Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/eHnC0ZqJNqxv3y7mak9QRJMJw-o.roa
File:                     eHnC0ZqJNqxv3y7mak9QRJMJw-o.roa (raw, json)
Hash identifier:          +LqAwsdmA3jPuO+2IgsX5kZHBO+HuvNtjbjVsU8ziig=
Subject key identifier:   78:79:C2:D1:9A:89:36:AC:6F:DF:2E:E6:6A:4F:50:44:93:09:C3:EA
Certificate issuer:       /CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
Certificate serial:       0194266B0D78FA593F572998C48BD7A14D2C
Authority key identifier: DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/eHnC0ZqJNqxv3y7mak9QRJMJw-o.roa
Signing time:             Thu 02 Jan 2025 09:48:57 +0000
ROA not before:           Thu 02 Jan 2025 09:48:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3258
IP address blocks:        45.12.89.0/24 maxlen: 24
                          2a14:640:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:0d:78:fa:59:3f:57:29:98:c4:8b:d7:a1:4d:2c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df3fdc4bf33bd80fe128d756843f60b39d5beee3
        Validity
            Not Before: Jan  2 09:48:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7879c2d19a8936ac6fdf2ee66a4f50449309c3ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:1f:09:5f:21:db:37:4e:b1:03:e0:c3:7d:75:
                    f3:a9:1b:91:23:86:bf:67:71:ef:c9:db:d0:d7:a9:
                    76:0b:11:54:e2:bd:9c:e7:13:6e:31:01:a9:66:7b:
                    50:97:42:16:bf:ba:a7:cb:e1:28:22:1f:ce:b6:03:
                    4e:1d:2e:c1:01:cf:f6:0a:6b:4b:d5:bc:b8:00:c2:
                    b1:e0:14:2c:cd:a7:95:66:8e:ab:c4:28:30:23:f1:
                    e3:7c:f8:07:be:67:0d:ac:45:1c:a7:7a:31:f3:ef:
                    96:dd:45:46:58:ef:a7:e5:0c:b0:43:2c:96:86:e9:
                    85:cf:60:4a:02:48:a1:d4:23:01:be:ca:20:07:2e:
                    7a:01:b6:b0:a5:b4:1b:50:b1:b6:9c:ba:52:0e:2d:
                    ac:0c:ac:86:fb:09:ef:37:eb:f6:06:2c:37:66:38:
                    20:e0:10:82:94:cd:44:76:ac:2e:15:1b:cd:63:11:
                    b5:8f:e2:ae:4a:68:87:46:76:03:dd:ed:f9:a4:dd:
                    78:8e:34:b2:06:8e:d2:29:7b:1a:ae:af:f1:8c:ee:
                    80:36:4a:be:05:48:16:92:eb:b0:a8:70:9b:ff:54:
                    9c:3b:dc:0d:92:ae:11:a0:60:96:c6:76:6d:9b:52:
                    9e:12:56:00:0d:48:1a:2d:da:4b:e9:4d:24:84:44:
                    e6:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:79:C2:D1:9A:89:36:AC:6F:DF:2E:E6:6A:4F:50:44:93:09:C3:EA
            X509v3 Authority Key Identifier:
                keyid:DF:3F:DC:4B:F3:3B:D8:0F:E1:28:D7:56:84:3F:60:B3:9D:5B:EE:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3z_cS_M72A_hKNdWhD9gs51b7uM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/eHnC0ZqJNqxv3y7mak9QRJMJw-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/325cd3-7edb-4026-8583-a473ec5410c3/1/3z_cS_M72A_hKNdWhD9gs51b7uM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.89.0/24
