Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/4fpK3rH7dDsLZcwC8fv__9MCBNk.roa
File:                     4fpK3rH7dDsLZcwC8fv__9MCBNk.roa (raw, json)
Hash identifier:          H+mNwrXZUXB3OGGb/VrqoSQBBpWlzYIXILfgLQd6xuU=
Subject key identifier:   E1:FA:4A:DE:B1:FB:74:3B:0B:65:CC:02:F1:FB:FF:FF:D3:02:04:D9
Certificate issuer:       /CN=aff6f85aad101c456c1ac9a01a7192fc5788e92c
Certificate serial:       019424453606520892DCA7D4D35C7A9F9E44
Authority key identifier: AF:F6:F8:5A:AD:10:1C:45:6C:1A:C9:A0:1A:71:92:FC:57:88:E9:2C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/4fpK3rH7dDsLZcwC8fv__9MCBNk.roa
Signing time:             Wed 01 Jan 2025 23:48:23 +0000
ROA not before:           Wed 01 Jan 2025 23:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        45.13.30.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:36:06:52:08:92:dc:a7:d4:d3:5c:7a:9f:9e:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aff6f85aad101c456c1ac9a01a7192fc5788e92c
        Validity
            Not Before: Jan  1 23:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e1fa4adeb1fb743b0b65cc02f1fbffffd30204d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:14:2b:7c:c1:ba:84:96:33:0e:55:47:0c:b8:
                    4e:8a:ee:74:3b:6a:ea:89:29:f1:d0:07:ee:ef:2b:
                    23:5b:d5:49:d0:19:a9:42:ff:5d:34:72:3d:9f:e7:
                    b8:80:3a:14:6e:64:52:81:31:68:97:00:70:4a:5c:
                    14:8c:5c:90:2f:47:2d:f5:7a:93:8f:25:72:10:f9:
                    4c:51:91:81:af:ad:7d:69:03:e4:fb:44:cf:5d:53:
                    24:cd:15:6f:20:3d:b5:9f:7d:72:dc:b6:5e:b4:0b:
                    8d:f2:da:f7:c9:a8:b1:01:cc:8a:38:00:9d:fd:da:
                    18:6c:62:b2:55:6b:d4:e6:16:b4:f2:af:fa:4c:d6:
                    45:86:1f:24:c9:5f:d2:91:9c:dc:b7:81:28:ef:87:
                    76:c4:a7:48:7e:6b:22:f7:43:94:9e:14:ac:25:26:
                    1e:9e:de:15:94:ed:60:d2:82:51:7b:67:33:92:ca:
                    44:99:49:71:ed:3c:a0:19:dd:09:57:47:9e:47:4d:
                    ef:c3:d3:80:e9:89:d7:d8:92:15:57:16:62:0d:bd:
                    56:68:56:d8:bc:08:86:dc:61:08:1b:3f:99:8b:46:
                    86:db:e9:91:fe:52:47:a4:c5:c4:19:15:d2:5a:9b:
                    6d:d4:0b:41:6c:4c:25:8e:2b:cd:80:ea:75:23:7b:
                    56:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:FA:4A:DE:B1:FB:74:3B:0B:65:CC:02:F1:FB:FF:FF:D3:02:04:D9
            X509v3 Authority Key Identifier:
                keyid:AF:F6:F8:5A:AD:10:1C:45:6C:1A:C9:A0:1A:71:92:FC:57:88:E9:2C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/4fpK3rH7dDsLZcwC8fv__9MCBNk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/df719a-492f-47cb-9212-644bd0fc7f80/1/r_b4Wq0QHEVsGsmgGnGS_FeI6Sw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:78:48:f0:bd:e9:44:7d:9c:3e:65:de:b1:4a:85:d7:72:2e:
