Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/e4C1Lt7yQcwQt8s6SXjZljvYnYI.roa
File:                     e4C1Lt7yQcwQt8s6SXjZljvYnYI.roa (raw, json)
Hash identifier:          qYUj9aGtKthDNrQ+ROcxe+b2Fvq6MRO56ASo9Hfo+yk=
Subject key identifier:   7B:80:B5:2E:DE:F2:41:CC:10:B7:CB:3A:49:78:D9:96:3B:D8:9D:82
Certificate issuer:       /CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
Certificate serial:       0194244521695646CEB535A269B8ED902251
Authority key identifier: D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/e4C1Lt7yQcwQt8s6SXjZljvYnYI.roa
Signing time:             Wed 01 Jan 2025 23:48:17 +0000
ROA not before:           Wed 01 Jan 2025 23:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51789
IP address blocks:        45.149.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 08:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:21:69:56:46:ce:b5:35:a2:69:b8:ed:90:22:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d76bb48e93e8a0058c5c72a81a8799455307ee56
        Validity
            Not Before: Jan  1 23:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b80b52edef241cc10b7cb3a4978d9963bd89d82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:2b:17:b4:a1:a6:23:66:a1:e9:fc:06:a6:fe:
                    d1:20:56:c5:2a:59:af:d0:41:5a:b8:5b:9e:e6:f4:
                    af:7b:22:7d:71:85:52:d4:55:f4:f5:25:d6:6a:10:
                    8d:07:dc:cb:25:f4:80:cc:16:9a:c6:d6:2c:32:04:
                    d2:f2:e0:5b:27:d4:74:79:8a:3b:9d:ae:08:c7:ca:
                    b1:3e:cb:37:76:b7:96:a0:61:5b:f2:7c:ec:c8:33:
                    49:ca:de:51:60:3a:91:24:81:06:f5:48:31:58:a8:
                    d7:ee:5f:ea:da:af:82:80:ba:02:d3:82:af:22:78:
                    96:27:dc:9a:2c:14:cd:73:bf:6e:c8:f0:d8:0c:b9:
                    20:6a:d8:c8:69:ed:46:41:0e:a1:11:36:7d:5e:10:
                    f5:14:1e:42:61:a6:cc:9c:f4:d7:cd:3f:52:e3:81:
                    60:1e:bd:86:a4:b9:7a:03:e4:cf:db:21:30:e3:2d:
                    ad:86:b9:85:6d:27:f7:78:c7:70:92:5e:7c:2f:3e:
                    74:66:95:e1:10:08:54:0b:45:55:b6:3e:eb:be:a7:
                    db:58:73:c7:13:dd:74:9f:d5:24:a8:cd:36:97:8f:
                    2b:a4:a0:7b:2c:82:0e:5d:aa:6b:14:ef:2c:86:60:
                    ab:cf:e9:fa:f4:a8:99:b4:f9:e3:81:62:7c:28:c7:
                    23:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:80:B5:2E:DE:F2:41:CC:10:B7:CB:3A:49:78:D9:96:3B:D8:9D:82
            X509v3 Authority Key Identifier:
                keyid:D7:6B:B4:8E:93:E8:A0:05:8C:5C:72:A8:1A:87:99:45:53:07:EE:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/12u0jpPooAWMXHKoGoeZRVMH7lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/e4C1Lt7yQcwQt8s6SXjZljvYnYI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a5bfb6-6a10-4fbc-af48-8bfbdd45cb62/1/12u0jpPooAWMXHKoGoeZRVMH7lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.149.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:0f:94:6f:e0:7a:01:76:ac:3b:0a:52:5b:24:c6:70:17:05:
         c9:ed:a1:60:46:00:13:31:a5:ff:c3:4e:bc:74:54:11:8c:8a:
         a3:01:1b:ed:79:fa:70:55:10:81:75:ec:b9:8e:07:15:2b:ff:
         11:df:0a:58:a2:3c:b4:5b:3a:b1:6b:63:90:8b:35:04:77:fa:
         77:43:08:b2:a7:ac:5e:fc:df:ed:24:3d:1a:b6:a7:e8:44:d9:
         8f:dd:f7:ab:d8:1e:e2:b6:48:b9:c6:de:5f:da:15:1d:ce:cc:
         f0:11:ee:14:72:e9:74:87:31:73:cc:29:23:ea:c3:d9:64:47:
         9d:7f:13:85:c5:8d:ba:d6:e9:09:fa:95:4f:61:d9:26:37:68:
         bd:1b:62:97:19:31:bf:dc:d0:a0:d4:e7:a8:4d:97:bf:37:ad:
         89:57:d2:02:2a:cb:16:c4:85:3c:fe:e2:e5:04:38:3d:a1:92:
         f7:6e:32:8d:a1:00:bf:27:71:1a:bc:49:f4:ce:38:98:7e:53:
         11:ee:fa:28:d9:ef:38:ca:6f:87:98:a5:9a:0e:b2:a6:25:e7:
         6e:30:c8:01:92:21:e1:81:8d:0e:d1:e3:59:d5:a8:8c:2c:d1:
         38:41:e8:d2:ab:59:24:ab:42:1a:7d:d1:51:48:22:e3:25:e1:
         89:a6:0e:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRSFpVkbOtTWiabjtkCJRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NmJiNDhlOTNlOGEwMDU4YzVjNzJhODFhODc5OTQ1NTMw
N2VlNTYwHhcNMjUwMTAxMjM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjgwYjUyZWRlZjI0MWNjMTBiN2NiM2E0OTc4ZDk5NjNiZDg5ZDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsisXtKGmI2ah6fwGpv7RIFbFKlmv
0EFauFue5vSveyJ9cYVS1FX09SXWahCNB9zLJfSAzBaaxtYsMgTS8uBbJ9R0eYo7
na4Ix8qxPss3dreWoGFb8nzsyDNJyt5RYDqRJIEG9UgxWKjX7l/q2q+CgLoC04Kv
IniWJ9yaLBTNc79uyPDYDLkgatjIae1GQQ6hETZ9XhD1FB5CYabMnPTXzT9S44Fg
Hr2GpLl6A+TP2yEw4y2thrmFbSf3eMdwkl58Lz50ZpXhEAhUC0VVtj7rvqfbWHPH
E910n9UkqM02l48rpKB7LIIOXaprFO8shmCrz+n69KiZtPnjgWJ8KMcjKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHuAtS7e8kHMELfLOkl42ZY72J2CMB8GA1UdIwQY
MBaAFNdrtI6T6KAFjFxyqBqHmUVTB+5WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgt
OGJmYmRkNDVjYjYyLzEvZTRDMUx0N3lRY3dRdDhzNlNYalpsanZZbllJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNWJmYjYtNmExMC00ZmJjLWFmNDgtOGJmYmRkNDVjYjYy
LzEvMTJ1MGpwUG9vQVdNWEhLb0dvZVpSVk1IN2xZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZWAMA0G
CSqGSIb3DQEBCwUAA4IBAQAoD5Rv4HoBdqw7ClJbJMZwFwXJ7aFgRgATMaX/w068
dFQRjIqjARvtefpwVRCBdey5jgcVK/8R3wpYojy0Wzqxa2OQizUEd/p3Qwiyp6xe
/N/tJD0atqfoRNmP3fer2B7itki5xt5f2hUdzszwEe4Ucul0hzFzzCkj6sPZZEed
fxOFxY261ukJ+pVPYdkmN2i9G2KXGTG/3NCg1OeoTZe/N62JV9ICKssWxIU8/uLl
BDg9oZL3bjKNoQC/J3EavEn0zjiYflMR7voo2e84ym+HmKWaDrKmJeduMMgBkiHh
gY0O0eNZ1aiMLNE4QejSq1kkq0IafdFRSCLjJeGJpg4d
-----END CERTIFICATE-----