Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/m7nZQDUNXTAKS4UOybVqVQmdP5w.roa
File:                     m7nZQDUNXTAKS4UOybVqVQmdP5w.roa (raw, json)
Hash identifier:          xKnYvzxmkeCg53JAhipiTpZl84ccUL77H2BTcrzkprw=
Subject key identifier:   9B:B9:D9:40:35:0D:5D:30:0A:4B:85:0E:C9:B5:6A:55:09:9D:3F:9C
Certificate issuer:       /CN=25cf9d8d552cdc7d8c0dc6f649b301f2351409ee
Certificate serial:       0194258F7698C242D01240F1BF391B9A06A0
Authority key identifier: 25:CF:9D:8D:55:2C:DC:7D:8C:0D:C6:F6:49:B3:01:F2:35:14:09:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/m7nZQDUNXTAKS4UOybVqVQmdP5w.roa
Signing time:             Thu 02 Jan 2025 05:49:06 +0000
ROA not before:           Thu 02 Jan 2025 05:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47482
IP address blocks:        45.66.32.0/24 maxlen: 24
                          45.66.33.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:76:98:c2:42:d0:12:40:f1:bf:39:1b:9a:06:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=25cf9d8d552cdc7d8c0dc6f649b301f2351409ee
        Validity
            Not Before: Jan  2 05:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9bb9d940350d5d300a4b850ec9b56a55099d3f9c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:d4:e0:d2:2e:a5:5f:df:ee:aa:27:67:31:e5:
                    53:22:63:34:97:7c:94:29:df:39:be:32:47:68:6d:
                    62:ce:90:4b:3e:60:a2:ca:0c:d4:4d:1f:a6:70:98:
                    6f:fa:2f:00:99:d9:0b:8e:b7:b7:e7:16:75:6b:b3:
                    ea:14:b9:94:ab:5c:28:fa:e0:3b:45:b4:54:56:bd:
                    94:32:36:8e:a9:3c:f8:1a:b3:6a:8b:e4:14:70:48:
                    7f:fb:0a:8d:f4:bb:e0:8b:33:bc:44:32:c5:37:40:
                    81:72:4c:9c:e8:3c:70:d8:07:9f:39:9b:c0:72:40:
                    a1:d0:a4:68:02:d2:48:55:a5:22:0e:ba:7e:ed:6f:
                    b8:f3:b2:72:bb:38:28:70:2a:85:ae:6d:e0:1b:a1:
                    db:6e:62:a0:45:e7:59:6b:3b:f4:49:dd:29:3f:e0:
                    5b:dd:98:f4:1f:4d:97:33:79:58:fd:ed:b7:89:2f:
                    7a:10:68:e6:cc:80:43:9c:a7:19:d4:56:92:ca:3b:
                    22:60:5d:58:b0:c6:75:1a:05:c6:0d:36:e9:25:36:
                    38:f2:8d:39:d8:ac:eb:d7:48:e7:0f:17:7e:6d:45:
                    b8:58:a1:25:a5:90:1a:28:e3:e4:b4:80:51:e8:e7:
                    f1:77:6a:25:51:5a:7e:ee:09:b9:5a:34:f6:3f:31:
                    f1:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:B9:D9:40:35:0D:5D:30:0A:4B:85:0E:C9:B5:6A:55:09:9D:3F:9C
            X509v3 Authority Key Identifier:
                keyid:25:CF:9D:8D:55:2C:DC:7D:8C:0D:C6:F6:49:B3:01:F2:35:14:09:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jc-djVUs3H2MDcb2SbMB8jUUCe4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/m7nZQDUNXTAKS4UOybVqVQmdP5w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/a0e08a-9ff0-44b4-bcc4-a10690a744e4/1/Jc-djVUs3H2MDcb2SbMB8jUUCe4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c5:4a:35:4e:85:36:2f:2d:d1:bb:ea:6b:28:ae:56:16:ad:a5:
         6f:f4:21:2f:b8:99:8b:0d:a9:95:7f:5e:51:ac:e7:4d:8a:0b:
         81:d4:ca:62:4c:9b:24:00:8b:da:c2:25:9a:d2:1e:29:86:45:
         7d:f3:ec:bd:f4:24:d7:b4:cf:36:67:25:32:bf:de:91:87:48:
         a4:84:50:79:74:d3:00:1a:07:9f:3b:fe:a7:af:86:51:b2:b8:
         38:71:85:d2:34:61:02:aa:1c:b0:50:76:75:d7:88:48:d3:9c:
         ea:0f:53:d1:27:b3:6a:3f:02:ad:91:5f:c2:c6:54:cf:18:84:
         78:16:36:47:c9:41:e5:b1:84:11:b5:51:5f:b8:50:02:e4:ce:
         4a:ec:37:f0:9d:49:76:fd:13:d7:4d:01:d4:95:c6:4e:33:71:
         82:92:ca:ca:29:cb:e5:90:ea:ff:2a:b7:71:12:19:de:a2:a7:
         5a:03:d6:6b:ff:dc:61:11:cd:5c:0b:1e:0f:d0:09:2d:26:ac:
         71:75:5a:e7:93:e6:81:99:b3:72:6d:e3:b3:c7:a2:d0:23:65:
         a5:14:10:d4:25:ce:c0:f8:08:d3:d7:4f:a6:c4:a0:85:5c:b1:
         11:72:49:16:59:40:ad:ae:cd:7d:e8:b2:81:a0:11:fc:aa:b8:
         1b:d4:7a:b1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj3aYwkLQEkDxvzkbmgagMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1Y2Y5ZDhkNTUyY2RjN2Q4YzBkYzZmNjQ5YjMwMWYyMzUx
NDA5ZWUwHhcNMjUwMTAyMDU0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmI5ZDk0MDM1MGQ1ZDMwMGE0Yjg1MGVjOWI1NmE1NTA5OWQzZjljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1dTg0i6lX9/uqidnMeVTImM0l3yU
Kd85vjJHaG1izpBLPmCiygzUTR+mcJhv+i8AmdkLjre35xZ1a7PqFLmUq1wo+uA7
RbRUVr2UMjaOqTz4GrNqi+QUcEh/+wqN9LvgizO8RDLFN0CBckyc6Dxw2AefOZvA
ckCh0KRoAtJIVaUiDrp+7W+487JyuzgocCqFrm3gG6HbbmKgRedZazv0Sd0pP+Bb
3Zj0H02XM3lY/e23iS96EGjmzIBDnKcZ1FaSyjsiYF1YsMZ1GgXGDTbpJTY48o05
2Kzr10jnDxd+bUW4WKElpZAaKOPktIBR6Ofxd2olUVp+7gm5WjT2PzHxbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJu52UA1DV0wCkuFDsm1alUJnT+cMB8GA1UdIwQY
MBaAFCXPnY1VLNx9jA3G9kmzAfI1FAnuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSmMtZGpWVXMzSDJNRGNiMlNiTUI4alVVQ2U0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi9hMGUwOGEtOWZmMC00NGI0LWJjYzQt
YTEwNjkwYTc0NGU0LzEvbTduWlFEVU5YVEFLUzRVT3liVnFWUW1kUDV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi9hMGUwOGEtOWZmMC00NGI0LWJjYzQtYTEwNjkwYTc0NGU0
LzEvSmMtZGpWVXMzSDJNRGNiMlNiTUI4alVVQ2U0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLUIgMA0G
CSqGSIb3DQEBCwUAA4IBAQDFSjVOhTYvLdG76msorlYWraVv9CEvuJmLDamVf15R
rOdNiguB1MpiTJskAIvawiWa0h4phkV98+y99CTXtM82ZyUyv96Rh0ikhFB5dNMA
GgefO/6nr4ZRsrg4cYXSNGECqhywUHZ114hI05zqD1PRJ7NqPwKtkV/CxlTPGIR4
FjZHyUHlsYQRtVFfuFAC5M5K7DfwnUl2/RPXTQHUlcZOM3GCksrKKcvlkOr/Krdx
EhneoqdaA9Zr/9xhEc1cCx4P0AktJqxxdVrnk+aBmbNybeOzx6LQI2WlFBDUJc7A
+AjT10+mxKCFXLERckkWWUCtrs196LKBoBH8qrgb1Hqx
-----END CERTIFICATE-----