         92:e2:ae:25:c9:9c:e6:9b:96:4e:26:68:15:e7:94:57:43:06:
         8b:b1:8c:43:49:f2:ae:56:2e:0c:9d:eb:29:04:0f:64:d3:6d:
         de:a9:3b:88:e1:60:e2:d0:81:ad:17:cf:bf:d6:eb:e4:91:4b:
         11:48:6a:70:38:6c:1c:24:5a:e9:39:55:3d:b3:ca:ee:61:17:
         ba:19:43:ed:d7:f7:63:6f:7e:b6:ce:92:b6:c0:2f:61:13:ca:
         7d:c9:9f:b7:d0:6e:56:af:09:ce:18:ae:cb:7d:65:c6:b3:a7:
         dd:56:2c:85:bb:55:05:a6:e1:a1:17:7f:8d:ce:b2:9d:d4:fe:
         35:6d:d3:22:4c:8f:9e:28:d1:2a:18:1a:f0:34:fe:93:20:ff:
         c8:95:c5:d7:e8:97:8e:3e:a8:da:00:02:2c:7a:39:6b:f1:05:
         da:a2:b2:71:ff:cf:87:10:d5:1b:29:e6:9a:df:ee:e1:35:a5:
         0a:58:2f:de:1a:4e:4a:bf:96:71:4e:aa:db:7b:be:8a:99:a3:
         35:e3:f0:d0:45:8f:7c:4f:76:18:11:0e:b7:19:e1:5f:6e:9c:
         ef:9e:9b:31:81:91:53:3f:06:97:cb:fb:f5:b5:fe:1b:e5:66:
         91:40:c9:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRTYGUgiS3KfU01x6n55EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZjZmODVhYWQxMDFjNDU2YzFhYzlhMDFhNzE5MmZjNTc4
OGU5MmMwHhcNMjUwMTAxMjM0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWZhNGFkZWIxZmI3NDNiMGI2NWNjMDJmMWZiZmZmZmQzMDIwNGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5xQrfMG6hJYzDlVHDLhOiu50O2rq
iSnx0Afu7ysjW9VJ0BmpQv9dNHI9n+e4gDoUbmRSgTFolwBwSlwUjFyQL0ct9XqT
jyVyEPlMUZGBr619aQPk+0TPXVMkzRVvID21n31y3LZetAuN8tr3yaixAcyKOACd
/doYbGKyVWvU5ha08q/6TNZFhh8kyV/SkZzct4Eo74d2xKdIfmsi90OUnhSsJSYe
nt4VlO1g0oJRe2czkspEmUlx7TygGd0JV0eeR03vw9OA6YnX2JIVVxZiDb1WaFbY
vAiG3GEIGz+Zi0aG2+mR/lJHpMXEGRXSWptt1AtBbEwljivNgOp1I3tWpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOH6St6x+3Q7C2XMAvH7///TAgTZMB8GA1UdIwQY
MBaAFK/2+FqtEBxFbBrJoBpxkvxXiOksMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcl9iNFdxMFFIRVZzR3NtZ0duR1NfRmVJNlN3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9kZjcxOWEtNDkyZi00N2NiLTkyMTIt
NjQ0YmQwZmM3ZjgwLzEvNGZwSzNySDdkRHNMWmN3Qzhmdl9fOU1DQk5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9kZjcxOWEtNDkyZi00N2NiLTkyMTItNjQ0YmQwZmM3Zjgw
LzEvcl9iNFdxMFFIRVZzR3NtZ0duR1NfRmVJNlN3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ0eMA0G
CSqGSIb3DQEBCwUAA4IBAQBieEjwvelEfZw+Zd6xSoXXci6S4q4lyZzmm5ZOJmgV
55RXQwaLsYxDSfKuVi4MnespBA9k023eqTuI4WDi0IGtF8+/1uvkkUsRSGpwOGwc
JFrpOVU9s8ruYRe6GUPt1/djb362zpK2wC9hE8p9yZ+30G5WrwnOGK7LfWXGs6fd
ViyFu1UFpuGhF3+NzrKd1P41bdMiTI+eKNEqGBrwNP6TIP/IlcXX6JeOPqjaAAIs
ejlr8QXaorJx/8+HENUbKeaa3+7hNaUKWC/eGk5Kv5ZxTqrbe76KmaM14/DQRY98
T3YYEQ63GeFfbpzvnpsxgZFTPwaXy/v1tf4b5WaRQMnr
-----END CERTIFICATE-----