Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/VB14GVWkI4GMZNatrKBgzDbCqrU.roa
File:                     VB14GVWkI4GMZNatrKBgzDbCqrU.roa (raw, json)
Hash identifier:          qu2YEcfEBeodk8oMDHlvZPDb3Vxbi2HYIPQyaId7a6o=
Subject key identifier:   54:1D:78:19:55:A4:23:81:8C:64:D6:AD:AC:A0:60:CC:36:C2:AA:B5
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       019427489E34447B70CCC80EE2E79CA69604
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/VB14GVWkI4GMZNatrKBgzDbCqrU.roa
Signing time:             Thu 02 Jan 2025 13:50:58 +0000
ROA not before:           Thu 02 Jan 2025 13:50:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212794
IP address blocks:        45.86.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:9e:34:44:7b:70:cc:c8:0e:e2:e7:9c:a6:96:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=541d781955a423818c64d6adaca060cc36c2aab5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:45:5f:45:5e:4e:e4:55:05:95:3f:78:5e:d4:
                    5d:a0:47:a4:6b:87:b4:fb:ae:df:ef:15:e7:cd:c4:
                    61:76:26:8e:18:9f:9b:77:82:98:81:94:e8:29:e7:
                    7a:e5:37:c6:66:89:b7:76:92:f3:cb:4e:ba:6a:e4:
                    75:31:40:8d:8b:95:db:b9:17:84:52:13:3f:9d:fe:
                    86:aa:ae:fd:2a:5a:29:38:6a:26:43:15:96:da:92:
                    53:6c:fd:a1:ae:22:35:38:66:19:93:29:7b:f5:f3:
                    05:ba:f2:80:43:6b:17:4f:56:44:99:2d:29:7d:71:
                    73:35:20:8a:77:1e:37:48:bd:0f:1e:bb:38:b0:68:
                    ff:51:b3:0f:1d:cb:f4:ad:8f:b1:5f:0e:0d:e6:9d:
                    30:7c:33:d6:93:81:6f:3d:f9:70:59:cc:da:5c:8e:
                    0b:98:02:d4:20:b0:ce:f4:52:ac:e6:ab:7e:e0:07:
                    8a:a9:4f:34:99:0e:2b:62:0c:01:fc:c1:4f:cc:56:
                    7e:38:43:03:18:da:26:80:d4:d3:c3:1e:10:82:c5:
                    4f:b2:8f:88:28:0c:2a:f7:2d:9e:4c:d5:0d:72:e9:
                    55:ee:45:73:90:7b:14:d2:75:80:43:7f:c9:9d:c0:
                    58:96:4e:4f:1f:66:75:b7:ae:ab:55:59:e8:33:cf:
                    ca:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:1D:78:19:55:A4:23:81:8C:64:D6:AD:AC:A0:60:CC:36:C2:AA:B5
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/VB14GVWkI4GMZNatrKBgzDbCqrU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.86.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:55:6d:d6:a9:a3:ec:f1:23:f3:08:75:42:5b:8d:91:6a:6d:
         3c:0f:22:11:58:4f:3f:5f:51:49:34:ec:67:da:38:81:c2:18:
         5f:0b:08:8b:53:94:44:9f:1c:34:af:22:97:e4:9b:d4:09:73:
         31:43:10:7a:00:3a:97:70:b7:85:2f:ce:e9:cf:9a:a0:83:cb:
         25:cb:52:6f:0d:f5:9a:f8:5f:8d:aa:6f:a2:e7:cd:75:93:8a:
         02:58:a8:a4:ed:14:2f:18:fa:b4:59:e5:50:dd:e7:c6:83:00:
         9b:cf:e8:6d:ce:98:8f:86:e3:44:7e:8a:0b:4f:4e:4e:b1:c1:
         7f:06:af:1b:82:47:65:16:33:37:a7:19:26:76:a5:db:ea:a8:
         33:7a:c5:1b:80:dc:31:d6:21:9a:3a:f2:2b:2b:bf:0d:c4:d1:
         09:e8:99:c6:f0:46:a5:0f:f7:41:2a:4e:5c:5b:15:01:39:87:
         b5:04:b0:0b:93:a8:72:8a:15:1d:b6:ca:4b:f1:25:07:da:33:
         b1:6f:c5:5e:b8:22:14:f9:21:99:f4:6b:35:92:73:2f:87:48:
         09:de:ff:39:8e:b6:3c:55:a3:d3:75:f2:62:b6:f5:60:e8:15:
         2f:c7:4a:0e:47:c6:7a:a3:f0:06:3c:56:54:27:69:e5:b2:fb:
         30:b2:84:0b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSJ40RHtwzMgO4uecppYEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDFkNzgxOTU1YTQyMzgxOGM2NGQ2YWRhY2EwNjBjYzM2YzJhYWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3EVfRV5O5FUFlT94XtRdoEeka4e0
+67f7xXnzcRhdiaOGJ+bd4KYgZToKed65TfGZom3dpLzy066auR1MUCNi5XbuReE
UhM/nf6Gqq79KlopOGomQxWW2pJTbP2hriI1OGYZkyl79fMFuvKAQ2sXT1ZEmS0p
fXFzNSCKdx43SL0PHrs4sGj/UbMPHcv0rY+xXw4N5p0wfDPWk4FvPflwWczaXI4L
mALUILDO9FKs5qt+4AeKqU80mQ4rYgwB/MFPzFZ+OEMDGNomgNTTwx4QgsVPso+I
KAwq9y2eTNUNculV7kVzkHsU0nWAQ3/JncBYlk5PH2Z1t66rVVnoM8/KAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFQdeBlVpCOBjGTWraygYMw2wqq1MB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEvVkIxNEdWV2tJNEdNWk5hdHJLQmd6RGJDcXJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVaYMA0G
CSqGSIb3DQEBCwUAA4IBAQBZVW3WqaPs8SPzCHVCW42Ram08DyIRWE8/X1FJNOxn
2jiBwhhfCwiLU5REnxw0ryKX5JvUCXMxQxB6ADqXcLeFL87pz5qgg8sly1JvDfWa
+F+Nqm+i5811k4oCWKik7RQvGPq0WeVQ3efGgwCbz+htzpiPhuNEfooLT05OscF/
Bq8bgkdlFjM3pxkmdqXb6qgzesUbgNwx1iGaOvIrK78NxNEJ6JnG8EalD/dBKk5c
WxUBOYe1BLALk6hyihUdtspL8SUH2jOxb8VeuCIU+SGZ9Gs1knMvh0gJ3v85jrY8
VaPTdfJitvVg6BUvx0oOR8Z6o/AGPFZUJ2nlsvswsoQL
-----END CERTIFICATE-----