Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/gDiuGKwXhZqa3f45SGV9wZxxkUA.roa
File:                     gDiuGKwXhZqa3f45SGV9wZxxkUA.roa (raw, json)
Hash identifier:          zNK1Q0BqvWfljXFX9aiXj+CPjLNOffwKqKQEgcUUx/U=
Subject key identifier:   80:38:AE:18:AC:17:85:9A:9A:DD:FE:39:48:65:7D:C1:9C:71:91:40
Certificate issuer:       /CN=d5637692ff5c45486d1053b149dc1420026cd733
Certificate serial:       019011723052BCBECCCEA414418A1FF1EE9B
Authority key identifier: D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/gDiuGKwXhZqa3f45SGV9wZxxkUA.roa
Signing time:             Thu 13 Jun 2024 11:53:34 +0000
ROA not before:           Thu 13 Jun 2024 11:53:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        45.149.94.0/24 maxlen: 24
                          80.246.226.0/24 maxlen: 24
                          80.246.230.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 17:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:11:72:30:52:bc:be:cc:ce:a4:14:41:8a:1f:f1:ee:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d5637692ff5c45486d1053b149dc1420026cd733
        Validity
            Not Before: Jun 13 11:53:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8038ae18ac17859a9addfe3948657dc19c719140
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:5e:e6:f6:bc:04:62:89:88:7c:3c:cc:3a:59:
                    e0:21:c2:95:5a:b6:ea:16:be:a2:69:33:d1:5e:71:
                    68:a6:99:b9:26:43:65:ad:9d:20:7c:9b:93:a1:25:
                    84:78:b8:dd:8e:65:06:97:c5:57:f4:40:d1:35:d5:
                    30:b0:a6:75:9d:3b:ef:4d:4f:7d:cb:5f:4e:2d:01:
                    f8:d5:7d:ff:97:be:35:c5:aa:d2:6d:db:54:9a:43:
                    0c:64:d1:d2:13:e7:7a:4f:da:ed:b1:df:e5:30:b8:
                    db:f4:23:44:95:ff:a5:52:09:6c:cb:97:a5:d6:91:
                    89:d5:28:be:c8:3e:77:0d:67:59:99:b9:53:d6:30:
                    13:73:2a:33:97:0b:fa:f9:3c:2c:10:79:a5:bc:3c:
                    b9:af:40:b7:5b:d8:e7:88:e5:87:39:e2:70:b3:76:
                    ef:5c:5e:1b:1f:12:44:f8:0a:2a:62:96:e2:2d:1d:
                    a8:61:f9:45:7e:66:b0:9b:b3:82:b1:5c:ec:ba:9e:
                    c2:3e:f3:22:1e:76:32:46:3a:38:c8:5d:93:c2:c4:
                    18:96:43:8c:3c:b1:35:7a:d2:46:3e:63:ec:d4:26:
                    e7:02:10:46:ba:b6:42:03:e1:1a:9c:9b:90:49:fe:
                    be:4d:54:d2:24:d9:df:d4:ff:13:32:45:b2:5d:6e:
                    a9:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:38:AE:18:AC:17:85:9A:9A:DD:FE:39:48:65:7D:C1:9C:71:91:40
            X509v3 Authority Key Identifier:
                keyid:D5:63:76:92:FF:5C:45:48:6D:10:53:B1:49:DC:14:20:02:6C:D7:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1WN2kv9cRUhtEFOxSdwUIAJs1zM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/gDiuGKwXhZqa3f45SGV9wZxxkUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/98e113-e002-4d93-9a49-adeade2865c1/1/1WN2kv9cRUhtEFOxSdwUIAJs1zM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.94.0/24
