Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/t4iSYxFp0jYc0JpGFFCPx104yMY.roa
File:                     t4iSYxFp0jYc0JpGFFCPx104yMY.roa (raw, json)
Hash identifier:          jlEZSkmZTqPUfKt8Qcns5PGyPgwUb1tpcI3qfTJeMy4=
Subject key identifier:   B7:88:92:63:11:69:D2:36:1C:D0:9A:46:14:50:8F:C7:5D:38:C8:C6
Certificate issuer:       /CN=e15808f3f921bc8c3eea87c7584c584c1000b051
Certificate serial:       018EA5530488DE7D2214AFFD577B19A210DA
Authority key identifier: E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/t4iSYxFp0jYc0JpGFFCPx104yMY.roa
Signing time:             Wed 03 Apr 2024 18:57:45 +0000
ROA not before:           Wed 03 Apr 2024 18:57:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        45.158.88.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 02 May 2024 21:01:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:a5:53:04:88:de:7d:22:14:af:fd:57:7b:19:a2:10:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15808f3f921bc8c3eea87c7584c584c1000b051
        Validity
            Not Before: Apr  3 18:57:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b78892631169d2361cd09a4614508fc75d38c8c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:b0:fb:15:04:bf:6d:6f:20:ee:f7:c2:ef:5f:
                    db:a7:ce:0d:12:21:1a:9f:a7:ce:fb:79:c7:59:83:
                    1e:57:34:5a:d0:17:f5:75:fc:74:29:4a:48:a2:51:
                    ac:95:cf:be:91:eb:97:3a:82:38:e2:a9:06:31:10:
                    14:fa:2f:64:0d:2a:47:a4:62:85:3a:e2:8a:f1:cd:
                    0f:db:1f:c8:fc:5c:13:99:95:75:91:e6:80:f0:fb:
                    af:60:de:ab:df:69:f8:dc:44:58:19:77:8d:c2:b2:
                    f1:6c:b6:06:8c:e0:1b:0a:68:c4:36:2e:d4:33:d5:
                    13:7e:eb:98:59:e7:a6:b7:e7:fb:2c:0c:81:38:cf:
                    86:6b:cb:6c:20:0f:e3:6a:8d:88:dc:48:b7:b3:bd:
                    6c:75:59:26:45:11:5a:07:ca:56:66:c0:88:7a:ac:
                    49:94:f0:6a:f1:22:20:f9:a9:32:09:4b:08:68:a0:
                    b2:2d:7d:d0:4b:60:f9:6e:6b:03:79:28:ae:82:f7:
                    11:7c:81:83:ff:1b:7e:35:18:c0:78:17:f8:82:4b:
                    21:12:a3:63:d3:e7:4e:47:9f:92:6b:29:da:d0:bc:
                    af:62:9d:d9:19:b9:97:37:e2:d8:78:44:0e:82:be:
                    35:80:95:3a:c4:f8:03:dc:9a:8b:0f:fc:7a:9e:64:
                    2d:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:88:92:63:11:69:D2:36:1C:D0:9A:46:14:50:8F:C7:5D:38:C8:C6
            X509v3 Authority Key Identifier:
                keyid:E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/t4iSYxFp0jYc0JpGFFCPx104yMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.88.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ad:76:fd:fc:ba:48:a2:c0:31:5d:99:db:eb:e4:82:5f:e5:f2:
         85:c2:f3:76:c2:75:dc:03:2c:8b:0a:b5:f6:86:0a:61:c1:d9:
         71:d5:5f:9e:46:15:9e:4a:43:9d:73:e9:78:8c:e1:70:b7:01:
         0d:41:77:07:36:66:2a:3a:17:a5:37:9a:f6:a5:f6:82:e8:cf:
         d0:5f:f0:c1:8f:e9:30:0f:1c:81:4f:44:03:86:e8:58:db:d5:
         5d:f0:86:fe:f6:f2:8b:63:7c:56:0e:7d:5c:48:5b:14:7b:f7:
         fd:97:65:f6:a6:a7:f0:8a:85:9b:0a:c2:9e:84:da:be:82:37:
         9b:bd:bf:d2:b9:d1:5b:b2:ce:66:fd:35:2a:d0:37:87:05:28:
         dc:bf:7b:a8:d1:55:bc:9f:45:bf:cf:11:37:1c:e0:37:f1:a8:
         e0:a0:0b:49:85:3f:e5:b6:0a:2e:38:d3:e7:a6:06:d6:a3:95:
         71:d3:cc:15:18:fe:43:73:17:0b:01:52:04:1b:74:a2:fc:c7:
         43:a4:f1:8e:f5:5d:2e:0e:7b:46:ce:04:e8:a0:4b:c2:90:8c:
         37:8c:91:a1:95:32:0e:43:a4:7b:d3:df:11:4b:36:48:25:35:
         dd:12:30:26:af:bd:dd:08:32:4c:3c:c4:8b:30:da:59:d7:8a:
         f7:13:3e:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY6lUwSI3n0iFK/9V3sZohDaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTgwOGYzZjkyMWJjOGMzZWVhODdjNzU4NGM1ODRjMTAw
MGIwNTEwHhcNMjQwNDAzMTg1NzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzg4OTI2MzExNjlkMjM2MWNkMDlhNDYxNDUwOGZjNzVkMzhjOGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA57D7FQS/bW8g7vfC71/bp84NEiEa
n6fO+3nHWYMeVzRa0Bf1dfx0KUpIolGslc++keuXOoI44qkGMRAU+i9kDSpHpGKF
OuKK8c0P2x/I/FwTmZV1keaA8PuvYN6r32n43ERYGXeNwrLxbLYGjOAbCmjENi7U
M9UTfuuYWeemt+f7LAyBOM+Ga8tsIA/jao2I3Ei3s71sdVkmRRFaB8pWZsCIeqxJ
lPBq8SIg+akyCUsIaKCyLX3QS2D5bmsDeSiugvcRfIGD/xt+NRjAeBf4gkshEqNj
0+dOR5+Sayna0LyvYp3ZGbmXN+LYeEQOgr41gJU6xPgD3JqLD/x6nmQt5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLeIkmMRadI2HNCaRhRQj8ddOMjGMB8GA1UdIwQY
MBaAFOFYCPP5IbyMPuqHx1hMWEwQALBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAt
YWIxOWZjYjBjZTY0LzEvdDRpU1l4RnAwalljMEpwR0ZGQ1B4MTA0eU1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAtYWIxOWZjYjBjZTY0
LzEvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ5YMA0G
CSqGSIb3DQEBCwUAA4IBAQCtdv38ukiiwDFdmdvr5IJf5fKFwvN2wnXcAyyLCrX2
hgphwdlx1V+eRhWeSkOdc+l4jOFwtwENQXcHNmYqOhelN5r2pfaC6M/QX/DBj+kw
DxyBT0QDhuhY29Vd8Ib+9vKLY3xWDn1cSFsUe/f9l2X2pqfwioWbCsKehNq+gjeb
vb/SudFbss5m/TUq0DeHBSjcv3uo0VW8n0W/zxE3HOA38ajgoAtJhT/ltgouONPn
pgbWo5Vx08wVGP5DcxcLAVIEG3Si/MdDpPGO9V0uDntGzgTooEvCkIw3jJGhlTIO
Q6R7098RSzZIJTXdEjAmr73dCDJMPMSLMNpZ14r3Ez5X
-----END CERTIFICATE-----