Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/1IRre9cMUULPgWYL5Rf8yusIgMw.roa
File:                     1IRre9cMUULPgWYL5Rf8yusIgMw.roa (raw, json)
Hash identifier:          GmNSZJCFZkZ3yXu95pKi6RLcEbnAGuQuFMP0CBDntKM=
Subject key identifier:   D4:84:6B:7B:D7:0C:51:42:CF:81:66:0B:E5:17:FC:CA:EB:08:80:CC
Certificate issuer:       /CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
Certificate serial:       01921EF951571ED4AFFECE486D2A477C3DD3
Authority key identifier: 82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/1IRre9cMUULPgWYL5Rf8yusIgMw.roa
Signing time:             Mon 23 Sep 2024 13:01:48 +0000
ROA not before:           Mon 23 Sep 2024 13:01:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35758
IP address blocks:        45.14.73.0/24 maxlen: 24
                          45.84.46.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 04:00:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:1e:f9:51:57:1e:d4:af:fe:ce:48:6d:2a:47:7c:3d:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=821a3f21fb0c294d6d4a529b2f1dbd4bd1119bd7
        Validity
            Not Before: Sep 23 13:01:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=d4846b7bd70c5142cf81660be517fccaeb0880cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:40:97:d6:cf:88:0f:3c:d8:5a:e7:35:58:35:
                    9a:ae:2c:cf:75:f7:73:21:99:98:a5:ad:02:7f:26:
                    97:ea:88:16:13:68:4f:18:d0:90:2a:4a:1b:c8:fc:
                    73:4a:1f:80:22:22:1b:ca:8e:26:51:43:ff:02:37:
                    f3:0c:4c:65:d2:ae:52:59:14:82:fe:c9:54:cc:aa:
                    67:99:e2:43:75:22:60:c9:c5:db:20:35:c0:c4:9f:
                    23:42:c8:a3:67:98:8b:ed:c8:80:0b:35:ac:77:50:
                    97:72:76:12:41:25:25:49:5b:a9:ce:9e:01:c2:24:
                    b0:87:44:cd:07:82:d6:e1:a5:34:c3:5f:df:1f:3f:
                    9d:b3:03:91:f7:e7:c7:be:5f:21:59:38:bc:4e:64:
                    a3:bd:4f:f0:6d:2f:a2:c7:a4:f2:10:72:7d:ec:e8:
                    f2:47:5a:83:ea:e6:3e:f9:d6:e1:64:41:81:b2:4e:
                    72:7e:9c:3a:1f:da:e4:fd:5c:f2:e6:37:c6:e3:51:
                    28:a6:6b:e4:e2:cf:e8:d8:86:2f:64:47:d5:8c:34:
                    82:25:a1:04:95:91:14:61:67:5b:9e:a8:e4:cb:42:
                    0a:40:35:6d:b0:77:63:f1:89:d0:75:35:84:f6:9e:
                    1e:f1:5f:79:63:ed:89:d8:ea:d8:c7:28:37:b0:c7:
                    3d:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:84:6B:7B:D7:0C:51:42:CF:81:66:0B:E5:17:FC:CA:EB:08:80:CC
            X509v3 Authority Key Identifier:
                keyid:82:1A:3F:21:FB:0C:29:4D:6D:4A:52:9B:2F:1D:BD:4B:D1:11:9B:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gho_IfsMKU1tSlKbLx29S9ERm9c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/1IRre9cMUULPgWYL5Rf8yusIgMw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/12/edc855-f2bc-4e9c-8c0c-b6f2ac86ef27/1/gho_IfsMKU1tSlKbLx29S9ERm9c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.73.0/24
                  45.84.46.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:d7:c5:75:aa:bc:13:53:36:8e:e5:61:bf:f2:72:82:cb:cb:
         4f:fd:9b:ea:f4:4e:fc:67:b2:4a:07:71:bb:a3:80:ae:6c:8a:
         98:0d:7f:e1:98:6e:ba:7f:13:05:f7:f9:73:55:81:ab:9d:24:
         22:fc:75:f6:3b:cc:a0:1b:e5:88:f4:0b:b7:1c:e8:76:1f:b6:
         54:78:b7:1f:91:8d:f4:35:ce:1c:dd:1a:87:9c:5f:af:ab:48:
         e8:10:ee:ac:33:a1:87:69:ee:b6:5f:0b:3e:af:b4:09:61:e0:
         d4:44:36:27:6a:fb:02:9c:9f:58:cc:37:6b:b5:4b:b2:86:6a:
         59:a4:b1:2e:df:36:04:a7:db:f3:9f:30:87:3f:40:46:7b:51:
         b1:2b:8b:e9:f1:9f:92:f2:4c:76:b0:40:f8:00:3d:43:9d:7f:
         4b:1b:28:35:13:2d:2b:39:4b:6c:1c:95:35:50:32:96:27:51:
         c1:62:54:9c:4f:fd:78:d2:42:1b:ee:9d:00:ac:84:64:9d:ec:
         b8:6c:52:1b:4c:e5:89:cd:eb:3f:bf:fc:a2:9b:71:2b:89:ef:
         b5:ac:3e:b5:f0:dc:56:ec:79:92:ef:27:cd:6f:20:0f:fa:6b:
         6d:5e:16:04:b2:09:c7:54:47:2c:98:ba:3b:b8:2a:4c:ae:48:
         37:5e:f9:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZIe+VFXHtSv/s5IbSpHfD3TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyMWEzZjIxZmIwYzI5NGQ2ZDRhNTI5YjJmMWRiZDRiZDEx
MTliZDcwHhcNMjQwOTIzMTMwMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDg0NmI3YmQ3MGM1MTQyY2Y4MTY2MGJlNTE3ZmNjYWViMDg4MGNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0CX1s+IDzzYWuc1WDWarizPdfdz
IZmYpa0CfyaX6ogWE2hPGNCQKkobyPxzSh+AIiIbyo4mUUP/AjfzDExl0q5SWRSC
/slUzKpnmeJDdSJgycXbIDXAxJ8jQsijZ5iL7ciACzWsd1CXcnYSQSUlSVupzp4B
wiSwh0TNB4LW4aU0w1/fHz+dswOR9+fHvl8hWTi8TmSjvU/wbS+ix6TyEHJ97Ojy
R1qD6uY++dbhZEGBsk5yfpw6H9rk/Vzy5jfG41Eopmvk4s/o2IYvZEfVjDSCJaEE
lZEUYWdbnqjky0IKQDVtsHdj8YnQdTWE9p4e8V95Y+2J2OrYxyg3sMc9hQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNSEa3vXDFFCz4FmC+UX/MrrCIDMMB8GA1UdIwQY
MBaAFIIaPyH7DClNbUpSmy8dvUvREZvXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMt
YjZmMmFjODZlZjI3LzEvMUlScmU5Y01VVUxQZ1dZTDVSZjh5dXNJZ013LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9lZGM4NTUtZjJiYy00ZTljLThjMGMtYjZmMmFjODZlZjI3
LzEvZ2hvX0lmc01LVTF0U2xLYkx4MjlTOUVSbTljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQ5JAwQA
LVQuMA0GCSqGSIb3DQEBCwUAA4IBAQBB18V1qrwTUzaO5WG/8nKCy8tP/Zvq9E78
Z7JKB3G7o4CubIqYDX/hmG66fxMF9/lzVYGrnSQi/HX2O8ygG+WI9Au3HOh2H7ZU
eLcfkY30Nc4c3RqHnF+vq0joEO6sM6GHae62Xws+r7QJYeDURDYnavsCnJ9YzDdr
tUuyhmpZpLEu3zYEp9vznzCHP0BGe1GxK4vp8Z+S8kx2sED4AD1DnX9LGyg1Ey0r
OUtsHJU1UDKWJ1HBYlScT/140kIb7p0ArIRkney4bFIbTOWJzes/v/yim3Erie+1
rD618NxW7HmS7yfNbyAP+mttXhYEsgnHVEcsmLo7uCpMrkg3Xvnf
-----END CERTIFICATE-----