Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/COYdV2q8dCzUz6xG81cTibKPPLE.roa
File:                     COYdV2q8dCzUz6xG81cTibKPPLE.roa (raw, json)
Hash identifier:          8sSgJbQXLKAcdJaGETlMl/fwR5Tx+44qKYoZv2PbQhE=
Subject key identifier:   08:E6:1D:57:6A:BC:74:2C:D4:CF:AC:46:F3:57:13:89:B2:8F:3C:B1
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAB6AC85BEEFF4005193D451BEAB4F
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/COYdV2q8dCzUz6xG81cTibKPPLE.roa
Signing time:             Wed 01 Jan 2025 03:48:31 +0000
ROA not before:           Wed 01 Jan 2025 03:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215727
IP address blocks:        45.13.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:01:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:b6:ac:85:be:ef:f4:00:51:93:d4:51:be:ab:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08e61d576abc742cd4cfac46f3571389b28f3cb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:5b:b9:29:de:65:5c:1a:0d:f3:27:7c:0f:3c:
                    ad:e0:20:f2:d7:42:ca:f1:fc:2b:2f:f9:e2:f3:d2:
                    5c:6d:d9:b0:8a:55:78:1e:62:42:7f:d8:d6:96:07:
                    76:94:cf:4a:56:2a:f9:a3:76:72:0a:67:54:a7:b2:
                    eb:d0:f4:30:b0:01:ac:1a:19:f4:fa:7f:cc:94:bd:
                    80:5a:93:45:79:32:f8:c4:f4:a0:0c:f9:87:0e:1a:
                    7d:05:c0:7c:f7:05:1e:ac:ad:b0:c4:72:48:61:a8:
                    80:22:11:88:d7:02:07:a9:58:5f:60:0c:a5:41:66:
                    97:ff:92:86:9e:77:9b:b3:0c:88:e5:35:f8:ea:ad:
                    b0:a4:aa:78:a2:e9:86:0c:0d:5d:00:e1:df:73:c3:
                    81:0c:21:9c:57:18:c1:93:ca:61:79:d4:ae:f9:5e:
                    0c:92:42:65:44:bf:62:86:fd:af:3e:a2:da:47:57:
                    b4:70:a1:04:b1:ba:9e:1a:18:dd:b8:f0:ca:06:3c:
                    7f:64:db:2c:26:2d:3c:2d:0c:a3:2f:9c:d3:a5:41:
                    42:13:3f:6c:9b:91:44:99:7f:14:ae:ce:4c:f0:57:
                    a1:06:3b:0b:05:0e:36:57:ec:60:b9:8f:61:cb:1b:
                    0a:8e:67:d6:5f:a2:a0:cf:03:3e:b9:e0:52:07:6f:
                    b4:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:E6:1D:57:6A:BC:74:2C:D4:CF:AC:46:F3:57:13:89:B2:8F:3C:B1
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/COYdV2q8dCzUz6xG81cTibKPPLE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:30:51:80:d5:14:40:58:d8:0b:d7:9c:cc:ef:a3:dc:d2:51:
         24:07:84:3b:f8:6b:e6:53:bb:6f:d6:8b:ee:73:f4:02:98:7e:
         56:82:b6:0a:9d:b3:52:4d:c2:e3:e5:59:9d:a7:1f:d9:5f:04:
         48:51:5b:aa:fe:12:da:6a:79:f6:55:f5:37:f2:02:97:8e:a1:
         8a:20:26:d6:31:24:c3:c8:3a:be:b1:33:12:d2:1a:86:ac:66:
         8e:ba:20:26:c5:98:69:cf:c6:d7:79:47:58:ba:f6:3f:c6:03:
         40:e2:a5:32:c8:9d:96:27:a5:a8:0a:94:12:05:d8:86:7e:71:
         7e:1b:a0:8d:14:bc:54:f9:d9:7f:71:80:3c:58:8a:28:21:3e:
         6d:6c:7f:66:db:dc:f5:6d:13:c7:02:7a:56:5c:54:0c:8b:fa:
         17:c3:23:80:57:9c:91:a0:f2:00:9c:a9:16:16:2f:dd:01:72:
         c7:33:60:f0:ff:4c:60:58:59:ce:17:6d:53:45:a8:5e:34:30:
         18:ab:c9:ca:17:e1:61:24:5b:74:25:55:a6:ca:68:af:20:11:
         f6:2c:17:c0:da:23:b0:5a:b4:d8:f4:c8:2c:ee:f4:91:c1:ad:
         47:37:58:ce:a5:82:2a:c2:a8:75:8a:55:e7:48:22:8a:a0:d4:
         44:05:93:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+rashb7v9ABRk9RRvqtPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGU2MWQ1NzZhYmM3NDJjZDRjZmFjNDZmMzU3MTM4OWIyOGYzY2IxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5lu5Kd5lXBoN8yd8Dzyt4CDy10LK
8fwrL/ni89JcbdmwilV4HmJCf9jWlgd2lM9KVir5o3ZyCmdUp7Lr0PQwsAGsGhn0
+n/MlL2AWpNFeTL4xPSgDPmHDhp9BcB89wUerK2wxHJIYaiAIhGI1wIHqVhfYAyl
QWaX/5KGnnebswyI5TX46q2wpKp4oumGDA1dAOHfc8OBDCGcVxjBk8phedSu+V4M
kkJlRL9ihv2vPqLaR1e0cKEEsbqeGhjduPDKBjx/ZNssJi08LQyjL5zTpUFCEz9s
m5FEmX8Urs5M8FehBjsLBQ42V+xguY9hyxsKjmfWX6KgzwM+ueBSB2+0DQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjmHVdqvHQs1M+sRvNXE4myjzyxMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvQ09ZZFYycThkQ3pVejZ4RzgxY1RpYktQUExFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALQ11MA0G
CSqGSIb3DQEBCwUAA4IBAQA7MFGA1RRAWNgL15zM76Pc0lEkB4Q7+GvmU7tv1ovu
c/QCmH5WgrYKnbNSTcLj5Vmdpx/ZXwRIUVuq/hLaann2VfU38gKXjqGKICbWMSTD
yDq+sTMS0hqGrGaOuiAmxZhpz8bXeUdYuvY/xgNA4qUyyJ2WJ6WoCpQSBdiGfnF+
G6CNFLxU+dl/cYA8WIooIT5tbH9m29z1bRPHAnpWXFQMi/oXwyOAV5yRoPIAnKkW
Fi/dAXLHM2Dw/0xgWFnOF21TRaheNDAYq8nKF+FhJFt0JVWmymivIBH2LBfA2iOw
WrTY9Mgs7vSRwa1HN1jOpYIqwqh1ilXnSCKKoNREBZMb
-----END CERTIFICATE-----