Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/lBvlVkTLUdbTB--D9tdhXGbi2bI.roa
File:                     lBvlVkTLUdbTB--D9tdhXGbi2bI.roa (raw, json)
Hash identifier:          yLtU/5UxdJwAqM7PUrwCVL1dYWdwpVOQ0bapPgJ9jQE=
Subject key identifier:   94:1B:E5:56:44:CB:51:D6:D3:07:EF:83:F6:D7:61:5C:66:E2:D9:B2
Certificate issuer:       /CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
Certificate serial:       01953C8807E221B1978FA8A88FA6621FA257
Authority key identifier: F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/lBvlVkTLUdbTB--D9tdhXGbi2bI.roa
Signing time:             Tue 25 Feb 2025 09:55:02 +0000
ROA not before:           Tue 25 Feb 2025 09:55:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44547
IP address blocks:        45.143.4.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 21:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3c:88:07:e2:21:b1:97:8f:a8:a8:8f:a6:62:1f:a2:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8651b1194f12e98e70d3da78efe4dd2467cd423
        Validity
            Not Before: Feb 25 09:55:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=941be55644cb51d6d307ef83f6d7615c66e2d9b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:92:92:69:52:7c:9c:d6:25:05:5d:8f:5a:72:
                    05:fe:e5:27:70:e9:e3:38:96:d8:a5:64:a5:31:ad:
                    f0:07:ae:89:b6:69:4e:ea:6e:f4:68:c2:76:24:38:
                    13:d4:e9:4f:16:dc:7c:91:6e:de:15:06:bb:92:00:
                    fa:92:43:06:14:82:e0:be:fd:a6:58:24:13:7c:d3:
                    1b:22:e6:ed:a0:a5:3a:c9:66:9c:68:fe:85:22:c9:
                    3b:4c:0b:53:5f:54:e4:ad:6f:04:a4:57:6a:84:f6:
                    e2:d2:ba:72:3e:3f:47:66:d1:11:fb:50:75:72:15:
                    4a:62:67:0b:89:ed:2c:cc:60:a4:bb:79:cd:28:85:
                    f0:1e:5d:ad:d8:cc:86:41:ce:6e:31:85:60:35:a9:
                    81:91:5d:45:be:9f:92:c4:7b:71:4a:f9:1d:73:33:
                    38:d8:da:e3:3a:79:bb:1a:15:f2:68:bb:6e:af:79:
                    8e:f5:8d:26:ae:c2:98:63:70:1e:15:d5:bf:c9:9f:
                    e1:a1:6b:1e:92:d0:3f:7c:76:ae:3c:4a:6f:f1:d6:
                    09:fe:a5:2c:0d:4e:c2:ba:a1:cf:d4:b1:d6:74:88:
                    8b:21:2f:cf:b0:44:a3:0a:f8:55:53:98:de:71:a1:
                    d6:1b:7a:62:71:58:71:2e:d1:be:e9:d5:2c:c0:06:
                    a7:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:1B:E5:56:44:CB:51:D6:D3:07:EF:83:F6:D7:61:5C:66:E2:D9:B2
            X509v3 Authority Key Identifier:
                keyid:F8:65:1B:11:94:F1:2E:98:E7:0D:3D:A7:8E:FE:4D:D2:46:7C:D4:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-GUbEZTxLpjnDT2njv5N0kZ81CM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/lBvlVkTLUdbTB--D9tdhXGbi2bI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/822400-3248-4702-b29b-a1b7ceefa16c/1/1-GUbEZTxLpjnDT2njv5N0kZ81CM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:77:3c:20:b6:ba:75:be:55:95:3b:48:4e:79:6e:eb:c9:0b:
         02:d1:88:d1:d6:34:e2:3b:61:92:e1:52:59:7c:f4:6f:fc:a9:
         6b:ed:48:3d:0c:43:6b:9c:57:00:d5:aa:f3:81:80:8a:51:be:
         38:32:b9:4a:fe:ad:99:cf:94:05:b2:09:0f:0d:cc:a4:1d:be:
         1a:de:54:1e:14:40:b4:fc:8a:d8:aa:42:93:f6:41:45:9f:1f:
         8e:ef:f7:03:bc:5d:3b:38:58:a4:ca:36:56:24:7c:66:8f:17:
         39:5c:f3:a3:4e:fc:24:34:c6:e4:8d:ab:17:58:4e:c3:15:e8:
         81:ed:cd:40:8b:35:6f:79:e0:54:7f:51:4c:1d:ba:44:93:50:
         e6:d3:29:53:f6:b6:7a:39:46:42:94:31:56:b2:01:f6:8b:c5:
         ce:b3:90:6f:e4:5b:60:f4:81:ed:9d:53:a5:cf:fb:fa:1b:c4:
         70:ac:a5:12:dc:9a:9e:1c:32:21:70:d9:bc:7e:ea:39:a4:a9:
         da:49:ed:8f:b2:bf:26:5f:10:15:12:a4:6c:c4:58:62:af:b0:
         9e:3e:d3:b0:05:97:a1:1f:ce:ae:8f:33:0f:25:6e:54:96:b2:
         60:e0:40:85:63:2c:46:98:28:82:49:ba:eb:d4:85:f5:e6:93:
         b3:01:b1:aa
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZU8iAfiIbGXj6ioj6ZiH6JXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4NjUxYjExOTRmMTJlOThlNzBkM2RhNzhlZmU0ZGQyNDY3
Y2Q0MjMwHhcNMjUwMjI1MDk1NTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDFiZTU1NjQ0Y2I1MWQ2ZDMwN2VmODNmNmQ3NjE1YzY2ZTJkOWIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ZKSaVJ8nNYlBV2PWnIF/uUncOnj
OJbYpWSlMa3wB66JtmlO6m70aMJ2JDgT1OlPFtx8kW7eFQa7kgD6kkMGFILgvv2m
WCQTfNMbIubtoKU6yWacaP6FIsk7TAtTX1TkrW8EpFdqhPbi0rpyPj9HZtER+1B1
chVKYmcLie0szGCku3nNKIXwHl2t2MyGQc5uMYVgNamBkV1Fvp+SxHtxSvkdczM4
2NrjOnm7GhXyaLtur3mO9Y0mrsKYY3AeFdW/yZ/hoWsektA/fHauPEpv8dYJ/qUs
DU7CuqHP1LHWdIiLIS/PsESjCvhVU5jecaHWG3picVhxLtG+6dUswAan8QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFJQb5VZEy1HW0wfvg/bXYVxm4tmyMB8GA1UdIwQY
MBaAFPhlGxGU8S6Y5w09p47+TdJGfNQjMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1HVWJFWlR4THBqbkRUMm5qdjVOMGtaODFDTS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjli
LWExYjdjZWVmYTE2Yy8xL2xCdmxWa1RMVWRiVEItLUQ5dGRoWEdiaTJiSS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNGUvODIyNDAwLTMyNDgtNDcwMi1iMjliLWExYjdjZWVmYTE2
Yy8xLzEtR1ViRVpUeExwam5EVDJuanY1TjBrWjgxQ00uY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAAtjwQw
DQYJKoZIhvcNAQELBQADggEBAH53PCC2unW+VZU7SE55buvJCwLRiNHWNOI7YZLh
Ull89G/8qWvtSD0MQ2ucVwDVqvOBgIpRvjgyuUr+rZnPlAWyCQ8NzKQdvhreVB4U
QLT8itiqQpP2QUWfH47v9wO8XTs4WKTKNlYkfGaPFzlc86NO/CQ0xuSNqxdYTsMV
6IHtzUCLNW954FR/UUwdukSTUObTKVP2tno5RkKUMVayAfaLxc6zkG/kW2D0ge2d
U6XP+/obxHCspRLcmp4cMiFw2bx+6jmkqdpJ7Y+yvyZfEBUSpGzEWGKvsJ4+07AF
l6Efzq6PMw8lblSWsmDgQIVjLEaYKIJJuuvUhfXmk7MBsao=
-----END CERTIFICATE-----