Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/2ea594-a2ca-4ffa-89ee-8921b0559e90/1/fOC0mLVVaWFlMUvT0z_PddjsHw8.roa
File:                     fOC0mLVVaWFlMUvT0z_PddjsHw8.roa (raw, json)
Hash identifier:          BmfmQSKAMKow/2vkZFChgOrrtOQvA5Kh+ohq4iFZyJg=
Subject key identifier:   7C:E0:B4:98:B5:55:69:61:65:31:4B:D3:D3:3F:CF:75:D8:EC:1F:0F
Certificate issuer:       /CN=744dd3afd7cce7ce00a9eac67e0bca99beb729aa
Certificate serial:       019422FBF8C8AB2EB2538C458E6EDFA09B0D
Authority key identifier: 74:4D:D3:AF:D7:CC:E7:CE:00:A9:EA:C6:7E:0B:CA:99:BE:B7:29:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dE3Tr9fM584AqerGfgvKmb63Kao.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/2ea594-a2ca-4ffa-89ee-8921b0559e90/1/fOC0mLVVaWFlMUvT0z_PddjsHw8.roa
Signing time:             Wed 01 Jan 2025 17:48:46 +0000
ROA not before:           Wed 01 Jan 2025 17:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197922
IP address blocks:        45.81.84.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/2ea594-a2ca-4ffa-89ee-8921b0559e90/1/dE3Tr9fM584AqerGfgvKmb63Kao.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/2ea594-a2ca-4ffa-89ee-8921b0559e90/1/dE3Tr9fM584AqerGfgvKmb63Kao.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dE3Tr9fM584AqerGfgvKmb63Kao.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:f8:c8:ab:2e:b2:53:8c:45:8e:6e:df:a0:9b:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=744dd3afd7cce7ce00a9eac67e0bca99beb729aa
        Validity
            Not Before: Jan  1 17:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7ce0b498b555696165314bd3d33fcf75d8ec1f0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c6:2f:52:16:84:ea:30:b8:35:51:da:15:58:
                    2b:f5:61:ec:7e:1d:44:5b:4a:c5:57:79:75:e6:47:
                    c2:55:15:7c:53:25:3e:e3:95:25:06:46:47:1c:cb:
                    25:2f:16:9c:ae:a8:2a:bb:f5:e8:d0:5b:35:bc:ed:
                    1b:ee:f5:6d:65:37:33:31:ae:d7:87:99:8f:a3:b4:
                    0c:1c:c6:de:9d:e3:f5:17:20:7e:b3:f7:70:44:58:
                    61:81:eb:ac:c5:1e:3d:c3:83:96:e9:57:15:02:56:
                    9f:3f:64:1e:78:9a:10:c5:b4:a1:27:8b:9b:60:26:
                    a4:d3:a3:09:d4:82:97:71:90:48:3f:cf:fe:9b:a9:
                    c3:9e:f1:8f:dd:47:e0:29:38:3e:f6:84:c8:95:6f:
                    47:c7:be:b9:61:6a:0e:1a:f2:0f:8b:77:00:4e:8c:
                    6c:2c:b5:9d:bc:fd:1f:07:01:e1:d0:86:83:97:45:
                    f9:fe:99:b4:fb:b2:d0:55:44:8a:0c:5d:40:52:9a:
                    23:53:36:21:14:f3:a2:0c:6e:10:57:9f:4d:d5:67:
                    cc:b5:7f:b6:a2:ed:56:64:fa:4b:05:6d:b3:b9:3d:
                    ab:43:94:34:be:f2:55:51:4c:b6:92:bb:c0:ce:ef:
                    94:81:82:47:a2:7d:12:62:f8:8a:a5:27:e2:b8:48:
                    be:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:E0:B4:98:B5:55:69:61:65:31:4B:D3:D3:3F:CF:75:D8:EC:1F:0F
            X509v3 Authority Key Identifier:
                keyid:74:4D:D3:AF:D7:CC:E7:CE:00:A9:EA:C6:7E:0B:CA:99:BE:B7:29:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dE3Tr9fM584AqerGfgvKmb63Kao.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/2ea594-a2ca-4ffa-89ee-8921b0559e90/1/fOC0mLVVaWFlMUvT0z_PddjsHw8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/2ea594-a2ca-4ffa-89ee-8921b0559e90/1/dE3Tr9fM584AqerGfgvKmb63Kao.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.81.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ca:5c:28:d3:63:35:db:4d:bc:c2:03:8d:06:23:75:67:c2:be:
         8f:da:ff:06:a7:ad:7d:83:a8:19:39:62:9b:c7:e7:51:6d:5b:
         81:02:2e:8c:c0:8e:02:d0:81:1b:18:4e:03:90:6a:4a:76:29:
         2f:0d:49:62:a6:a4:b5:fe:5b:52:96:7d:3d:f6:84:73:80:d4:
         90:34:26:d2:56:60:3d:b7:e9:96:65:61:58:d0:bb:9f:df:f3:
         4b:db:53:36:9f:ad:1f:15:b6:16:52:30:7d:43:55:1d:19:5b:
         63:bc:64:b7:fa:57:60:d8:74:0c:8d:1e:e9:1b:a6:e7:4a:2a:
         d4:b9:10:7f:7d:46:43:20:02:db:99:0a:fa:e4:73:e3:9e:54:
         80:31:9c:73:66:0a:24:eb:4a:a1:94:60:30:b8:17:72:38:b6:
         96:0f:77:64:15:07:e8:e8:3b:c5:b8:13:eb:98:28:22:52:b4:
         a4:3e:38:88:4f:03:fb:94:fb:0b:ea:39:86:77:53:cf:4f:f9:
         4f:b7:ee:8e:d9:1e:22:49:7c:3b:6c:7b:42:0c:26:28:f8:b0:
         01:2b:32:b5:5e:e0:0b:2d:3e:49:bb:6d:74:44:bd:d4:f1:c7:
         03:c4:a9:d2:2d:3b:db:4c:a9:24:2e:86:63:f5:c4:8b:53:53:
         ef:9d:70:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+/jIqy6yU4xFjm7foJsNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NGRkM2FmZDdjY2U3Y2UwMGE5ZWFjNjdlMGJjYTk5YmVi
NzI5YWEwHhcNMjUwMTAxMTc0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Y2UwYjQ5OGI1NTU2OTYxNjUzMTRiZDNkMzNmY2Y3NWQ4ZWMxZjBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusYvUhaE6jC4NVHaFVgr9WHsfh1E
W0rFV3l15kfCVRV8UyU+45UlBkZHHMslLxacrqgqu/Xo0Fs1vO0b7vVtZTczMa7X
h5mPo7QMHMbeneP1FyB+s/dwRFhhgeusxR49w4OW6VcVAlafP2QeeJoQxbShJ4ub
YCak06MJ1IKXcZBIP8/+m6nDnvGP3UfgKTg+9oTIlW9Hx765YWoOGvIPi3cAToxs
LLWdvP0fBwHh0IaDl0X5/pm0+7LQVUSKDF1AUpojUzYhFPOiDG4QV59N1WfMtX+2
ou1WZPpLBW2zuT2rQ5Q0vvJVUUy2krvAzu+UgYJHon0SYviKpSfiuEi+lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHzgtJi1VWlhZTFL09M/z3XY7B8PMB8GA1UdIwQY
MBaAFHRN06/XzOfOAKnqxn4Lypm+tymqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEUzVHI5Zk01ODRBcWVyR2ZndkttYjYzS2FvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC8yZWE1OTQtYTJjYS00ZmZhLTg5ZWUt
ODkyMWIwNTU5ZTkwLzEvZk9DMG1MVlZhV0ZsTVV2VDB6X1BkZGpzSHc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC8yZWE1OTQtYTJjYS00ZmZhLTg5ZWUtODkyMWIwNTU5ZTkw
LzEvZEUzVHI5Zk01ODRBcWVyR2ZndkttYjYzS2FvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVFUMA0G
CSqGSIb3DQEBCwUAA4IBAQDKXCjTYzXbTbzCA40GI3Vnwr6P2v8Gp619g6gZOWKb
x+dRbVuBAi6MwI4C0IEbGE4DkGpKdikvDUlipqS1/ltSln099oRzgNSQNCbSVmA9
t+mWZWFY0Luf3/NL21M2n60fFbYWUjB9Q1UdGVtjvGS3+ldg2HQMjR7pG6bnSirU
uRB/fUZDIALbmQr65HPjnlSAMZxzZgok60qhlGAwuBdyOLaWD3dkFQfo6DvFuBPr
mCgiUrSkPjiITwP7lPsL6jmGd1PPT/lPt+6O2R4iSXw7bHtCDCYo+LABKzK1XuAL
LT5Ju210RL3U8ccDxKnSLTvbTKkkLoZj9cSLU1PvnXDK
-----END CERTIFICATE-----