Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/1syEB_XNZhCqsIS16W8qNr-bnBE.roa
File:                     1syEB_XNZhCqsIS16W8qNr-bnBE.roa (raw, json)
Hash identifier:          Kwo3+iE1f0eCzsl7wTJPqBDN/PDvgx+vvxkKumcR6DI=
Subject key identifier:   D6:CC:84:07:F5:CD:66:10:AA:B0:84:B5:E9:6F:2A:36:BF:9B:9C:11
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       0197D17913D7F73ABD28EEEA92E9F365A5FE
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/1syEB_XNZhCqsIS16W8qNr-bnBE.roa
Signing time:             Thu 03 Jul 2025 18:07:42 +0000
ROA not before:           Thu 03 Jul 2025 18:07:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214024
IP address blocks:        45.145.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:d1:79:13:d7:f7:3a:bd:28:ee:ea:92:e9:f3:65:a5:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jul  3 18:07:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6cc8407f5cd6610aab084b5e96f2a36bf9b9c11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:de:6e:c1:cd:0c:dc:c7:0a:6b:d4:33:c6:c1:
                    02:e8:75:5e:d2:16:e8:55:8d:5d:ea:f5:fe:b4:bb:
                    7b:03:35:4e:9c:fa:e6:31:25:f3:08:b7:0d:95:0b:
                    73:f8:c4:0d:36:42:5a:11:ef:0c:d1:1d:40:e5:b4:
                    e6:52:5f:36:30:b3:86:9a:38:fe:03:29:0a:bd:77:
                    56:d6:a7:1b:e7:7f:13:66:16:ec:f9:91:b4:6d:ea:
                    e4:ef:81:a8:1b:42:ee:aa:96:6f:f5:e1:a7:2e:bb:
                    6f:31:10:df:bb:6d:87:4e:2b:ea:7d:86:85:b0:b8:
                    0f:c2:6e:ad:e7:44:78:c9:ba:41:65:97:38:2b:f4:
                    1f:73:85:b1:75:84:81:a3:98:53:38:95:88:b0:9c:
                    50:54:50:49:6d:bb:d4:44:4e:42:6e:81:20:9b:b2:
                    76:c6:a0:db:32:f2:df:88:25:63:2c:7d:9e:43:a0:
                    f1:64:a1:ca:28:64:9f:b7:d7:16:51:ef:03:43:56:
                    72:61:58:51:aa:ef:f5:e3:37:de:6a:fb:96:ec:21:
                    60:4c:63:b2:1b:ad:81:8f:ac:2d:49:8e:b5:b8:b8:
                    9e:18:96:82:8d:20:9d:06:d1:bd:35:7b:f9:b4:96:
                    5a:21:59:20:3b:81:82:0e:67:17:3c:44:a7:07:2e:
                    aa:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:CC:84:07:F5:CD:66:10:AA:B0:84:B5:E9:6F:2A:36:BF:9B:9C:11
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/1syEB_XNZhCqsIS16W8qNr-bnBE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:4e:fa:dc:64:b2:87:78:5f:92:24:b9:fd:c5:ef:8c:5a:e7:
         9d:f5:f6:16:fd:d5:ad:d5:f3:a6:53:40:15:bc:ee:e4:fe:ca:
         ee:b6:22:08:5e:b8:d4:f2:62:09:87:6b:bc:bb:9a:ae:88:a5:
         9a:3e:67:98:35:b1:40:cc:87:98:22:75:66:62:2f:ae:0e:0c:
         5c:4e:39:02:4a:27:b7:be:4f:19:a7:c4:88:8d:5e:97:5a:d5:
         5d:1d:50:88:6b:02:96:0c:4e:ab:bb:bf:bd:39:39:b4:3b:e6:
         3e:38:78:e6:9d:b5:b3:f9:66:18:71:05:4f:7d:ac:3e:55:b5:
         0d:9b:45:a5:12:4e:cb:d0:12:92:f4:38:82:e1:cf:f4:75:de:
         8a:cd:5d:89:01:7e:a3:42:04:3d:e1:0c:15:be:ec:a4:8e:bd:
         f2:58:95:e3:a6:d6:46:56:13:db:40:75:a8:9a:06:2c:e2:68:
         77:39:4b:0c:eb:14:b5:00:46:6c:89:7c:7a:ff:f9:ed:51:cb:
         7e:bb:54:0a:27:65:05:5c:06:14:2c:ee:e8:94:b4:71:02:c5:
         9a:16:22:da:76:4c:46:ee:c2:b5:0c:44:a9:9b:9b:79:ad:96:
         38:b2:b0:5a:e4:b0:98:82:d3:44:f7:e4:e4:0b:11:db:da:50:
         2f:4f:e3:70
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfReRPX9zq9KO7qkunzZaX+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjUwNzAzMTgwNzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmNjODQwN2Y1Y2Q2NjEwYWFiMDg0YjVlOTZmMmEzNmJmOWI5YzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq95uwc0M3McKa9QzxsEC6HVe0hbo
VY1d6vX+tLt7AzVOnPrmMSXzCLcNlQtz+MQNNkJaEe8M0R1A5bTmUl82MLOGmjj+
AykKvXdW1qcb538TZhbs+ZG0berk74GoG0LuqpZv9eGnLrtvMRDfu22HTivqfYaF
sLgPwm6t50R4ybpBZZc4K/Qfc4WxdYSBo5hTOJWIsJxQVFBJbbvURE5CboEgm7J2
xqDbMvLfiCVjLH2eQ6DxZKHKKGSft9cWUe8DQ1ZyYVhRqu/14zfeavuW7CFgTGOy
G62Bj6wtSY61uLieGJaCjSCdBtG9NXv5tJZaIVkgO4GCDmcXPESnBy6qfQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNbMhAf1zWYQqrCEtelvKja/m5wRMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvMXN5RUJfWE5aaENxc0lTMTZXOHFOci1ibkJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGYMA0G
CSqGSIb3DQEBCwUAA4IBAQAGTvrcZLKHeF+SJLn9xe+MWued9fYW/dWt1fOmU0AV
vO7k/srutiIIXrjU8mIJh2u8u5quiKWaPmeYNbFAzIeYInVmYi+uDgxcTjkCSie3
vk8Zp8SIjV6XWtVdHVCIawKWDE6ru7+9OTm0O+Y+OHjmnbWz+WYYcQVPfaw+VbUN
m0WlEk7L0BKS9DiC4c/0dd6KzV2JAX6jQgQ94QwVvuykjr3yWJXjptZGVhPbQHWo
mgYs4mh3OUsM6xS1AEZsiXx6//ntUct+u1QKJ2UFXAYULO7olLRxAsWaFiLadkxG
7sK1DESpm5t5rZY4srBa5LCYgtNE9+TkCxHb2lAvT+Nw
-----END CERTIFICATE-----