Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/7d2e64-10d9-4a4e-a4c6-4a9bb2fe7331/1/NxEFYabQ1De2D9MRDvZOgIu0R4g.roa
File:                     NxEFYabQ1De2D9MRDvZOgIu0R4g.roa (raw, json)
Hash identifier:          lAojMYDzIDb75W7SBnvnLzGQZua9BCv398UHDwqthXo=
Subject key identifier:   37:11:05:61:A6:D0:D4:37:B6:0F:D3:11:0E:F6:4E:80:8B:B4:47:88
Certificate issuer:       /CN=250e7df43c82d120a13d3c865f1f06f49644b1e1
Certificate serial:       019420D59AB389C0117F84E5EA09FC604274
Authority key identifier: 25:0E:7D:F4:3C:82:D1:20:A1:3D:3C:86:5F:1F:06:F4:96:44:B1:E1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JQ599DyC0SChPTyGXx8G9JZEseE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/7d2e64-10d9-4a4e-a4c6-4a9bb2fe7331/1/NxEFYabQ1De2D9MRDvZOgIu0R4g.roa
Signing time:             Wed 01 Jan 2025 07:47:37 +0000
ROA not before:           Wed 01 Jan 2025 07:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        45.143.132.0/24 maxlen: 24
                          45.143.133.0/24 maxlen: 24
                          45.143.134.0/24 maxlen: 24
                          45.143.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/7d2e64-10d9-4a4e-a4c6-4a9bb2fe7331/1/JQ599DyC0SChPTyGXx8G9JZEseE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/7d2e64-10d9-4a4e-a4c6-4a9bb2fe7331/1/JQ599DyC0SChPTyGXx8G9JZEseE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JQ599DyC0SChPTyGXx8G9JZEseE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:9a:b3:89:c0:11:7f:84:e5:ea:09:fc:60:42:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=250e7df43c82d120a13d3c865f1f06f49644b1e1
        Validity
            Not Before: Jan  1 07:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=37110561a6d0d437b60fd3110ef64e808bb44788
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a0:a6:86:cc:34:a5:d8:74:50:35:ab:a9:ee:
                    1a:c2:31:0c:5e:98:2e:0e:7b:df:90:c4:e7:f7:89:
                    62:38:db:2b:6e:7f:7b:80:7a:fd:ef:97:71:d1:bd:
                    c1:fc:a5:85:fa:b4:bc:34:29:99:14:22:e2:58:1a:
                    2a:4f:fe:ee:60:aa:40:5d:cb:41:0b:16:99:f2:2f:
                    dc:99:e4:e1:c7:42:37:01:c8:aa:3f:95:27:b7:5b:
                    bb:ff:5e:c0:5d:af:ef:71:16:66:6f:59:9b:ff:95:
                    37:d9:aa:4b:a7:ed:ce:22:92:ec:c3:54:ac:0e:95:
                    cf:f4:e6:a5:97:81:b8:e5:8f:2e:b4:4c:78:59:e7:
                    1c:c6:df:dd:a9:aa:37:cf:fe:16:f4:65:62:fd:1a:
                    e3:d7:2a:41:b2:7e:6c:5a:8d:a8:58:bc:e4:78:5c:
                    af:27:81:45:4b:85:a8:89:fa:67:63:03:ca:71:73:
                    dd:a0:59:e3:f8:80:19:a5:0d:d0:39:7c:c1:af:16:
                    e3:dd:37:40:30:ad:81:4f:78:f6:93:4c:cf:ed:6d:
                    94:f2:d1:1f:68:84:04:ca:cb:29:d8:d2:a0:33:e2:
                    86:60:94:64:d8:42:a0:53:b2:be:47:53:e3:c5:e0:
                    31:db:f2:dc:88:2b:59:e8:8e:d0:63:82:28:f3:be:
                    ef:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                37:11:05:61:A6:D0:D4:37:B6:0F:D3:11:0E:F6:4E:80:8B:B4:47:88
            X509v3 Authority Key Identifier:
                keyid:25:0E:7D:F4:3C:82:D1:20:A1:3D:3C:86:5F:1F:06:F4:96:44:B1:E1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JQ599DyC0SChPTyGXx8G9JZEseE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7d2e64-10d9-4a4e-a4c6-4a9bb2fe7331/1/NxEFYabQ1De2D9MRDvZOgIu0R4g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/7d2e64-10d9-4a4e-a4c6-4a9bb2fe7331/1/JQ599DyC0SChPTyGXx8G9JZEseE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.132.0/22

    Signature Algorithm: sha256WithRSAEncryption
         64:04:92:80:1c:80:5f:72:a3:9c:b9:9a:a5:96:1e:4d:72:d3:
         bf:56:22:14:f4:02:0c:64:30:67:e9:0d:c0:6d:9f:39:bf:1a:
         18:ef:b9:ab:18:ac:ec:d9:e5:03:23:7b:0f:49:0c:fb:a0:c4:
         c6:ba:c2:46:4e:4a:9a:e6:6f:78:e3:75:1e:46:20:83:26:cf:
         b2:d8:b9:52:c6:aa:ff:df:6f:2f:00:cf:a2:66:de:e5:3e:77:
         10:ca:4b:d0:32:0e:5c:8c:1e:fd:59:2f:ec:fe:78:c7:15:a1:
         c2:6e:d0:4b:8a:54:33:64:7f:1e:cb:30:93:b0:40:2b:ee:59:
         50:0e:2d:d9:0d:c7:4c:04:38:42:36:8c:60:79:ab:c5:04:45:
         db:3f:4d:1e:2f:1f:a2:f9:b1:34:67:45:d6:dc:b2:52:87:7b:
         d2:c9:a3:8b:e4:c9:d5:9d:c8:12:b5:f9:68:19:c1:1c:77:ab:
         01:61:96:bc:aa:7b:fb:1e:6e:18:c8:6f:6a:cc:78:7e:f7:5d:
         43:ab:dc:2d:cd:0a:76:2a:46:2d:12:39:04:32:63:d7:87:6b:
         31:16:1a:ef:f6:72:25:e1:29:c9:02:8e:d9:80:bd:53:35:0e:
         bf:7b:13:bb:30:b4:ee:99:fd:49:24:c4:87:c8:f2:f6:91:21:
         b9:36:de:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1ZqzicARf4Tl6gn8YEJ0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MGU3ZGY0M2M4MmQxMjBhMTNkM2M4NjVmMWYwNmY0OTY0
NGIxZTEwHhcNMjUwMTAxMDc0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNzExMDU2MWE2ZDBkNDM3YjYwZmQzMTEwZWY2NGU4MDhiYjQ0Nzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6Cmhsw0pdh0UDWrqe4awjEMXpgu
DnvfkMTn94liONsrbn97gHr975dx0b3B/KWF+rS8NCmZFCLiWBoqT/7uYKpAXctB
CxaZ8i/cmeThx0I3AciqP5Unt1u7/17AXa/vcRZmb1mb/5U32apLp+3OIpLsw1Ss
DpXP9Oall4G45Y8utEx4Weccxt/dqao3z/4W9GVi/Rrj1ypBsn5sWo2oWLzkeFyv
J4FFS4WoifpnYwPKcXPdoFnj+IAZpQ3QOXzBrxbj3TdAMK2BT3j2k0zP7W2U8tEf
aIQEyssp2NKgM+KGYJRk2EKgU7K+R1PjxeAx2/LciCtZ6I7QY4Io877vzwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDcRBWGm0NQ3tg/TEQ72ToCLtEeIMB8GA1UdIwQY
MBaAFCUOffQ8gtEgoT08hl8fBvSWRLHhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlE1OTlEeUMwU0NoUFR5R1h4OEc5SlpFc2VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS83ZDJlNjQtMTBkOS00YTRlLWE0YzYt
NGE5YmIyZmU3MzMxLzEvTnhFRllhYlExRGUyRDlNUkR2Wk9nSXUwUjRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS83ZDJlNjQtMTBkOS00YTRlLWE0YzYtNGE5YmIyZmU3MzMx
LzEvSlE1OTlEeUMwU0NoUFR5R1h4OEc5SlpFc2VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLY+EMA0G
CSqGSIb3DQEBCwUAA4IBAQBkBJKAHIBfcqOcuZqllh5NctO/ViIU9AIMZDBn6Q3A
bZ85vxoY77mrGKzs2eUDI3sPSQz7oMTGusJGTkqa5m9443UeRiCDJs+y2LlSxqr/
328vAM+iZt7lPncQykvQMg5cjB79WS/s/njHFaHCbtBLilQzZH8eyzCTsEAr7llQ
Di3ZDcdMBDhCNoxgeavFBEXbP00eLx+i+bE0Z0XW3LJSh3vSyaOL5MnVncgStflo
GcEcd6sBYZa8qnv7Hm4YyG9qzHh+911Dq9wtzQp2KkYtEjkEMmPXh2sxFhrv9nIl
4SnJAo7ZgL1TNQ6/exO7MLTumf1JJMSHyPL2kSG5Nt6S
-----END CERTIFICATE-----