Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/7JCpqgsVJrmS5_Wvk71XQjfITQQ.roa
File:                     7JCpqgsVJrmS5_Wvk71XQjfITQQ.roa (raw, json)
Hash identifier:          h8SWwcEb3rZBZFfDtBm8qMIsLsRX2HAHUJGbWjh/RZU=
Subject key identifier:   EC:90:A9:AA:0B:15:26:B9:92:E7:F5:AF:93:BD:57:42:37:C8:4D:04
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       0196E7ABFD5E44244448D31AEADCC824878C
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/7JCpqgsVJrmS5_Wvk71XQjfITQQ.roa
Signing time:             Mon 19 May 2025 08:32:10 +0000
ROA not before:           Mon 19 May 2025 08:32:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214560
IP address blocks:        45.134.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:e7:ab:fd:5e:44:24:44:48:d3:1a:ea:dc:c8:24:87:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: May 19 08:32:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec90a9aa0b1526b992e7f5af93bd574237c84d04
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:ab:af:17:d0:2e:97:a4:7c:97:f6:80:81:ae:
                    1d:e8:4f:6a:78:3b:7a:0c:2a:9a:5d:1b:6f:1a:ae:
                    61:17:a8:d1:68:1f:a4:b2:c3:b1:72:39:5b:df:0b:
                    ae:bd:49:f4:34:e9:a8:e8:ec:5c:1a:e3:b1:95:4c:
                    bc:4f:83:95:33:b9:4b:b5:f8:1b:e9:f0:1f:46:e4:
                    09:0a:b7:6e:b3:01:c4:35:fd:90:4b:37:6a:6a:e4:
                    d0:dc:51:27:db:e9:e2:b3:5b:6f:6b:e7:9f:13:65:
                    19:ac:87:28:7a:12:dc:3f:45:60:90:bd:d6:ab:51:
                    ae:95:ba:81:f3:a7:e9:2e:a4:46:18:78:43:8c:8f:
                    e8:8a:1d:37:95:31:c9:9c:c0:d6:c1:3d:ee:eb:7c:
                    1f:44:32:8e:a8:21:0f:f9:12:73:91:52:a8:ec:b6:
                    c1:3c:fa:2c:2e:2e:27:6a:40:b2:6a:2f:b2:a4:12:
                    ad:cf:d1:6d:2d:6e:a4:04:92:7b:55:c2:75:3c:e0:
                    51:95:8a:c2:29:c5:8f:2f:1f:46:b1:ae:46:ac:34:
                    4b:15:8d:b1:9e:a4:36:96:81:11:eb:f9:a2:06:81:
                    47:b2:3f:27:6a:6d:05:0f:cb:9d:16:03:66:ad:fb:
                    2b:87:fa:36:bc:84:ed:3b:4d:5f:4c:2d:99:e4:50:
                    d5:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:90:A9:AA:0B:15:26:B9:92:E7:F5:AF:93:BD:57:42:37:C8:4D:04
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/7JCpqgsVJrmS5_Wvk71XQjfITQQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.134.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:5e:93:d9:74:bf:d2:f0:df:7c:c2:dc:86:e4:e4:94:3e:cf:
         cd:41:25:44:10:c2:92:79:4c:95:31:dc:53:97:36:0c:94:d8:
         31:1f:4a:98:fd:ed:f4:04:58:af:c0:f9:74:5b:f8:b1:4f:71:
         cb:9c:82:31:78:1d:58:6a:65:0f:9b:72:92:9c:20:90:4b:1d:
         09:57:94:06:77:9a:c2:e0:30:07:a5:16:27:31:7c:9c:f9:0f:
         0d:e2:2f:af:e6:dc:01:4b:32:3c:5d:8a:4b:26:f4:40:e3:4d:
         0a:1c:4a:ac:9e:5d:05:3c:0a:2c:2f:06:81:4c:fe:f4:ea:3a:
         ce:23:e1:40:bf:e7:0b:2b:0b:74:5a:20:15:6e:b4:35:1b:bd:
         95:d7:10:c3:1d:48:3d:10:db:5b:a0:9e:bf:fb:02:d2:06:a8:
         c5:af:45:ac:0e:b7:9d:f3:60:b2:17:12:25:2e:af:43:48:12:
         ab:2a:83:a0:25:ff:5b:09:c0:a1:38:00:91:5f:9d:ad:70:99:
         72:a8:bc:f2:e5:1b:56:7d:d9:a9:7a:22:58:4e:6d:38:6e:bf:
         dc:6c:b2:47:ed:4e:cd:27:6e:f5:79:dc:58:38:d3:0a:fc:05:
         79:2c:66:1b:38:a4:8a:a2:72:e0:8b:83:13:5e:48:1b:c4:59:
         70:2f:92:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbnq/1eRCRESNMa6tzIJIeMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwNTE5MDgzMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzkwYTlhYTBiMTUyNmI5OTJlN2Y1YWY5M2JkNTc0MjM3Yzg0ZDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6uvF9Aul6R8l/aAga4d6E9qeDt6
DCqaXRtvGq5hF6jRaB+kssOxcjlb3wuuvUn0NOmo6OxcGuOxlUy8T4OVM7lLtfgb
6fAfRuQJCrduswHENf2QSzdqauTQ3FEn2+nis1tva+efE2UZrIcoehLcP0VgkL3W
q1GulbqB86fpLqRGGHhDjI/oih03lTHJnMDWwT3u63wfRDKOqCEP+RJzkVKo7LbB
PPosLi4nakCyai+ypBKtz9FtLW6kBJJ7VcJ1POBRlYrCKcWPLx9Gsa5GrDRLFY2x
nqQ2loER6/miBoFHsj8nam0FD8udFgNmrfsrh/o2vITtO01fTC2Z5FDVmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOyQqaoLFSa5kuf1r5O9V0I3yE0EMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvN0pDcHFnc1ZKcm1TNV9Xdms3MVhRamZJVFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYYmMA0G
CSqGSIb3DQEBCwUAA4IBAQCCXpPZdL/S8N98wtyG5OSUPs/NQSVEEMKSeUyVMdxT
lzYMlNgxH0qY/e30BFivwPl0W/ixT3HLnIIxeB1YamUPm3KSnCCQSx0JV5QGd5rC
4DAHpRYnMXyc+Q8N4i+v5twBSzI8XYpLJvRA400KHEqsnl0FPAosLwaBTP706jrO
I+FAv+cLKwt0WiAVbrQ1G72V1xDDHUg9ENtboJ6/+wLSBqjFr0WsDred82CyFxIl
Lq9DSBKrKoOgJf9bCcChOACRX52tcJlyqLzy5RtWfdmpeiJYTm04br/cbLJH7U7N
J271edxYONMK/AV5LGYbOKSKonLgi4MTXkgbxFlwL5KK
-----END CERTIFICATE-----