Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/8QGlt44qa2LlFat3fmU2i7c1P_A.roa
File:                     8QGlt44qa2LlFat3fmU2i7c1P_A.roa (raw, json)
Hash identifier:          KmQkS4Prt093a8Qeur3spQilooVYTOZM22+Ww6ymA5Q=
Subject key identifier:   F1:01:A5:B7:8E:2A:6B:62:E5:15:AB:77:7E:65:36:8B:B7:35:3F:F0
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       0192DDA3EFE639530EE687E1DBA6B3CA80AF
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/8QGlt44qa2LlFat3fmU2i7c1P_A.roa
Signing time:             Wed 30 Oct 2024 13:36:01 +0000
ROA not before:           Wed 30 Oct 2024 13:36:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51765
IP address blocks:        45.112.194.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:dd:a3:ef:e6:39:53:0e:e6:87:e1:db:a6:b3:ca:80:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: Oct 30 13:36:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f101a5b78e2a6b62e515ab777e65368bb7353ff0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:8d:4b:91:d5:86:17:a4:3b:c7:cb:b2:83:2a:
                    75:07:ad:10:b2:31:89:dd:a0:ca:7f:4b:5f:ca:27:
                    18:81:eb:75:82:b7:38:4b:97:05:ed:8c:4c:54:fe:
                    c1:66:4e:02:ec:69:24:15:af:29:68:5c:cd:1f:2b:
                    34:9a:5d:1b:4f:80:2c:82:10:ac:21:99:b1:e0:62:
                    2b:01:b9:bc:cf:c5:5a:3a:cc:fc:e5:c6:61:27:14:
                    eb:8b:76:73:ae:7b:a7:17:6a:a6:b4:c8:69:00:59:
                    ba:45:3a:9c:54:51:74:70:03:90:b0:2f:c4:90:9b:
                    dc:02:e5:24:0b:45:f6:a5:0f:5d:9f:22:91:10:26:
                    d9:f7:01:7c:ee:69:dc:00:de:9a:0c:2e:d3:92:18:
                    50:b4:60:3f:6d:f9:07:e2:f7:97:b3:ef:be:61:0a:
                    d5:fc:bc:53:8f:fd:a7:5d:5c:aa:67:4f:85:9a:7d:
                    33:73:7b:18:ee:5b:88:38:d7:d1:9f:4d:5d:d1:02:
                    4f:7b:b8:62:87:a7:39:91:7e:07:c8:c5:fb:a3:69:
                    f1:b8:ef:96:8b:28:69:84:38:e8:d1:25:eb:43:df:
                    35:09:fc:fe:af:a7:c1:b2:a1:f3:9e:8e:6f:24:b3:
                    e4:fa:70:d7:02:b9:19:aa:98:92:2e:9b:03:62:d2:
                    5e:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:01:A5:B7:8E:2A:6B:62:E5:15:AB:77:7E:65:36:8B:B7:35:3F:F0
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/8QGlt44qa2LlFat3fmU2i7c1P_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.112.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:ff:92:c8:ab:65:0d:d5:38:5e:52:4f:8c:5a:f4:30:8e:3f:
         9f:c4:a6:86:59:69:16:e8:51:23:54:96:e7:bc:5f:e0:66:7a:
         2d:a3:d4:28:de:31:65:3c:9e:6e:1b:8d:3a:80:d9:7d:00:d0:
         19:18:ec:07:e4:5b:31:02:fa:2c:0e:74:b2:b3:44:6c:0f:24:
         26:9f:26:7d:97:a9:33:e3:eb:59:c1:25:82:fb:a4:5d:4a:06:
         bc:0d:5e:72:a5:f0:8e:c5:8f:02:6c:fc:db:cc:4a:0f:90:a5:
         86:49:ce:9f:bb:3c:86:18:b6:d3:c5:a9:83:49:8e:9f:25:cc:
         87:aa:30:6c:01:fa:59:ba:37:49:41:3b:95:50:ea:1f:76:bb:
         2d:1b:06:4e:40:66:0e:99:77:3e:1c:07:d2:61:70:2e:72:75:
         68:7b:9e:42:7b:5f:1b:df:71:76:59:0e:4c:88:18:a5:c7:56:
         31:71:fe:c4:5d:67:f2:31:91:4e:25:23:48:7d:d0:0c:91:d5:
         83:2d:f4:2b:ff:12:7a:45:0e:54:b6:47:94:05:f9:c1:2b:c0:
         46:f4:42:38:c7:6d:06:23:35:8c:a7:17:48:99:ec:ce:3e:27:
         a6:97:1e:07:1c:3f:8d:01:c0:5c:e3:b4:6b:05:82:ca:2c:45:
         bc:99:b4:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZLdo+/mOVMO5ofh26azyoCvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjQxMDMwMTMzNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTAxYTViNzhlMmE2YjYyZTUxNWFiNzc3ZTY1MzY4YmI3MzUzZmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoY1LkdWGF6Q7x8uygyp1B60QsjGJ
3aDKf0tfyicYget1grc4S5cF7YxMVP7BZk4C7GkkFa8paFzNHys0ml0bT4AsghCs
IZmx4GIrAbm8z8VaOsz85cZhJxTri3ZzrnunF2qmtMhpAFm6RTqcVFF0cAOQsC/E
kJvcAuUkC0X2pQ9dnyKRECbZ9wF87mncAN6aDC7TkhhQtGA/bfkH4veXs+++YQrV
/LxTj/2nXVyqZ0+Fmn0zc3sY7luIONfRn01d0QJPe7hih6c5kX4HyMX7o2nxuO+W
iyhphDjo0SXrQ981Cfz+r6fBsqHzno5vJLPk+nDXArkZqpiSLpsDYtJeSwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPEBpbeOKmti5RWrd35lNou3NT/wMB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEvOFFHbHQ0NHFhMkxsRmF0M2ZtVTJpN2MxUF9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALXDCMA0G
CSqGSIb3DQEBCwUAA4IBAQAK/5LIq2UN1TheUk+MWvQwjj+fxKaGWWkW6FEjVJbn
vF/gZnoto9Qo3jFlPJ5uG406gNl9ANAZGOwH5FsxAvosDnSys0RsDyQmnyZ9l6kz
4+tZwSWC+6RdSga8DV5ypfCOxY8CbPzbzEoPkKWGSc6fuzyGGLbTxamDSY6fJcyH
qjBsAfpZujdJQTuVUOofdrstGwZOQGYOmXc+HAfSYXAucnVoe55Ce18b33F2WQ5M
iBilx1Yxcf7EXWfyMZFOJSNIfdAMkdWDLfQr/xJ6RQ5UtkeUBfnBK8BG9EI4x20G
IzWMpxdImezOPiemlx4HHD+NAcBc47RrBYLKLEW8mbTl
-----END CERTIFICATE-----