Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/uD_ngmtNEJDgxKTmDs0dfRFETyw.roa
File:                     uD_ngmtNEJDgxKTmDs0dfRFETyw.roa (raw, json)
Hash identifier:          4vDT31Aj0L6dgxcGHMciEeqVCA7CQgG4yXo6DYN6amk=
Subject key identifier:   B8:3F:E7:82:6B:4D:10:90:E0:C4:A4:E6:0E:CD:1D:7D:11:44:4F:2C
Certificate issuer:       /CN=45b9854b044594e6cf0846fb41de7b0908fb5f72
Certificate serial:       01956A7669ABE6E826B9CF1901E7CF444CD5
Authority key identifier: 45:B9:85:4B:04:45:94:E6:CF:08:46:FB:41:DE:7B:09:08:FB:5F:72
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RbmFSwRFlObPCEb7Qd57CQj7X3I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/uD_ngmtNEJDgxKTmDs0dfRFETyw.roa
Signing time:             Thu 06 Mar 2025 07:58:19 +0000
ROA not before:           Thu 06 Mar 2025 07:58:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44780
IP address blocks:        195.149.92.0/23 maxlen: 24
                          195.158.238.0/23 maxlen: 24
                          2a02:790:6::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/RbmFSwRFlObPCEb7Qd57CQj7X3I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/RbmFSwRFlObPCEb7Qd57CQj7X3I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RbmFSwRFlObPCEb7Qd57CQj7X3I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:6a:76:69:ab:e6:e8:26:b9:cf:19:01:e7:cf:44:4c:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=45b9854b044594e6cf0846fb41de7b0908fb5f72
        Validity
            Not Before: Mar  6 07:58:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b83fe7826b4d1090e0c4a4e60ecd1d7d11444f2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:44:d0:8b:88:cb:19:cd:ab:c3:44:a5:d9:9a:
                    c7:3f:94:02:98:20:96:10:1b:40:0a:53:5f:d0:d8:
                    74:1a:7f:67:05:c1:f2:a2:35:58:2d:35:fc:c3:76:
                    fc:c7:53:a1:e3:df:e0:1a:78:54:e7:8d:9d:07:e4:
                    9a:20:e1:c7:d6:15:25:be:83:17:c1:68:42:1c:07:
                    ae:e8:cb:dc:97:8c:03:0c:bc:c3:84:c8:af:6d:d3:
                    e9:20:a9:fc:55:d3:c7:c2:32:0a:ff:9f:11:12:3a:
                    37:6f:76:32:f3:ee:86:29:be:9f:0a:af:ba:16:4f:
                    c2:2b:1b:c6:fb:07:f4:a7:57:46:f2:8c:02:72:93:
                    a1:8f:8e:21:16:cb:7b:0b:07:f3:18:80:36:ef:cb:
                    41:1a:3d:b4:77:f2:65:2a:47:91:23:bb:50:09:05:
                    b7:fa:e6:c5:d7:d6:f2:2c:c6:59:13:ad:2f:34:9b:
                    d8:7b:b9:8b:f6:85:5c:87:80:3a:b8:86:6e:86:4c:
                    bc:e4:8a:23:40:dc:4e:e1:fe:36:7d:6d:5d:16:92:
                    e3:c7:96:88:f6:0a:54:05:b8:99:66:65:4d:ab:a4:
                    c3:5f:b2:dd:1b:d1:62:33:b3:d5:c4:ca:5a:dc:12:
                    a8:48:89:4a:b1:c5:aa:7a:5d:73:d2:71:00:78:ff:
                    fd:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:3F:E7:82:6B:4D:10:90:E0:C4:A4:E6:0E:CD:1D:7D:11:44:4F:2C
            X509v3 Authority Key Identifier:
                keyid:45:B9:85:4B:04:45:94:E6:CF:08:46:FB:41:DE:7B:09:08:FB:5F:72

