Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/JSfSNBZp2sArMnNqgy7JPjlV3w0.roa
File:                     JSfSNBZp2sArMnNqgy7JPjlV3w0.roa (raw, json)
Hash identifier:          AAxuDoIwBhXDcehYAfqhoDL4a0JHM/VmkCzff4ZSoTk=
Subject key identifier:   25:27:D2:34:16:69:DA:C0:2B:32:73:6A:83:2E:C9:3E:39:55:DF:0D
Certificate issuer:       /CN=27484956736549eab3b06e23aab89ca5993a8076
Certificate serial:       019421B1BF44EE97141D08571592FD454136
Authority key identifier: 27:48:49:56:73:65:49:EA:B3:B0:6E:23:AA:B8:9C:A5:99:3A:80:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J0hJVnNlSeqzsG4jqricpZk6gHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/JSfSNBZp2sArMnNqgy7JPjlV3w0.roa
Signing time:             Wed 01 Jan 2025 11:48:04 +0000
ROA not before:           Wed 01 Jan 2025 11:48:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215821
IP address blocks:        45.84.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/J0hJVnNlSeqzsG4jqricpZk6gHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/J0hJVnNlSeqzsG4jqricpZk6gHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J0hJVnNlSeqzsG4jqricpZk6gHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:bf:44:ee:97:14:1d:08:57:15:92:fd:45:41:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27484956736549eab3b06e23aab89ca5993a8076
        Validity
            Not Before: Jan  1 11:48:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2527d2341669dac02b32736a832ec93e3955df0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:97:15:fe:af:e5:d1:6b:e5:ec:c4:58:97:96:
                    5f:3f:20:d7:aa:b8:85:61:13:60:18:28:da:9e:4b:
                    a6:b3:35:62:de:9e:1b:5b:8e:94:e5:ef:46:fe:c4:
                    6d:14:f2:65:5d:21:d6:a0:6a:f1:d5:25:5f:4f:b0:
                    c5:be:15:23:ab:e7:5d:22:09:ae:e1:57:36:e4:ee:
                    a4:98:07:77:8d:c8:2e:95:22:01:df:a9:08:f3:56:
                    9f:33:14:1e:1f:e7:8d:cb:23:58:3c:76:b5:6b:e9:
                    53:1b:e6:42:64:00:59:e4:2a:21:2c:30:3a:c4:01:
                    aa:92:93:81:fe:e1:6a:c7:81:30:64:4b:4c:cb:a2:
                    e4:da:d3:af:36:2f:d3:0b:2f:2d:cb:b7:e9:c9:12:
                    b4:5c:cc:bc:68:79:0a:3f:44:a1:09:13:47:f8:56:
                    88:60:4c:77:13:9c:b9:05:3a:2f:65:50:f5:74:75:
                    1b:f8:65:3e:0d:9c:15:d6:c8:30:6c:64:47:1d:89:
                    0e:59:23:a2:db:35:fd:2b:f6:e3:c0:8b:47:e6:46:
                    9a:41:f0:dd:1e:25:6e:46:7f:15:4f:dd:09:2f:60:
                    69:34:6b:be:30:c1:c8:8a:49:6d:7a:50:28:b3:7c:
                    a3:fc:b2:f9:71:c3:9c:ea:ae:ac:6d:cb:0d:7d:74:
                    cb:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:27:D2:34:16:69:DA:C0:2B:32:73:6A:83:2E:C9:3E:39:55:DF:0D
            X509v3 Authority Key Identifier:
                keyid:27:48:49:56:73:65:49:EA:B3:B0:6E:23:AA:B8:9C:A5:99:3A:80:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J0hJVnNlSeqzsG4jqricpZk6gHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/JSfSNBZp2sArMnNqgy7JPjlV3w0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/dee578-f2c6-41c0-b728-ad163ab354c8/1/J0hJVnNlSeqzsG4jqricpZk6gHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:23:de:a1:ab:ea:77:83:19:24:f4:30:00:b9:62:86:6d:ee:
         e1:46:a2:17:92:17:f8:cb:b1:6e:1e:f4:fd:c3:73:db:46:4d:
         0b:bc:ff:8f:36:98:98:20:28:f5:59:4a:e3:e3:84:d5:b1:c7:
         74:36:45:f2:b5:e6:14:0d:7e:65:ce:b2:89:07:41:29:00:34:
         04:54:e3:2e:04:97:41:6b:bd:e4:20:58:2c:45:7c:0a:3a:57:
         6d:1a:21:89:69:72:e8:4f:62:fa:dd:f1:b7:89:55:53:4a:f3:
         31:79:99:a1:22:c3:ea:9d:92:b7:45:2f:de:9a:2b:31:67:9e:
         83:ba:bf:37:d2:73:c1:b6:ae:f3:d1:8e:b9:0a:a5:53:5d:a4:
         2a:56:b2:18:40:33:b2:e4:6c:d6:e4:37:c3:74:cd:ad:28:b0:
         87:31:a4:76:51:50:d3:0c:8d:17:d4:0f:87:33:f8:1a:19:c2:
         2d:9d:f4:e6:aa:23:ab:ea:ed:ca:c7:99:eb:ed:53:cc:8b:18:
         04:81:db:15:bc:44:83:da:a4:7b:79:0c:31:f8:3b:50:cc:1e:
         0e:48:92:6d:7f:49:9f:e2:c1:20:eb:2a:61:af:98:89:0c:98:
         c6:67:43:e7:6e:65:c0:79:90:28:48:79:32:35:a2:64:ea:ce:
         4d:1b:3e:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsb9E7pcUHQhXFZL9RUE2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NDg0OTU2NzM2NTQ5ZWFiM2IwNmUyM2FhYjg5Y2E1OTkz
YTgwNzYwHhcNMjUwMTAxMTE0ODA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTI3ZDIzNDE2NjlkYWMwMmIzMjczNmE4MzJlYzkzZTM5NTVkZjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZcV/q/l0Wvl7MRYl5ZfPyDXqriF
YRNgGCjankumszVi3p4bW46U5e9G/sRtFPJlXSHWoGrx1SVfT7DFvhUjq+ddIgmu
4Vc25O6kmAd3jcgulSIB36kI81afMxQeH+eNyyNYPHa1a+lTG+ZCZABZ5CohLDA6
xAGqkpOB/uFqx4EwZEtMy6Lk2tOvNi/TCy8ty7fpyRK0XMy8aHkKP0ShCRNH+FaI
YEx3E5y5BTovZVD1dHUb+GU+DZwV1sgwbGRHHYkOWSOi2zX9K/bjwItH5kaaQfDd
HiVuRn8VT90JL2BpNGu+MMHIikltelAos3yj/LL5ccOc6q6sbcsNfXTLnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCUn0jQWadrAKzJzaoMuyT45Vd8NMB8GA1UdIwQY
MBaAFCdISVZzZUnqs7BuI6q4nKWZOoB2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjBoSlZuTmxTZXF6c0c0anFyaWNwWms2Z0hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9kZWU1NzgtZjJjNi00MWMwLWI3Mjgt
YWQxNjNhYjM1NGM4LzEvSlNmU05CWnAyc0FyTW5OcWd5N0pQamxWM3cwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9kZWU1NzgtZjJjNi00MWMwLWI3MjgtYWQxNjNhYjM1NGM4
LzEvSjBoSlZuTmxTZXF6c0c0anFyaWNwWms2Z0hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVRlMA0G
CSqGSIb3DQEBCwUAA4IBAQBEI96hq+p3gxkk9DAAuWKGbe7hRqIXkhf4y7FuHvT9
w3PbRk0LvP+PNpiYICj1WUrj44TVscd0NkXyteYUDX5lzrKJB0EpADQEVOMuBJdB
a73kIFgsRXwKOldtGiGJaXLoT2L63fG3iVVTSvMxeZmhIsPqnZK3RS/emisxZ56D
ur830nPBtq7z0Y65CqVTXaQqVrIYQDOy5GzW5DfDdM2tKLCHMaR2UVDTDI0X1A+H
M/gaGcItnfTmqiOr6u3Kx5nr7VPMixgEgdsVvESD2qR7eQwx+DtQzB4OSJJtf0mf
4sEg6yphr5iJDJjGZ0PnbmXAeZAoSHkyNaJk6s5NGz4A
-----END CERTIFICATE-----