Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/c662OwAf5y9g0vjw0HFhvw_cf6o.roa
File:                     c662OwAf5y9g0vjw0HFhvw_cf6o.roa (raw, json)
Hash identifier:          nDKQV9dhpAcfcHP03sqkzXfr7CYTEl4R+GH4NHQIkCU=
Subject key identifier:   73:AE:B6:3B:00:1F:E7:2F:60:D2:F8:F0:D0:71:61:BF:0F:DC:7F:AA
Certificate issuer:       /CN=05976801363d375786152e4d061e75c8beb35058
Certificate serial:       01941FFAA2984A450FC7EE40FD8DD49F9306
Authority key identifier: 05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/c662OwAf5y9g0vjw0HFhvw_cf6o.roa
Signing time:             Wed 01 Jan 2025 03:48:26 +0000
ROA not before:           Wed 01 Jan 2025 03:48:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212815
IP address blocks:        45.13.117.0/24 maxlen: 24
                          45.13.119.0/24 maxlen: 24
                          45.154.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a2:98:4a:45:0f:c7:ee:40:fd:8d:d4:9f:93:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05976801363d375786152e4d061e75c8beb35058
        Validity
            Not Before: Jan  1 03:48:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=73aeb63b001fe72f60d2f8f0d07161bf0fdc7faa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:0a:ef:8e:37:77:d8:73:41:a6:09:3d:f6:70:
                    74:5b:b7:dd:ba:a1:78:7b:35:a1:a0:ae:7b:11:63:
                    dd:37:eb:b6:6f:f5:7e:e9:a3:55:4d:4e:31:d2:35:
                    a3:62:45:e4:62:6d:3f:3a:e2:ac:da:63:de:75:48:
                    a4:50:17:e9:fe:fd:bb:a0:40:d6:39:bc:c7:5d:b7:
                    50:02:a8:2a:10:53:45:9c:c1:be:23:80:41:e1:79:
                    39:a2:df:74:33:1c:e0:40:f2:2a:2d:af:d1:52:5b:
                    18:31:2e:3a:c4:ef:10:85:ae:2b:47:27:67:dd:75:
                    44:74:5c:37:69:8e:4b:90:95:38:f6:bb:9e:5e:2f:
                    a7:a8:bb:b9:57:11:b0:a2:5b:2d:b4:00:23:23:08:
                    b2:8a:e9:e6:9f:bf:41:2e:47:3b:57:23:2d:c6:d5:
                    eb:83:70:80:7c:83:b7:be:69:86:97:6f:9f:b4:60:
                    09:df:0e:92:0c:b7:af:73:94:63:f2:70:25:84:42:
                    da:fb:da:3d:90:0a:91:dd:be:f4:f0:54:d8:a8:28:
                    28:73:e0:80:06:78:65:b3:6e:3f:13:4d:10:75:d4:
                    58:10:1a:48:20:0a:dd:5a:ec:c0:c7:2c:06:e9:39:
                    e8:f6:2c:a0:62:9d:4b:7f:ee:ae:3f:86:c6:e7:00:
                    b9:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:AE:B6:3B:00:1F:E7:2F:60:D2:F8:F0:D0:71:61:BF:0F:DC:7F:AA
            X509v3 Authority Key Identifier:
                keyid:05:97:68:01:36:3D:37:57:86:15:2E:4D:06:1E:75:C8:BE:B3:50:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BZdoATY9N1eGFS5NBh51yL6zUFg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/c662OwAf5y9g0vjw0HFhvw_cf6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/2baadc-2b7a-4ec0-95ca-5ec8c8ed60fd/1/BZdoATY9N1eGFS5NBh51yL6zUFg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.117.0/24