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RbmFSwRFlObPCEb7Qd57CQj7X3I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/uD_ngmtNEJDgxKTmDs0dfRFETyw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/5e6116-56e6-4c1d-9683-4b22fc5184a2/1/RbmFSwRFlObPCEb7Qd57CQj7X3I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.149.92.0/23
                  195.158.238.0/23
                IPv6:
                  2a02:790:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         22:9c:0f:9e:e6:07:a5:80:29:37:b7:2d:db:39:e7:67:78:b2:
         06:b5:d3:7a:63:a8:82:4a:c9:a4:ca:46:d6:9d:04:e5:55:24:
         e2:9f:67:f1:fc:4c:51:63:c2:03:3c:9c:2d:7e:6d:78:2f:43:
         e1:52:de:f3:2f:27:ef:fb:32:fd:21:ef:8b:57:fe:c7:fc:bd:
         5e:57:3d:cb:3d:19:74:b8:f7:a8:b1:1c:2b:c1:33:a3:14:77:
         c4:a9:39:05:b3:ba:b6:6e:43:a5:42:2c:52:e5:57:17:4b:ec:
         a4:76:d0:90:f0:22:bd:35:60:a6:0a:55:f1:99:83:84:8a:ec:
         cf:9a:ec:1d:ea:ad:1b:61:9b:f2:13:07:6f:99:82:61:ab:b7:
         16:87:c1:29:bc:2b:14:10:3a:d7:75:26:8a:97:96:78:06:a8:
         de:49:3f:1e:73:7a:ef:f5:cb:b4:df:d1:a3:6f:fa:ad:00:91:
         ec:c9:60:36:a5:4a:c4:76:f7:b4:cc:32:36:48:59:70:6f:f8:
         de:85:04:31:70:af:bf:e5:5c:5b:63:f5:2a:ff:1c:96:40:56:
         8b:22:91:22:bc:ff:fc:7c:3c:57:07:9b:09:7b:c4:be:8c:18:
         10:0b:1d:2d:41:72:0b:cc:8c:aa:63:9b:a9:0b:ce:f0:15:0b:
         9d:f6:42:a0
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZVqdmmr5ugmuc8ZAefPREzVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1Yjk4NTRiMDQ0NTk0ZTZjZjA4NDZmYjQxZGU3YjA5MDhm
YjVmNzIwHhcNMjUwMzA2MDc1ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiODNmZTc4MjZiNGQxMDkwZTBjNGE0ZTYwZWNkMWQ3ZDExNDQ0ZjJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8UTQi4jLGc2rw0Sl2ZrHP5QCmCCW
EBtAClNf0Nh0Gn9nBcHyojVYLTX8w3b8x1Oh49/gGnhU542dB+SaIOHH1hUlvoMX
wWhCHAeu6Mvcl4wDDLzDhMivbdPpIKn8VdPHwjIK/58REjo3b3Yy8+6GKb6fCq+6
Fk/CKxvG+wf0p1dG8owCcpOhj44hFst7CwfzGIA278tBGj20d/JlKkeRI7tQCQW3
+ubF19byLMZZE60vNJvYe7mL9oVch4A6uIZuhky85IojQNxO4f42fW1dFpLjx5aI
9gpUBbiZZmVNq6TDX7LdG9FiM7PVxMpa3BKoSIlKscWqel1z0nEAeP/9MQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFLg/54JrTRCQ4MSk5g7NHX0RRE8sMB8GA1UdIwQY
MBaAFEW5hUsERZTmzwhG+0HeewkI+19yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmJtRlN3UkZsT2JQQ0ViN1FkNTdDUWo3WDNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi81ZTYxMTYtNTZlNi00YzFkLTk2ODMt
NGIyMmZjNTE4NGEyLzEvdURfbmdtdE5FSkRneEtUbURzMGRmUkZFVHl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi81ZTYxMTYtNTZlNi00YzFkLTk2ODMtNGIyMmZjNTE4NGEy
LzEvUmJtRlN3UkZsT2JQQ0ViN1FkNTdDUWo3WDNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQBw5VcAwQB
w57uMA8EAgACMAkDBwAqAgeQAAYwDQYJKoZIhvcNAQELBQADggEBACKcD57mB6WA
KTe3Lds552d4sga103pjqIJKyaTKRtadBOVVJOKfZ/H8TFFjwgM8nC1+bXgvQ+FS
3vMvJ+/7Mv0h74tX/sf8vV5XPcs9GXS496ixHCvBM6MUd8SpOQWzurZuQ6VCLFLl
VxdL7KR20JDwIr01YKYKVfGZg4SK7M+a7B3qrRthm/ITB2+ZgmGrtxaHwSm8KxQQ
Otd1JoqXlngGqN5JPx5zeu/1y7Tf0aNv+q0AkezJYDalSsR297TMMjZIWXBv+N6F
BDFwr7/lXFtj9Sr/HJZAVosikSK8//x8PFcHmwl7xL6MGBALHS1BcgvMjKpjm6kL
zvAVC532QqA=
-----END CERTIFICATE-----