Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/lsUTyap9w4Y2oLY8ZnktLZStCYQ.roa
File:                     lsUTyap9w4Y2oLY8ZnktLZStCYQ.roa (raw, json)
Hash identifier:          emTi848aQBwWEDQNS5g3zSRylsJAzf0KVP+OaAM5+qE=
Subject key identifier:   96:C5:13:C9:AA:7D:C3:86:36:A0:B6:3C:66:79:2D:2D:94:AD:09:84
Certificate issuer:       /CN=bf84113545d9000760f66062a4221933a2e959d8
Certificate serial:       019422FB634A6A7B8E83957AB5063C327DB6
Authority key identifier: BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/lsUTyap9w4Y2oLY8ZnktLZStCYQ.roa
Signing time:             Wed 01 Jan 2025 17:48:07 +0000
ROA not before:           Wed 01 Jan 2025 17:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200019
IP address blocks:        45.155.53.0/24 maxlen: 24
                          45.155.54.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:63:4a:6a:7b:8e:83:95:7a:b5:06:3c:32:7d:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf84113545d9000760f66062a4221933a2e959d8
        Validity
            Not Before: Jan  1 17:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96c513c9aa7dc38636a0b63c66792d2d94ad0984
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:c5:0d:bd:2b:80:ae:73:e9:54:f1:2d:b5:88:
                    ab:34:1c:0d:2a:44:56:3f:ec:18:0d:af:7c:95:7a:
                    e2:46:ef:2f:8a:eb:5a:91:58:58:5e:cb:e9:ae:f1:
                    0c:d4:6e:56:4b:8e:3b:44:7a:da:b1:9a:7f:7f:60:
                    68:c3:69:cd:41:10:76:9a:60:a9:4a:34:51:74:35:
                    16:e0:01:e1:35:b1:10:13:a7:2e:1d:41:3b:47:4a:
                    02:d8:f7:d4:32:c5:57:44:dd:47:86:7f:c1:25:e5:
                    1a:a9:94:87:cc:8b:dd:5f:9c:be:1c:8b:86:e4:67:
                    78:14:65:be:17:eb:33:52:3d:bc:87:17:3b:5c:e0:
                    18:a2:1d:bf:09:9f:b8:9d:e3:45:e2:d3:b4:5d:6d:
                    0b:70:8d:37:4b:39:50:9a:8f:9e:c2:ab:82:71:e3:
                    6e:ca:df:ef:4a:df:01:4e:43:f6:8e:b2:74:57:3f:
                    7d:97:70:55:e7:d9:a7:20:f6:8b:b7:12:66:a7:c4:
                    a7:c7:51:7c:98:5e:60:87:33:2d:e0:29:98:7e:89:
                    5f:3a:7e:0f:18:4c:41:c8:7e:db:f4:b3:a4:1f:75:
                    93:12:49:87:ad:5d:57:a7:db:b5:ec:ec:ba:44:b6:
                    e8:17:67:d5:a8:eb:6f:9b:1c:94:d1:e4:aa:6d:c1:
                    f4:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:C5:13:C9:AA:7D:C3:86:36:A0:B6:3C:66:79:2D:2D:94:AD:09:84
            X509v3 Authority Key Identifier:
                keyid:BF:84:11:35:45:D9:00:07:60:F6:60:62:A4:22:19:33:A2:E9:59:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4QRNUXZAAdg9mBipCIZM6LpWdg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/lsUTyap9w4Y2oLY8ZnktLZStCYQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/30dc85-2dd8-4b1c-b151-4bd63adc7354/1/v4QRNUXZAAdg9mBipCIZM6LpWdg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.53.0-45.155.54.255

