Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/4a757c-adde-485c-9171-f603538412c8/1/B_era-eP3WBg7IXUbIMPAO26LiQ.roa
File:                     B_era-eP3WBg7IXUbIMPAO26LiQ.roa (raw, json)
Hash identifier:          OFCvkhlXgAASc+TDEryAiH7tU2BHP0ZjmtnS40R33ME=
Subject key identifier:   07:F7:AB:6B:E7:8F:DD:60:60:EC:85:D4:6C:83:0F:00:ED:BA:2E:24
Certificate issuer:       /CN=cd1242e6c7ebd82a23fa1a08f396ebe5ab34cf6b
Certificate serial:       018CCA2A5075195FE6F47A3FC63AC55D506F
Authority key identifier: CD:12:42:E6:C7:EB:D8:2A:23:FA:1A:08:F3:96:EB:E5:AB:34:CF:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zRJC5sfr2Coj-hoI85br5as0z2s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f0/4a757c-adde-485c-9171-f603538412c8/1/B_era-eP3WBg7IXUbIMPAO26LiQ.roa
Signing time:             Tue 02 Jan 2024 12:33:39 +0000
ROA not before:           Tue 02 Jan 2024 12:33:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208978
IP address blocks:        45.10.34.0/23 maxlen: 23
                          45.10.32.0/22 maxlen: 22
                          45.10.32.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f0/4a757c-adde-485c-9171-f603538412c8/1/zRJC5sfr2Coj-hoI85br5as0z2s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f0/4a757c-adde-485c-9171-f603538412c8/1/zRJC5sfr2Coj-hoI85br5as0z2s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zRJC5sfr2Coj-hoI85br5as0z2s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:50:75:19:5f:e6:f4:7a:3f:c6:3a:c5:5d:50:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cd1242e6c7ebd82a23fa1a08f396ebe5ab34cf6b
        Validity
            Not Before: Jan  2 12:33:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=07f7ab6be78fdd6060ec85d46c830f00edba2e24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:a0:d7:f7:26:90:41:ad:23:48:51:ea:8a:c7:
                    d0:93:2a:ba:1a:41:e9:63:82:80:d8:91:7b:97:f6:
                    6a:f0:d1:87:e0:65:75:c6:91:86:d3:c9:26:57:b0:
                    a7:80:60:ee:d7:4c:08:9a:68:9e:ab:da:81:39:c9:
                    c6:a2:16:44:9f:61:88:91:e4:a9:f7:94:ff:63:77:
                    62:4c:ed:fd:20:ad:8a:3c:c9:8c:47:1b:30:b6:db:
                    72:23:67:d1:20:92:37:53:4d:39:8d:0c:91:ff:85:
                    22:41:68:0a:c9:3c:33:c9:17:48:e8:47:09:42:70:
                    46:c7:cf:8d:98:82:ea:6e:b7:a4:db:e3:a0:55:a9:
                    cb:a4:47:d8:ac:d2:58:f9:f3:a5:02:fb:db:20:27:
                    09:f2:e7:c2:5f:ae:c5:1e:8a:60:ce:45:f1:e2:06:
                    f9:82:7f:b4:4c:40:a7:5b:49:84:f9:51:14:ea:83:
                    f1:51:b9:29:03:37:68:d0:4b:66:fe:c2:7f:4f:f2:
                    14:41:6d:a8:03:de:e0:81:5d:ca:d4:6a:fc:95:14:
                    fb:61:5d:61:ae:3a:2f:f3:35:d3:ef:bf:1f:25:7a:
                    fb:4a:57:25:c9:91:7f:54:4b:d1:9e:43:af:e2:c7:
                    c3:78:e2:5c:ff:b3:4e:af:76:99:61:81:8b:81:15:
                    14:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:F7:AB:6B:E7:8F:DD:60:60:EC:85:D4:6C:83:0F:00:ED:BA:2E:24
            X509v3 Authority Key Identifier:
