Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/f3ba5e-898c-4fe9-bd88-3c3673d44905/1/N70Yb5HDAX3BIJy8UjKLLCNEous.roa
File:                     N70Yb5HDAX3BIJy8UjKLLCNEous.roa (raw, json)
Hash identifier:          qShtm2mEB1c+KG+KsBd4fYZEqu1nYfeAzh76OdmZs60=
Subject key identifier:   37:BD:18:6F:91:C3:01:7D:C1:20:9C:BC:52:32:8B:2C:23:44:A2:EB
Certificate issuer:       /CN=04a4ae7471c8f3621d53256d75f110b748997898
Certificate serial:       019427B645795624DAD706AC4736581ECFDF
Authority key identifier: 04:A4:AE:74:71:C8:F3:62:1D:53:25:6D:75:F1:10:B7:48:99:78:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BKSudHHI82IdUyVtdfEQt0iZeJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/f3ba5e-898c-4fe9-bd88-3c3673d44905/1/N70Yb5HDAX3BIJy8UjKLLCNEous.roa
Signing time:             Thu 02 Jan 2025 15:50:44 +0000
ROA not before:           Thu 02 Jan 2025 15:50:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208721
IP address blocks:        45.14.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/f3ba5e-898c-4fe9-bd88-3c3673d44905/1/BKSudHHI82IdUyVtdfEQt0iZeJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/f3ba5e-898c-4fe9-bd88-3c3673d44905/1/BKSudHHI82IdUyVtdfEQt0iZeJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BKSudHHI82IdUyVtdfEQt0iZeJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 11:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:45:79:56:24:da:d7:06:ac:47:36:58:1e:cf:df
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=04a4ae7471c8f3621d53256d75f110b748997898
        Validity
            Not Before: Jan  2 15:50:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37bd186f91c3017dc1209cbc52328b2c2344a2eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:3f:02:46:c4:a3:f8:54:38:c9:15:06:a5:5b:
                    d0:48:e8:e8:10:88:62:43:fb:ed:d8:0a:da:30:fe:
                    fd:10:f4:a5:4e:8a:bc:7d:5a:22:f8:03:a7:78:21:
                    67:4a:66:f2:06:26:ce:67:b2:bb:b8:93:0b:11:39:
                    ed:2e:e7:24:8d:44:bf:cf:d5:a5:36:48:a0:35:83:
                    82:2f:e6:43:fd:4b:e9:1d:67:d7:a7:92:df:ee:3d:
                    62:2d:8f:98:37:f9:b1:00:f8:fb:d0:f8:19:1e:e2:
                    88:54:72:14:ee:95:b1:66:5f:80:74:a0:97:e9:c2:
                    79:e3:58:02:97:5f:f6:ff:6b:9d:09:2e:39:6c:fb:
                    c9:bb:e9:f0:3d:9a:3c:95:ec:4d:c0:b7:72:16:7f:
                    30:91:ee:73:51:01:a1:16:59:0c:69:41:1f:66:70:
                    b1:ce:07:b3:0d:f3:ae:71:b6:ae:e6:73:51:f1:86:
                    82:23:a3:31:6b:d6:db:fb:e2:6f:23:05:e6:69:b6:
                    32:c2:bd:8f:ef:6c:b8:38:a4:e9:be:4c:f9:f4:b3:
                    44:bb:70:19:a1:a4:a4:cc:58:18:31:24:08:b5:ed:
                    9f:c9:07:fa:9e:3e:ca:4a:88:49:2f:5c:3d:6f:3b:
                    a6:93:1f:e4:fd:cc:24:7f:0f:3b:d7:5e:8e:6a:0a:
                    94:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:BD:18:6F:91:C3:01:7D:C1:20:9C:BC:52:32:8B:2C:23:44:A2:EB
            X509v3 Authority Key Identifier:
