Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/IqxvVxYpQXGyjlpb247YsLAsLrA.roa
File:                     IqxvVxYpQXGyjlpb247YsLAsLrA.roa (raw, json)
Hash identifier:          pmZht21od602QeGb4drbX2CGGKKQ4ZeceYEOlf8BpHs=
Subject key identifier:   22:AC:6F:57:16:29:41:71:B2:8E:5A:5B:DB:8E:D8:B0:B0:2C:2E:B0
Certificate issuer:       /CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
Certificate serial:       01941F8C863EFB413FBEC6934FB599B991C8
Authority key identifier: 2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/IqxvVxYpQXGyjlpb247YsLAsLrA.roa
Signing time:             Wed 01 Jan 2025 01:48:10 +0000
ROA not before:           Wed 01 Jan 2025 01:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9123
IP address blocks:        45.82.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:86:3e:fb:41:3f:be:c6:93:4f:b5:99:b9:91:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e1164a9b5013d62f051344f6df91f13bc7ecb0f
        Validity
            Not Before: Jan  1 01:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22ac6f5716294171b28e5a5bdb8ed8b0b02c2eb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:bb:58:37:11:6c:6d:47:18:e0:98:42:02:04:
                    7e:f8:e9:a1:cb:d2:d5:d7:14:1b:b4:43:ea:ed:e3:
                    ad:6c:08:92:dd:79:02:09:89:56:6a:2d:73:c8:e0:
                    34:e5:b8:1d:53:48:e0:39:db:a4:a7:eb:d2:09:61:
                    f3:b6:1e:4a:29:df:28:c9:b8:b3:72:0a:4c:35:60:
                    a5:4d:32:71:25:87:43:f1:bb:02:71:40:06:07:e2:
                    d9:5f:0a:35:70:93:e1:46:e2:e3:bd:af:d2:ca:36:
                    ed:5e:6b:df:fb:06:43:aa:2b:f9:08:8e:b7:2a:97:
                    4f:af:c8:0c:d3:67:2c:47:19:3e:ab:b6:02:6e:bb:
                    7b:5a:6b:c4:8b:02:70:24:b9:2d:c8:36:8c:95:d4:
                    5f:4a:4c:4f:d3:60:07:c9:4b:ab:b9:ea:ec:b1:bc:
                    a4:61:be:2a:6f:1f:52:bf:c9:28:4c:a6:f8:62:fb:
                    64:d2:8a:d4:e3:6c:5a:ab:f7:47:1b:fb:3e:40:e9:
                    70:e7:a6:aa:fa:cc:19:71:0c:b5:bd:81:de:b4:a0:
                    39:a7:0d:46:14:68:33:90:df:a5:3a:77:6f:78:f2:
                    fc:0e:a3:97:e6:9b:24:29:ce:0d:e5:fe:b3:b6:78:
                    68:07:50:50:97:68:a1:fa:e9:4e:7d:72:3b:3b:88:
                    08:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:AC:6F:57:16:29:41:71:B2:8E:5A:5B:DB:8E:D8:B0:B0:2C:2E:B0
            X509v3 Authority Key Identifier:
                keyid:2E:11:64:A9:B5:01:3D:62:F0:51:34:4F:6D:F9:1F:13:BC:7E:CB:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LhFkqbUBPWLwUTRPbfkfE7x-yw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/IqxvVxYpQXGyjlpb247YsLAsLrA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/fb4696-678f-4d45-a091-fd7f17bb1a5c/1/LhFkqbUBPWLwUTRPbfkfE7x-yw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.82.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:9b:ea:37:dd:07:a8:1f:00:09:86:dd:2e:e7:91:e0:14:63:
         29:21:53:8a:21:df:7f:ce:fd:a5:7d:8d:80:9e:ff:43:fc:a1:
         67:57:1c:0e:90:d7:5e:8c:62:f4:ae:67:e2:18:2e:d2:7a:c6:
         26:77:b4:69:d3:0c:25:51:dc:e8:b1:a5:92:00:b9:cc:c8:4f:
         67:fa:bb:55:b7:72:35:a4:68:8a:6c:1a:f0:71:9d:89:47:e5:
         47:6e:67:91:e4:65:14:60:5c:e9:42:bd:0d:a7:7c:ee:a7:1c:
         44:d4:df:d8:a4:8d:aa:16:9e:54:ba:0a:76:d2:c0:57:f7:52:
         bd:c9:fa:3c:aa:14:f9:c3:cd:2f:d5:f6:da:85:6a:62:c1:0c:
         a7:5b:b7:82:57:dc:57:dd:da:a5:c7:08:7f:99:0a:19:63:f4:
         74:ec:54:ba:e3:7f:cb:ea:96:89:7b:7e:a9:2c:dd:ad:19:ba:
         fe:3e:94:63:a2:c8:b1:62:05:bd:2e:3c:c8:6f:e0:b5:9b:1e:
         ca:33:3e:82:95:70:50:79:94:5d:e6:ec:96:07:fd:b6:9a:f0:
         fc:e8:25:6b:4f:f9:bb:4c:28:82:62:b6:e1:c4:e9:5e:52:90:
         6c:0b:ad:38:16:3c:de:74:38:88:c4:80:97:e3:e6:a6:f5:55:
         81:cc:8e:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjIY++0E/vsaTT7WZuZHIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMTE2NGE5YjUwMTNkNjJmMDUxMzQ0ZjZkZjkxZjEzYmM3
ZWNiMGYwHhcNMjUwMTAxMDE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmFjNmY1NzE2Mjk0MTcxYjI4ZTVhNWJkYjhlZDhiMGIwMmMyZWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLtYNxFsbUcY4JhCAgR++Omhy9LV
1xQbtEPq7eOtbAiS3XkCCYlWai1zyOA05bgdU0jgOdukp+vSCWHzth5KKd8oybiz
cgpMNWClTTJxJYdD8bsCcUAGB+LZXwo1cJPhRuLjva/SyjbtXmvf+wZDqiv5CI63
KpdPr8gM02csRxk+q7YCbrt7WmvEiwJwJLktyDaMldRfSkxP02AHyUuruerssbyk
Yb4qbx9Sv8koTKb4Yvtk0orU42xaq/dHG/s+QOlw56aq+swZcQy1vYHetKA5pw1G
FGgzkN+lOndvePL8DqOX5pskKc4N5f6ztnhoB1BQl2ih+ulOfXI7O4gI/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKsb1cWKUFxso5aW9uO2LCwLC6wMB8GA1UdIwQY
MBaAFC4RZKm1AT1i8FE0T235HxO8fssPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEt
ZmQ3ZjE3YmIxYTVjLzEvSXF4dlZ4WXBRWEd5amxwYjI0N1lzTEFzTHJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9mYjQ2OTYtNjc4Zi00ZDQ1LWEwOTEtZmQ3ZjE3YmIxYTVj
LzEvTGhGa3FiVUJQV0x3VVRSUGJma2ZFN3gteXc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVJSMA0G
CSqGSIb3DQEBCwUAA4IBAQCdm+o33QeoHwAJht0u55HgFGMpIVOKId9/zv2lfY2A
nv9D/KFnVxwOkNdejGL0rmfiGC7SesYmd7Rp0wwlUdzosaWSALnMyE9n+rtVt3I1
pGiKbBrwcZ2JR+VHbmeR5GUUYFzpQr0Np3zupxxE1N/YpI2qFp5Uugp20sBX91K9
yfo8qhT5w80v1fbahWpiwQynW7eCV9xX3dqlxwh/mQoZY/R07FS643/L6paJe36p
LN2tGbr+PpRjosixYgW9LjzIb+C1mx7KMz6ClXBQeZRd5uyWB/22mvD86CVrT/m7
TCiCYrbhxOleUpBsC604FjzedDiIxICX4+am9VWBzI4b
-----END CERTIFICATE-----