                keyid:CD:12:42:E6:C7:EB:D8:2A:23:FA:1A:08:F3:96:EB:E5:AB:34:CF:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zRJC5sfr2Coj-hoI85br5as0z2s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/4a757c-adde-485c-9171-f603538412c8/1/B_era-eP3WBg7IXUbIMPAO26LiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/4a757c-adde-485c-9171-f603538412c8/1/zRJC5sfr2Coj-hoI85br5as0z2s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.10.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         69:ed:cf:06:0f:15:81:5e:cc:a8:54:18:f3:b6:a7:5e:28:7b:
         b0:1d:1d:aa:97:b1:2a:d3:a5:cd:4d:fc:c0:e6:fe:1a:48:7d:
         27:18:9a:27:ba:79:63:47:ee:8b:1b:15:03:eb:dc:e9:5d:c2:
         63:f8:68:c5:c7:5b:41:86:0e:df:ec:0f:db:56:4d:f3:07:0e:
         03:ae:8e:dc:4f:b6:c2:ee:6e:f0:01:4e:6e:5a:b5:96:ca:df:
         92:f6:b3:6a:d9:bc:01:59:cf:d2:b8:24:44:a5:76:a3:ea:84:
         9f:de:26:34:c5:de:2a:ae:82:ce:f5:76:b8:e1:27:fe:b5:5d:
         72:05:7f:96:85:c1:eb:74:2a:00:c2:8c:cd:ba:49:f1:1a:ca:
         94:4e:bc:b4:74:a3:a8:c9:92:22:32:7b:60:d4:e6:1b:57:a8:
         5b:b2:dc:01:b9:97:7d:9e:59:a8:28:9f:29:13:47:f0:bd:b1:
         d7:62:fd:37:f1:27:ed:36:0a:97:3a:a4:68:2d:c9:88:15:e5:
         22:41:f2:0e:48:39:ce:af:88:00:8c:26:e8:ae:32:78:fb:a0:
         e1:03:b0:2e:d1:1a:63:ae:d7:70:fe:1e:d9:68:16:ec:c6:f0:
         07:41:7e:7b:06:4a:a3:82:dc:8f:13:92:ec:5a:ed:5e:59:eb:
         3b:06:7e:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKlB1GV/m9Ho/xjrFXVBvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkMTI0MmU2YzdlYmQ4MmEyM2ZhMWEwOGYzOTZlYmU1YWIz
NGNmNmIwHhcNMjQwMTAyMTIzMzM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2Y3YWI2YmU3OGZkZDYwNjBlYzg1ZDQ2YzgzMGYwMGVkYmEyZTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr6DX9yaQQa0jSFHqisfQkyq6GkHp
Y4KA2JF7l/Zq8NGH4GV1xpGG08kmV7CngGDu10wImmieq9qBOcnGohZEn2GIkeSp
95T/Y3diTO39IK2KPMmMRxswtttyI2fRIJI3U005jQyR/4UiQWgKyTwzyRdI6EcJ
QnBGx8+NmILqbrek2+OgVanLpEfYrNJY+fOlAvvbICcJ8ufCX67FHopgzkXx4gb5
gn+0TECnW0mE+VEU6oPxUbkpAzdo0Etm/sJ/T/IUQW2oA97ggV3K1Gr8lRT7YV1h
rjov8zXT778fJXr7SlclyZF/VEvRnkOv4sfDeOJc/7NOr3aZYYGLgRUUGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAf3q2vnj91gYOyF1GyDDwDtui4kMB8GA1UdIwQY
MBaAFM0SQubH69gqI/oaCPOW6+WrNM9rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvelJKQzVzZnIyQ29qLWhvSTg1YnI1YXMwejJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC80YTc1N2MtYWRkZS00ODVjLTkxNzEt
ZjYwMzUzODQxMmM4LzEvQl9lcmEtZVAzV0JnN0lYVWJJTVBBTzI2TGlRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC80YTc1N2MtYWRkZS00ODVjLTkxNzEtZjYwMzUzODQxMmM4
LzEvelJKQzVzZnIyQ29qLWhvSTg1YnI1YXMwejJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQogMA0G
CSqGSIb3DQEBCwUAA4IBAQBp7c8GDxWBXsyoVBjztqdeKHuwHR2ql7Eq06XNTfzA
5v4aSH0nGJonunljR+6LGxUD69zpXcJj+GjFx1tBhg7f7A/bVk3zBw4Dro7cT7bC
7m7wAU5uWrWWyt+S9rNq2bwBWc/SuCREpXaj6oSf3iY0xd4qroLO9Xa44Sf+tV1y
BX+WhcHrdCoAwozNuknxGsqUTry0dKOoyZIiMntg1OYbV6hbstwBuZd9nlmoKJ8p
E0fwvbHXYv038SftNgqXOqRoLcmIFeUiQfIOSDnOr4gAjCborjJ4+6DhA7Au0Rpj
rtdw/h7ZaBbsxvAHQX57BkqjgtyPE5LsWu1eWes7Bn5s
-----END CERTIFICATE-----