Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/nzP88bjh-XEZ2kCW3oiiu2uSEHc.roa
File:                     nzP88bjh-XEZ2kCW3oiiu2uSEHc.roa (raw, json)
Hash identifier:          Kf5r0P3IvTLCYpsr+vk6c4IGLFB/DHZsFGgImWavBWE=
Subject key identifier:   9F:33:FC:F1:B8:E1:F9:71:19:DA:40:96:DE:88:A2:BB:6B:92:10:77
Certificate issuer:       /CN=b1cdc26d44eaf85654481e9581043e14887765b4
Certificate serial:       019423D7F4BD4185C4C187CFF5E91767AE5A
Authority key identifier: B1:CD:C2:6D:44:EA:F8:56:54:48:1E:95:81:04:3E:14:88:77:65:B4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/nzP88bjh-XEZ2kCW3oiiu2uSEHc.roa
Signing time:             Wed 01 Jan 2025 21:49:02 +0000
ROA not before:           Wed 01 Jan 2025 21:49:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202329
IP address blocks:        45.140.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:f4:bd:41:85:c4:c1:87:cf:f5:e9:17:67:ae:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1cdc26d44eaf85654481e9581043e14887765b4
        Validity
            Not Before: Jan  1 21:49:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9f33fcf1b8e1f97119da4096de88a2bb6b921077
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:57:65:09:60:7c:ea:8b:85:22:9b:04:ff:b1:
                    3d:03:2c:a3:25:30:e6:a3:6c:50:24:0a:d7:80:15:
                    69:a6:f2:18:32:ba:a9:06:5f:75:ba:42:69:2b:c8:
                    ad:ee:37:2b:4f:33:90:59:7a:99:b9:63:45:57:af:
                    9f:8e:90:ac:f3:f5:83:73:92:ec:a1:61:4f:9d:c8:
                    4c:81:56:12:b5:af:6e:f7:54:10:a5:4f:4d:09:21:
                    d0:ef:54:76:cf:0f:db:e2:f5:e8:10:ee:e4:8e:17:
                    8d:f3:44:3d:56:3c:7c:5b:0e:82:27:6c:d7:eb:2d:
                    65:b8:52:2e:21:46:ea:05:08:fc:23:fa:11:d5:75:
                    91:c8:19:4f:fb:35:0c:d1:2d:70:f2:90:97:b7:da:
                    90:be:4e:a9:0e:f7:7f:1d:23:70:80:b8:7c:01:02:
                    f3:5b:df:8d:7b:fc:fb:8e:1b:bb:64:4e:5d:26:69:
                    bc:f9:53:36:d7:98:f1:21:00:db:6a:6c:2c:eb:af:
                    82:03:97:bf:ec:8c:51:fb:e5:11:30:35:e1:87:fa:
                    7d:c3:23:26:0b:b2:a0:4f:06:de:61:6a:23:53:9c:
                    9a:d2:da:ed:cd:1f:d4:e0:51:02:f8:a6:0b:bb:90:
                    7d:3b:62:da:c7:c3:30:e1:94:92:d0:b4:c0:58:79:
                    25:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:33:FC:F1:B8:E1:F9:71:19:DA:40:96:DE:88:A2:BB:6B:92:10:77
            X509v3 Authority Key Identifier:
                keyid:B1:CD:C2:6D:44:EA:F8:56:54:48:1E:95:81:04:3E:14:88:77:65:B4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/nzP88bjh-XEZ2kCW3oiiu2uSEHc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/aaadac-4809-4955-ac62-8f9ca0ebccab/1/sc3CbUTq-FZUSB6VgQQ-FIh3ZbQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.140.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:58:f5:62:87:d9:9b:40:2a:12:d7:02:c5:c7:25:1a:77:2d:
         54:cc:51:39:e5:88:cf:c0:3f:40:e1:c8:0a:08:1f:ae:a9:a6:
         24:6b:8b:1c:5b:78:99:cb:23:85:a9:2c:4f:df:c7:01:48:7c:
         b4:5d:75:c0:07:c4:bd:21:a6:41:a6:e3:94:7f:28:bc:c3:00:
         ed:1f:e5:3d:ff:cb:a1:55:59:c3:cf:12:7b:d8:9f:7d:9d:23:
         b6:3e:0f:af:cc:50:62:99:d9:7b:46:84:10:33:48:6c:4f:f1:
         70:68:56:93:50:24:89:e2:0b:1a:01:53:6c:13:25:10:1f:ae:
         78:41:93:45:43:e6:e4:99:1d:19:3c:ed:2d:b6:90:31:35:c5:
         a4:b0:44:a9:5b:4d:c1:88:4a:b2:60:b5:82:90:3e:85:a2:f6:
         8f:6a:67:c1:d9:a4:48:b1:30:8a:64:80:a6:53:66:3f:a3:e7:
         48:2b:7c:85:93:ab:2c:57:7e:16:a0:73:c8:9a:28:6c:d0:ff:
         d6:17:8e:f2:e3:ac:ba:bf:a1:b9:04:c0:05:e5:c1:11:fe:27:
         f8:b9:28:49:22:65:02:aa:f4:93:a5:3d:88:d4:f3:19:b5:80:
         8a:06:a1:6c:82:32:1e:08:62:fe:10:62:42:c2:e4:9d:3f:ba:
         c8:0f:ab:22
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1/S9QYXEwYfP9ekXZ65aMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxY2RjMjZkNDRlYWY4NTY1NDQ4MWU5NTgxMDQzZTE0ODg3
NzY1YjQwHhcNMjUwMTAxMjE0OTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjMzZmNmMWI4ZTFmOTcxMTlkYTQwOTZkZTg4YTJiYjZiOTIxMDc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1dlCWB86ouFIpsE/7E9AyyjJTDm
o2xQJArXgBVppvIYMrqpBl91ukJpK8it7jcrTzOQWXqZuWNFV6+fjpCs8/WDc5Ls
oWFPnchMgVYSta9u91QQpU9NCSHQ71R2zw/b4vXoEO7kjheN80Q9Vjx8Ww6CJ2zX
6y1luFIuIUbqBQj8I/oR1XWRyBlP+zUM0S1w8pCXt9qQvk6pDvd/HSNwgLh8AQLz
W9+Ne/z7jhu7ZE5dJmm8+VM215jxIQDbamws66+CA5e/7IxR++URMDXhh/p9wyMm
C7KgTwbeYWojU5ya0trtzR/U4FEC+KYLu5B9O2Lax8Mw4ZSS0LTAWHklFQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ8z/PG44flxGdpAlt6IortrkhB3MB8GA1UdIwQY
MBaAFLHNwm1E6vhWVEgelYEEPhSId2W0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2MzQ2JVVHEtRlpVU0I2VmdRUS1GSWgzWmJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9hYWFkYWMtNDgwOS00OTU1LWFjNjIt
OGY5Y2EwZWJjY2FiLzEvbnpQODhiamgtWEVaMmtDVzNvaWl1MnVTRUhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9hYWFkYWMtNDgwOS00OTU1LWFjNjItOGY5Y2EwZWJjY2Fi
LzEvc2MzQ2JVVHEtRlpVU0I2VmdRUS1GSWgzWmJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYy3MA0G
CSqGSIb3DQEBCwUAA4IBAQBnWPVih9mbQCoS1wLFxyUady1UzFE55YjPwD9A4cgK
CB+uqaYka4scW3iZyyOFqSxP38cBSHy0XXXAB8S9IaZBpuOUfyi8wwDtH+U9/8uh
VVnDzxJ72J99nSO2Pg+vzFBimdl7RoQQM0hsT/FwaFaTUCSJ4gsaAVNsEyUQH654
QZNFQ+bkmR0ZPO0ttpAxNcWksESpW03BiEqyYLWCkD6FovaPamfB2aRIsTCKZICm
U2Y/o+dIK3yFk6ssV34WoHPImihs0P/WF47y46y6v6G5BMAF5cER/if4uShJImUC
qvSTpT2I1PMZtYCKBqFsgjIeCGL+EGJCwuSdP7rID6si
-----END CERTIFICATE-----