Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/5wgkb4akqadzyJiHHieQcGtBNQQ.roa
File:                     5wgkb4akqadzyJiHHieQcGtBNQQ.roa (raw, json)
Hash identifier:          Di0bLzyl/Q3bCbGW5CHLC9W0TftfUiAh6aTSXzT7nug=
Subject key identifier:   E7:08:24:6F:86:A4:A9:A7:73:C8:98:87:1E:27:90:70:6B:41:35:04
Certificate issuer:       /CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
Certificate serial:       0195935499458382EC3F82C995D3F0B823BD
Authority key identifier: 05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/5wgkb4akqadzyJiHHieQcGtBNQQ.roa
Signing time:             Fri 14 Mar 2025 06:25:49 +0000
ROA not before:           Fri 14 Mar 2025 06:25:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        45.11.188.0/24 maxlen: 24
                          45.65.113.0/24 maxlen: 24
                          194.15.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:93:54:99:45:83:82:ec:3f:82:c9:95:d3:f0:b8:23:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=051f29462e7a7da7eb5f45da7873f14e403fe3ab
        Validity
            Not Before: Mar 14 06:25:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e708246f86a4a9a773c898871e2790706b413504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:93:d6:34:13:a1:5a:ef:ed:d4:3c:cc:1f:85:
                    75:08:ea:c5:5e:00:7d:22:e3:c4:1c:0d:f2:1f:8d:
                    1c:c9:b2:2d:60:8d:4c:81:55:2b:33:a1:c4:76:1f:
                    0c:13:60:59:b4:6f:da:e2:87:15:bd:cc:a2:37:83:
                    4e:50:7c:b9:8b:7c:94:38:a4:43:6d:f5:7d:be:6b:
                    af:d6:74:a7:b9:4b:70:4e:71:e4:d3:7b:61:b9:a3:
                    3c:21:0e:d5:1a:b4:9c:f2:00:02:c9:cb:47:9a:c1:
                    95:3f:3e:44:0d:f7:92:47:b7:48:3a:98:6d:e1:85:
                    cb:0c:ac:19:01:55:43:85:d1:1d:05:60:b6:85:e7:
                    6d:33:16:0c:bf:89:d0:d7:7b:29:4e:0c:e3:a8:97:
                    8a:29:d1:1a:80:84:2f:f5:a0:d1:7b:5d:c9:1f:e2:
                    f1:ef:39:f5:93:95:da:92:e6:e1:ad:10:2d:01:62:
                    ed:1e:72:65:a8:65:55:07:c8:24:5f:79:57:73:fb:
                    bf:a8:9d:57:ab:6e:41:13:d8:8d:08:b4:79:c4:c3:
                    33:8a:b1:1b:5c:15:91:27:ba:0b:99:78:99:17:70:
                    d4:28:30:b1:f8:61:59:56:fd:6d:ef:64:b6:5b:b4:
                    04:6f:d5:8d:21:4d:c7:17:d2:85:22:cc:52:db:f3:
                    95:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:08:24:6F:86:A4:A9:A7:73:C8:98:87:1E:27:90:70:6B:41:35:04
            X509v3 Authority Key Identifier:
                keyid:05:1F:29:46:2E:7A:7D:A7:EB:5F:45:DA:78:73:F1:4E:40:3F:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BR8pRi56fafrX0XaeHPxTkA_46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/5wgkb4akqadzyJiHHieQcGtBNQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/395328-f461-44b7-b031-3f8b55da1ac4/1/BR8pRi56fafrX0XaeHPxTkA_46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.188.0/24
