Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/woRUexRgrjYm-1UeX3M4dxJmzd0.roa
File:                     woRUexRgrjYm-1UeX3M4dxJmzd0.roa (raw, json)
Hash identifier:          byIFDiUOYopR6OIBe4sC/1zUg7J+fkp7cf+oN0cuBwM=
Subject key identifier:   C2:84:54:7B:14:60:AE:36:26:FB:55:1E:5F:73:38:77:12:66:CD:DD
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       019424454FA60BAED09705755E769610AA93
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/woRUexRgrjYm-1UeX3M4dxJmzd0.roa
Signing time:             Wed 01 Jan 2025 23:48:29 +0000
ROA not before:           Wed 01 Jan 2025 23:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     151106
IP address blocks:        45.157.208.0/24 maxlen: 24
                          45.157.211.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 10:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:4f:a6:0b:ae:d0:97:05:75:5e:76:96:10:aa:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  1 23:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c284547b1460ae3626fb551e5f7338771266cddd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:9b:fa:a7:fe:50:62:c9:28:a9:1c:51:6e:5b:
                    09:c6:83:86:6e:5e:ce:00:c0:23:fe:f7:1e:73:ea:
                    53:d2:a8:db:89:a0:d9:fe:ff:99:ee:65:73:fa:99:
                    3b:38:bc:e6:d8:04:1f:a0:5b:ef:29:f8:bf:58:0b:
                    34:18:77:e7:5e:4a:ff:20:b4:ff:69:d3:db:23:81:
                    4d:1a:e0:bc:e7:a3:35:40:67:a8:b1:4a:51:5e:b2:
                    d0:f4:56:1d:31:bc:0b:9d:42:07:06:34:da:86:8f:
                    f0:15:4d:84:67:8a:e5:d7:f7:be:6e:85:3b:9c:b1:
                    2c:83:3b:c9:8c:6b:0a:24:16:72:d9:3f:79:0b:17:
                    f5:57:85:ff:8e:5a:67:ce:ed:e4:21:db:3f:af:c0:
                    4b:57:c6:b9:2f:15:01:28:18:34:ce:b3:ca:1a:d6:
                    cc:14:f8:f4:e1:3e:c4:01:8f:88:0f:8f:d2:8a:d0:
                    49:8c:08:fa:02:80:02:2d:50:59:5a:6b:a6:a8:7f:
                    9c:d6:c7:5c:ef:6c:f7:08:3b:78:8f:ef:f8:b7:01:
                    06:f1:d9:5c:57:00:ab:ea:c0:41:61:68:d6:f0:0d:
                    fc:6e:bf:11:27:72:e2:04:0d:7f:37:ba:dd:17:4f:
                    b1:38:ee:2b:84:9c:cf:30:d6:86:e9:29:d1:07:7c:
                    ed:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:84:54:7B:14:60:AE:36:26:FB:55:1E:5F:73:38:77:12:66:CD:DD
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/woRUexRgrjYm-1UeX3M4dxJmzd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.208.0/24
                  45.157.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:4e:c5:1f:e0:af:fe:3b:ac:8d:f8:13:1f:25:90:43:2f:1c:
         c2:d4:4d:d7:b8:86:c8:70:ff:1a:8b:b8:bb:5e:55:87:a7:7f:
         82:ba:ab:b5:b5:b2:85:64:ae:5e:b5:a1:79:a1:f0:ed:9e:08:
         36:f5:72:f4:49:86:f8:9a:93:61:ef:1b:4e:ab:3e:b2:e0:5d:
         9d:55:76:15:2d:63:83:5f:b3:08:5c:3e:26:a5:17:76:38:1d:
         46:9b:ad:d9:a0:43:f3:0c:99:e7:5e:76:f1:ee:b5:02:4d:74:
         ce:18:b5:27:ec:30:6f:77:66:37:af:1c:27:64:86:f3:5c:4d:
         a7:9f:7c:24:c0:91:ad:35:bf:5c:56:e0:36:c0:c5:c0:48:2f:
         26:64:23:9f:d5:c6:c9:62:f8:c6:c6:ff:13:26:54:cb:cb:b9:
         db:8e:94:7b:d7:ec:27:0e:1a:7d:4b:e0:cb:18:df:18:de:3b:
         25:26:a5:79:0f:b7:73:72:46:4c:b1:87:9c:c0:58:c9:e6:38:
         ee:74:25:95:55:6d:0b:5a:cd:ae:0e:a3:fa:40:87:f8:1b:7b:
         e5:7c:3e:3a:d5:25:ef:a8:91:f5:bd:1d:13:75:a6:c4:a4:3b:
         a8:1e:7d:70:d9:52:ee:21:b0:af:04:71:dd:1e:2f:80:ae:7a:
         ad:78:0d:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRU+mC67QlwV1XnaWEKqTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwMTAxMjM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMjg0NTQ3YjE0NjBhZTM2MjZmYjU1MWU1ZjczMzg3NzEyNjZjZGRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAipv6p/5QYskoqRxRblsJxoOGbl7O
AMAj/vcec+pT0qjbiaDZ/v+Z7mVz+pk7OLzm2AQfoFvvKfi/WAs0GHfnXkr/ILT/
adPbI4FNGuC856M1QGeosUpRXrLQ9FYdMbwLnUIHBjTaho/wFU2EZ4rl1/e+boU7
nLEsgzvJjGsKJBZy2T95Cxf1V4X/jlpnzu3kIds/r8BLV8a5LxUBKBg0zrPKGtbM
FPj04T7EAY+ID4/SitBJjAj6AoACLVBZWmumqH+c1sdc72z3CDt4j+/4twEG8dlc
VwCr6sBBYWjW8A38br8RJ3LiBA1/N7rdF0+xOO4rhJzPMNaG6SnRB3ztVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMKEVHsUYK42JvtVHl9zOHcSZs3dMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEvd29SVWV4UmdyalltLTFVZVgzTTRkeEptemQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZ3QAwQA
LZ3TMA0GCSqGSIb3DQEBCwUAA4IBAQC8TsUf4K/+O6yN+BMfJZBDLxzC1E3XuIbI
cP8ai7i7XlWHp3+Cuqu1tbKFZK5etaF5ofDtngg29XL0SYb4mpNh7xtOqz6y4F2d
VXYVLWODX7MIXD4mpRd2OB1Gm63ZoEPzDJnnXnbx7rUCTXTOGLUn7DBvd2Y3rxwn
ZIbzXE2nn3wkwJGtNb9cVuA2wMXASC8mZCOf1cbJYvjGxv8TJlTLy7nbjpR71+wn
Dhp9S+DLGN8Y3jslJqV5D7dzckZMsYecwFjJ5jjudCWVVW0LWs2uDqP6QIf4G3vl
fD461SXvqJH1vR0TdabEpDuoHn1w2VLuIbCvBHHdHi+ArnqteA3S
-----END CERTIFICATE-----