Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/FwaLh_XWuDJap-mUnxiKXWwAdkE.roa
File:                     FwaLh_XWuDJap-mUnxiKXWwAdkE.roa (raw, json)
Hash identifier:          wfCRNedVrJxedkZTpykJPKkqB4bxtaE/AEv4nmUBlvI=
Subject key identifier:   17:06:8B:87:F5:D6:B8:32:5A:A7:E9:94:9F:18:8A:5D:6C:00:76:41
Certificate issuer:       /CN=b557ccd43afe816e4953228bf14a75dc29014b8d
Certificate serial:       0194206802F671F021EF4178411E87F898D1
Authority key identifier: B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/FwaLh_XWuDJap-mUnxiKXWwAdkE.roa
Signing time:             Wed 01 Jan 2025 05:47:54 +0000
ROA not before:           Wed 01 Jan 2025 05:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30937
IP address blocks:        45.157.200.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:02:f6:71:f0:21:ef:41:78:41:1e:87:f8:98:d1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b557ccd43afe816e4953228bf14a75dc29014b8d
        Validity
            Not Before: Jan  1 05:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17068b87f5d6b8325aa7e9949f188a5d6c007641
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9b:af:9e:30:3d:11:6b:6e:be:00:71:90:6a:
                    6a:49:0f:60:10:40:cb:38:98:39:8e:56:69:35:bb:
                    0c:7e:c3:a8:ed:85:8b:9f:7b:cc:c8:14:1d:fb:87:
                    b3:c2:60:1b:2e:fc:4b:8e:60:35:a6:e3:8d:39:9f:
                    48:6e:1d:b3:f0:24:bd:d9:ba:dd:30:dc:9c:99:8c:
                    0a:2d:df:da:40:ce:05:26:b5:f2:17:aa:f8:da:f8:
                    e1:a6:c2:a2:bb:5d:98:0c:1c:62:d8:3a:5e:1b:67:
                    ee:e2:90:5c:7e:4b:9e:0a:34:92:eb:87:6e:71:2b:
                    0d:d9:59:40:d8:5b:12:01:aa:32:53:97:37:54:d0:
                    b1:97:df:3a:39:3c:5c:46:9f:a2:f2:28:87:a5:ca:
                    64:3a:73:eb:c0:df:7f:2c:63:4d:7b:4f:ed:08:dc:
                    5e:ff:6e:79:1c:8f:9f:66:34:46:bf:54:3b:a5:f1:
                    ed:2f:47:fb:58:05:b5:e3:5a:86:d5:f4:21:3c:1b:
                    74:c2:c9:55:f8:9b:a6:29:49:06:61:ea:56:4e:c4:
                    ad:01:05:d4:07:c0:0b:32:44:5f:5f:d6:5a:a6:2b:
                    db:36:82:5e:9e:4a:88:db:7b:8e:9c:8f:ba:54:d2:
                    67:a5:80:95:95:58:88:51:6b:d2:4a:d9:88:b5:45:
                    bc:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:06:8B:87:F5:D6:B8:32:5A:A7:E9:94:9F:18:8A:5D:6C:00:76:41
            X509v3 Authority Key Identifier:
