Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/afb7f2-55d2-49e5-8659-4a82cdd4b1a0/1/kBzABSrJTYuMHuIB-cAWqOKOwxo.roa
File:                     kBzABSrJTYuMHuIB-cAWqOKOwxo.roa (raw, json)
Hash identifier:          Xo9goahQUE24SfaWYUzhm7qDfthcz3m4/YrZsayav+4=
Subject key identifier:   90:1C:C0:05:2A:C9:4D:8B:8C:1E:E2:01:F9:C0:16:A8:E2:8E:C3:1A
Certificate issuer:       /CN=530841e82aa46d9959fc7811b25795c56cd50608
Certificate serial:       019421B2286F296EA4D3977B30555F578F11
Authority key identifier: 53:08:41:E8:2A:A4:6D:99:59:FC:78:11:B2:57:95:C5:6C:D5:06:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UwhB6CqkbZlZ_HgRsleVxWzVBgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/afb7f2-55d2-49e5-8659-4a82cdd4b1a0/1/kBzABSrJTYuMHuIB-cAWqOKOwxo.roa
Signing time:             Wed 01 Jan 2025 11:48:31 +0000
ROA not before:           Wed 01 Jan 2025 11:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59780
IP address blocks:        45.12.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/afb7f2-55d2-49e5-8659-4a82cdd4b1a0/1/UwhB6CqkbZlZ_HgRsleVxWzVBgg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/afb7f2-55d2-49e5-8659-4a82cdd4b1a0/1/UwhB6CqkbZlZ_HgRsleVxWzVBgg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UwhB6CqkbZlZ_HgRsleVxWzVBgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:28:6f:29:6e:a4:d3:97:7b:30:55:5f:57:8f:11
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=530841e82aa46d9959fc7811b25795c56cd50608
        Validity
            Not Before: Jan  1 11:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=901cc0052ac94d8b8c1ee201f9c016a8e28ec31a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:7c:63:58:fb:1a:35:26:ea:e0:83:11:82:eb:
                    87:5b:ad:eb:4a:93:56:99:39:5e:2c:7d:48:d0:4c:
                    12:c6:b5:02:66:78:26:6b:bd:a5:07:1d:f2:80:2a:
                    cd:b2:ef:76:d0:94:71:2d:3f:32:5f:17:b7:c8:c7:
                    d2:5a:f2:b9:47:40:2e:4e:30:4d:3e:d5:3c:14:46:
                    9b:43:75:92:fb:10:25:ab:1f:52:2f:6b:06:e1:4d:
                    e5:98:29:96:3d:c1:23:7c:dd:eb:ae:8d:f9:97:1c:
                    a6:d5:c1:5f:e6:fd:a8:06:49:60:1c:ed:7d:d2:9a:
                    3c:4e:59:7b:53:17:8a:aa:95:66:42:c5:56:02:48:
                    a8:a4:31:f0:e6:13:4c:47:13:cd:2b:99:29:93:18:
                    ca:98:52:9b:cd:37:27:23:56:4d:73:6b:88:63:08:
                    ca:51:19:99:fd:cd:cb:fd:9e:bd:70:74:1d:10:8c:
                    ce:00:0d:15:ad:af:07:7d:f4:b3:54:24:c0:69:0b:
                    b4:a6:8f:78:02:d8:29:3f:41:38:dd:01:75:8b:ac:
                    9c:0f:79:85:0c:6a:3c:83:6a:fe:e9:69:ee:ee:6a:
                    46:c9:f3:48:a4:cc:93:96:e7:a7:fc:54:9c:cf:49:
                    b7:1b:40:99:79:e5:cf:55:df:69:90:c8:0b:66:de:
                    64:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:1C:C0:05:2A:C9:4D:8B:8C:1E:E2:01:F9:C0:16:A8:E2:8E:C3:1A
            X509v3 Authority Key Identifier:
                keyid:53:08:41:E8:2A:A4:6D:99:59:FC:78:11:B2:57:95:C5:6C:D5:06:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UwhB6CqkbZlZ_HgRsleVxWzVBgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/afb7f2-55d2-49e5-8659-4a82cdd4b1a0/1/kBzABSrJTYuMHuIB-cAWqOKOwxo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/afb7f2-55d2-49e5-8659-4a82cdd4b1a0/1/UwhB6CqkbZlZ_HgRsleVxWzVBgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.12.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         85:fe:b5:b8:f1:b2:11:3b:29:77:75:37:af:59:da:82:6e:69:
         b0:eb:16:a5:e6:1e:8f:e4:4e:81:dd:76:40:8d:2c:c7:e3:b6:
         2b:a4:1f:92:1f:a4:9f:d6:48:e2:74:00:18:19:a8:cf:bc:3c:
         73:5f:17:29:4a:f6:ce:27:ed:4b:84:93:bf:18:8d:41:9d:06:
         9b:b5:66:56:c1:bd:1b:8c:9b:06:d7:8e:29:60:20:2e:7e:28:
         8c:17:39:bb:4c:85:9b:b1:59:cf:93:52:ba:ad:22:e3:9f:0f:
         2e:59:90:a8:d3:3d:b8:ed:54:ac:62:00:7d:cc:b5:50:48:91:
         16:58:9c:d7:8a:c6:a3:a4:a4:cd:da:64:50:d2:92:81:63:94:
         ff:8a:af:a2:65:f5:98:27:fc:11:d9:fd:cc:d0:73:a0:f1:bd:
         74:1b:f2:17:08:da:68:59:b6:c6:72:1f:23:fc:9c:0d:80:9c:
         63:a0:34:62:40:34:13:54:90:2e:0d:61:3b:be:2c:33:d4:ef:
         24:bf:3f:15:5e:da:04:ab:3e:db:c6:7f:34:66:88:be:ca:c3:
         46:f1:f7:8e:29:b8:f1:4e:f9:a8:df:17:53:fc:45:e7:3d:e0:
         a9:6b:18:5a:6b:6c:44:1f:a3:2e:1e:4c:b2:81:5f:f3:27:5f:
         52:47:26:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsihvKW6k05d7MFVfV48RMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzMDg0MWU4MmFhNDZkOTk1OWZjNzgxMWIyNTc5NWM1NmNk
NTA2MDgwHhcNMjUwMTAxMTE0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDFjYzAwNTJhYzk0ZDhiOGMxZWUyMDFmOWMwMTZhOGUyOGVjMzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsnxjWPsaNSbq4IMRguuHW63rSpNW
mTleLH1I0EwSxrUCZngma72lBx3ygCrNsu920JRxLT8yXxe3yMfSWvK5R0AuTjBN
PtU8FEabQ3WS+xAlqx9SL2sG4U3lmCmWPcEjfN3rro35lxym1cFf5v2oBklgHO19
0po8Tll7UxeKqpVmQsVWAkiopDHw5hNMRxPNK5kpkxjKmFKbzTcnI1ZNc2uIYwjK
URmZ/c3L/Z69cHQdEIzOAA0Vra8HffSzVCTAaQu0po94AtgpP0E43QF1i6ycD3mF
DGo8g2r+6Wnu7mpGyfNIpMyTluen/FScz0m3G0CZeeXPVd9pkMgLZt5krQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJAcwAUqyU2LjB7iAfnAFqjijsMaMB8GA1UdIwQY
MBaAFFMIQegqpG2ZWfx4EbJXlcVs1QYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXdoQjZDcWtiWmxaX0hnUnNsZVZ4V3pWQmdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC9hZmI3ZjItNTVkMi00OWU1LTg2NTkt
NGE4MmNkZDRiMWEwLzEva0J6QUJTckpUWXVNSHVJQi1jQVdxT0tPd3hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC9hZmI3ZjItNTVkMi00OWU1LTg2NTktNGE4MmNkZDRiMWEw
LzEvVXdoQjZDcWtiWmxaX0hnUnNsZVZ4V3pWQmdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQx0MA0G
CSqGSIb3DQEBCwUAA4IBAQCF/rW48bIROyl3dTevWdqCbmmw6xal5h6P5E6B3XZA
jSzH47YrpB+SH6Sf1kjidAAYGajPvDxzXxcpSvbOJ+1LhJO/GI1BnQabtWZWwb0b
jJsG144pYCAufiiMFzm7TIWbsVnPk1K6rSLjnw8uWZCo0z247VSsYgB9zLVQSJEW
WJzXisajpKTN2mRQ0pKBY5T/iq+iZfWYJ/wR2f3M0HOg8b10G/IXCNpoWbbGch8j
/JwNgJxjoDRiQDQTVJAuDWE7viwz1O8kvz8VXtoEqz7bxn80Zoi+ysNG8feOKbjx
Tvmo3xdT/EXnPeCpaxhaa2xEH6MuHkyygV/zJ19SRyZ2
-----END CERTIFICATE-----