                IPv6:
                  2a14:640:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         92:7c:a7:52:23:c3:2f:c8:80:04:f2:ca:1f:e7:c7:b9:e6:e1:
         7f:c3:68:08:4b:38:d1:8b:42:b4:a4:8a:90:14:f4:63:46:a7:
         10:74:9d:0f:0b:97:b7:e9:c2:13:fc:6d:69:c4:fe:b5:9a:58:
         4a:c2:ca:44:a5:64:e4:c5:40:bf:45:0d:1d:6a:5d:3d:cf:01:
         0d:00:f0:fe:bb:c8:6e:8c:d5:f8:f3:e9:4f:07:7e:23:c4:7c:
         59:df:f6:f8:7e:c0:28:c8:a6:bf:fa:1a:93:a7:74:3c:6b:ad:
         a7:cb:4d:f0:a7:b2:f3:d3:eb:c9:53:68:16:d9:e2:d6:cf:fb:
         e3:a8:1f:43:50:9f:3b:74:54:ca:53:ed:8d:2f:0b:20:5c:83:
         29:7b:2b:06:b2:89:85:d3:48:ae:27:9b:39:5c:87:be:67:3d:
         4a:69:44:90:7d:5b:ce:52:36:f1:65:9e:4c:a5:9b:9b:d9:90:
         31:83:e7:91:a3:ee:75:12:d3:3f:bf:d8:51:a2:3f:7c:9e:1b:
         d7:d1:27:72:89:b6:2e:11:90:8c:05:3c:af:75:10:93:94:55:
         ff:b0:b8:4b:0c:a7:f1:67:e3:d7:26:55:6b:88:2a:92:a3:6e:
         f9:84:78:60:84:e8:5a:66:60:c1:f3:f7:e1:a0:19:2c:9d:04:
         7e:cf:0f:b5
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQmaw14+lk/VymYxIvXoU0sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRmM2ZkYzRiZjMzYmQ4MGZlMTI4ZDc1Njg0M2Y2MGIzOWQ1
YmVlZTMwHhcNMjUwMTAyMDk0ODU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODc5YzJkMTlhODkzNmFjNmZkZjJlZTY2YTRmNTA0NDkzMDljM2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArB8JXyHbN06xA+DDfXXzqRuRI4a/
Z3HvydvQ16l2CxFU4r2c5xNuMQGpZntQl0IWv7qny+EoIh/OtgNOHS7BAc/2CmtL
1by4AMKx4BQszaeVZo6rxCgwI/HjfPgHvmcNrEUcp3ox8++W3UVGWO+n5QywQyyW
humFz2BKAkih1CMBvsogBy56AbawpbQbULG2nLpSDi2sDKyG+wnvN+v2Biw3Zjgg
4BCClM1EdqwuFRvNYxG1j+KuSmiHRnYD3e35pN14jjSyBo7SKXsarq/xjO6ANkq+
BUgWkuuwqHCb/1ScO9wNkq4RoGCWxnZtm1KeElYADUgaLdpL6U0khETmRQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHh5wtGaiTasb98u5mpPUESTCcPqMB8GA1UdIwQY
MBaAFN8/3EvzO9gP4SjXVoQ/YLOdW+7jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMt
YTQ3M2VjNTQxMGMzLzEvZUhuQzBacUpOcXh2M3k3bWFrOVFSSk1Kdy1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi8zMjVjZDMtN2VkYi00MDI2LTg1ODMtYTQ3M2VjNTQxMGMz
LzEvM3pfY1NfTTcyQV9oS05kV2hEOWdzNTFiN3VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALQxZMA8E
AgACMAkDBwAqFAZAAAEwDQYJKoZIhvcNAQELBQADggEBAJJ8p1Ijwy/IgATyyh/n
x7nm4X/DaAhLONGLQrSkipAU9GNGpxB0nQ8Ll7fpwhP8bWnE/rWaWErCykSlZOTF
QL9FDR1qXT3PAQ0A8P67yG6M1fjz6U8HfiPEfFnf9vh+wCjIpr/6GpOndDxrrafL
TfCnsvPT68lTaBbZ4tbP++OoH0NQnzt0VMpT7Y0vCyBcgyl7KwayiYXTSK4nmzlc
h75nPUppRJB9W85SNvFlnkylm5vZkDGD55Gj7nUS0z+/2FGiP3yeG9fRJ3KJti4R
kIwFPK91EJOUVf+wuEsMp/Fn49cmVWuIKpKjbvmEeGCE6FpmYMHz9+GgGSydBH7P
D7U=
-----END CERTIFICATE-----