Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/yNNBP2CYZiCkNUVUsBEkdKlDfd8.roa
File:                     yNNBP2CYZiCkNUVUsBEkdKlDfd8.roa (raw, json)
Hash identifier:          vCmsgqUye/JQpQ9Ozf04BYmInQnymLIG2O0wE02K/Wg=
Subject key identifier:   C8:D3:41:3F:60:98:66:20:A4:35:45:54:B0:11:24:74:A9:43:7D:DF
Certificate issuer:       /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial:       01942445538CA9132C11731357E56C3934A1
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/yNNBP2CYZiCkNUVUsBEkdKlDfd8.roa
Signing time:             Wed 01 Jan 2025 23:48:30 +0000
ROA not before:           Wed 01 Jan 2025 23:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211975
IP address blocks:        45.157.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 10:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:53:8c:a9:13:2c:11:73:13:57:e5:6c:39:34:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
        Validity
            Not Before: Jan  1 23:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8d3413f60986620a4354554b0112474a9437ddf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:8c:8f:b7:93:79:b1:66:41:ac:34:07:80:82:
                    c1:8f:26:35:43:a6:4b:8e:1b:83:c2:bc:67:15:4e:
                    4d:ba:5f:c9:90:39:b0:dd:76:b8:14:f5:27:4b:cf:
                    75:be:fe:81:6c:e6:49:e5:d2:3a:46:fa:40:ba:d5:
                    a3:85:ee:5b:e3:28:9f:ec:d5:ec:6f:85:e1:b0:b0:
                    79:74:34:82:7c:77:a6:b5:3c:3b:8f:cb:22:81:1d:
                    dd:14:66:d2:5e:0c:a1:04:e1:d6:8b:8b:a3:21:0a:
                    1b:15:a1:46:de:99:dd:a9:44:52:c1:b3:f3:5f:59:
                    d6:c0:9a:ae:85:e6:c6:b6:75:5a:6f:1a:f1:44:f4:
                    ed:1e:dc:38:27:2d:87:89:9a:13:ef:85:67:3d:be:
                    a6:fe:cd:b9:60:dd:e5:a5:4d:79:17:a2:4d:0d:3f:
                    9b:83:1d:53:f3:e7:67:ce:85:60:26:58:48:ae:5c:
                    c0:93:db:72:2c:7c:db:a7:4f:31:ac:16:6b:46:74:
                    91:fb:34:af:1e:44:d1:96:2f:8d:ef:2e:94:60:8c:
                    e8:ae:69:c4:b0:ab:bc:40:08:98:6b:c0:3d:d2:50:
                    41:c9:1c:6d:74:1e:66:43:ae:8d:c4:d7:71:6a:c2:
                    33:e4:2b:f1:b4:32:4e:c2:24:f4:95:2a:d4:7a:71:
                    71:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:D3:41:3F:60:98:66:20:A4:35:45:54:B0:11:24:74:A9:43:7D:DF
            X509v3 Authority Key Identifier:
                keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/yNNBP2CYZiCkNUVUsBEkdKlDfd8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:e4:9f:86:15:c7:85:17:e2:c5:09:56:34:e4:63:77:f2:b3:
         43:c3:a7:69:ec:b6:2f:8b:57:4a:24:28:28:03:ff:06:60:68:
         66:b3:29:d9:74:e0:f6:8a:8a:8e:81:fb:f2:56:92:1c:55:db:
         12:83:1d:35:70:5f:19:5b:1c:62:8d:87:0c:c7:61:b0:62:50:
         93:e6:a6:35:5b:9b:d7:60:67:3c:b1:1e:8a:19:79:fd:b4:b7:
         fa:d8:40:b5:71:2f:ff:64:2a:1d:9d:2a:81:30:18:f8:8f:11:
         aa:8c:9f:9e:f8:58:41:d8:ef:0d:7f:cf:d6:77:dc:ce:14:04:
         ec:37:ba:a8:2e:82:1b:18:92:86:73:c4:de:c7:db:4f:b1:49:
         dc:38:6a:6d:a5:5c:e6:6e:ba:2a:35:f8:65:7b:9f:d0:c7:70:
         2b:18:bf:42:db:3b:ed:ac:67:a1:7a:c5:5b:f3:09:42:01:e9:
         d7:97:38:d0:ea:e9:93:30:19:e2:1c:a4:ea:fc:44:b1:c2:16:
         82:c8:7c:ca:6c:d3:57:92:58:5d:6f:8d:aa:85:50:d7:ef:25:
         55:4a:5f:8d:85:93:34:67:99:9d:09:2f:d3:a2:d3:ce:8d:91:
         5c:66:43:50:b4:fb:6d:3d:b8:91:c7:4a:12:fa:d1:11:47:95:
         eb:b5:51:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRVOMqRMsEXMTV+VsOTShMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2OGJmYjhhNWVlZTQ5MDgyZWE2MjhkZjI1YTRhNWQ1MGYz
YWE5YjMwHhcNMjUwMTAxMjM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGQzNDEzZjYwOTg2NjIwYTQzNTQ1NTRiMDExMjQ3NGE5NDM3ZGRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxIyPt5N5sWZBrDQHgILBjyY1Q6ZL
jhuDwrxnFU5Nul/JkDmw3Xa4FPUnS891vv6BbOZJ5dI6RvpAutWjhe5b4yif7NXs
b4XhsLB5dDSCfHemtTw7j8sigR3dFGbSXgyhBOHWi4ujIQobFaFG3pndqURSwbPz
X1nWwJquhebGtnVabxrxRPTtHtw4Jy2HiZoT74VnPb6m/s25YN3lpU15F6JNDT+b
gx1T8+dnzoVgJlhIrlzAk9tyLHzbp08xrBZrRnSR+zSvHkTRli+N7y6UYIzormnE
sKu8QAiYa8A90lBByRxtdB5mQ66NxNdxasIz5CvxtDJOwiT0lSrUenFxowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMjTQT9gmGYgpDVFVLARJHSpQ33fMB8GA1UdIwQY
MBaAFDaL+4pe7kkILqYo3yWkpdUPOqmzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUt
MGFlMmU5MjJhMjkyLzEveU5OQlAyQ1laaUNrTlVWVXNCRWtkS2xEZmQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9hYTU4YzMtZTcwNi00YTQ5LWE3YzUtMGFlMmU5MjJhMjky
LzEvTm92N2lsN3VTUWd1cGlqZkphU2wxUTg2cWJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZ3RMA0G
CSqGSIb3DQEBCwUAA4IBAQDS5J+GFceFF+LFCVY05GN38rNDw6dp7LYvi1dKJCgo
A/8GYGhmsynZdOD2ioqOgfvyVpIcVdsSgx01cF8ZWxxijYcMx2GwYlCT5qY1W5vX
YGc8sR6KGXn9tLf62EC1cS//ZCodnSqBMBj4jxGqjJ+e+FhB2O8Nf8/Wd9zOFATs
N7qoLoIbGJKGc8Tex9tPsUncOGptpVzmbroqNfhle5/Qx3ArGL9C2zvtrGehesVb
8wlCAenXlzjQ6umTMBniHKTq/ESxwhaCyHzKbNNXklhdb42qhVDX7yVVSl+NhZM0
Z5mdCS/TotPOjZFcZkNQtPttPbiRx0oS+tERR5XrtVHI
-----END CERTIFICATE-----