Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/KtQfEbjEkvI9-TJ29U3XBm5FIIY.roa
File:                     KtQfEbjEkvI9-TJ29U3XBm5FIIY.roa (raw, json)
Hash identifier:          QAi82OazuMtpKKkZqrmCmOD5NnM1h5Dlbq9iPwCxu7M=
Subject key identifier:   2A:D4:1F:11:B8:C4:92:F2:3D:F9:32:76:F5:4D:D7:06:6E:45:20:86
Certificate issuer:       /CN=e15808f3f921bc8c3eea87c7584c584c1000b051
Certificate serial:       018CC80136452625E584B397EF20163D3EF5
Authority key identifier: E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/KtQfEbjEkvI9-TJ29U3XBm5FIIY.roa
Signing time:             Tue 02 Jan 2024 02:29:31 +0000
ROA not before:           Tue 02 Jan 2024 02:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62387
IP address blocks:        45.156.44.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 21:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:36:45:26:25:e5:84:b3:97:ef:20:16:3d:3e:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15808f3f921bc8c3eea87c7584c584c1000b051
        Validity
            Not Before: Jan  2 02:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2ad41f11b8c492f23df93276f54dd7066e452086
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:2b:79:db:b0:49:5c:73:71:1a:e4:80:06:bb:
                    a4:4a:2f:93:26:c1:f3:54:db:a0:4e:d2:0d:cc:d7:
                    24:fc:f8:92:3e:df:97:3c:9b:bc:d3:f3:04:bc:9b:
                    ee:46:85:0f:0e:6a:b3:60:5a:d1:44:40:5c:f9:a8:
                    63:e3:c1:97:9c:1c:cc:91:f4:bd:cc:7c:68:a6:d4:
                    95:c5:84:4b:3f:46:4b:c1:2a:41:55:c5:70:29:f9:
                    35:f2:c5:b8:57:7a:3a:0e:c5:e1:45:a8:5c:34:50:
                    1a:6f:3a:db:99:e6:c4:58:1c:a4:0d:8e:aa:47:e4:
                    46:af:eb:20:ac:03:6e:17:ec:c7:85:e9:af:a0:4f:
                    70:5a:13:b9:4a:f5:c9:81:db:6b:1f:fe:64:e3:46:
                    0b:1a:d0:de:2c:47:b1:6e:73:a2:b8:f7:56:af:61:
                    ef:f5:c0:70:6c:26:60:4c:1b:27:2e:37:e5:de:e7:
                    2d:cf:00:46:a4:ef:55:c7:05:37:ad:ef:b5:69:ca:
                    41:45:d9:4d:1f:c3:59:ca:c1:bd:ac:58:af:7d:91:
                    f8:cb:55:86:10:f2:87:20:55:8f:0e:96:3d:cd:0e:
                    35:d1:96:fd:b6:35:80:3b:db:2b:e2:b5:fb:81:8a:
                    61:2a:08:ef:0d:f5:17:5d:7a:b9:8a:0e:01:cc:a6:
                    61:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:D4:1F:11:B8:C4:92:F2:3D:F9:32:76:F5:4D:D7:06:6E:45:20:86
            X509v3 Authority Key Identifier:
                keyid:E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/KtQfEbjEkvI9-TJ29U3XBm5FIIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:7e:6a:1d:5a:04:e8:b4:78:a8:ca:86:a4:b0:a2:b8:a4:e3:
         cd:6f:44:dd:c4:09:fb:0a:da:0e:db:18:b5:0f:ff:d9:aa:18:
         77:bb:14:73:b1:b7:15:99:8d:ea:bb:d9:7e:eb:16:ec:dc:64:
         1e:52:a5:5e:04:82:45:e3:10:41:11:9d:9e:f1:17:0f:80:b1:
         04:88:59:e5:b4:d5:7c:9a:1b:a5:22:0e:de:5e:ed:13:a0:b0:
         ce:7d:df:b7:90:79:81:08:97:f6:c0:81:db:94:4d:8f:8b:71:
         a7:e8:4c:81:79:cc:d7:66:33:34:61:f7:11:2f:f7:62:4b:4b:
         b0:1a:52:14:a7:a5:c2:8d:1c:ed:f3:4f:d1:0d:ce:78:4b:46:
         92:5c:91:5e:4a:0c:86:34:66:93:5d:6d:a1:f1:ee:44:03:cc:
         d7:f8:e7:c0:3e:44:f9:a2:e8:12:d1:85:73:a0:e2:40:fb:7e:
         4a:54:ed:22:a8:27:ac:eb:c7:4a:55:3b:cf:ca:a1:f3:91:24:
         d5:4e:cb:48:8c:0f:33:a0:fa:56:ec:52:1c:04:a8:cc:73:44:
         f6:72:a7:83:ae:2a:4c:85:09:f9:7a:e0:3f:f0:39:6d:11:4a:
         db:11:60:cc:80:9e:7a:44:35:26:14:6a:47:1f:f0:e9:cf:5d:
         f3:f1:c2:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIATZFJiXlhLOX7yAWPT71MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTgwOGYzZjkyMWJjOGMzZWVhODdjNzU4NGM1ODRjMTAw
MGIwNTEwHhcNMjQwMTAyMDIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWQ0MWYxMWI4YzQ5MmYyM2RmOTMyNzZmNTRkZDcwNjZlNDUyMDg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCt527BJXHNxGuSABrukSi+TJsHz
VNugTtINzNck/PiSPt+XPJu80/MEvJvuRoUPDmqzYFrRREBc+ahj48GXnBzMkfS9
zHxoptSVxYRLP0ZLwSpBVcVwKfk18sW4V3o6DsXhRahcNFAabzrbmebEWBykDY6q
R+RGr+sgrANuF+zHhemvoE9wWhO5SvXJgdtrH/5k40YLGtDeLEexbnOiuPdWr2Hv
9cBwbCZgTBsnLjfl3uctzwBGpO9VxwU3re+1acpBRdlNH8NZysG9rFivfZH4y1WG
EPKHIFWPDpY9zQ410Zb9tjWAO9sr4rX7gYphKgjvDfUXXXq5ig4BzKZh5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCrUHxG4xJLyPfkydvVN1wZuRSCGMB8GA1UdIwQY
MBaAFOFYCPP5IbyMPuqHx1hMWEwQALBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAt
YWIxOWZjYjBjZTY0LzEvS3RRZkViakVrdkk5LVRKMjlVM1hCbTVGSUlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAtYWIxOWZjYjBjZTY0
LzEvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZwsMA0G
CSqGSIb3DQEBCwUAA4IBAQArfmodWgTotHioyoaksKK4pOPNb0TdxAn7CtoO2xi1
D//Zqhh3uxRzsbcVmY3qu9l+6xbs3GQeUqVeBIJF4xBBEZ2e8RcPgLEEiFnltNV8
mhulIg7eXu0ToLDOfd+3kHmBCJf2wIHblE2Pi3Gn6EyBeczXZjM0YfcRL/diS0uw
GlIUp6XCjRzt80/RDc54S0aSXJFeSgyGNGaTXW2h8e5EA8zX+OfAPkT5ougS0YVz
oOJA+35KVO0iqCes68dKVTvPyqHzkSTVTstIjA8zoPpW7FIcBKjMc0T2cqeDripM
hQn5euA/8DltEUrbEWDMgJ56RDUmFGpHH/Dpz13z8cKt
-----END CERTIFICATE-----