Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/UuHwViSlAo8hGs3KtaMQVIWf-VA.roa
File:                     UuHwViSlAo8hGs3KtaMQVIWf-VA.roa (raw, json)
Hash identifier:          a38KoNNp3q4aw5hnF4oBpvVBatYcSTOjdfU6vANvUWk=
Subject key identifier:   52:E1:F0:56:24:A5:02:8F:21:1A:CD:CA:B5:A3:10:54:85:9F:F9:50
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       01942445128C8B7005918478B6CD7EDA9C57
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/UuHwViSlAo8hGs3KtaMQVIWf-VA.roa
Signing time:             Wed 01 Jan 2025 23:48:14 +0000
ROA not before:           Wed 01 Jan 2025 23:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35297
IP address blocks:        45.142.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:12:8c:8b:70:05:91:84:78:b6:cd:7e:da:9c:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 23:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=52e1f05624a5028f211acdcab5a31054859ff950
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:61:49:d1:63:d9:85:01:30:94:a5:8c:c6:23:
                    71:09:bc:93:46:00:c5:3f:e4:50:c7:ed:a6:4b:3e:
                    45:5e:e8:dd:ca:fb:e3:25:ed:2e:dd:39:b1:02:49:
                    37:b7:36:12:55:04:15:c6:7c:43:49:9c:69:19:e9:
                    cf:8d:48:9c:83:0d:24:5d:2d:b7:1a:c2:f9:56:a9:
                    0a:d9:8c:b4:c9:43:11:35:59:6e:4b:dd:5f:7c:50:
                    ab:dd:39:f2:0a:08:3c:4a:de:62:56:55:cd:1a:42:
                    0a:f7:8c:5d:a8:97:19:78:cb:8b:af:9d:42:c7:f8:
                    ab:4c:f0:d4:4a:ee:60:5b:54:29:f9:e1:54:76:2d:
                    51:40:ac:ac:1e:5a:43:07:3e:7a:73:48:c1:21:ac:
                    a1:25:55:47:40:64:9d:03:8f:11:bf:9d:25:26:d7:
                    18:6b:c1:6d:a4:ce:b7:d1:d0:bf:dc:c2:17:f1:c5:
                    1e:64:45:fb:09:04:8a:8e:11:e0:30:67:a6:96:77:
                    47:34:1c:89:38:11:fa:53:42:eb:2f:34:fc:4a:23:
                    da:08:82:22:fc:2c:d4:9f:43:ac:71:dc:22:9c:e2:
                    59:b3:a0:33:69:a5:dd:be:58:73:91:7a:31:ea:6f:
                    b5:ba:bf:b6:e4:ad:b9:55:77:bd:1b:97:99:36:1a:
                    96:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:E1:F0:56:24:A5:02:8F:21:1A:CD:CA:B5:A3:10:54:85:9F:F9:50
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/UuHwViSlAo8hGs3KtaMQVIWf-VA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:d0:0d:bb:1c:f6:b6:78:99:9a:b2:54:1b:89:5f:3f:ce:df:
         65:fd:01:13:68:24:00:57:3e:44:22:09:fe:15:01:b8:79:ee:
         3e:03:84:87:eb:39:36:a6:d8:bf:f5:72:31:66:8d:08:4a:df:
         5a:37:05:eb:32:44:c4:72:fa:5e:16:de:1e:66:1e:e3:74:57:
         68:3c:e2:f4:43:63:b2:2f:ea:31:62:82:62:2b:0c:55:4a:84:
         59:10:c4:2d:fc:8e:32:26:1f:48:12:47:8e:d2:9d:ef:88:3e:
         b5:a9:82:a9:29:cb:d5:a6:55:96:da:8f:a7:4b:59:3c:93:a0:
         fb:fe:36:35:27:0f:a8:65:df:e9:f9:55:78:11:b8:1f:85:6f:
         a0:3f:1d:5d:69:1d:fc:cd:80:bd:04:37:1c:bb:3c:ec:12:e1:
         c0:f8:a8:78:db:a1:cf:37:48:da:96:53:a3:59:68:a5:65:ad:
         6f:c5:23:e1:fd:9a:42:21:e5:c6:b1:8c:71:72:89:a0:6e:09:
         61:16:44:27:03:7d:2e:7f:de:21:a5:38:cd:b8:f3:d5:91:81:
         a4:ff:33:ca:97:a1:18:8d:6f:f6:11:be:8a:20:d5:9c:cb:3a:
         5f:00:06:77:d2:2d:32:aa:ae:bd:0d:bb:a6:70:64:99:85:bc:
         fc:e1:a4:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRRKMi3AFkYR4ts1+2pxXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwMTAxMjM0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MmUxZjA1NjI0YTUwMjhmMjExYWNkY2FiNWEzMTA1NDg1OWZmOTUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzmFJ0WPZhQEwlKWMxiNxCbyTRgDF
P+RQx+2mSz5FXujdyvvjJe0u3TmxAkk3tzYSVQQVxnxDSZxpGenPjUicgw0kXS23
GsL5VqkK2Yy0yUMRNVluS91ffFCr3TnyCgg8St5iVlXNGkIK94xdqJcZeMuLr51C
x/irTPDUSu5gW1Qp+eFUdi1RQKysHlpDBz56c0jBIayhJVVHQGSdA48Rv50lJtcY
a8FtpM630dC/3MIX8cUeZEX7CQSKjhHgMGemlndHNByJOBH6U0LrLzT8SiPaCIIi
/CzUn0OscdwinOJZs6AzaaXdvlhzkXox6m+1ur+25K25VXe9G5eZNhqWOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFLh8FYkpQKPIRrNyrWjEFSFn/lQMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvVXVId1ZpU2xBbzhoR3MzS3RhTVFWSVdmLVZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY4nMA0G
CSqGSIb3DQEBCwUAA4IBAQAw0A27HPa2eJmaslQbiV8/zt9l/QETaCQAVz5EIgn+
FQG4ee4+A4SH6zk2pti/9XIxZo0ISt9aNwXrMkTEcvpeFt4eZh7jdFdoPOL0Q2Oy
L+oxYoJiKwxVSoRZEMQt/I4yJh9IEkeO0p3viD61qYKpKcvVplWW2o+nS1k8k6D7
/jY1Jw+oZd/p+VV4EbgfhW+gPx1daR38zYC9BDccuzzsEuHA+Kh426HPN0jallOj
WWilZa1vxSPh/ZpCIeXGsYxxcomgbglhFkQnA30uf94hpTjNuPPVkYGk/zPKl6EY
jW/2Eb6KINWcyzpfAAZ30i0yqq69DbumcGSZhbz84aTc
-----END CERTIFICATE-----