RxmnZUauN6Kubw9AmhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIoigvvB6/+zTDNN7RAfIGQmaDyLMB8GA1UdIwQY
MBaAFGp5jw/k9N/9/tLI5i0jVDD0k3fNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW5tUEQtVDAzXzMtMHNqbUxTTlVNUFNUZDgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC83Yjc4MjUtYTBmNy00ZjViLTljMjMt
NzdjZjgxMDQxMDgzLzEvaWlLQy04SHJfN05NTTAzdEVCOGdaQ1pvUElzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC83Yjc4MjUtYTBmNy00ZjViLTljMjMtNzdjZjgxMDQxMDgz
LzEvYW5tUEQtVDAzXzMtMHNqbUxTTlVNUFNUZDgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZrNMA0G
CSqGSIb3DQEBCwUAA4IBAQDYbejaJcUJwFjbCQUsIzSlsuOmVzVN14Ba9RQ+0jWt
HGt0jgBWbW424oV6B9vTcvcULe+3a89L0V5zTmbFnUQHS0ec8n03SqvXPUKZORHX
xCtKKlNjnbIzjcgtR1KlNdLCimYGPB7KQCtSayXrXbC9hq+A+oafNyCK5yRUQqQm
PbWiiFFKrTbZeuhmkQ1vwECriSkeiArenVWVTPHrEbxjgRceDlHDZAovNJYQPY9p
mogSVpFzZkiX0X+XcdsBtcLF8OFVXWBNSI64/6aI3s06u3llPTAIJfH+ARWS7YMW
BErAJSIwSLFKTIfqla1AMLDZX1qvLC29oi0EBJPklGBi
-----END CERTIFICATE-----