Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/7W9sev3L-VQWc6oeKqV7bwg_M78.roa
File:                     7W9sev3L-VQWc6oeKqV7bwg_M78.roa (raw, json)
Hash identifier:          iACOPZzpZ14qCk65ni/pYA1L4ve/ow82nu3m+eaX/rg=
Subject key identifier:   ED:6F:6C:7A:FD:CB:F9:54:16:73:AA:1E:2A:A5:7B:6F:08:3F:33:BF
Certificate issuer:       /CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
Certificate serial:       0194A26E0479284A8E96E4DAAD38551AC591
Authority key identifier: 91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/7W9sev3L-VQWc6oeKqV7bwg_M78.roa
Signing time:             Sun 26 Jan 2025 11:45:06 +0000
ROA not before:           Sun 26 Jan 2025 11:45:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51396
IP address blocks:        45.135.193.0/24 maxlen: 24
                          45.135.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Apr 2025 22:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a2:6e:04:79:28:4a:8e:96:e4:da:ad:38:55:1a:c5:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
        Validity
            Not Before: Jan 26 11:45:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed6f6c7afdcbf9541673aa1e2aa57b6f083f33bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:86:6c:8e:c4:86:5b:e7:36:55:77:a1:89:6b:
                    08:ce:2a:0b:82:fa:76:bb:15:68:55:3d:c2:f6:fc:
                    c1:17:17:02:0e:53:e1:67:a7:12:7c:fd:0d:7c:9a:
                    f7:ab:34:3e:33:21:06:5b:7f:16:6a:15:9d:10:fe:
                    cc:81:81:30:0d:27:d5:4b:12:99:9d:d0:1f:c8:3d:
                    fb:67:1a:b9:bc:d1:a2:7e:13:69:70:17:5d:b9:48:
                    a1:ee:0c:48:b5:3c:0d:21:25:53:ae:f8:a9:ab:15:
                    9f:25:ce:67:7a:66:37:c0:c5:29:50:d8:23:3e:eb:
                    a0:e4:ec:dc:8e:6c:ca:36:98:73:c0:1d:bc:dd:eb:
                    d1:f2:6b:e4:87:25:e7:40:61:77:4e:e8:f3:24:3e:
                    cd:6f:b8:9c:1d:ab:46:99:c1:6b:34:df:70:f9:b7:
                    0e:4f:d1:8f:c2:a1:d7:3b:ca:05:31:44:64:69:de:
                    e9:8d:5e:79:16:ce:d1:f6:72:d7:c4:3a:9b:14:5f:
                    61:21:9c:23:22:d3:74:a7:04:ae:6d:83:21:1e:cf:
                    d5:63:c1:7a:c2:9f:15:e6:0b:5d:85:ff:ea:b2:29:
                    b8:52:49:58:50:57:7d:47:6e:fb:bd:3f:52:ef:47:
                    bd:98:fb:ba:7b:0d:27:f8:f0:1e:81:ce:20:f0:61:
                    5a:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:6F:6C:7A:FD:CB:F9:54:16:73:AA:1E:2A:A5:7B:6F:08:3F:33:BF
            X509v3 Authority Key Identifier:
                keyid:91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/7W9sev3L-VQWc6oeKqV7bwg_M78.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.193.0-45.135.194.255

    Signature Algorithm: sha256WithRSAEncryption
         5f:39:71:38:75:71:ac:62:02:be:05:9e:d3:35:9a:24:24:cf:
         73:46:7f:e6:83:97:42:8c:92:92:5a:5c:7d:b2:b5:42:c0:bd:
         4d:c7:42:d6:7b:91:ae:24:52:6b:82:21:3e:7b:a6:f2:39:6d:
         45:aa:e1:19:de:7e:99:41:b4:8d:8d:d7:6c:a1:cd:f9:fe:10:
         dc:60:01:01:7c:63:63:c0:f1:a7:22:36:d4:0b:28:b2:b5:19:
         dd:7b:4a:d1:8d:c7:b0:a9:6f:9e:a6:82:10:87:5e:c2:2f:d4:
         55:04:a1:b9:60:37:57:65:66:75:a3:ab:3b:5c:4f:22:e1:3d:
         5c:d5:c0:13:6e:01:41:7f:97:f8:48:26:d7:3c:b9:c7:e0:ba:
         26:67:e9:8b:89:29:44:31:e3:39:37:d1:a8:95:17:3c:ac:65:
         30:af:e6:d5:8f:7f:10:98:0c:23:63:ae:1a:85:91:a6:42:12:
         4b:1d:3b:2c:0b:81:bf:32:b0:63:2a:a0:c2:7a:4c:c2:66:a2:
         56:7b:88:c2:db:95:a0:3a:b3:30:46:aa:dc:2d:da:0d:3c:13:
         62:2e:09:10:1f:8a:4d:a8:e8:5c:dd:47:ee:84:ee:5e:70:10:
         64:50:b6:49:e3:d4:fc:86:e5:5f:c3:3e:c1:04:d5:8a:74:5d:
         1e:d0:ee:90
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZSibgR5KEqOluTarThVGsWRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDBjNzhjMzA5YTNlOTlkYzlhYjc0ZjJjZGMwNDg0ODU5
ZTc1MzAwHhcNMjUwMTI2MTE0NTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDZmNmM3YWZkY2JmOTU0MTY3M2FhMWUyYWE1N2I2ZjA4M2YzM2JmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YZsjsSGW+c2VXehiWsIzioLgvp2
uxVoVT3C9vzBFxcCDlPhZ6cSfP0NfJr3qzQ+MyEGW38WahWdEP7MgYEwDSfVSxKZ
ndAfyD37Zxq5vNGifhNpcBdduUih7gxItTwNISVTrvipqxWfJc5nemY3wMUpUNgj
Puug5OzcjmzKNphzwB283evR8mvkhyXnQGF3TujzJD7Nb7icHatGmcFrNN9w+bcO
T9GPwqHXO8oFMURkad7pjV55Fs7R9nLXxDqbFF9hIZwjItN0pwSubYMhHs/VY8F6
wp8V5gtdhf/qsim4UklYUFd9R277vT9S70e9mPu6ew0n+PAegc4g8GFamwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFO1vbHr9y/lUFnOqHiqle28IPzO/MB8GA1UdIwQY
MBaAFJHQx4wwmj6Z3Jq3TyzcBISFnnUwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEt
NDg1MmM4ZmY4YWYyLzEvN1c5c2V2M0wtVlFXYzZvZUtxVjdid2dfTTc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEtNDg1MmM4ZmY4YWYy
LzEva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAAth8ED
BAAth8IwDQYJKoZIhvcNAQELBQADggEBAF85cTh1caxiAr4FntM1miQkz3NGf+aD
l0KMkpJaXH2ytULAvU3HQtZ7ka4kUmuCIT57pvI5bUWq4RnefplBtI2N12yhzfn+
ENxgAQF8Y2PA8aciNtQLKLK1Gd17StGNx7Cpb56mghCHXsIv1FUEoblgN1dlZnWj
qztcTyLhPVzVwBNuAUF/l/hIJtc8ucfguiZn6YuJKUQx4zk30aiVFzysZTCv5tWP
fxCYDCNjrhqFkaZCEksdOywLgb8ysGMqoMJ6TMJmolZ7iMLblaA6szBGqtwt2g08
E2IuCRAfik2o6FzdR+6E7l5wEGRQtknj1PyG5V/DPsEE1Yp0XR7Q7pA=
-----END CERTIFICATE-----