Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/EtuX617xzyrB71Hjc1hl3WMzRjI.roa
File:                     EtuX617xzyrB71Hjc1hl3WMzRjI.roa (raw, json)
Hash identifier:          QSVoTvnTqOuhcGfy2h2iEu7xdB5mNRvXSamlWm6WYuo=
Subject key identifier:   12:DB:97:EB:5E:F1:CF:2A:C1:EF:51:E3:73:58:65:DD:63:33:46:32
Certificate issuer:       /CN=aafc41aafbbccaa96711849745ef722a5260ac7e
Certificate serial:       019420D5C1732BF73D6EEF52FE86C03808C2
Authority key identifier: AA:FC:41:AA:FB:BC:CA:A9:67:11:84:97:45:EF:72:2A:52:60:AC:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qvxBqvu8yqlnEYSXRe9yKlJgrH4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/EtuX617xzyrB71Hjc1hl3WMzRjI.roa
Signing time:             Wed 01 Jan 2025 07:47:47 +0000
ROA not before:           Wed 01 Jan 2025 07:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42525
IP address blocks:        45.67.92.0/22 maxlen: 24
                          2a09:7440::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/qvxBqvu8yqlnEYSXRe9yKlJgrH4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/qvxBqvu8yqlnEYSXRe9yKlJgrH4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qvxBqvu8yqlnEYSXRe9yKlJgrH4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:c1:73:2b:f7:3d:6e:ef:52:fe:86:c0:38:08:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aafc41aafbbccaa96711849745ef722a5260ac7e
        Validity
            Not Before: Jan  1 07:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=12db97eb5ef1cf2ac1ef51e3735865dd63334632
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:02:d5:b5:2e:7a:9d:f8:38:ac:e8:90:db:de:
                    f0:3a:65:45:77:fb:38:77:f3:97:ca:a2:4f:94:f1:
                    80:03:e9:80:d0:ff:90:45:a3:3a:06:10:31:9f:bb:
                    f4:6e:07:f1:da:2e:77:ea:7c:79:13:35:38:9d:56:
                    de:1d:9d:cc:8e:5a:07:c0:f5:43:58:b1:46:48:4b:
                    26:f7:ca:be:c0:85:3b:87:51:1c:30:8d:fe:b0:ad:
                    32:31:03:b4:aa:e8:0d:2d:c6:8b:8f:59:ff:85:b7:
                    32:14:cf:3b:82:2d:78:f7:d3:4e:54:a6:01:a0:b9:
                    2a:67:90:b2:5b:43:bf:f8:54:89:ce:25:d4:44:6e:
                    8f:05:df:ab:a8:47:24:e4:2a:37:d3:b6:58:36:63:
                    a9:e2:4b:2f:25:94:f5:6c:0a:6f:b3:db:56:ff:b1:
                    a8:63:e8:c6:f4:d5:e5:8b:72:0a:e1:d0:b2:ae:4b:
                    87:eb:a5:e5:54:87:92:75:af:e7:92:35:63:66:62:
                    fc:73:ea:86:48:05:1c:43:62:20:d8:76:79:7f:0a:
                    f2:67:da:43:38:df:86:f1:a4:49:50:7c:b9:36:ff:
                    7b:ae:95:23:25:cf:23:42:35:2f:fa:22:3e:33:4c:
                    1c:17:b3:6d:f3:d6:11:6b:7d:cd:ec:64:0a:a5:9c:
                    d2:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:DB:97:EB:5E:F1:CF:2A:C1:EF:51:E3:73:58:65:DD:63:33:46:32
            X509v3 Authority Key Identifier:
                keyid:AA:FC:41:AA:FB:BC:CA:A9:67:11:84:97:45:EF:72:2A:52:60:AC:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qvxBqvu8yqlnEYSXRe9yKlJgrH4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/EtuX617xzyrB71Hjc1hl3WMzRjI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/9fddd4-526a-4807-b127-1bc31c62401f/1/qvxBqvu8yqlnEYSXRe9yKlJgrH4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.67.92.0/22
                IPv6:
                  2a09:7440::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:91:fb:4d:a7:98:6a:b4:9e:59:ea:0d:01:d4:13:1d:36:8f:
         06:da:f5:77:9f:e3:c4:c8:d0:bd:2f:9e:9b:01:ee:71:cc:35:
         fa:8e:11:ff:2f:15:7b:1f:b2:87:4a:8f:53:17:e4:77:32:7d:
         c5:57:cc:0a:b3:fc:b7:70:5d:90:a8:68:28:ee:a1:5c:8a:3a:
         bb:af:ea:9e:f1:ac:f0:a6:da:46:10:e7:07:dd:83:8c:2d:cc:
         e1:c6:45:ae:24:a6:ff:93:5d:16:1b:41:59:12:9c:b8:bf:4d:
         e8:63:db:68:1a:5b:f5:1f:2e:70:d0:c9:d4:cd:28:f2:3e:09:
         45:60:e4:db:93:e0:b6:f2:45:31:59:b8:d8:42:49:78:4c:b6:
         18:46:ec:4c:84:68:44:cd:65:da:b8:7f:49:a0:d9:34:ee:74:
         e6:18:7b:96:77:84:57:22:13:41:6d:1a:89:9a:84:9f:71:24:
         cf:69:7a:f8:b4:f5:f9:80:6c:8e:8d:96:a4:de:a6:b4:5a:f6:
         64:fc:1c:9f:49:17:eb:57:95:aa:1c:6f:80:19:19:a3:59:2e:
         3b:4b:9e:e0:a7:14:29:a0:c3:c6:17:ce:55:f5:24:a1:71:6c:
         7b:b2:52:2f:20:00:fe:d4:a6:24:5c:70:02:fa:3c:9a:63:04:
         be:63:0a:01
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1cFzK/c9bu9S/obAOAjCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhZmM0MWFhZmJiY2NhYTk2NzExODQ5NzQ1ZWY3MjJhNTI2
MGFjN2UwHhcNMjUwMTAxMDc0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmRiOTdlYjVlZjFjZjJhYzFlZjUxZTM3MzU4NjVkZDYzMzM0NjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmALVtS56nfg4rOiQ297wOmVFd/s4
d/OXyqJPlPGAA+mA0P+QRaM6BhAxn7v0bgfx2i536nx5EzU4nVbeHZ3MjloHwPVD
WLFGSEsm98q+wIU7h1EcMI3+sK0yMQO0qugNLcaLj1n/hbcyFM87gi1499NOVKYB
oLkqZ5CyW0O/+FSJziXURG6PBd+rqEck5Co307ZYNmOp4ksvJZT1bApvs9tW/7Go
Y+jG9NXli3IK4dCyrkuH66XlVIeSda/nkjVjZmL8c+qGSAUcQ2Ig2HZ5fwryZ9pD
ON+G8aRJUHy5Nv97rpUjJc8jQjUv+iI+M0wcF7Nt89YRa33N7GQKpZzSmwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBLbl+te8c8qwe9R43NYZd1jM0YyMB8GA1UdIwQY
MBaAFKr8Qar7vMqpZxGEl0XvcipSYKx+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXZ4QnF2dTh5cWxuRVlTWFJlOXlLbEpnckg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS85ZmRkZDQtNTI2YS00ODA3LWIxMjct
MWJjMzFjNjI0MDFmLzEvRXR1WDYxN3h6eXJCNzFIamMxaGwzV016UmpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS85ZmRkZDQtNTI2YS00ODA3LWIxMjctMWJjMzFjNjI0MDFm
LzEvcXZ4QnF2dTh5cWxuRVlTWFJlOXlLbEpnckg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLUNcMA0E
AgACMAcDBQAqCXRAMA0GCSqGSIb3DQEBCwUAA4IBAQAVkftNp5hqtJ5Z6g0B1BMd
No8G2vV3n+PEyNC9L56bAe5xzDX6jhH/LxV7H7KHSo9TF+R3Mn3FV8wKs/y3cF2Q
qGgo7qFcijq7r+qe8azwptpGEOcH3YOMLczhxkWuJKb/k10WG0FZEpy4v03oY9to
Glv1Hy5w0MnUzSjyPglFYOTbk+C28kUxWbjYQkl4TLYYRuxMhGhEzWXauH9JoNk0
7nTmGHuWd4RXIhNBbRqJmoSfcSTPaXr4tPX5gGyOjZak3qa0WvZk/ByfSRfrV5Wq
HG+AGRmjWS47S57gpxQpoMPGF85V9SShcWx7slIvIAD+1KYkXHAC+jyaYwS+YwoB
-----END CERTIFICATE-----