Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/8XOiDIJ8drK3nCBvRuKwN2I9cYc.roa
File:                     8XOiDIJ8drK3nCBvRuKwN2I9cYc.roa (raw, json)
Hash identifier:          vqRANNIzF4wlCZ6eUdmz3vpaE+SdXgMIJpj3rNWJtgg=
Subject key identifier:   F1:73:A2:0C:82:7C:76:B2:B7:9C:20:6F:46:E2:B0:37:62:3D:71:87
Certificate issuer:       /CN=e15808f3f921bc8c3eea87c7584c584c1000b051
Certificate serial:       018CC801342592E17D1F8F8AAF07346FD22A
Authority key identifier: E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/8XOiDIJ8drK3nCBvRuKwN2I9cYc.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5650
IP address blocks:        45.139.44.0/22 maxlen: 24
                          45.83.152.0/22 maxlen: 24
                          45.83.132.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 06:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:34:25:92:e1:7d:1f:8f:8a:af:07:34:6f:d2:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15808f3f921bc8c3eea87c7584c584c1000b051
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f173a20c827c76b2b79c206f46e2b037623d7187
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:47:2d:ee:84:85:bd:a5:01:7f:e0:56:ae:e6:
                    24:63:fe:4f:f4:c1:d3:90:3a:06:e1:38:6d:ef:25:
                    c4:5a:c9:75:78:16:36:37:be:7b:92:4b:41:c6:ca:
                    32:35:6e:60:b6:4b:cf:1a:fa:1b:65:90:1b:ae:35:
                    03:1e:04:7a:e6:a8:43:30:f3:df:00:a8:7c:0f:bd:
                    24:e0:70:39:22:c6:ea:55:04:a9:35:f5:a1:ba:b0:
                    2b:96:81:31:56:de:81:ca:55:44:53:88:9c:e1:ce:
                    66:ad:3f:aa:ba:af:93:42:2e:2c:5d:7a:b3:4e:b3:
                    19:66:06:53:ef:d4:32:a1:4c:c4:79:87:b0:c6:44:
                    84:0b:f5:fe:cf:3b:b4:64:74:88:da:a3:48:95:f7:
                    d9:10:ee:81:0b:67:36:32:f1:37:e2:17:f1:12:30:
                    1c:75:d5:0c:6f:ff:48:7d:98:f5:a1:5a:12:9e:d4:
                    c8:09:92:96:e6:80:83:72:45:de:d5:0d:97:03:75:
                    1c:5e:c8:bf:48:f8:29:ec:69:00:02:85:30:b2:97:
                    60:3c:81:4d:cc:42:b9:7a:11:37:66:97:ad:f9:7e:
                    c3:79:bf:5a:d1:40:b0:f2:94:23:1f:d4:20:30:c9:
                    30:7b:d5:15:bd:c5:e1:77:5a:28:5a:d4:9d:86:6b:
                    a6:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:73:A2:0C:82:7C:76:B2:B7:9C:20:6F:46:E2:B0:37:62:3D:71:87
            X509v3 Authority Key Identifier:
                keyid:E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/8XOiDIJ8drK3nCBvRuKwN2I9cYc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.132.0/22
                  45.83.152.0/22
                  45.139.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         48:75:1a:9f:fd:07:a0:0a:8c:7f:ba:01:fa:ae:83:10:10:1c:
         40:03:e9:c3:8b:2c:b9:dd:3b:ae:ac:2d:bb:c0:7d:f3:86:66:
         0c:b3:f2:05:50:0b:8b:30:32:9d:75:a2:bc:ae:da:8b:d8:3a:
         be:71:e8:d0:9b:5f:ea:b1:91:89:eb:ed:1f:48:a5:fa:81:56:
         55:80:e7:10:28:92:6e:9b:03:df:35:db:8e:c9:76:1c:8c:f0:
         b4:2d:15:22:b0:a2:5c:51:5c:e4:d6:b1:90:9e:18:cf:1e:4e:
         ac:79:a1:73:20:28:c4:58:f9:1c:9b:4b:b4:eb:b5:ea:b5:66:
         bd:a7:a4:fe:8a:72:10:44:52:15:29:dc:3a:84:49:d9:21:7b:
         2c:2f:9c:ca:2e:8e:41:c9:2a:bf:8a:25:6a:e5:bf:d2:a1:fe:
         d0:e9:3d:b8:84:01:c6:ac:82:cd:dc:f9:52:58:38:ec:71:fd:
         d7:82:d9:f8:7b:43:be:88:3a:69:8f:3a:c1:f0:72:b4:42:ba:
         5c:19:cb:48:c9:15:cb:0a:28:02:f2:dd:52:02:07:30:5d:1d:
         28:80:b7:2b:7d:14:82:3c:3d:c0:ee:42:b1:a1:9c:52:fc:2d:
         a3:36:8f:eb:21:a6:84:89:63:76:20:6a:6d:d2:68:e8:5c:d9:
         c7:a0:67:57
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzIATQlkuF9H4+Krwc0b9IqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTgwOGYzZjkyMWJjOGMzZWVhODdjNzU4NGM1ODRjMTAw
MGIwNTEwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTczYTIwYzgyN2M3NmIyYjc5YzIwNmY0NmUyYjAzNzYyM2Q3MTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi0ct7oSFvaUBf+BWruYkY/5P9MHT
kDoG4Tht7yXEWsl1eBY2N757kktBxsoyNW5gtkvPGvobZZAbrjUDHgR65qhDMPPf
AKh8D70k4HA5IsbqVQSpNfWhurArloExVt6BylVEU4ic4c5mrT+quq+TQi4sXXqz
TrMZZgZT79QyoUzEeYewxkSEC/X+zzu0ZHSI2qNIlffZEO6BC2c2MvE34hfxEjAc
ddUMb/9IfZj1oVoSntTICZKW5oCDckXe1Q2XA3UcXsi/SPgp7GkAAoUwspdgPIFN
zEK5ehE3Zpet+X7Deb9a0UCw8pQjH9QgMMkwe9UVvcXhd1ooWtSdhmumHwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPFzogyCfHayt5wgb0bisDdiPXGHMB8GA1UdIwQY
MBaAFOFYCPP5IbyMPuqHx1hMWEwQALBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAt
YWIxOWZjYjBjZTY0LzEvOFhPaURJSjhkckszbkNCdlJ1S3dOMkk5Y1ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAtYWIxOWZjYjBjZTY0
LzEvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCLVOEAwQC
LVOYAwQCLYssMA0GCSqGSIb3DQEBCwUAA4IBAQBIdRqf/QegCox/ugH6roMQEBxA
A+nDiyy53TuurC27wH3zhmYMs/IFUAuLMDKddaK8rtqL2Dq+cejQm1/qsZGJ6+0f
SKX6gVZVgOcQKJJumwPfNduOyXYcjPC0LRUisKJcUVzk1rGQnhjPHk6seaFzICjE
WPkcm0u067XqtWa9p6T+inIQRFIVKdw6hEnZIXssL5zKLo5BySq/iiVq5b/Sof7Q
6T24hAHGrILN3PlSWDjscf3Xgtn4e0O+iDppjzrB8HK0QrpcGctIyRXLCigC8t1S
AgcwXR0ogLcrfRSCPD3A7kKxoZxS/C2jNo/rIaaEiWN2IGpt0mjoXNnHoGdX
-----END CERTIFICATE-----