Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/xhI4qIsQt0Hiz5XjDxA2PWIr5gg.roa
File:                     xhI4qIsQt0Hiz5XjDxA2PWIr5gg.roa (raw, json)
Hash identifier:          b0rVKlLa/g3KHMhYT9O8ke7h3Nb3X0ON5pQZNWIusP4=
Subject key identifier:   C6:12:38:A8:8B:10:B7:41:E2:CF:95:E3:0F:10:36:3D:62:2B:E6:08
Certificate issuer:       /CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
Certificate serial:       01942748A1356FDC1B8B6AC6D2137C1AD727
Authority key identifier: 1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/xhI4qIsQt0Hiz5XjDxA2PWIr5gg.roa
Signing time:             Thu 02 Jan 2025 13:50:58 +0000
ROA not before:           Thu 02 Jan 2025 13:50:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215147
IP address blocks:        45.151.56.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:a1:35:6f:dc:1b:8b:6a:c6:d2:13:7c:1a:d7:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1b0415bfc43b38e9cfd1a12995202e8763752fde
        Validity
            Not Before: Jan  2 13:50:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c61238a88b10b741e2cf95e30f10363d622be608
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:b3:a7:26:0f:25:2d:df:19:9c:39:1d:6f:a4:
                    08:c7:30:d8:3d:79:dc:05:90:4b:20:39:88:1f:21:
                    8e:67:2c:d0:8c:71:4e:4e:4b:fa:bd:6d:77:f4:9d:
                    8c:8b:34:38:f4:b4:4f:b7:ff:a8:96:41:f8:5f:6a:
                    db:ff:94:e5:17:d3:7c:1f:9a:9d:ef:42:b8:0b:53:
                    38:3d:e6:fc:6a:2b:c9:b9:3a:78:81:83:b2:fd:9b:
                    9a:4c:7b:f2:5e:75:30:e0:da:bd:c6:72:4e:2c:54:
                    41:6b:5e:80:7c:4d:b5:4d:50:b9:d8:81:15:58:80:
                    85:a6:61:6f:51:2b:0c:87:b9:0c:ad:d1:86:33:32:
                    59:38:a9:36:3c:e6:5c:bf:56:16:81:9b:7f:36:69:
                    58:30:16:4d:96:ee:f6:30:cb:65:f2:1e:01:7c:da:
                    48:d7:a4:fd:e9:49:88:bf:8a:07:8e:6f:c4:47:7d:
                    8c:af:2f:ac:24:54:02:20:b8:3f:fb:6d:08:78:95:
                    92:49:21:5c:1d:a4:90:6e:f9:8f:9e:1a:e4:56:96:
                    4e:8a:15:79:21:46:5c:d5:15:4a:68:8e:2d:cb:c3:
                    9b:44:6a:42:6f:73:75:9d:af:03:3f:8b:ca:29:ce:
                    8b:1a:84:23:88:11:55:7e:c7:14:37:4e:28:66:86:
                    dd:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:12:38:A8:8B:10:B7:41:E2:CF:95:E3:0F:10:36:3D:62:2B:E6:08
            X509v3 Authority Key Identifier:
                keyid:1B:04:15:BF:C4:3B:38:E9:CF:D1:A1:29:95:20:2E:87:63:75:2F:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GwQVv8Q7OOnP0aEplSAuh2N1L94.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/xhI4qIsQt0Hiz5XjDxA2PWIr5gg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/094081-8aeb-42bf-a578-a3ca0db83254/1/GwQVv8Q7OOnP0aEplSAuh2N1L94.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:7c:3b:a2:2a:d8:1a:17:99:6e:87:da:80:96:3e:85:5b:a2:
         58:af:2d:3e:7f:0b:54:d2:55:c6:52:88:31:2d:ca:50:e6:d1:
         22:ee:54:bc:68:c3:25:b3:c3:c0:48:b9:e9:d4:08:79:85:9d:
         33:8e:1f:4e:d1:73:8f:74:28:ee:58:b0:4e:30:a4:30:9c:01:
         c4:93:c4:6c:d2:3c:7e:58:0f:cf:a0:b1:99:32:41:ad:ca:c1:
         34:33:65:0b:b4:40:4d:7f:62:ee:20:0c:b8:7f:85:85:02:0f:
         43:2b:78:ba:d1:3b:86:77:b1:d8:cf:8f:53:2a:4a:7f:0f:ab:
         5d:c9:5e:2c:d5:fa:74:ee:bc:59:4e:b3:11:2b:45:51:6a:cc:
         30:d4:ff:a0:d1:0d:a3:69:b3:10:67:45:8e:39:5b:c5:b1:0f:
         b9:37:e7:b0:15:dc:d1:7d:8c:e4:86:e1:37:f2:9a:43:f6:2c:
         10:36:a3:98:c8:76:2b:4c:be:e5:5e:ec:8d:de:5c:a7:50:1b:
         47:63:f1:52:3c:84:21:44:1f:f6:df:43:4e:b1:b9:35:f5:1f:
         f2:30:23:43:bf:36:75:70:91:40:07:d0:d9:0d:3a:ce:1c:da:
         bd:60:ab:15:d8:dd:58:a5:03:df:52:b6:b3:4b:cf:90:8e:d2:
         42:31:4c:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSKE1b9wbi2rG0hN8GtcnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiMDQxNWJmYzQzYjM4ZTljZmQxYTEyOTk1MjAyZTg3NjM3
NTJmZGUwHhcNMjUwMTAyMTM1MDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjEyMzhhODhiMTBiNzQxZTJjZjk1ZTMwZjEwMzYzZDYyMmJlNjA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA87OnJg8lLd8ZnDkdb6QIxzDYPXnc
BZBLIDmIHyGOZyzQjHFOTkv6vW139J2MizQ49LRPt/+olkH4X2rb/5TlF9N8H5qd
70K4C1M4Peb8aivJuTp4gYOy/ZuaTHvyXnUw4Nq9xnJOLFRBa16AfE21TVC52IEV
WICFpmFvUSsMh7kMrdGGMzJZOKk2POZcv1YWgZt/NmlYMBZNlu72MMtl8h4BfNpI
16T96UmIv4oHjm/ER32Mry+sJFQCILg/+20IeJWSSSFcHaSQbvmPnhrkVpZOihV5
IUZc1RVKaI4ty8ObRGpCb3N1na8DP4vKKc6LGoQjiBFVfscUN04oZobdnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMYSOKiLELdB4s+V4w8QNj1iK+YIMB8GA1UdIwQY
MBaAFBsEFb/EOzjpz9GhKZUgLodjdS/eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1Nzgt
YTNjYTBkYjgzMjU0LzEveGhJNHFJc1F0MEhpejVYakR4QTJQV0lyNWdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi8wOTQwODEtOGFlYi00MmJmLWE1NzgtYTNjYTBkYjgzMjU0
LzEvR3dRVnY4UTdPT25QMGFFcGxTQXVoMk4xTDk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZc4MA0G
CSqGSIb3DQEBCwUAA4IBAQAjfDuiKtgaF5luh9qAlj6FW6JYry0+fwtU0lXGUogx
LcpQ5tEi7lS8aMMls8PASLnp1Ah5hZ0zjh9O0XOPdCjuWLBOMKQwnAHEk8Rs0jx+
WA/PoLGZMkGtysE0M2ULtEBNf2LuIAy4f4WFAg9DK3i60TuGd7HYz49TKkp/D6td
yV4s1fp07rxZTrMRK0VRasww1P+g0Q2jabMQZ0WOOVvFsQ+5N+ewFdzRfYzkhuE3
8ppD9iwQNqOYyHYrTL7lXuyN3lynUBtHY/FSPIQhRB/230NOsbk19R/yMCNDvzZ1
cJFAB9DZDTrOHNq9YKsV2N1YpQPfUrazS8+QjtJCMUxt
-----END CERTIFICATE-----