                keyid:04:A4:AE:74:71:C8:F3:62:1D:53:25:6D:75:F1:10:B7:48:99:78:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BKSudHHI82IdUyVtdfEQt0iZeJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/f3ba5e-898c-4fe9-bd88-3c3673d44905/1/N70Yb5HDAX3BIJy8UjKLLCNEous.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/f3ba5e-898c-4fe9-bd88-3c3673d44905/1/BKSudHHI82IdUyVtdfEQt0iZeJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.14.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b0:0d:99:1c:72:f1:56:03:fe:55:b1:dd:3f:14:4e:62:b9:f0:
         8a:e5:4d:d1:10:c4:11:48:fb:4e:a5:fc:b4:50:d9:ea:8e:a4:
         04:4e:a1:b9:aa:1d:64:f5:36:7d:3b:8e:4e:b7:95:34:d9:fe:
         46:8f:bc:4a:b5:d3:81:14:82:36:6d:99:87:74:bd:ba:d9:91:
         d7:eb:af:01:87:19:3f:bc:ed:20:db:7d:f7:4b:19:be:cc:dd:
         23:5f:a2:09:1d:c6:69:dc:67:a1:04:27:bf:0c:de:79:f0:02:
         a7:92:8e:22:f5:c0:f9:e3:ca:a5:06:6a:4a:9c:97:a8:66:a6:
         7b:58:11:fa:c2:81:b4:35:f4:dd:ce:88:d1:dd:58:e2:3a:91:
         aa:4e:f1:1e:1e:a5:00:60:e6:69:af:76:f0:59:93:6b:dd:15:
         47:6b:56:bd:24:a1:12:66:40:97:ed:90:f0:3f:33:c2:00:fa:
         61:27:d8:5e:33:bc:68:8f:a7:18:54:4f:a1:9d:6d:d7:7c:0d:
         72:0b:42:b9:c1:96:7c:fb:60:bd:e7:ed:f7:a7:64:77:4a:50:
         0b:f3:54:d5:f3:6c:53:8d:70:89:9b:65:71:71:c8:00:01:7e:
         f9:4d:45:63:25:c7:4d:46:88:d4:20:bc:28:03:e9:70:63:d6:
         55:3c:e6:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntkV5ViTa1wasRzZYHs/fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0YTRhZTc0NzFjOGYzNjIxZDUzMjU2ZDc1ZjExMGI3NDg5
OTc4OTgwHhcNMjUwMTAyMTU1MDQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzN2JkMTg2ZjkxYzMwMTdkYzEyMDljYmM1MjMyOGIyYzIzNDRhMmViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmz8CRsSj+FQ4yRUGpVvQSOjoEIhi
Q/vt2AraMP79EPSlToq8fVoi+AOneCFnSmbyBibOZ7K7uJMLETntLuckjUS/z9Wl
NkigNYOCL+ZD/UvpHWfXp5Lf7j1iLY+YN/mxAPj70PgZHuKIVHIU7pWxZl+AdKCX
6cJ541gCl1/2/2udCS45bPvJu+nwPZo8lexNwLdyFn8wke5zUQGhFlkMaUEfZnCx
zgezDfOucbau5nNR8YaCI6Mxa9bb++JvIwXmabYywr2P72y4OKTpvkz59LNEu3AZ
oaSkzFgYMSQIte2fyQf6nj7KSohJL1w9bzumkx/k/cwkfw87116OagqUvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDe9GG+RwwF9wSCcvFIyiywjRKLrMB8GA1UdIwQY
MBaAFASkrnRxyPNiHVMlbXXxELdImXiYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQktTdWRISEk4MklkVXlWdGRmRVF0MGlaZUpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9mM2JhNWUtODk4Yy00ZmU5LWJkODgt
M2MzNjczZDQ0OTA1LzEvTjcwWWI1SERBWDNCSUp5OFVqS0xMQ05Fb3VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9mM2JhNWUtODk4Yy00ZmU5LWJkODgtM2MzNjczZDQ0OTA1
LzEvQktTdWRISEk4MklkVXlWdGRmRVF0MGlaZUpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ50MA0G
CSqGSIb3DQEBCwUAA4IBAQCwDZkccvFWA/5Vsd0/FE5iufCK5U3REMQRSPtOpfy0
UNnqjqQETqG5qh1k9TZ9O45Ot5U02f5Gj7xKtdOBFII2bZmHdL262ZHX668Bhxk/
vO0g2333Sxm+zN0jX6IJHcZp3GehBCe/DN558AKnko4i9cD548qlBmpKnJeoZqZ7
WBH6woG0NfTdzojR3VjiOpGqTvEeHqUAYOZpr3bwWZNr3RVHa1a9JKESZkCX7ZDw
PzPCAPphJ9heM7xoj6cYVE+hnW3XfA1yC0K5wZZ8+2C95+33p2R3SlAL81TV82xT
jXCJm2VxccgAAX75TUVjJcdNRojUILwoA+lwY9ZVPOaP
-----END CERTIFICATE-----