Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/ca510c-b6d1-4eb3-8dd1-498f4c10b655/1/v3tj0PV6i_rcVhXAW-uYf9NymH4.roa
File:                     v3tj0PV6i_rcVhXAW-uYf9NymH4.roa (raw, json)
Hash identifier:          WeAlbPRAok1ic0NLrTqiVa14veQRmOnNDG6KBYoZL8Y=
Subject key identifier:   BF:7B:63:D0:F5:7A:8B:FA:DC:56:15:C0:5B:EB:98:7F:D3:72:98:7E
Certificate issuer:       /CN=ded8582b0243863c572ce25786ccb36ff795b22e
Certificate serial:       018CC8DE989119B20B21F3E182BE3D1B5E7C
Authority key identifier: DE:D8:58:2B:02:43:86:3C:57:2C:E2:57:86:CC:B3:6F:F7:95:B2:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3thYKwJDhjxXLOJXhsyzb_eVsi4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/ca510c-b6d1-4eb3-8dd1-498f4c10b655/1/v3tj0PV6i_rcVhXAW-uYf9NymH4.roa
Signing time:             Tue 02 Jan 2024 06:31:20 +0000
ROA not before:           Tue 02 Jan 2024 06:31:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207889
IP address blocks:        45.142.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/ca510c-b6d1-4eb3-8dd1-498f4c10b655/1/3thYKwJDhjxXLOJXhsyzb_eVsi4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/ca510c-b6d1-4eb3-8dd1-498f4c10b655/1/3thYKwJDhjxXLOJXhsyzb_eVsi4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3thYKwJDhjxXLOJXhsyzb_eVsi4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:98:91:19:b2:0b:21:f3:e1:82:be:3d:1b:5e:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ded8582b0243863c572ce25786ccb36ff795b22e
        Validity
            Not Before: Jan  2 06:31:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=bf7b63d0f57a8bfadc5615c05beb987fd372987e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6e:2d:8d:7e:7a:2e:f6:5b:db:97:95:eb:36:
                    d6:f0:93:7b:3b:ee:89:97:05:ef:04:ba:b4:7c:da:
                    e5:c4:d3:d6:0e:54:ae:46:c5:7a:34:85:67:66:8e:
                    d7:51:9f:85:2b:27:39:14:0b:2c:8f:14:8e:34:79:
                    63:d0:2d:5b:4a:38:a4:82:ef:4b:88:a4:07:25:13:
                    13:72:e5:48:43:5f:a0:19:10:34:e3:bc:38:33:7a:
                    a1:5c:55:c9:34:52:a4:85:f1:8e:db:f3:2b:14:a5:
                    c3:26:3e:12:59:2b:1f:de:22:fd:03:9b:0c:36:da:
                    7a:32:54:bf:8f:79:2c:ed:08:fc:c4:30:96:9b:ed:
                    7d:c3:3a:1b:19:ea:b5:1b:16:7b:a3:71:2b:96:3d:
                    71:e4:27:61:56:ad:e7:15:25:28:98:d4:fa:6a:36:
                    91:cc:e4:2a:80:21:09:0f:fc:00:58:92:6e:58:1e:
                    d0:47:3a:7d:78:87:e5:0f:9f:67:4d:09:ac:1f:cc:
                    ad:8e:fa:d3:3f:c6:14:07:10:45:12:cc:0c:05:57:
                    5d:1e:21:10:89:ae:f0:8b:52:2b:3b:d2:cb:05:fd:
                    8f:98:06:d1:7f:26:80:13:1a:45:0b:3b:dd:f7:de:
                    16:05:7e:26:c8:87:ca:49:c2:fa:4c:24:ab:7b:68:
                    ee:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:7B:63:D0:F5:7A:8B:FA:DC:56:15:C0:5B:EB:98:7F:D3:72:98:7E
            X509v3 Authority Key Identifier:
