Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/pltDgh5JbbEWSggwVXLGKtobVl8.roa
File:                     pltDgh5JbbEWSggwVXLGKtobVl8.roa (raw, json)
Hash identifier:          XwQl2FIwqmmMyr6/rQAaXcZHJoaBjslDK7+U58bsYig=
Subject key identifier:   A6:5B:43:82:1E:49:6D:B1:16:4A:08:30:55:72:C6:2A:DA:1B:56:5F
Certificate issuer:       /CN=0a06f033537bbd863bbca2b62092d8de3611f651
Certificate serial:       019425FC4DD667380BECE044D8783336D18D
Authority key identifier: 0A:06:F0:33:53:7B:BD:86:3B:BC:A2:B6:20:92:D8:DE:36:11:F6:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CgbwM1N7vYY7vKK2IJLY3jYR9lE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/pltDgh5JbbEWSggwVXLGKtobVl8.roa
Signing time:             Thu 02 Jan 2025 07:47:59 +0000
ROA not before:           Thu 02 Jan 2025 07:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207919
IP address blocks:        45.133.52.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/CgbwM1N7vYY7vKK2IJLY3jYR9lE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/CgbwM1N7vYY7vKK2IJLY3jYR9lE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CgbwM1N7vYY7vKK2IJLY3jYR9lE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Apr 2025 07:00:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:4d:d6:67:38:0b:ec:e0:44:d8:78:33:36:d1:8d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a06f033537bbd863bbca2b62092d8de3611f651
        Validity
            Not Before: Jan  2 07:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a65b43821e496db1164a08305572c62ada1b565f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:3d:d8:92:bb:ca:f4:9e:00:b6:df:30:c9:49:
                    04:94:c4:c2:17:a9:ee:cd:64:8c:af:91:87:db:ea:
                    06:b3:ad:55:b0:24:ca:c2:07:35:42:1e:e4:02:a8:
                    17:48:01:25:b3:03:7e:9b:4a:e3:95:39:29:c9:bf:
                    cf:cc:f4:cf:0f:46:ca:00:fc:f8:e5:4a:39:e3:09:
                    35:08:a8:1d:20:20:42:cd:d6:f6:35:11:5c:de:9d:
                    23:81:de:ed:fd:6f:0b:05:58:c6:c9:1b:5d:aa:e6:
                    69:a9:52:b4:23:ce:c3:9f:01:cf:3f:f8:f1:1b:d2:
                    d8:a6:b9:76:2f:a0:d0:72:80:86:0a:d8:35:a1:93:
                    fc:a6:61:89:6d:74:4c:c7:60:2c:86:01:ec:e2:4d:
                    78:81:4d:91:f5:b1:25:8f:88:68:2d:c3:e1:02:2a:
                    3d:41:ee:99:55:22:f8:3e:e6:90:f2:9b:25:fa:dc:
                    b5:4f:25:70:42:37:99:e1:65:01:a8:56:45:bf:79:
                    e6:87:5e:85:71:98:52:ec:53:83:4e:b5:6b:d6:1f:
                    41:5b:93:67:d1:dc:e3:32:05:26:7d:be:d0:cf:0e:
                    ba:53:17:ef:90:49:1d:d3:ac:21:9f:9b:04:69:88:
                    8c:d1:32:b0:c2:79:25:94:7e:ba:00:14:f6:4c:a7:
                    2d:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:5B:43:82:1E:49:6D:B1:16:4A:08:30:55:72:C6:2A:DA:1B:56:5F
            X509v3 Authority Key Identifier:
                keyid:0A:06:F0:33:53:7B:BD:86:3B:BC:A2:B6:20:92:D8:DE:36:11:F6:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CgbwM1N7vYY7vKK2IJLY3jYR9lE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/pltDgh5JbbEWSggwVXLGKtobVl8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/4cd16b-2a23-48a9-9eeb-2a4813a13120/1/CgbwM1N7vYY7vKK2IJLY3jYR9lE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3a:b9:db:81:ee:ba:14:8b:d4:84:ef:4c:ff:6d:fc:9d:75:4c:
         6e:ec:02:f4:3c:f6:23:64:b6:8f:a7:3f:a9:33:4d:e0:0c:d6:
         26:66:1b:03:d4:54:75:d0:86:4d:99:e0:ae:ba:15:be:52:f5:
         df:b5:b4:a4:80:e5:89:4f:a9:65:10:ea:7c:b1:d8:90:b4:e4:
         0a:53:7c:f6:cb:7a:5b:d5:9d:3c:3a:55:c3:bd:54:2d:15:c8:
         77:45:48:b5:4d:44:45:c1:59:4a:12:83:9e:76:cb:60:17:c1:
         a9:26:bd:67:c7:24:5d:97:cc:f1:54:5e:14:3e:f7:e8:7f:30:
         d7:1e:64:23:26:35:b7:b3:71:46:18:bb:60:42:0d:9c:9f:58:
         75:4d:0c:0f:64:c8:b0:b6:88:c0:51:ab:c6:bc:21:a5:94:aa:
         94:b2:cb:a5:95:64:73:de:c6:e0:43:cd:ca:42:e3:f4:20:1d:
         a0:2f:38:02:a8:0b:b8:30:b1:4c:f2:6f:2b:8f:1d:98:75:0c:
         8a:d6:d8:35:78:dc:7a:e5:d2:1b:ab:2d:f7:5e:a6:c2:0b:69:
         92:71:93:cf:1c:8e:f0:12:12:f7:a9:8f:36:42:78:94:a0:d9:
         d5:de:55:a6:cb:90:cf:37:bd:55:0d:15:b1:10:a9:34:de:29:
         50:da:e4:65
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/E3WZzgL7OBE2HgzNtGNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhMDZmMDMzNTM3YmJkODYzYmJjYTJiNjIwOTJkOGRlMzYx
MWY2NTEwHhcNMjUwMTAyMDc0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNjViNDM4MjFlNDk2ZGIxMTY0YTA4MzA1NTcyYzYyYWRhMWI1NjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtz3YkrvK9J4Att8wyUkElMTCF6nu
zWSMr5GH2+oGs61VsCTKwgc1Qh7kAqgXSAElswN+m0rjlTkpyb/PzPTPD0bKAPz4
5Uo54wk1CKgdICBCzdb2NRFc3p0jgd7t/W8LBVjGyRtdquZpqVK0I87DnwHPP/jx
G9LYprl2L6DQcoCGCtg1oZP8pmGJbXRMx2AshgHs4k14gU2R9bElj4hoLcPhAio9
Qe6ZVSL4PuaQ8psl+ty1TyVwQjeZ4WUBqFZFv3nmh16FcZhS7FODTrVr1h9BW5Nn
0dzjMgUmfb7Qzw66UxfvkEkd06whn5sEaYiM0TKwwnkllH66ABT2TKctsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKZbQ4IeSW2xFkoIMFVyxiraG1ZfMB8GA1UdIwQY
MBaAFAoG8DNTe72GO7yitiCS2N42EfZRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ2did00xTjd2WVk3dktLMklKTFkzallSOWxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy80Y2QxNmItMmEyMy00OGE5LTllZWIt
MmE0ODEzYTEzMTIwLzEvcGx0RGdoNUpiYkVXU2dnd1ZYTEdLdG9iVmw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy80Y2QxNmItMmEyMy00OGE5LTllZWItMmE0ODEzYTEzMTIw
LzEvQ2did00xTjd2WVk3dktLMklKTFkzallSOWxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLYU0MA0G
CSqGSIb3DQEBCwUAA4IBAQA6uduB7roUi9SE70z/bfyddUxu7AL0PPYjZLaPpz+p
M03gDNYmZhsD1FR10IZNmeCuuhW+UvXftbSkgOWJT6llEOp8sdiQtOQKU3z2y3pb
1Z08OlXDvVQtFch3RUi1TURFwVlKEoOedstgF8GpJr1nxyRdl8zxVF4UPvfofzDX
HmQjJjW3s3FGGLtgQg2cn1h1TQwPZMiwtojAUavGvCGllKqUssullWRz3sbgQ83K
QuP0IB2gLzgCqAu4MLFM8m8rjx2YdQyK1tg1eNx65dIbqy33XqbCC2mScZPPHI7w
EhL3qY82QniUoNnV3lWmy5DPN71VDRWxEKk03ilQ2uRl
-----END CERTIFICATE-----