Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/nV9zpTkg41cEF2aE_Xxas5qWLPE.roa
File:                     nV9zpTkg41cEF2aE_Xxas5qWLPE.roa (raw, json)
Hash identifier:          TmF18BVISDIjbdiP8hL66Gsgu4TLs2FCPMkL0xuGpQk=
Subject key identifier:   9D:5F:73:A5:39:20:E3:57:04:17:66:84:FD:7C:5A:B3:9A:96:2C:F1
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       019424454B835812801DB87FA070DFCC1CE3
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/nV9zpTkg41cEF2aE_Xxas5qWLPE.roa
Signing time:             Wed 01 Jan 2025 23:48:28 +0000
ROA not before:           Wed 01 Jan 2025 23:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     13335
IP address blocks:        45.155.255.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 10:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:4b:83:58:12:80:1d:b8:7f:a0:70:df:cc:1c:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  1 23:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d5f73a53920e35704176684fd7c5ab39a962cf1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:4a:f5:69:b7:a8:c3:7b:87:f1:d4:0e:54:e8:
                    a0:6f:a4:16:4f:f0:bf:3c:55:02:1f:2b:2f:39:13:
                    98:b2:ad:f3:16:e2:76:89:d3:00:51:cc:28:dd:b0:
                    9e:2b:c7:21:91:5d:ec:7b:e9:d6:0c:61:a3:ed:59:
                    1e:50:c0:b5:a8:60:79:ca:c3:17:c7:17:e4:70:23:
                    74:07:83:0d:6a:e5:05:ef:fa:02:bd:74:83:c9:e1:
                    d5:5a:24:64:ce:fd:c1:d6:d1:1f:66:67:e8:e2:92:
                    e8:c6:80:12:d9:dd:40:08:9f:fc:6f:7a:81:df:0e:
                    18:c3:92:d6:28:9a:d7:b4:6e:5d:b6:b4:76:88:0c:
                    ea:bc:d0:98:6e:e3:08:0f:cc:3a:84:e2:e5:00:44:
                    1c:20:43:9b:3b:f6:7c:09:10:3b:cd:c5:b8:51:33:
                    5d:68:6a:bf:7e:d6:2e:84:bc:41:aa:fd:09:89:66:
                    d1:c2:dc:94:5c:f0:05:9b:6f:58:86:47:5f:4a:d2:
                    68:4e:39:a5:cf:6e:35:a8:4f:57:54:9b:38:77:49:
                    36:45:a4:05:7a:1c:29:c0:5b:50:7a:9e:40:c1:6c:
                    d3:ad:3e:76:54:9e:77:80:84:78:2c:82:29:20:7b:
                    26:28:3d:d8:7b:7e:e3:19:06:bb:26:c7:30:c8:e5:
                    3c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:5F:73:A5:39:20:E3:57:04:17:66:84:FD:7C:5A:B3:9A:96:2C:F1
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/nV9zpTkg41cEF2aE_Xxas5qWLPE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.155.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:b1:a2:77:3e:0f:a9:ae:0e:ed:46:62:a1:10:14:ff:8e:c0:
         5f:e6:71:de:f8:bb:0a:26:09:ef:e4:e6:50:e0:6b:17:34:1c:
         ab:81:17:ba:05:a4:63:e1:3c:d4:43:d0:44:3f:d2:f2:61:87:
         cb:bb:0e:33:d6:a4:99:e5:05:7b:5e:83:97:d6:cb:26:b2:5a:
         52:82:1b:c6:8f:c5:3e:02:3c:13:e0:55:4d:96:a2:79:0c:33:
         fa:65:2c:c0:d6:6b:23:d6:29:73:57:d0:c8:f1:98:f6:af:78:
         ab:da:6d:e9:b0:c1:5c:3e:25:77:51:e9:00:1f:a7:1a:fb:01:
         56:31:03:87:35:75:78:67:7c:34:81:37:9f:dc:d6:0f:1d:fb:
         9e:c4:5e:93:c4:47:93:d3:ed:62:9f:e1:19:a0:b1:b9:e5:60:
         b5:09:35:de:6d:a9:a8:25:0e:58:52:88:1d:af:b4:a1:a0:9a:
         4e:a7:3c:78:c2:59:f7:8f:1b:6c:17:80:f0:d8:25:35:61:00:
         4e:70:9e:43:37:4a:f6:2b:f3:2f:d2:09:ad:42:ef:e2:95:94:
         44:4a:44:e0:56:87:ac:55:0e:18:23:ac:0a:73:43:ce:1a:0f:
         e9:6f:4f:93:b4:c2:04:73:35:04:1c:ef:b7:35:05:04:b4:43:
         d2:2e:f5:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRUuDWBKAHbh/oHDfzBzjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwMTAxMjM0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDVmNzNhNTM5MjBlMzU3MDQxNzY2ODRmZDdjNWFiMzlhOTYyY2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqkr1abeow3uH8dQOVOigb6QWT/C/
PFUCHysvOROYsq3zFuJ2idMAUcwo3bCeK8chkV3se+nWDGGj7VkeUMC1qGB5ysMX
xxfkcCN0B4MNauUF7/oCvXSDyeHVWiRkzv3B1tEfZmfo4pLoxoAS2d1ACJ/8b3qB
3w4Yw5LWKJrXtG5dtrR2iAzqvNCYbuMID8w6hOLlAEQcIEObO/Z8CRA7zcW4UTNd
aGq/ftYuhLxBqv0JiWbRwtyUXPAFm29YhkdfStJoTjmlz241qE9XVJs4d0k2RaQF
ehwpwFtQep5AwWzTrT52VJ53gIR4LIIpIHsmKD3Ye37jGQa7JscwyOU8uQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ1fc6U5IONXBBdmhP18WrOalizxMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvblY5enBUa2c0MWNFRjJhRV9YeGFzNXFXTFBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZv/MA0G
CSqGSIb3DQEBCwUAA4IBAQBnsaJ3Pg+prg7tRmKhEBT/jsBf5nHe+LsKJgnv5OZQ
4GsXNByrgRe6BaRj4TzUQ9BEP9LyYYfLuw4z1qSZ5QV7XoOX1ssmslpSghvGj8U+
AjwT4FVNlqJ5DDP6ZSzA1msj1ilzV9DI8Zj2r3ir2m3psMFcPiV3UekAH6ca+wFW
MQOHNXV4Z3w0gTef3NYPHfuexF6TxEeT0+1in+EZoLG55WC1CTXebamoJQ5YUogd
r7ShoJpOpzx4wln3jxtsF4Dw2CU1YQBOcJ5DN0r2K/Mv0gmtQu/ilZRESkTgVoes
VQ4YI6wKc0POGg/pb0+TtMIEczUEHO+3NQUEtEPSLvUJ
-----END CERTIFICATE-----