                keyid:DE:D8:58:2B:02:43:86:3C:57:2C:E2:57:86:CC:B3:6F:F7:95:B2:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3thYKwJDhjxXLOJXhsyzb_eVsi4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ca510c-b6d1-4eb3-8dd1-498f4c10b655/1/v3tj0PV6i_rcVhXAW-uYf9NymH4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ca510c-b6d1-4eb3-8dd1-498f4c10b655/1/3thYKwJDhjxXLOJXhsyzb_eVsi4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ea:a3:22:40:4c:69:2d:c1:d7:33:37:93:74:44:61:dd:50:8c:
         2f:3c:49:f7:ee:ce:37:09:99:5b:ca:bc:5c:15:43:5e:4c:47:
         0e:b3:f9:e0:44:2b:23:c7:11:56:f4:30:5e:e0:c0:2d:62:4b:
         30:6e:2e:09:d7:b8:47:33:d3:84:48:13:c7:01:31:60:33:74:
         51:c1:e4:61:4a:6e:16:5f:64:c9:2d:0e:f6:cd:8f:8d:1a:4f:
         e3:1c:cc:de:21:09:bb:7c:63:52:dd:45:54:2c:b3:20:99:52:
         30:44:59:9d:41:bd:ca:43:fc:91:ee:cb:d4:16:9a:89:b3:c4:
         d4:f3:88:d4:16:7f:b7:eb:42:20:44:5a:b1:01:88:2e:eb:fe:
         00:3b:ab:3a:2a:17:f6:ca:8d:94:8b:f0:9b:02:95:87:4b:dc:
         4b:8b:55:01:91:ea:f7:66:34:7b:32:8e:44:8d:09:08:6d:23:
         e5:61:9b:aa:8a:75:cd:e8:3f:16:61:da:a7:c1:bf:44:04:65:
         a1:1a:ac:fc:f8:03:67:81:13:a2:f9:21:9c:2b:3f:b3:ff:d0:
         02:b5:21:97:d9:81:4f:38:69:28:11:b0:cb:dd:6c:4c:be:03:
         6e:38:f3:07:2f:2e:0a:6a:ac:96:85:1d:20:e2:27:c6:5d:9a:
         09:7d:f3:32
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3piRGbILIfPhgr49G158MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlZDg1ODJiMDI0Mzg2M2M1NzJjZTI1Nzg2Y2NiMzZmZjc5
NWIyMmUwHhcNMjQwMTAyMDYzMTIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjdiNjNkMGY1N2E4YmZhZGM1NjE1YzA1YmViOTg3ZmQzNzI5ODdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtm4tjX56LvZb25eV6zbW8JN7O+6J
lwXvBLq0fNrlxNPWDlSuRsV6NIVnZo7XUZ+FKyc5FAssjxSONHlj0C1bSjikgu9L
iKQHJRMTcuVIQ1+gGRA047w4M3qhXFXJNFKkhfGO2/MrFKXDJj4SWSsf3iL9A5sM
Ntp6MlS/j3ks7Qj8xDCWm+19wzobGeq1GxZ7o3Erlj1x5CdhVq3nFSUomNT6ajaR
zOQqgCEJD/wAWJJuWB7QRzp9eIflD59nTQmsH8ytjvrTP8YUBxBFEswMBVddHiEQ
ia7wi1IrO9LLBf2PmAbRfyaAExpFCzvd994WBX4myIfKScL6TCSre2juEwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL97Y9D1eov63FYVwFvrmH/Tcph+MB8GA1UdIwQY
MBaAFN7YWCsCQ4Y8VyziV4bMs2/3lbIuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3RoWUt3SkRoanhYTE9KWGhzeXpiX2VWc2k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9jYTUxMGMtYjZkMS00ZWIzLThkZDEt
NDk4ZjRjMTBiNjU1LzEvdjN0ajBQVjZpX3JjVmhYQVctdVlmOU55bUg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9jYTUxMGMtYjZkMS00ZWIzLThkZDEtNDk4ZjRjMTBiNjU1
LzEvM3RoWUt3SkRoanhYTE9KWGhzeXpiX2VWc2k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY5bMA0G
CSqGSIb3DQEBCwUAA4IBAQDqoyJATGktwdczN5N0RGHdUIwvPEn37s43CZlbyrxc
FUNeTEcOs/ngRCsjxxFW9DBe4MAtYkswbi4J17hHM9OESBPHATFgM3RRweRhSm4W
X2TJLQ72zY+NGk/jHMzeIQm7fGNS3UVULLMgmVIwRFmdQb3KQ/yR7svUFpqJs8TU
84jUFn+360IgRFqxAYgu6/4AO6s6Khf2yo2Ui/CbApWHS9xLi1UBker3ZjR7Mo5E
jQkIbSPlYZuqinXN6D8WYdqnwb9EBGWhGqz8+ANngROi+SGcKz+z/9ACtSGX2YFP
OGkoEbDL3WxMvgNuOPMHLy4KaqyWhR0g4ifGXZoJffMy
-----END CERTIFICATE-----