Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/KL6jSscYFRJUguM4TrlaaIaMfD0.roa
File:                     KL6jSscYFRJUguM4TrlaaIaMfD0.roa (raw, json)
Hash identifier:          El1VfWrOcYrj1YkMbLpzTVJ2PHP9MtzaAXHIBBqbtYw=
Subject key identifier:   28:BE:A3:4A:C7:18:15:12:54:82:E3:38:4E:B9:5A:68:86:8C:7C:3D
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       019430CD2877CA87AF3ED4FC919E16579EBD
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/KL6jSscYFRJUguM4TrlaaIaMfD0.roa
Signing time:             Sat 04 Jan 2025 10:12:19 +0000
ROA not before:           Sat 04 Jan 2025 10:12:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216300
IP address blocks:        45.87.121.0/24 maxlen: 24
                          185.254.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:30:cd:28:77:ca:87:af:3e:d4:fc:91:9e:16:57:9e:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  4 10:12:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=28bea34ac71815125482e3384eb95a68868c7c3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f2:c2:81:de:b3:f6:b9:5f:ba:ee:f9:ff:33:
                    41:5b:17:4c:78:99:db:c5:71:6b:d7:8e:79:fe:b1:
                    66:80:77:4c:1e:33:6a:2e:ca:39:33:65:a7:32:94:
                    8e:c3:f6:9e:c8:82:9c:e5:66:63:93:96:4c:d4:c4:
                    81:f4:5e:94:7e:e9:c2:df:2b:0f:b0:8a:b8:cd:24:
                    65:4c:a7:ae:f1:80:47:95:ba:42:07:ae:ca:31:36:
                    a0:79:32:03:8d:50:2b:c0:38:47:52:42:bd:3b:f0:
                    7f:8e:54:27:7a:bf:b7:cd:b8:12:cf:1d:f5:27:a2:
                    0d:2a:6b:fa:59:3b:ad:83:38:16:41:b0:ec:be:3e:
                    8a:23:10:78:de:83:a4:50:fa:0e:02:1d:2a:86:5d:
                    57:8a:16:43:e5:4b:c3:d5:ee:fb:0f:b6:a3:58:c2:
                    57:59:3e:c1:dd:0e:af:01:dc:93:2f:db:90:92:5d:
                    d1:a5:b0:39:d8:bd:10:02:26:c0:35:8e:45:71:73:
                    09:fe:b7:32:56:70:d6:49:89:b9:b6:93:1e:28:b1:
                    b4:e4:64:77:80:a7:87:8a:6a:44:41:00:19:b6:a2:
                    f5:e1:12:ac:3e:ba:33:18:57:0c:a0:e7:03:95:da:
                    d2:63:84:7c:4f:06:10:2a:38:4a:50:91:94:9b:ff:
                    78:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:BE:A3:4A:C7:18:15:12:54:82:E3:38:4E:B9:5A:68:86:8C:7C:3D
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/KL6jSscYFRJUguM4TrlaaIaMfD0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.87.121.0/24
                  185.254.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:b8:8a:a5:e1:72:6b:68:29:4d:b5:ae:1d:d4:1b:5b:c2:69:
         86:5a:bf:17:7b:70:66:b0:ae:98:40:ae:7a:85:d8:18:80:fa:
         79:bd:2e:22:6f:e3:d3:fa:53:b4:d1:64:d6:73:fe:8b:67:37:
         5f:59:a9:68:6b:66:af:93:86:0e:51:7a:41:15:f6:f6:78:72:
         b0:a7:69:97:d4:a6:99:0e:08:fa:a2:47:18:5a:0e:da:46:e2:
         46:ab:7b:f6:21:7b:a9:0e:0f:ef:08:2f:b3:1a:9c:01:1a:c4:
         49:a0:48:01:5c:a7:f9:b3:ed:49:7e:93:c9:2f:bf:28:7b:29:
         35:c9:5e:b1:de:de:27:46:b8:10:1a:ef:d2:32:8d:02:e7:5a:
         ad:e6:4b:62:a0:59:00:90:02:c4:35:c8:77:5d:38:a2:f1:f3:
         2e:a9:fd:b6:8a:ea:85:40:d5:63:0c:fd:65:ab:17:0d:88:8e:
         95:42:69:68:5e:6b:7a:13:1d:a4:8b:45:6a:83:01:df:d7:c5:
         c9:59:c9:42:8e:3d:95:01:b9:09:3d:38:c3:a0:b0:2d:3b:30:
         8a:d6:63:ba:c9:05:a2:bc:e3:6a:53:65:b1:73:40:d2:f2:ba:
         0f:eb:db:7a:42:90:b5:4e:6e:4e:42:bb:e5:92:bf:81:4a:81:
         aa:89:ca:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQwzSh3yoevPtT8kZ4WV569MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTA0MTAxMjE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGJlYTM0YWM3MTgxNTEyNTQ4MmUzMzg0ZWI5NWE2ODg2OGM3YzNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/LCgd6z9rlfuu75/zNBWxdMeJnb
xXFr1455/rFmgHdMHjNqLso5M2WnMpSOw/aeyIKc5WZjk5ZM1MSB9F6UfunC3ysP
sIq4zSRlTKeu8YBHlbpCB67KMTageTIDjVArwDhHUkK9O/B/jlQner+3zbgSzx31
J6INKmv6WTutgzgWQbDsvj6KIxB43oOkUPoOAh0qhl1XihZD5UvD1e77D7ajWMJX
WT7B3Q6vAdyTL9uQkl3RpbA52L0QAibANY5FcXMJ/rcyVnDWSYm5tpMeKLG05GR3
gKeHimpEQQAZtqL14RKsProzGFcMoOcDldrSY4R8TwYQKjhKUJGUm/94/wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCi+o0rHGBUSVILjOE65WmiGjHw9MB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvS0w2alNzY1lGUkpVZ3VNNFRybGFhSWFNZkQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVd5AwQA
uf5DMA0GCSqGSIb3DQEBCwUAA4IBAQBCuIql4XJraClNta4d1BtbwmmGWr8Xe3Bm
sK6YQK56hdgYgPp5vS4ib+PT+lO00WTWc/6LZzdfWaloa2avk4YOUXpBFfb2eHKw
p2mX1KaZDgj6okcYWg7aRuJGq3v2IXupDg/vCC+zGpwBGsRJoEgBXKf5s+1JfpPJ
L78oeyk1yV6x3t4nRrgQGu/SMo0C51qt5ktioFkAkALENch3XTii8fMuqf22iuqF
QNVjDP1lqxcNiI6VQmloXmt6Ex2ki0VqgwHf18XJWclCjj2VAbkJPTjDoLAtOzCK
1mO6yQWivONqU2Wxc0DS8roP69t6QpC1Tm5OQrvlkr+BSoGqicoQ
-----END CERTIFICATE-----