Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/pZwUUb6x4Lez1tW_jvxd_X_PyY8.roa
File:                     pZwUUb6x4Lez1tW_jvxd_X_PyY8.roa (raw, json)
Hash identifier:          weF+c7Ta8anbMKz4f67ACPq7m1FTdbmyMymH/ZhAy3g=
Subject key identifier:   A5:9C:14:51:BE:B1:E0:B7:B3:D6:D5:BF:8E:FC:5D:FD:7F:CF:C9:8F
Certificate issuer:       /CN=3aca50858a1856ffa02e91356f14236e7c38b85a
Certificate serial:       019421B253082DB1275886B924BAEBF0A62D
Authority key identifier: 3A:CA:50:85:8A:18:56:FF:A0:2E:91:35:6F:14:23:6E:7C:38:B8:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OspQhYoYVv-gLpE1bxQjbnw4uFo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/pZwUUb6x4Lez1tW_jvxd_X_PyY8.roa
Signing time:             Wed 01 Jan 2025 11:48:42 +0000
ROA not before:           Wed 01 Jan 2025 11:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211366
IP address blocks:        45.9.193.0/24 maxlen: 24
                          2a0e:1106:3000::/40 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/OspQhYoYVv-gLpE1bxQjbnw4uFo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/OspQhYoYVv-gLpE1bxQjbnw4uFo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OspQhYoYVv-gLpE1bxQjbnw4uFo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 07:43:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:53:08:2d:b1:27:58:86:b9:24:ba:eb:f0:a6:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aca50858a1856ffa02e91356f14236e7c38b85a
        Validity
            Not Before: Jan  1 11:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a59c1451beb1e0b7b3d6d5bf8efc5dfd7fcfc98f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:2a:19:bb:a7:85:2a:a2:d9:09:40:89:ac:80:
                    08:65:4d:a2:b9:d4:83:53:19:05:fb:a1:d6:a7:e8:
                    e9:16:4e:a8:fc:f4:1f:a1:8b:62:7a:56:bd:74:06:
                    25:f0:05:78:bc:72:04:39:9f:13:23:3c:17:d3:9c:
                    63:85:36:3e:3f:d7:2f:bd:7b:70:45:f2:67:2e:7a:
                    73:1f:f6:67:92:98:b9:1b:cf:45:58:c4:cd:ca:70:
                    0d:05:5e:e7:87:36:e4:c2:28:34:37:78:91:e6:26:
                    16:67:2e:75:b9:2e:66:2a:83:2b:dc:3b:16:ab:77:
                    99:f5:b1:95:ea:98:93:96:3f:f1:4b:90:3e:52:3b:
                    38:c7:11:87:29:7c:2a:88:d0:92:29:44:1e:d3:f6:
                    5b:0b:45:c4:61:06:46:79:6f:2d:ae:ad:85:c0:99:
                    1a:3e:f3:46:b8:a6:6f:a6:4f:7e:6c:3c:42:f0:f5:
                    39:de:16:be:be:3f:0d:05:55:54:45:fa:34:16:4e:
                    56:2c:e4:3c:18:a7:e8:4b:51:dc:ff:0d:19:b9:b9:
                    2b:86:a4:33:85:bf:0d:e4:d3:ba:22:ae:96:2b:ab:
                    0e:6d:ba:bf:07:4d:fd:38:a7:40:32:09:0c:ff:4c:
                    fa:90:2b:db:61:a6:67:a5:75:60:7a:97:b2:f5:98:
                    4f:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:9C:14:51:BE:B1:E0:B7:B3:D6:D5:BF:8E:FC:5D:FD:7F:CF:C9:8F
            X509v3 Authority Key Identifier:
                keyid:3A:CA:50:85:8A:18:56:FF:A0:2E:91:35:6F:14:23:6E:7C:38:B8:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OspQhYoYVv-gLpE1bxQjbnw4uFo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/pZwUUb6x4Lez1tW_jvxd_X_PyY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/12b937-890d-47b5-a041-331d7fc77bd4/1/OspQhYoYVv-gLpE1bxQjbnw4uFo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.9.193.0/24
                IPv6:
                  2a0e:1106:3000::/40

    Signature Algorithm: sha256WithRSAEncryption
         8a:de:42:9d:51:3a:15:7b:e3:9c:ef:da:29:34:47:d2:a6:31:
         90:a8:9f:a7:00:b2:71:0e:bc:3b:df:e9:43:f0:10:5a:bf:7d:
         9e:66:3b:9b:1d:0a:00:5c:40:22:4f:49:a7:e1:6e:dd:51:06:
         7d:16:57:9f:65:f2:65:25:76:7e:39:d7:92:37:2a:11:84:a5:
         02:65:80:63:10:4e:35:cf:bc:59:50:bc:ef:e1:89:4f:73:b3:
         8d:f0:4a:98:86:89:25:e7:48:a9:32:fc:6e:c0:16:cc:06:b3:
         4b:d1:00:c0:88:5f:3d:00:33:80:c8:09:88:ee:98:5c:5a:93:
         ec:47:1c:56:00:68:00:91:c4:eb:ec:78:61:6b:94:89:16:96:
         4e:cb:92:78:68:42:fd:31:0a:bb:99:43:34:62:e7:f6:7b:e3:
         37:32:2a:83:1d:1c:f0:06:55:3a:68:4e:c8:bb:50:d9:d2:0b:
         a5:cb:49:4c:34:89:09:46:50:15:7f:df:03:4e:fc:9e:0f:53:
         c9:3f:94:96:48:4f:e2:2d:ba:bb:ed:ba:78:7d:f7:e8:d9:8a:
         ec:5e:32:c2:b1:cc:71:e0:10:cb:c6:3a:ae:72:9d:56:ee:f5:
         f5:0a:ae:53:0f:d4:b6:dc:a7:9a:b2:e1:69:d2:ea:b6:0d:e6:
         b3:f2:8d:82
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQhslMILbEnWIa5JLrr8KYtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhY2E1MDg1OGExODU2ZmZhMDJlOTEzNTZmMTQyMzZlN2Mz
OGI4NWEwHhcNMjUwMTAxMTE0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTljMTQ1MWJlYjFlMGI3YjNkNmQ1YmY4ZWZjNWRmZDdmY2ZjOThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlyoZu6eFKqLZCUCJrIAIZU2iudSD
UxkF+6HWp+jpFk6o/PQfoYtiela9dAYl8AV4vHIEOZ8TIzwX05xjhTY+P9cvvXtw
RfJnLnpzH/Znkpi5G89FWMTNynANBV7nhzbkwig0N3iR5iYWZy51uS5mKoMr3DsW
q3eZ9bGV6piTlj/xS5A+Ujs4xxGHKXwqiNCSKUQe0/ZbC0XEYQZGeW8trq2FwJka
PvNGuKZvpk9+bDxC8PU53ha+vj8NBVVURfo0Fk5WLOQ8GKfoS1Hc/w0ZubkrhqQz
hb8N5NO6Iq6WK6sObbq/B039OKdAMgkM/0z6kCvbYaZnpXVgepey9ZhPuQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFKWcFFG+seC3s9bVv478Xf1/z8mPMB8GA1UdIwQY
MBaAFDrKUIWKGFb/oC6RNW8UI258OLhaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3NwUWhZb1lWdi1nTHBFMWJ4UWpibnc0dUZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xMmI5MzctODkwZC00N2I1LWEwNDEt
MzMxZDdmYzc3YmQ0LzEvcFp3VVViNng0TGV6MXRXX2p2eGRfWF9QeVk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xMmI5MzctODkwZC00N2I1LWEwNDEtMzMxZDdmYzc3YmQ0
LzEvT3NwUWhZb1lWdi1nTHBFMWJ4UWpibnc0dUZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQALQnBMA4E
AgACMAgDBgAqDhEGMDANBgkqhkiG9w0BAQsFAAOCAQEAit5CnVE6FXvjnO/aKTRH
0qYxkKifpwCycQ68O9/pQ/AQWr99nmY7mx0KAFxAIk9Jp+Fu3VEGfRZXn2XyZSV2
fjnXkjcqEYSlAmWAYxBONc+8WVC87+GJT3OzjfBKmIaJJedIqTL8bsAWzAazS9EA
wIhfPQAzgMgJiO6YXFqT7EccVgBoAJHE6+x4YWuUiRaWTsuSeGhC/TEKu5lDNGLn
9nvjNzIqgx0c8AZVOmhOyLtQ2dILpctJTDSJCUZQFX/fA078ng9TyT+UlkhP4i26
u+26eH336NmK7F4ywrHMceAQy8Y6rnKdVu719QquUw/UttynmrLhadLqtg3ms/KN
gg==
-----END CERTIFICATE-----