Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/n3eGk4GZdLWL8rCKUegiOGKLLGE.roa
File:                     n3eGk4GZdLWL8rCKUegiOGKLLGE.roa (raw, json)
Hash identifier:          T8Y25mtZcw8oW9dkDTGN7ilbRkb3BxSHEAwHzK4aavQ=
Subject key identifier:   9F:77:86:93:81:99:74:B5:8B:F2:B0:8A:51:E8:22:38:62:8B:2C:61
Certificate issuer:       /CN=1ba51a0bc0f0afebbf6d5d927fe1f9816f52352d
Certificate serial:       019425209747FD49557E28FE68378064C8F6
Authority key identifier: 1B:A5:1A:0B:C0:F0:AF:EB:BF:6D:5D:92:7F:E1:F9:81:6F:52:35:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/n3eGk4GZdLWL8rCKUegiOGKLLGE.roa
Signing time:             Thu 02 Jan 2025 03:48:00 +0000
ROA not before:           Thu 02 Jan 2025 03:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47787
IP address blocks:        45.94.244.0/22 maxlen: 32
                          45.95.48.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 03:01:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:20:97:47:fd:49:55:7e:28:fe:68:37:80:64:c8:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ba51a0bc0f0afebbf6d5d927fe1f9816f52352d
        Validity
            Not Before: Jan  2 03:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f778693819974b58bf2b08a51e82238628b2c61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:7d:af:de:e5:b5:97:94:84:d3:c6:b1:ba:b0:
                    db:c8:fc:56:93:4a:4c:9c:ab:bb:76:f3:dd:29:44:
                    f5:8e:46:d1:82:52:0c:f6:95:5d:6b:6f:3c:36:30:
                    df:ad:19:ba:8e:df:da:14:67:47:21:f1:70:55:68:
                    ba:8b:68:76:d6:93:63:59:3d:3d:e3:99:ee:74:8d:
                    f7:af:a5:59:90:75:a4:89:c2:0f:99:b3:9f:41:f6:
                    84:dd:df:d9:42:a7:85:e2:ee:10:41:2d:03:5d:9d:
                    7e:7c:63:3b:79:6c:99:b0:b6:ee:d5:1c:aa:98:49:
                    7d:63:ed:ee:52:e5:0c:9e:b4:16:95:dc:a0:3f:0a:
                    52:49:a5:1a:56:06:85:ee:82:dc:51:67:d3:0d:c4:
                    8b:ac:3f:eb:5e:d9:f2:fd:f2:40:58:77:cb:61:ca:
                    91:f2:a1:76:c6:82:d9:57:90:63:ba:b3:fa:f2:b8:
                    22:33:ae:10:22:3e:4d:0f:9f:c0:63:fd:91:e8:5b:
                    d3:a4:e0:2e:f9:12:5f:08:c0:cb:24:02:4d:6a:4d:
                    27:4e:83:db:26:9a:7e:cf:b1:38:e3:40:8d:28:86:
                    5a:fa:db:b7:cf:4e:c1:29:14:0e:ea:80:62:e7:e6:
                    4d:4b:64:f9:61:15:17:2a:44:68:10:6c:20:0c:35:
                    3e:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:77:86:93:81:99:74:B5:8B:F2:B0:8A:51:E8:22:38:62:8B:2C:61
            X509v3 Authority Key Identifier:
                keyid:1B:A5:1A:0B:C0:F0:AF:EB:BF:6D:5D:92:7F:E1:F9:81:6F:52:35:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/n3eGk4GZdLWL8rCKUegiOGKLLGE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/4f211e-79d7-4504-9ead-871f9ed708e0/1/G6UaC8Dwr-u_bV2Sf-H5gW9SNS0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.94.244.0/22