    Signature Algorithm: sha256WithRSAEncryption
         b8:db:f0:38:94:d0:ea:2f:91:df:ba:94:32:a7:a8:e7:d4:f1:
         71:fb:2c:c0:ec:6f:6e:5c:c2:d6:64:3e:d4:99:91:87:74:18:
         a2:a0:1c:f1:0b:75:3e:08:80:a3:c0:86:77:f8:b2:4b:31:30:
         3b:18:67:63:f2:be:2e:62:b6:cf:49:5a:22:8a:2f:68:62:98:
         c5:4d:d0:6c:4e:76:4e:e4:1b:38:c3:cf:21:72:3d:4e:f4:50:
         16:b5:7a:73:20:e1:5e:60:d6:6e:c0:bf:02:2b:fb:19:2b:95:
         52:52:13:bd:f2:d0:73:ba:ef:e8:a2:00:f5:33:48:79:42:12:
         17:fd:8d:26:bb:91:62:b0:e7:68:49:6d:d1:72:81:c2:fa:8f:
         43:53:9d:f2:2a:a0:26:56:00:ac:9f:d7:d3:35:a6:36:86:5a:
         bf:3c:40:78:d9:5e:c0:04:ed:52:8e:0f:75:d8:42:b4:95:eb:
         54:cd:a0:6a:dd:77:7e:95:bd:39:5d:d4:77:f8:e3:09:79:af:
         cd:c8:bc:1c:da:3d:90:5e:e0:7a:9e:ed:5e:9c:2e:06:ac:c4:
         b3:d4:ca:f1:a5:8e:cb:27:7e:23:35:c4:88:2e:5f:1c:1d:5e:
         5a:13:28:c9:83:58:e3:f2:8e:e5:58:9f:92:a6:f5:a7:48:5c:
         64:63:e4:59
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQi+2NKanuOg5V6tQY8Mn22MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODQxMTM1NDVkOTAwMDc2MGY2NjA2MmE0MjIxOTMzYTJl
OTU5ZDgwHhcNMjUwMTAxMTc0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmM1MTNjOWFhN2RjMzg2MzZhMGI2M2M2Njc5MmQyZDk0YWQwOTg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAscUNvSuArnPpVPEttYirNBwNKkRW
P+wYDa98lXriRu8viutakVhYXsvprvEM1G5WS447RHrasZp/f2Bow2nNQRB2mmCp
SjRRdDUW4AHhNbEQE6cuHUE7R0oC2PfUMsVXRN1Hhn/BJeUaqZSHzIvdX5y+HIuG
5Gd4FGW+F+szUj28hxc7XOAYoh2/CZ+4neNF4tO0XW0LcI03SzlQmo+ewquCceNu
yt/vSt8BTkP2jrJ0Vz99l3BV59mnIPaLtxJmp8Snx1F8mF5ghzMt4CmYfolfOn4P
GExByH7b9LOkH3WTEkmHrV1Xp9u17Oy6RLboF2fVqOtvmxyU0eSqbcH0KQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJbFE8mqfcOGNqC2PGZ5LS2UrQmEMB8GA1UdIwQY
MBaAFL+EETVF2QAHYPZgYqQiGTOi6VnYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEt
NGJkNjNhZGM3MzU0LzEvbHNVVHlhcDl3NFkyb0xZOFpua3RMWlN0Q1lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zMGRjODUtMmRkOC00YjFjLWIxNTEtNGJkNjNhZGM3MzU0
LzEvdjRRUk5VWFpBQWRnOW1CaXBDSVpNNkxwV2RnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAtmzUD
BAAtmzYwDQYJKoZIhvcNAQELBQADggEBALjb8DiU0Oovkd+6lDKnqOfU8XH7LMDs
b25cwtZkPtSZkYd0GKKgHPELdT4IgKPAhnf4sksxMDsYZ2Pyvi5its9JWiKKL2hi
mMVN0GxOdk7kGzjDzyFyPU70UBa1enMg4V5g1m7AvwIr+xkrlVJSE73y0HO67+ii
APUzSHlCEhf9jSa7kWKw52hJbdFygcL6j0NTnfIqoCZWAKyf19M1pjaGWr88QHjZ
XsAE7VKOD3XYQrSV61TNoGrdd36VvTld1Hf44wl5r83IvBzaPZBe4Hqe7V6cLgas
xLPUyvGljssnfiM1xIguXxwdXloTKMmDWOPyjuVYn5Km9adIXGRj5Fk=
-----END CERTIFICATE-----