Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/1-HePaXJiClEhHOw237Wa73vaFTc.roa
File:                     1-HePaXJiClEhHOw237Wa73vaFTc.roa (raw, json)
Hash identifier:          4PUKfjaEAzPB9R2XBWxJhNfJbqqZiV/WF7YuGVgHgMI=
Subject key identifier:   F8:77:8F:69:72:62:0A:51:21:1C:EC:36:DF:B5:9A:EF:7B:DA:15:37
Certificate issuer:       /CN=d39123880f427446d5ff07cef9633e86dc49198d
Certificate serial:       019427B51C4D5931725AABA10E58D267DFF5
Authority key identifier: D3:91:23:88:0F:42:74:46:D5:FF:07:CE:F9:63:3E:86:DC:49:19:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/05EjiA9CdEbV_wfO-WM-htxJGY0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/1-HePaXJiClEhHOw237Wa73vaFTc.roa
Signing time:             Thu 02 Jan 2025 15:49:28 +0000
ROA not before:           Thu 02 Jan 2025 15:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210792
IP address blocks:        45.153.76.0/22 maxlen: 22
                          158.255.79.0/24 maxlen: 24
                          2a11:ba80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/05EjiA9CdEbV_wfO-WM-htxJGY0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/05EjiA9CdEbV_wfO-WM-htxJGY0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/05EjiA9CdEbV_wfO-WM-htxJGY0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:1c:4d:59:31:72:5a:ab:a1:0e:58:d2:67:df:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d39123880f427446d5ff07cef9633e86dc49198d
        Validity
            Not Before: Jan  2 15:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f8778f6972620a51211cec36dfb59aef7bda1537
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:5c:1a:a4:c7:21:52:67:5a:21:4a:ee:32:b8:
                    5f:63:e3:67:5f:0e:72:65:db:9b:e4:75:ad:a2:b7:
                    15:00:90:b4:31:e4:dc:ac:9b:06:6a:11:e5:c6:ac:
                    4a:e2:c3:22:a1:7c:73:ff:99:a1:6c:4e:d2:b3:b9:
                    ab:dc:aa:0f:57:a0:74:c6:67:2e:09:30:10:3b:80:
                    09:1f:03:1f:01:65:ba:31:a9:23:01:f1:89:4c:1a:
                    01:dc:a6:8b:82:fa:90:97:d9:29:e3:f0:a8:84:70:
                    9e:7d:df:94:95:e3:58:ba:ff:84:48:09:8d:61:b4:
                    c3:5d:95:2a:3f:05:92:dd:c3:11:76:f9:83:4e:4c:
                    a6:a1:72:88:db:35:65:36:4b:69:60:09:4a:d9:fa:
                    1c:db:96:69:e1:21:33:a7:42:9e:f0:e0:67:0c:db:
                    81:05:78:21:6f:d1:fa:af:6b:d8:e2:1c:05:df:c9:
                    59:bb:c5:43:2a:e5:19:dd:aa:6b:96:92:25:91:76:
                    b2:b0:99:1e:32:44:73:bb:9a:95:85:4a:1b:19:e5:
                    ab:1d:53:ee:c3:be:a4:1d:61:e7:d8:31:80:e5:7a:
                    81:fe:41:26:aa:c1:6c:8e:a7:08:96:27:d6:b2:b7:
                    58:2c:80:19:6f:ea:52:f7:c0:54:c7:82:34:d8:c0:
                    28:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:77:8F:69:72:62:0A:51:21:1C:EC:36:DF:B5:9A:EF:7B:DA:15:37
            X509v3 Authority Key Identifier:
                keyid:D3:91:23:88:0F:42:74:46:D5:FF:07:CE:F9:63:3E:86:DC:49:19:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/05EjiA9CdEbV_wfO-WM-htxJGY0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/1-HePaXJiClEhHOw237Wa73vaFTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/661b84-114d-4929-b684-cca0ad2685ca/1/05EjiA9CdEbV_wfO-WM-htxJGY0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.153.76.0/22
                  158.255.79.0/24
                IPv6:
                  2a11:ba80::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:e7:07:0c:5d:cc:71:d2:18:9f:72:69:12:f5:6e:30:b5:3e:
         9f:c8:6b:6d:c2:d8:09:ad:95:50:49:34:fc:ad:c1:a7:b9:5b:
         57:42:7a:1e:07:f1:41:56:1b:c8:d8:47:72:ef:ab:b9:d6:6c:
         92:3b:0a:c5:ba:05:14:52:0b:0e:2c:c2:70:af:5c:48:51:be:
         12:2c:b5:07:1b:48:c4:06:c0:74:71:1f:01:ff:5a:c4:c3:e8:
         3d:c8:0d:1a:ec:24:c3:fa:44:e4:7d:1e:d7:4b:59:72:e6:7f:
         9a:82:8e:bf:f8:dc:4f:d9:ea:2f:37:f5:5d:8a:74:cd:e5:af:
         a4:32:6b:51:35:68:4c:d1:2d:2a:ba:7e:55:94:36:96:e4:7f:
         96:8e:8a:43:3e:cd:f9:3b:d3:31:b6:df:79:27:50:a7:65:5c:
         52:f2:d3:9e:87:b8:d5:8a:d2:a1:30:73:a0:f3:69:8d:40:1f:
         b2:b0:ce:42:9a:b1:77:af:e8:cf:15:3a:14:d4:70:99:f0:3e:
         50:e3:04:ee:f6:45:e7:fa:77:47:c8:4c:85:50:a6:8e:a9:82:
         de:70:cd:73:c5:58:6b:5a:bf:a6:d0:08:70:cb:65:bd:bf:04:
         39:6a:86:84:57:bf:05:2f:5a:65:53:ae:2a:81:6d:cc:48:d5:
         ea:0e:8d:2d
-----BEGIN CERTIFICATE-----
MIIFEzCCA/ugAwIBAgISAZQntRxNWTFyWquhDljSZ9/1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzOTEyMzg4MGY0Mjc0NDZkNWZmMDdjZWY5NjMzZTg2ZGM0
OTE5OGQwHhcNMjUwMTAyMTU0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODc3OGY2OTcyNjIwYTUxMjExY2VjMzZkZmI1OWFlZjdiZGExNTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVwapMchUmdaIUruMrhfY+NnXw5y
Zdub5HWtorcVAJC0MeTcrJsGahHlxqxK4sMioXxz/5mhbE7Ss7mr3KoPV6B0xmcu
CTAQO4AJHwMfAWW6MakjAfGJTBoB3KaLgvqQl9kp4/CohHCefd+UleNYuv+ESAmN
YbTDXZUqPwWS3cMRdvmDTkymoXKI2zVlNktpYAlK2foc25Zp4SEzp0Ke8OBnDNuB
BXghb9H6r2vY4hwF38lZu8VDKuUZ3aprlpIlkXaysJkeMkRzu5qVhUobGeWrHVPu
w76kHWHn2DGA5XqB/kEmqsFsjqcIlifWsrdYLIAZb+pS98BUx4I02MAoPQIDAQAB
o4ICHzCCAhswHQYDVR0OBBYEFPh3j2lyYgpRIRzsNt+1mu972hU3MB8GA1UdIwQY
MBaAFNORI4gPQnRG1f8HzvljPobcSRmNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDVFamlBOUNkRWJWX3dmTy1XTS1odHhKR1kwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS82NjFiODQtMTE0ZC00OTI5LWI2ODQt
Y2NhMGFkMjY4NWNhLzEvMS1IZVBhWEppQ2xFaEhPdzIzN1dhNzN2YUZUYy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTkvNjYxYjg0LTExNGQtNDkyOS1iNjg0LWNjYTBhZDI2ODVj
YS8xLzA1RWppQTlDZEViVl93Zk8tV00taHR4SkdZMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjA0BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEAi2ZTAME
AJ7/TzANBAIAAjAHAwUDKhG6gDANBgkqhkiG9w0BAQsFAAOCAQEARecHDF3McdIY
n3JpEvVuMLU+n8hrbcLYCa2VUEk0/K3Bp7lbV0J6HgfxQVYbyNhHcu+rudZskjsK
xboFFFILDizCcK9cSFG+Eiy1BxtIxAbAdHEfAf9axMPoPcgNGuwkw/pE5H0e10tZ
cuZ/moKOv/jcT9nqLzf1XYp0zeWvpDJrUTVoTNEtKrp+VZQ2luR/lo6KQz7N+TvT
MbbfeSdQp2VcUvLTnoe41YrSoTBzoPNpjUAfsrDOQpqxd6/ozxU6FNRwmfA+UOME
7vZF5/p3R8hMhVCmjqmC3nDNc8VYa1q/ptAIcMtlvb8EOWqGhFe/BS9aZVOuKoFt
zEjV6g6NLQ==
-----END CERTIFICATE-----