Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/2nquZxIjKuCQeOgojOXW1X_s_QM.roa
File:                     2nquZxIjKuCQeOgojOXW1X_s_QM.roa (raw, json)
Hash identifier:          jFRO0lP11v/Hnir4mOKoo6txSwXFruzZ7RBet4hmmmk=
Subject key identifier:   DA:7A:AE:67:12:23:2A:E0:90:78:E8:28:8C:E5:D6:D5:7F:EC:FD:03
Certificate issuer:       /CN=ff44dbaca56dac319401f68a50d917f5424611ad
Certificate serial:       0194214389AD443A7C732BAAE5D5988A4816
Authority key identifier: FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/2nquZxIjKuCQeOgojOXW1X_s_QM.roa
Signing time:             Wed 01 Jan 2025 09:47:41 +0000
ROA not before:           Wed 01 Jan 2025 09:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42831
IP address blocks:        45.143.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:89:ad:44:3a:7c:73:2b:aa:e5:d5:98:8a:48:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff44dbaca56dac319401f68a50d917f5424611ad
        Validity
            Not Before: Jan  1 09:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=da7aae6712232ae09078e8288ce5d6d57fecfd03
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:2f:69:aa:61:76:ba:8f:cf:1b:dc:58:63:d8:
                    94:f0:26:a3:a2:cc:e4:e8:a6:57:b1:84:32:8e:f8:
                    94:48:99:59:49:f5:ff:6d:70:89:6a:84:2e:4a:61:
                    21:21:ff:0f:7f:0f:00:85:1b:7e:88:94:f1:2e:05:
                    1a:4d:16:bd:75:01:81:bc:46:68:ed:5e:36:fa:7e:
                    a9:e5:59:aa:6c:b8:13:52:ab:73:fe:b3:9a:e0:76:
                    0a:95:15:6e:ff:1f:de:a3:21:28:b8:7d:a7:0b:74:
                    8b:de:54:3a:1f:c1:8c:72:ff:f3:cf:a2:7c:f8:a2:
                    0d:0a:37:36:54:a9:22:8e:88:f3:95:3b:dc:30:58:
                    50:5d:5e:a6:a5:bf:47:3a:44:d2:de:d8:03:06:f6:
                    2e:48:75:a1:b0:fa:fd:77:c0:8b:a7:4b:3f:3a:f7:
                    5a:bd:7c:b6:3f:3f:29:a8:bd:81:86:94:02:a1:73:
                    ae:ef:97:a3:8a:b7:46:28:52:fc:bf:b6:7d:37:20:
                    4a:71:a7:25:a6:ce:59:2c:d3:5b:50:db:5a:e0:42:
                    16:dd:ec:9f:59:3e:16:8c:01:50:27:1b:a6:c3:89:
                    f2:fa:e4:1d:3d:60:f3:2d:d2:41:13:59:5a:89:55:
                    91:d5:1d:26:b5:50:2b:9f:c7:23:cd:60:32:5a:e3:
                    3c:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:7A:AE:67:12:23:2A:E0:90:78:E8:28:8C:E5:D6:D5:7F:EC:FD:03
            X509v3 Authority Key Identifier:
                keyid:FF:44:DB:AC:A5:6D:AC:31:94:01:F6:8A:50:D9:17:F5:42:46:11:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_0TbrKVtrDGUAfaKUNkX9UJGEa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/2nquZxIjKuCQeOgojOXW1X_s_QM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/53a947-fd03-4014-9827-c5d8950818ec/1/_0TbrKVtrDGUAfaKUNkX9UJGEa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:9f:6d:6b:62:e6:91:0c:72:74:7e:1a:57:cd:b2:84:91:07:
         d6:39:2c:a9:6b:9c:59:56:18:58:5b:71:3a:08:c0:bc:ef:36:
         ae:70:ac:47:ff:a9:21:fb:bb:33:05:dd:56:1c:da:57:cd:2e:
         90:32:cd:07:c5:bb:ff:26:a7:76:01:36:e1:30:3a:26:a3:ed:
         08:57:2d:d5:b2:36:5c:19:ae:aa:e6:9f:8b:35:12:93:dc:6f:
         2e:0a:c3:c1:55:ff:be:6b:59:75:be:3a:75:3f:8c:8b:02:78:
         1c:d5:35:73:9d:83:25:7c:aa:71:06:a7:39:da:c9:8d:cd:59:
         a9:12:31:5d:c1:10:45:d0:13:98:13:cd:1d:24:c7:cf:02:d4:
         af:b6:2d:14:e9:53:00:ba:85:39:88:98:a5:b4:18:39:ba:77:
         8f:37:d0:7e:e2:c9:b5:32:81:8a:04:e8:88:d1:10:81:d6:9e:
         0f:df:f2:63:4e:8f:9f:75:b9:90:77:53:5d:dc:03:98:2e:19:
         80:9e:90:0b:65:e5:8c:34:50:47:be:c0:16:ea:25:95:f9:70:
         c0:61:0d:19:b8:ee:4d:2b:3c:c3:83:9f:8f:f4:6b:d0:e5:7e:
         f5:c5:43:3f:0c:21:38:9e:31:48:dc:e2:33:8f:7d:54:30:81:
         23:c6:45:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ4mtRDp8cyuq5dWYikgWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmNDRkYmFjYTU2ZGFjMzE5NDAxZjY4YTUwZDkxN2Y1NDI0
NjExYWQwHhcNMjUwMTAxMDk0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTdhYWU2NzEyMjMyYWUwOTA3OGU4Mjg4Y2U1ZDZkNTdmZWNmZDAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzC9pqmF2uo/PG9xYY9iU8Cajoszk
6KZXsYQyjviUSJlZSfX/bXCJaoQuSmEhIf8Pfw8AhRt+iJTxLgUaTRa9dQGBvEZo
7V42+n6p5VmqbLgTUqtz/rOa4HYKlRVu/x/eoyEouH2nC3SL3lQ6H8GMcv/zz6J8
+KINCjc2VKkijojzlTvcMFhQXV6mpb9HOkTS3tgDBvYuSHWhsPr9d8CLp0s/Ovda
vXy2Pz8pqL2BhpQCoXOu75ejirdGKFL8v7Z9NyBKcaclps5ZLNNbUNta4EIW3eyf
WT4WjAFQJxumw4ny+uQdPWDzLdJBE1laiVWR1R0mtVArn8cjzWAyWuM8+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNp6rmcSIyrgkHjoKIzl1tV/7P0DMB8GA1UdIwQY
MBaAFP9E26ylbawxlAH2ilDZF/VCRhGtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4Mjct
YzVkODk1MDgxOGVjLzEvMm5xdVp4SWpLdUNRZU9nb2pPWFcxWF9zX1FNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi81M2E5NDctZmQwMy00MDE0LTk4MjctYzVkODk1MDgxOGVj
LzEvXzBUYnJLVnRyREdVQWZhS1VOa1g5VUpHRWEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALY8IMA0G
CSqGSIb3DQEBCwUAA4IBAQBhn21rYuaRDHJ0fhpXzbKEkQfWOSypa5xZVhhYW3E6
CMC87zaucKxH/6kh+7szBd1WHNpXzS6QMs0Hxbv/Jqd2ATbhMDomo+0IVy3VsjZc
Ga6q5p+LNRKT3G8uCsPBVf++a1l1vjp1P4yLAngc1TVznYMlfKpxBqc52smNzVmp
EjFdwRBF0BOYE80dJMfPAtSvti0U6VMAuoU5iJiltBg5unePN9B+4sm1MoGKBOiI
0RCB1p4P3/JjTo+fdbmQd1Nd3AOYLhmAnpALZeWMNFBHvsAW6iWV+XDAYQ0ZuO5N
KzzDg5+P9GvQ5X71xUM/DCE4njFI3OIzj31UMIEjxkUk
-----END CERTIFICATE-----