                  45.65.113.0/24
                  194.15.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:fb:34:25:98:67:20:71:73:85:13:7b:ed:2b:29:c6:ae:b4:
         1b:95:b0:e6:0d:e4:f5:8a:34:74:2b:89:67:43:ce:97:81:ea:
         9f:89:e5:85:bd:c0:7d:70:7d:3d:6e:a5:f4:d3:b6:4a:09:0b:
         8e:16:4b:26:78:5f:3c:0c:91:3f:3f:13:72:49:d1:58:0d:86:
         11:af:3c:3d:76:ce:49:77:bc:9d:b6:91:51:1c:73:89:f9:43:
         fa:c9:6c:fc:a5:4d:6b:e1:a5:38:e6:08:e0:92:60:4b:0f:62:
         6d:bf:28:95:fe:1a:2d:2d:a8:61:7d:61:12:1d:05:e6:97:e7:
         b3:97:ea:d7:5c:d5:53:34:81:af:20:ff:75:20:55:f0:7b:46:
         79:00:b9:4d:ff:14:14:c6:35:d9:6d:6d:94:04:85:85:66:ac:
         7d:66:98:a5:8a:c0:d4:dd:ed:74:57:d0:80:4c:8d:5a:b6:dd:
         02:bd:04:8b:a0:f1:1f:10:d4:a2:42:30:65:96:77:2c:0c:79:
         59:ec:d6:02:3e:e2:e1:b6:26:5d:b0:16:6a:2e:2a:68:5f:5d:
         c2:9f:b2:e0:31:93:19:3f:22:0b:3d:0d:7a:05:5a:1a:da:98:
         6f:b0:f8:61:0b:7e:98:06:81:5d:bb:f5:7a:16:3c:8c:f4:d5:
         46:0c:fc:e7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZWTVJlFg4LsP4LJldPwuCO9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1MWYyOTQ2MmU3YTdkYTdlYjVmNDVkYTc4NzNmMTRlNDAz
ZmUzYWIwHhcNMjUwMzE0MDYyNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzA4MjQ2Zjg2YTRhOWE3NzNjODk4ODcxZTI3OTA3MDZiNDEzNTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAspPWNBOhWu/t1DzMH4V1COrFXgB9
IuPEHA3yH40cybItYI1MgVUrM6HEdh8ME2BZtG/a4ocVvcyiN4NOUHy5i3yUOKRD
bfV9vmuv1nSnuUtwTnHk03thuaM8IQ7VGrSc8gACyctHmsGVPz5EDfeSR7dIOpht
4YXLDKwZAVVDhdEdBWC2hedtMxYMv4nQ13spTgzjqJeKKdEagIQv9aDRe13JH+Lx
7zn1k5XakubhrRAtAWLtHnJlqGVVB8gkX3lXc/u/qJ1Xq25BE9iNCLR5xMMzirEb
XBWRJ7oLmXiZF3DUKDCx+GFZVv1t72S2W7QEb9WNIU3HF9KFIsxS2/OV7QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOcIJG+GpKmnc8iYhx4nkHBrQTUEMB8GA1UdIwQY
MBaAFAUfKUYuen2n619F2nhz8U5AP+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEt
M2Y4YjU1ZGExYWM0LzEvNXdna2I0YWtxYWR6eUppSEhpZVFjR3RCTlFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC8zOTUzMjgtZjQ2MS00NGI3LWIwMzEtM2Y4YjU1ZGExYWM0
LzEvQlI4cFJpNTZmYWZyWDBYYWVIUHhUa0FfNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALQu8AwQA
LUFxAwQAwg9iMA0GCSqGSIb3DQEBCwUAA4IBAQBI+zQlmGcgcXOFE3vtKynGrrQb
lbDmDeT1ijR0K4lnQ86XgeqfieWFvcB9cH09bqX007ZKCQuOFksmeF88DJE/PxNy
SdFYDYYRrzw9ds5Jd7ydtpFRHHOJ+UP6yWz8pU1r4aU45gjgkmBLD2JtvyiV/hot
LahhfWESHQXml+ezl+rXXNVTNIGvIP91IFXwe0Z5ALlN/xQUxjXZbW2UBIWFZqx9
ZpilisDU3e10V9CATI1att0CvQSLoPEfENSiQjBllncsDHlZ7NYCPuLhtiZdsBZq
LipoX13Cn7LgMZMZPyILPQ16BVoa2phvsPhhC36YBoFdu/V6FjyM9NVGDPzn
-----END CERTIFICATE-----