                  80.246.226.0/24
                  80.246.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:0b:c9:b8:4a:db:ea:e1:2c:a0:c3:13:33:56:72:f4:10:35:
         3a:fc:97:df:ba:0d:84:76:27:46:8d:81:5c:ae:56:a8:3e:c1:
         31:b5:64:36:c3:3a:f8:14:7e:1d:a3:b2:14:72:56:85:88:33:
         16:f7:2e:65:a3:e6:32:35:e2:d3:fb:5f:0f:ca:54:42:34:5b:
         c6:7f:54:b4:a0:f3:5a:5a:33:c5:55:e4:ea:43:b4:7c:e1:b6:
         66:6e:a9:e9:78:1d:62:df:76:84:1f:05:8f:69:e8:71:a0:fc:
         d6:d6:f5:34:9d:f7:6f:cf:bd:76:86:3a:cb:ff:9f:fe:12:9a:
         c5:e3:f5:3f:d0:87:c7:88:fd:18:e9:18:20:3a:21:0e:e4:ca:
         e4:f6:d4:aa:ea:40:5a:d8:2f:d8:70:4b:a6:b3:0c:04:44:ac:
         e2:4e:a3:62:ae:fb:57:34:d0:dd:81:58:59:7b:94:32:22:f8:
         36:13:28:8d:e5:b3:00:08:e0:28:93:30:eb:50:ba:bc:a2:59:
         51:2c:a4:e2:a2:47:ec:40:42:e8:09:ee:eb:e2:00:86:b9:07:
         51:6f:45:e5:04:1d:f6:08:3d:e6:a2:16:cc:5a:a4:5b:2f:ff:
         62:24:1c:33:d6:77:4a:50:45:c0:f1:a9:ea:c5:dd:ba:f9:81:
         12:77:3a:7f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZARcjBSvL7MzqQUQYof8e6bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NjM3NjkyZmY1YzQ1NDg2ZDEwNTNiMTQ5ZGMxNDIwMDI2
Y2Q3MzMwHhcNMjQwNjEzMTE1MzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDM4YWUxOGFjMTc4NTlhOWFkZGZlMzk0ODY1N2RjMTljNzE5MTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6F7m9rwEYomIfDzMOlngIcKVWrbq
Fr6iaTPRXnFoppm5JkNlrZ0gfJuToSWEeLjdjmUGl8VX9EDRNdUwsKZ1nTvvTU99
y19OLQH41X3/l741xarSbdtUmkMMZNHSE+d6T9rtsd/lMLjb9CNElf+lUglsy5el
1pGJ1Si+yD53DWdZmblT1jATcyozlwv6+TwsEHmlvDy5r0C3W9jniOWHOeJws3bv
XF4bHxJE+AoqYpbiLR2oYflFfmawm7OCsVzsup7CPvMiHnYyRjo4yF2TwsQYlkOM
PLE1etJGPmPs1CbnAhBGurZCA+EanJuQSf6+TVTSJNnf1P8TMkWyXW6pWQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIA4rhisF4Wamt3+OUhlfcGccZFAMB8GA1UdIwQY
MBaAFNVjdpL/XEVIbRBTsUncFCACbNczMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDkt
YWRlYWRlMjg2NWMxLzEvZ0RpdUdLd1hoWnFhM2Y0NVNHVjl3Wnh4a1VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi85OGUxMTMtZTAwMi00ZDkzLTlhNDktYWRlYWRlMjg2NWMx
LzEvMVdOMmt2OWNSVWh0RUZPeFNkd1VJQUpzMXpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALZVeAwQA
UPbiAwQAUPbmMA0GCSqGSIb3DQEBCwUAA4IBAQBBC8m4Stvq4SygwxMzVnL0EDU6
/Jffug2EdidGjYFcrlaoPsExtWQ2wzr4FH4do7IUclaFiDMW9y5lo+YyNeLT+18P
ylRCNFvGf1S0oPNaWjPFVeTqQ7R84bZmbqnpeB1i33aEHwWPaehxoPzW1vU0nfdv
z712hjrL/5/+EprF4/U/0IfHiP0Y6RggOiEO5Mrk9tSq6kBa2C/YcEumswwERKzi
TqNirvtXNNDdgVhZe5QyIvg2EyiN5bMACOAokzDrULq8ollRLKTiokfsQELoCe7r
4gCGuQdRb0XlBB32CD3mohbMWqRbL/9iJBwz1ndKUEXA8anqxd26+YESdzp/
-----END CERTIFICATE-----