                  45.13.119.0/24
                  45.154.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:73:88:c2:9a:03:d7:fc:6f:69:4a:1e:70:75:d4:a9:01:71:
         b3:d1:83:7c:fe:64:9d:20:31:32:16:98:a5:70:fe:47:9b:fa:
         b6:eb:f4:fa:02:ce:79:07:80:db:a2:c1:c5:49:44:8a:8e:af:
         3c:71:27:23:a8:38:8a:73:1e:f1:8e:9a:79:ea:9a:e4:b2:3b:
         ba:25:85:44:20:b8:c8:4e:11:86:9b:16:bf:d3:ea:f4:51:6a:
         91:cf:10:ad:40:4d:3a:b3:36:a7:96:20:e3:3c:db:b5:30:a2:
         7f:48:5b:f5:16:75:e9:9c:4d:e6:9c:4e:bd:83:29:7c:50:fb:
         32:df:03:23:b8:5a:26:20:aa:bb:e0:c5:df:2e:22:17:78:04:
         43:53:91:8f:e5:ec:ae:15:be:21:a6:9a:a4:77:ed:0d:55:d7:
         f5:2f:49:04:01:4c:3d:40:d0:0a:6b:6a:87:03:3b:83:d2:d1:
         27:9a:5e:1c:8e:5e:98:db:bb:af:95:cf:88:c9:7f:49:01:e7:
         30:34:24:92:a7:6c:ce:1e:3e:c3:99:69:4e:6e:7a:5d:9d:5c:
         07:d7:3c:02:f3:94:e4:71:62:de:b2:76:e8:ec:91:60:7c:e9:
         e4:e5:0b:f3:ee:b5:96:d1:61:20:bd:53:e8:cf:eb:bd:d3:40:
         82:83:cf:0f
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQf+qKYSkUPx+5A/Y3Un5MGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1OTc2ODAxMzYzZDM3NTc4NjE1MmU0ZDA2MWU3NWM4YmVi
MzUwNTgwHhcNMjUwMTAxMDM0ODI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3M2FlYjYzYjAwMWZlNzJmNjBkMmY4ZjBkMDcxNjFiZjBmZGM3ZmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqgrvjjd32HNBpgk99nB0W7fduqF4
ezWhoK57EWPdN+u2b/V+6aNVTU4x0jWjYkXkYm0/OuKs2mPedUikUBfp/v27oEDW
ObzHXbdQAqgqEFNFnMG+I4BB4Xk5ot90MxzgQPIqLa/RUlsYMS46xO8Qha4rRydn
3XVEdFw3aY5LkJU49rueXi+nqLu5VxGwolsttAAjIwiyiunmn79BLkc7VyMtxtXr
g3CAfIO3vmmGl2+ftGAJ3w6SDLevc5Rj8nAlhELa+9o9kAqR3b708FTYqCgoc+CA
Bnhls24/E00QddRYEBpIIArdWuzAxywG6Tno9iygYp1Lf+6uP4bG5wC5MQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHOutjsAH+cvYNL48NBxYb8P3H+qMB8GA1UdIwQY
MBaAFAWXaAE2PTdXhhUuTQYedci+s1BYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2Et
NWVjOGM4ZWQ2MGZkLzEvYzY2Mk93QWY1eTlnMHZqdzBIRmh2d19jZjZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS8yYmFhZGMtMmI3YS00ZWMwLTk1Y2EtNWVjOGM4ZWQ2MGZk
LzEvQlpkb0FUWTlOMWVHRlM1TkJoNTF5TDZ6VUZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALQ11AwQA
LQ13AwQALZpgMA0GCSqGSIb3DQEBCwUAA4IBAQA1c4jCmgPX/G9pSh5wddSpAXGz
0YN8/mSdIDEyFpilcP5Hm/q26/T6As55B4DbosHFSUSKjq88cScjqDiKcx7xjpp5
6prksju6JYVEILjIThGGmxa/0+r0UWqRzxCtQE06szanliDjPNu1MKJ/SFv1FnXp
nE3mnE69gyl8UPsy3wMjuFomIKq74MXfLiIXeARDU5GP5eyuFb4hppqkd+0NVdf1
L0kEAUw9QNAKa2qHAzuD0tEnml4cjl6Y27uvlc+IyX9JAecwNCSSp2zOHj7DmWlO
bnpdnVwH1zwC85TkcWLesnbo7JFgfOnk5Qvz7rWW0WEgvVPoz+u900CCg88P
-----END CERTIFICATE-----