                keyid:B5:57:CC:D4:3A:FE:81:6E:49:53:22:8B:F1:4A:75:DC:29:01:4B:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tVfM1Dr-gW5JUyKL8Up13CkBS40.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/FwaLh_XWuDJap-mUnxiKXWwAdkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0b/190843-1803-4462-a795-6bc75578b4c3/1/tVfM1Dr-gW5JUyKL8Up13CkBS40.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.200.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:9c:cb:54:04:73:cb:fa:de:80:bd:b2:b9:06:8e:07:8e:51:
         d4:2d:e1:55:63:cd:3b:c2:5b:ac:39:3a:f2:d6:df:f4:86:86:
         7e:70:6b:2a:a2:00:95:58:fa:fa:79:88:f6:b8:06:93:1c:00:
         31:0d:b7:be:3e:d0:69:b4:7e:56:29:8a:db:34:61:e4:60:14:
         8e:d8:a4:7b:3a:d2:28:5d:16:94:a3:08:aa:ab:0e:88:71:88:
         ac:64:08:24:88:8e:2e:a5:59:eb:84:fe:80:6c:ff:58:2b:58:
         c1:45:dc:00:ba:21:1a:16:0c:6c:46:f6:2c:17:98:1c:c1:a6:
         bd:a7:53:d9:45:dc:4c:5b:0d:2b:91:1e:fe:ec:38:5b:07:67:
         fa:f9:ea:30:a4:11:34:07:23:0e:70:64:02:b1:42:b7:86:50:
         23:52:97:e9:61:4c:a3:af:70:13:c5:b0:fd:46:f7:80:e3:2b:
         16:31:59:7b:1c:47:a0:04:62:23:a9:be:c9:7b:49:92:7e:94:
         99:e4:2e:1a:e1:c0:64:49:88:26:eb:90:20:a7:a0:54:10:9a:
         85:b8:3e:58:b7:71:2f:6a:66:bf:0d:1d:3f:66:25:1a:2b:a2:
         d7:77:59:2a:b2:27:10:5c:95:bd:22:b2:50:b8:d4:3b:38:4e:
         b7:e2:92:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaAL2cfAh70F4QR6H+JjRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NTdjY2Q0M2FmZTgxNmU0OTUzMjI4YmYxNGE3NWRjMjkw
MTRiOGQwHhcNMjUwMTAxMDU0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzA2OGI4N2Y1ZDZiODMyNWFhN2U5OTQ5ZjE4OGE1ZDZjMDA3NjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZuvnjA9EWtuvgBxkGpqSQ9gEEDL
OJg5jlZpNbsMfsOo7YWLn3vMyBQd+4ezwmAbLvxLjmA1puONOZ9Ibh2z8CS92brd
MNycmYwKLd/aQM4FJrXyF6r42vjhpsKiu12YDBxi2DpeG2fu4pBcfkueCjSS64du
cSsN2VlA2FsSAaoyU5c3VNCxl986OTxcRp+i8iiHpcpkOnPrwN9/LGNNe0/tCNxe
/255HI+fZjRGv1Q7pfHtL0f7WAW141qG1fQhPBt0wslV+JumKUkGYepWTsStAQXU
B8ALMkRfX9ZapivbNoJenkqI23uOnI+6VNJnpYCVlViIUWvSStmItUW8JwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBcGi4f11rgyWqfplJ8Yil1sAHZBMB8GA1UdIwQY
MBaAFLVXzNQ6/oFuSVMii/FKddwpAUuNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUt
NmJjNzU1NzhiNGMzLzEvRndhTGhfWFd1REphcC1tVW54aUtYV3dBZGtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYi8xOTA4NDMtMTgwMy00NDYyLWE3OTUtNmJjNzU1NzhiNGMz
LzEvdFZmTTFEci1nVzVKVXlLTDhVcDEzQ2tCUzQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZ3IMA0G
CSqGSIb3DQEBCwUAA4IBAQA/nMtUBHPL+t6AvbK5Bo4HjlHULeFVY807wlusOTry
1t/0hoZ+cGsqogCVWPr6eYj2uAaTHAAxDbe+PtBptH5WKYrbNGHkYBSO2KR7OtIo
XRaUowiqqw6IcYisZAgkiI4upVnrhP6AbP9YK1jBRdwAuiEaFgxsRvYsF5gcwaa9
p1PZRdxMWw0rkR7+7DhbB2f6+eowpBE0ByMOcGQCsUK3hlAjUpfpYUyjr3ATxbD9
RveA4ysWMVl7HEegBGIjqb7Je0mSfpSZ5C4a4cBkSYgm65Agp6BUEJqFuD5Yt3Ev
ama/DR0/ZiUaK6LXd1kqsicQXJW9IrJQuNQ7OE634pJQ
-----END CERTIFICATE-----