                  45.95.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:b0:d8:5b:76:e1:6a:60:f1:5e:ed:3d:f2:7e:2c:d8:0b:d6:
         03:96:2d:20:63:5d:04:dc:db:39:e1:ea:dd:f6:8f:8b:60:73:
         2f:84:73:b7:64:5c:c3:a7:be:47:3f:bb:42:8f:b5:b4:63:77:
         4c:23:03:07:fc:a9:67:0d:5f:2e:c9:48:77:ef:d3:cc:25:76:
         ba:e2:b9:36:5a:58:92:5c:94:5e:ff:62:b7:b9:e7:08:22:5a:
         4b:a9:55:de:c7:99:01:7d:6d:1f:96:28:b1:90:5c:db:e8:85:
         07:00:f1:14:ff:4e:88:55:f6:0d:04:40:9d:fe:b2:26:30:af:
         c2:e9:c8:98:a5:12:35:31:a8:00:4b:79:db:51:6b:01:3c:ec:
         4b:50:f5:08:1a:49:5a:58:f4:7a:32:c0:7e:15:a6:ab:ba:47:
         a7:28:ae:70:ec:c1:db:12:a0:a3:5f:d0:c8:dd:19:5a:60:02:
         b1:17:e1:21:aa:0c:a1:d5:0c:05:fb:50:46:a5:1a:3f:0e:13:
         10:69:c0:ec:74:00:28:c0:de:f3:9e:41:4c:7e:55:dd:28:8d:
         eb:ff:6b:2b:cb:42:2e:96:68:c2:78:30:a4:2c:9e:c2:9e:59:
         7c:62:95:13:54:5c:1b:e5:57:0d:d9:a3:67:b3:47:4c:dd:45:
         d6:7c:33:93
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQlIJdH/UlVfij+aDeAZMj2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiYTUxYTBiYzBmMGFmZWJiZjZkNWQ5MjdmZTFmOTgxNmY1
MjM1MmQwHhcNMjUwMTAyMDM0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Zjc3ODY5MzgxOTk3NGI1OGJmMmIwOGE1MWU4MjIzODYyOGIyYzYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwn2v3uW1l5SE08axurDbyPxWk0pM
nKu7dvPdKUT1jkbRglIM9pVda288NjDfrRm6jt/aFGdHIfFwVWi6i2h21pNjWT09
45nudI33r6VZkHWkicIPmbOfQfaE3d/ZQqeF4u4QQS0DXZ1+fGM7eWyZsLbu1Ryq
mEl9Y+3uUuUMnrQWldygPwpSSaUaVgaF7oLcUWfTDcSLrD/rXtny/fJAWHfLYcqR
8qF2xoLZV5BjurP68rgiM64QIj5ND5/AY/2R6FvTpOAu+RJfCMDLJAJNak0nToPb
Jpp+z7E440CNKIZa+tu3z07BKRQO6oBi5+ZNS2T5YRUXKkRoEGwgDDU+nQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFJ93hpOBmXS1i/KwilHoIjhiiyxhMB8GA1UdIwQY
MBaAFBulGgvA8K/rv21dkn/h+YFvUjUtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzZVYUM4RHdyLXVfYlYyU2YtSDVnVzlTTlMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS80ZjIxMWUtNzlkNy00NTA0LTllYWQt
ODcxZjllZDcwOGUwLzEvbjNlR2s0R1pkTFdMOHJDS1VlZ2lPR0tMTEdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS80ZjIxMWUtNzlkNy00NTA0LTllYWQtODcxZjllZDcwOGUw
LzEvRzZVYUM4RHdyLXVfYlYyU2YtSDVnVzlTTlMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLV70AwQC
LV8wMA0GCSqGSIb3DQEBCwUAA4IBAQCHsNhbduFqYPFe7T3yfizYC9YDli0gY10E
3Ns54erd9o+LYHMvhHO3ZFzDp75HP7tCj7W0Y3dMIwMH/KlnDV8uyUh379PMJXa6
4rk2WliSXJRe/2K3uecIIlpLqVXex5kBfW0fliixkFzb6IUHAPEU/06IVfYNBECd
/rImMK/C6ciYpRI1MagAS3nbUWsBPOxLUPUIGklaWPR6MsB+FaarukenKK5w7MHb
EqCjX9DI3RlaYAKxF+Ehqgyh1QwF+1BGpRo/DhMQacDsdAAowN7znkFMflXdKI3r
/2sry0IulmjCeDCkLJ7Cnll8YpUTVFwb5VcN2aNns0dM3UXWfDOT
-----END CERTIFICATE-----