Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/FtYUQ4DcWIUPKQavr2RPveMCXy4.roa
File:                     FtYUQ4DcWIUPKQavr2RPveMCXy4.roa (raw, json)
Hash identifier:          KVNRYme8xvzA0hhiyevuLcb1dkj9ouHotG7H8GER2ks=
Subject key identifier:   16:D6:14:43:80:DC:58:85:0F:29:06:AF:AF:64:4F:BD:E3:02:5F:2E
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019428275BBFBB3F9ABF00A6E9499DD91030
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/FtYUQ4DcWIUPKQavr2RPveMCXy4.roa
Signing time:             Thu 02 Jan 2025 17:54:15 +0000
ROA not before:           Thu 02 Jan 2025 17:54:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47516
IP address blocks:        45.87.120.0/24 maxlen: 24
                          91.132.49.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:5b:bf:bb:3f:9a:bf:00:a6:e9:49:9d:d9:10:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=16d6144380dc58850f2906afaf644fbde3025f2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:92:02:9c:4e:46:b1:c3:c8:99:62:2f:11:76:
                    96:7c:1e:b7:e3:d1:fb:e7:74:cd:e5:77:ee:3d:ac:
                    2d:52:d0:ba:42:79:ee:2e:fb:1d:34:18:c2:9f:14:
                    0a:db:46:73:fa:d9:52:dd:e8:f5:6a:8d:3c:4b:35:
                    c1:65:20:60:e7:54:8f:a8:c9:88:2d:55:d7:0b:77:
                    be:c4:f4:0b:9f:82:54:f7:e9:c6:e1:96:6f:d2:b2:
                    a4:3d:3e:7b:4d:62:4a:c2:da:8f:08:db:ee:b5:fa:
                    57:e1:d7:33:8e:66:0d:52:f2:1d:a8:c3:e2:d8:4a:
                    65:43:be:09:1a:18:7f:2f:85:70:f0:97:f8:80:c1:
                    53:99:7e:5e:35:ff:eb:91:7f:6e:47:eb:69:97:81:
                    66:5a:ef:45:62:1f:4d:4d:17:64:83:e4:59:d6:8a:
                    d3:10:20:6a:55:cd:17:8a:60:3d:54:c2:0b:47:d5:
                    78:3b:9c:c0:15:cf:e1:b4:9f:eb:62:50:69:db:36:
                    16:b1:36:9a:96:13:34:66:b1:33:b7:0a:82:9f:ff:
                    8f:47:e1:a3:16:0b:fc:b8:ce:0f:58:45:4e:91:7b:
                    e7:ad:5e:ab:92:0a:31:09:68:08:dd:e1:a4:76:79:
                    ea:b5:49:a7:02:b6:73:22:69:e9:87:ef:11:7f:c3:
                    7c:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:D6:14:43:80:DC:58:85:0F:29:06:AF:AF:64:4F:BD:E3:02:5F:2E
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/FtYUQ4DcWIUPKQavr2RPveMCXy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.120.0/24
                  91.132.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         39:f0:0b:54:c8:e7:0c:c9:b7:8e:08:12:c7:04:4e:68:ed:7a:
         94:2b:7c:5e:95:19:8a:e6:d0:c2:94:2f:94:68:cd:46:87:d0:
         00:59:f1:77:49:58:aa:ee:18:ce:4c:5c:0e:d8:ec:09:61:56:
         9f:f1:41:cb:f6:e9:95:ba:a8:c8:1f:0f:e7:27:da:a9:7a:05:
         fb:00:0b:be:64:00:a2:55:c1:8c:a1:79:07:8b:fb:ea:04:4a:
         86:d1:bd:8c:ce:a7:bb:75:1d:78:c8:04:c5:1b:2e:a2:91:36:
         39:c9:d3:46:63:38:b0:e4:43:91:2a:97:44:2c:02:6c:3a:6a:
         db:83:ab:44:b4:cf:83:ee:d9:8c:c9:26:5b:3f:88:43:1a:d6:
         f7:9d:77:31:a9:9c:1e:6f:1c:0a:0e:32:4a:33:a5:54:14:7e:
         a3:db:14:ea:61:dd:cb:86:a8:80:12:91:94:16:d0:c7:3c:8b:
         36:38:97:bb:c5:e7:30:20:b2:8f:b2:c2:72:51:1b:80:b4:87:
         45:ec:04:19:1b:95:dc:2d:7e:33:fc:a2:4a:c1:64:c2:67:35:
         36:68:c4:8b:6f:89:1e:2f:e8:a0:ef:7a:5a:0b:2b:73:e2:e8:
         ae:a0:87:80:93:6a:f8:51:d4:82:85:e2:bc:11:80:f1:48:9f:
         7b:72:5d:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJ1u/uz+avwCm6Umd2RAwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNmQ2MTQ0MzgwZGM1ODg1MGYyOTA2YWZhZjY0NGZiZGUzMDI1ZjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35ICnE5GscPImWIvEXaWfB6349H7
53TN5XfuPawtUtC6QnnuLvsdNBjCnxQK20Zz+tlS3ej1ao08SzXBZSBg51SPqMmI
LVXXC3e+xPQLn4JU9+nG4ZZv0rKkPT57TWJKwtqPCNvutfpX4dczjmYNUvIdqMPi
2EplQ74JGhh/L4Vw8Jf4gMFTmX5eNf/rkX9uR+tpl4FmWu9FYh9NTRdkg+RZ1orT
ECBqVc0XimA9VMILR9V4O5zAFc/htJ/rYlBp2zYWsTaalhM0ZrEztwqCn/+PR+Gj
Fgv8uM4PWEVOkXvnrV6rkgoxCWgI3eGkdnnqtUmnArZzImnph+8Rf8N8mwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBbWFEOA3FiFDykGr69kT73jAl8uMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvRnRZVVE0RGNXSVVQS1FhdnIyUlB2ZU1DWHk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVd4AwQA
W4QxMA0GCSqGSIb3DQEBCwUAA4IBAQA58AtUyOcMybeOCBLHBE5o7XqUK3xelRmK
5tDClC+UaM1Gh9AAWfF3SViq7hjOTFwO2OwJYVaf8UHL9umVuqjIHw/nJ9qpegX7
AAu+ZACiVcGMoXkHi/vqBEqG0b2Mzqe7dR14yATFGy6ikTY5ydNGYziw5EORKpdE
LAJsOmrbg6tEtM+D7tmMySZbP4hDGtb3nXcxqZwebxwKDjJKM6VUFH6j2xTqYd3L
hqiAEpGUFtDHPIs2OJe7xecwILKPssJyURuAtIdF7AQZG5XcLX4z/KJKwWTCZzU2
aMSLb4keL+ig73paCytz4uiuoIeAk2r4UdSCheK8EYDxSJ97cl0C
-----END CERTIFICATE-----