Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/c23ca3-b327-4ed2-a5bb-b16e683dbe27/1/ZtQJs8_eQMeo6nOAoxa5nOfbbcQ.roa
File:                     ZtQJs8_eQMeo6nOAoxa5nOfbbcQ.roa (raw, json)
Hash identifier:          enn42o3Ym/kOxyHdmFmn6clJsf47uEFpc466xlwkd28=
Subject key identifier:   66:D4:09:B3:CF:DE:40:C7:A8:EA:73:80:A3:16:B9:9C:E7:DB:6D:C4
Certificate issuer:       /CN=0cebbfaaec24039b41eba56bb1caa51677d21c70
Certificate serial:       018CC2DB342F98F69504E810854C9CDC4A99
Authority key identifier: 0C:EB:BF:AA:EC:24:03:9B:41:EB:A5:6B:B1:CA:A5:16:77:D2:1C:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DOu_quwkA5tB66VrscqlFnfSHHA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/c23ca3-b327-4ed2-a5bb-b16e683dbe27/1/ZtQJs8_eQMeo6nOAoxa5nOfbbcQ.roa
Signing time:             Mon 01 Jan 2024 02:29:54 +0000
ROA not before:           Mon 01 Jan 2024 02:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208493
IP address blocks:        45.129.116.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/c23ca3-b327-4ed2-a5bb-b16e683dbe27/1/DOu_quwkA5tB66VrscqlFnfSHHA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/c23ca3-b327-4ed2-a5bb-b16e683dbe27/1/DOu_quwkA5tB66VrscqlFnfSHHA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DOu_quwkA5tB66VrscqlFnfSHHA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 01:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:db:34:2f:98:f6:95:04:e8:10:85:4c:9c:dc:4a:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0cebbfaaec24039b41eba56bb1caa51677d21c70
        Validity
            Not Before: Jan  1 02:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66d409b3cfde40c7a8ea7380a316b99ce7db6dc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:83:68:90:63:b0:4d:55:0a:66:4c:83:c5:0d:c4:
                    9f:df:1f:40:aa:68:fc:df:b2:cc:ea:c4:81:53:6b:
                    0a:b2:5d:30:8b:e2:10:39:5c:29:c1:9b:b8:e9:29:
                    e4:24:47:64:ef:79:4a:1e:01:1e:38:d7:4c:6f:dc:
                    79:9c:9a:0b:8f:14:6f:6d:4f:bb:a5:c3:67:91:90:
                    87:b0:b3:51:49:5a:51:6b:74:24:80:56:65:5e:43:
                    72:f4:28:8f:12:6c:e8:dc:83:f1:c8:00:55:bb:41:
                    08:08:17:0c:1e:10:50:13:25:41:dd:8e:01:2d:6a:
                    f3:6c:35:91:df:e5:6f:b4:4e:ce:ee:73:b1:e4:2f:
                    4d:f4:b9:b3:c4:9a:ad:e3:5a:b0:3d:ef:24:d7:3d:
                    81:7b:54:72:2b:af:ef:9c:a5:9b:d0:b1:6a:4a:dc:
                    ca:dc:e4:3d:b0:ca:c4:b4:35:b9:ea:c0:63:9c:d1:
                    98:3d:2c:59:5a:25:e4:9c:67:bc:5f:92:ec:8a:34:
                    5e:39:a2:58:8a:bd:27:b6:32:25:cc:f7:4a:b8:4f:
                    47:0d:1a:47:4f:c7:03:04:a7:a5:a3:9e:82:75:61:
                    7c:3a:2e:11:18:e5:3f:ca:a2:b0:97:70:b2:48:dd:
                    d3:f6:9d:dc:8d:dd:c1:49:9a:af:0e:0a:a5:a9:54:
                    87:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                66:D4:09:B3:CF:DE:40:C7:A8:EA:73:80:A3:16:B9:9C:E7:DB:6D:C4
            X509v3 Authority Key Identifier:
                keyid:0C:EB:BF:AA:EC:24:03:9B:41:EB:A5:6B:B1:CA:A5:16:77:D2:1C:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DOu_quwkA5tB66VrscqlFnfSHHA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/c23ca3-b327-4ed2-a5bb-b16e683dbe27/1/ZtQJs8_eQMeo6nOAoxa5nOfbbcQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/c23ca3-b327-4ed2-a5bb-b16e683dbe27/1/DOu_quwkA5tB66VrscqlFnfSHHA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:dd:fa:1e:47:3a:9e:34:9e:3c:ea:18:b8:83:1a:49:4b:b9:
         22:37:c6:92:35:da:ee:0c:2c:65:05:6d:f7:34:51:66:95:11:
         45:4a:35:0f:09:00:f5:14:b9:c0:8c:16:bf:2c:a4:4d:c7:c9:
         75:6a:2b:22:46:68:1e:9a:fb:b7:fc:39:ff:13:e1:23:34:8e:
         38:4d:30:e5:17:bf:ca:68:ff:a9:1f:75:07:05:bc:85:90:f7:
         57:f5:8f:fa:f0:2b:f3:8f:ed:be:0d:a2:4c:e0:3d:e3:b6:70:
         3e:c4:a2:a6:db:cd:e0:b0:f9:14:63:f2:08:d1:05:5c:99:e5:
         9a:bc:c8:5d:59:58:51:61:e7:be:dc:3b:8f:0f:4a:73:ae:fa:
         cb:56:f7:69:c4:9c:9b:2e:28:bf:fd:f9:48:41:a7:9b:8a:78:
         05:be:4a:08:78:1f:ea:93:61:d0:ce:dc:79:23:fb:48:28:84:
         41:fe:e3:d4:2a:f9:75:32:3b:4c:65:05:a1:eb:3d:95:47:a8:
         45:e4:a6:66:e7:74:42:e8:52:c1:88:84:aa:06:38:44:f6:70:
         cf:70:95:e8:ef:02:65:c7:97:29:8b:b3:57:ce:8c:d4:ae:b2:
         17:0c:19:56:a1:c0:e5:32:de:9d:0b:df:27:06:d8:e7:2f:b6:
         47:ad:1d:db
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2zQvmPaVBOgQhUyc3EqZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBjZWJiZmFhZWMyNDAzOWI0MWViYTU2YmIxY2FhNTE2Nzdk
MjFjNzAwHhcNMjQwMTAxMDIyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NmQ0MDliM2NmZGU0MGM3YThlYTczODBhMzE2Yjk5Y2U3ZGI2ZGM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2iQY7BNVQpmTIPFDcSf3x9Aqmj8
37LM6sSBU2sKsl0wi+IQOVwpwZu46SnkJEdk73lKHgEeONdMb9x5nJoLjxRvbU+7
pcNnkZCHsLNRSVpRa3QkgFZlXkNy9CiPEmzo3IPxyABVu0EICBcMHhBQEyVB3Y4B
LWrzbDWR3+VvtE7O7nOx5C9N9LmzxJqt41qwPe8k1z2Be1RyK6/vnKWb0LFqStzK
3OQ9sMrEtDW56sBjnNGYPSxZWiXknGe8X5LsijReOaJYir0ntjIlzPdKuE9HDRpH
T8cDBKelo56CdWF8Oi4RGOU/yqKwl3CySN3T9p3cjd3BSZqvDgqlqVSHOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGbUCbPP3kDHqOpzgKMWuZzn223EMB8GA1UdIwQY
MBaAFAzrv6rsJAObQeula7HKpRZ30hxwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRE91X3F1d2tBNXRCNjZWcnNjcWxGbmZTSEhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9jMjNjYTMtYjMyNy00ZWQyLWE1YmIt
YjE2ZTY4M2RiZTI3LzEvWnRRSnM4X2VRTWVvNm5PQW94YTVuT2ZiYmNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9jMjNjYTMtYjMyNy00ZWQyLWE1YmItYjE2ZTY4M2RiZTI3
LzEvRE91X3F1d2tBNXRCNjZWcnNjcWxGbmZTSEhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYF0MA0G
CSqGSIb3DQEBCwUAA4IBAQBM3foeRzqeNJ486hi4gxpJS7kiN8aSNdruDCxlBW33
NFFmlRFFSjUPCQD1FLnAjBa/LKRNx8l1aisiRmgemvu3/Dn/E+EjNI44TTDlF7/K
aP+pH3UHBbyFkPdX9Y/68Cvzj+2+DaJM4D3jtnA+xKKm283gsPkUY/II0QVcmeWa
vMhdWVhRYee+3DuPD0pzrvrLVvdpxJybLii//flIQaebingFvkoIeB/qk2HQztx5
I/tIKIRB/uPUKvl1MjtMZQWh6z2VR6hF5KZm53RC6FLBiISqBjhE9nDPcJXo7wJl
x5cpi7NXzozUrrIXDBlWocDlMt6dC98nBtjnL7ZHrR3b
-----END CERTIFICATE-----