Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/9cU04mvRvFgaah5DiDi0s15gZuQ.roa
File:                     9cU04mvRvFgaah5DiDi0s15gZuQ.roa (raw, json)
Hash identifier:          784hHOn8vcz53y3rpBapaHSJ8PnVw21U9hVaizMMphw=
Subject key identifier:   F5:C5:34:E2:6B:D1:BC:58:1A:6A:1E:43:88:38:B4:B3:5E:60:66:E4
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019422FBC82858AC4B7E00E5194120104B5B
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/9cU04mvRvFgaah5DiDi0s15gZuQ.roa
Signing time:             Wed 01 Jan 2025 17:48:33 +0000
ROA not before:           Wed 01 Jan 2025 17:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215761
IP address blocks:        45.138.183.0/24 maxlen: 24
                          45.144.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:c8:28:58:ac:4b:7e:00:e5:19:41:20:10:4b:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Jan  1 17:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f5c534e26bd1bc581a6a1e438838b4b35e6066e4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:f7:e7:1b:68:94:3e:b8:5c:89:e8:44:cb:1d:
                    f9:f2:72:30:18:8b:f6:b6:3a:ed:b3:72:41:ec:4f:
                    9f:dd:3f:d5:1d:52:36:d3:9f:05:e5:52:c0:fc:a8:
                    23:ff:2b:a1:95:c5:d6:58:34:d5:0a:67:7c:da:8d:
                    79:02:54:83:a6:78:b7:0a:38:f4:de:c6:c8:f0:82:
                    55:93:74:57:82:ce:2a:32:e6:6e:d5:0b:24:30:4d:
                    07:31:5a:8a:fc:68:f5:c1:7b:10:40:d6:e9:f0:5e:
                    a3:82:35:40:66:ed:dc:dd:2a:5d:c7:55:23:4c:6c:
                    a3:12:b1:5b:04:0e:23:73:c4:60:63:6c:59:a9:78:
                    f5:a9:c0:9a:c2:c6:75:74:33:b4:70:af:4e:51:2d:
                    18:91:cc:a8:ae:09:f1:0f:d0:25:f6:36:58:35:74:
                    8d:79:15:8b:51:5b:95:00:cf:ba:23:97:98:5a:ec:
                    1c:ff:4f:a9:65:78:95:c1:f6:e7:33:1e:24:d9:a5:
                    7b:e9:b5:38:91:42:f3:bc:11:1d:c2:9c:79:d8:9f:
                    bd:4c:f1:43:7c:3d:58:d0:b9:94:e2:c9:e0:a7:98:
                    4c:ef:e9:ff:d0:7d:8e:43:7d:04:07:15:1d:47:a3:
                    6a:ef:09:b5:71:1b:fa:2e:cd:61:01:e8:62:47:3f:
                    f0:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:C5:34:E2:6B:D1:BC:58:1A:6A:1E:43:88:38:B4:B3:5E:60:66:E4
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/9cU04mvRvFgaah5DiDi0s15gZuQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.138.183.0/24
                  45.144.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:5e:45:6a:0d:ca:34:ff:93:69:48:aa:44:7d:12:b5:d7:ee:
         7b:8f:94:b5:87:b6:31:4c:d2:ab:1d:f9:2e:46:c3:c4:6c:fe:
         e3:aa:56:53:9a:70:ee:02:7d:22:6a:b4:b5:c1:b5:f3:24:d0:
         3b:aa:28:4b:be:e5:3f:2b:60:1f:3c:f2:ac:2f:f9:57:fc:58:
         23:31:71:21:bd:47:29:38:77:4b:53:6a:36:0a:f3:c9:73:36:
         7e:ee:5f:ad:27:f9:72:d1:d0:6a:f2:93:c3:f2:b1:18:32:35:
         1b:1b:ad:e0:85:ac:8b:0a:88:2c:21:f6:69:16:84:a6:88:ab:
         0d:e0:b6:c7:73:6c:c8:67:7a:89:b8:d0:85:d4:e6:c5:78:0f:
         e1:2a:ce:81:68:ab:83:41:03:2b:04:88:76:6b:34:77:67:52:
         cd:5e:b7:8f:a8:80:20:92:05:a4:66:ec:16:93:19:7f:ff:99:
         4c:93:c8:7f:7e:fc:03:aa:55:72:69:9a:ba:73:16:1b:5f:34:
         e6:28:9a:c9:35:be:c1:3f:2d:4f:5d:f3:6f:e8:d8:35:30:58:
         b6:4a:8f:05:d6:54:54:11:98:34:9d:dc:77:00:d3:93:36:94:
         11:32:d4:9d:03:a7:d3:fd:e9:b7:d7:20:4b:93:72:db:58:73:
         31:f9:31:f6
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+8goWKxLfgDlGUEgEEtbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwMTAxMTc0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNWM1MzRlMjZiZDFiYzU4MWE2YTFlNDM4ODM4YjRiMzVlNjA2NmU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9PfnG2iUPrhciehEyx358nIwGIv2
tjrts3JB7E+f3T/VHVI2058F5VLA/Kgj/yuhlcXWWDTVCmd82o15AlSDpni3Cjj0
3sbI8IJVk3RXgs4qMuZu1QskME0HMVqK/Gj1wXsQQNbp8F6jgjVAZu3c3Spdx1Uj
TGyjErFbBA4jc8RgY2xZqXj1qcCawsZ1dDO0cK9OUS0YkcyorgnxD9Al9jZYNXSN
eRWLUVuVAM+6I5eYWuwc/0+pZXiVwfbnMx4k2aV76bU4kULzvBEdwpx52J+9TPFD
fD1Y0LmU4sngp5hM7+n/0H2OQ30EBxUdR6Nq7wm1cRv6Ls1hAehiRz/wvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPXFNOJr0bxYGmoeQ4g4tLNeYGbkMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvOWNVMDRtdlJ2RmdhYWg1RGlEaTBzMTVnWnVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYq3AwQA
LZDWMA0GCSqGSIb3DQEBCwUAA4IBAQCnXkVqDco0/5NpSKpEfRK11+57j5S1h7Yx
TNKrHfkuRsPEbP7jqlZTmnDuAn0iarS1wbXzJNA7qihLvuU/K2AfPPKsL/lX/Fgj
MXEhvUcpOHdLU2o2CvPJczZ+7l+tJ/ly0dBq8pPD8rEYMjUbG63ghayLCogsIfZp
FoSmiKsN4LbHc2zIZ3qJuNCF1ObFeA/hKs6BaKuDQQMrBIh2azR3Z1LNXrePqIAg
kgWkZuwWkxl//5lMk8h/fvwDqlVyaZq6cxYbXzTmKJrJNb7BPy1PXfNv6Ng1MFi2
So8F1lRUEZg0ndx3ANOTNpQRMtSdA6fT/em31yBLk3LbWHMx+TH2
-----END CERTIFICATE-----