Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/jndEHNZ2x0pbxmjtnUN_iL0EOgg.roa
File:                     jndEHNZ2x0pbxmjtnUN_iL0EOgg.roa (raw, json)
Hash identifier:          VNMFBQYDM78mD696fWYXbt5tsmZPIllrl31MY4LZBZs=
Subject key identifier:   8E:77:44:1C:D6:76:C7:4A:5B:C6:68:ED:9D:43:7F:88:BD:04:3A:08
Certificate issuer:       /CN=ee31367df6d1861071c92bae726523326f45ba2a
Certificate serial:       019423D722DE58E2BFAFA52024683706F621
Authority key identifier: EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/jndEHNZ2x0pbxmjtnUN_iL0EOgg.roa
Signing time:             Wed 01 Jan 2025 21:48:09 +0000
ROA not before:           Wed 01 Jan 2025 21:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34854
IP address blocks:        45.92.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:22:de:58:e2:bf:af:a5:20:24:68:37:06:f6:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee31367df6d1861071c92bae726523326f45ba2a
        Validity
            Not Before: Jan  1 21:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8e77441cd676c74a5bc668ed9d437f88bd043a08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:41:16:94:5d:5f:8b:9a:3b:09:bc:eb:a8:d5:
                    e4:bf:66:05:ff:a2:30:19:1b:68:be:49:7b:ee:b1:
                    52:3e:e9:bf:82:06:ca:01:ff:9b:74:84:51:aa:f5:
                    fc:c5:51:3e:51:00:74:06:10:af:52:e6:07:5d:50:
                    a0:72:ac:69:48:a5:1d:f5:02:9a:6c:2f:e1:67:ed:
                    d8:9a:da:e0:d7:10:61:5c:2c:4b:36:64:fa:78:f3:
                    da:f6:b3:28:c2:e5:66:27:fb:c9:b9:2b:f5:e2:bc:
                    c4:6f:c4:3d:f8:89:58:76:d8:54:7d:64:8c:2f:50:
                    a3:76:b2:b8:41:8c:13:9a:0a:bd:85:e6:07:4b:1b:
                    32:61:f6:a3:c0:a4:ca:30:3c:16:e1:45:62:05:6f:
                    1a:28:59:71:2f:9f:f4:3a:af:7d:6c:60:de:f9:43:
                    73:7f:e4:80:96:e8:9d:87:c9:fe:3f:2a:9a:8b:71:
                    3c:38:7b:c6:24:75:ec:e7:75:e7:bc:e6:c4:cb:91:
                    86:58:ef:51:21:22:cf:3f:74:30:20:c0:70:3f:cf:
                    0e:70:60:87:17:64:ab:41:ed:d6:56:30:f9:8d:1d:
                    1f:73:76:49:15:51:d1:9f:8f:87:85:24:53:09:ee:
                    31:e2:9e:82:05:73:be:6f:b0:bc:37:91:ff:a7:ea:
                    ae:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8E:77:44:1C:D6:76:C7:4A:5B:C6:68:ED:9D:43:7F:88:BD:04:3A:08
            X509v3 Authority Key Identifier:
                keyid:EE:31:36:7D:F6:D1:86:10:71:C9:2B:AE:72:65:23:32:6F:45:BA:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7jE2ffbRhhBxySuucmUjMm9Fuio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/jndEHNZ2x0pbxmjtnUN_iL0EOgg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/1bb4dd-e9c4-4d3d-9a3b-1159dbfbed54/1/7jE2ffbRhhBxySuucmUjMm9Fuio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.92.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:fe:c1:c7:df:f2:a5:f9:70:23:10:10:cd:25:12:ba:76:b5:
         da:ef:48:79:45:4e:55:52:50:b9:55:7f:42:e2:53:ab:01:2e:
         b2:6c:0c:1b:4a:b0:4d:a6:b7:b0:b3:6a:19:cc:24:e1:fb:f5:
         0e:75:70:f8:f4:3b:5e:69:46:2d:0c:f3:5f:b4:ef:95:27:5b:
         50:dc:23:a1:e4:ff:fc:a0:b9:62:96:1e:35:af:9e:0d:75:99:
         b9:2c:63:2e:77:96:6f:50:f9:a3:ef:c1:81:1d:c3:80:94:10:
         27:25:c9:86:0b:9c:eb:09:53:ef:5f:15:c7:50:14:0f:1a:a2:
         42:86:b3:12:86:77:64:03:24:99:f2:30:13:2e:e7:31:aa:ab:
         88:45:68:b6:0b:58:c0:a2:5d:70:81:76:db:36:9a:0a:6b:63:
         0f:29:10:4c:93:e4:71:34:a2:21:98:35:f6:69:c1:af:d0:98:
         34:d2:ec:c9:3f:36:bd:6d:34:03:7f:94:ac:21:e2:d9:67:38:
         25:c8:53:2e:87:f3:09:ba:10:af:45:80:28:63:e7:e5:b9:2e:
         2d:f6:b1:28:40:b9:21:96:83:9b:1f:7a:b4:e2:07:4b:f3:26:
         6d:06:28:ae:08:bc:c4:9d:47:b9:e0:22:7d:99:0b:31:a5:04:
         6d:38:ed:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1yLeWOK/r6UgJGg3BvYhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMzEzNjdkZjZkMTg2MTA3MWM5MmJhZTcyNjUyMzMyNmY0
NWJhMmEwHhcNMjUwMTAxMjE0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZTc3NDQxY2Q2NzZjNzRhNWJjNjY4ZWQ5ZDQzN2Y4OGJkMDQzYTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUEWlF1fi5o7CbzrqNXkv2YF/6Iw
GRtovkl77rFSPum/ggbKAf+bdIRRqvX8xVE+UQB0BhCvUuYHXVCgcqxpSKUd9QKa
bC/hZ+3Ymtrg1xBhXCxLNmT6ePPa9rMowuVmJ/vJuSv14rzEb8Q9+IlYdthUfWSM
L1CjdrK4QYwTmgq9heYHSxsyYfajwKTKMDwW4UViBW8aKFlxL5/0Oq99bGDe+UNz
f+SAluidh8n+Pyqai3E8OHvGJHXs53XnvObEy5GGWO9RISLPP3QwIMBwP88OcGCH
F2SrQe3WVjD5jR0fc3ZJFVHRn4+HhSRTCe4x4p6CBXO+b7C8N5H/p+quywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI53RBzWdsdKW8Zo7Z1Df4i9BDoIMB8GA1UdIwQY
MBaAFO4xNn320YYQcckrrnJlIzJvRboqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2It
MTE1OWRiZmJlZDU0LzEvam5kRUhOWjJ4MHBieG1qdG5VTl9pTDBFT2dnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8xYmI0ZGQtZTljNC00ZDNkLTlhM2ItMTE1OWRiZmJlZDU0
LzEvN2pFMmZmYlJoaEJ4eVN1dWNtVWpNbTlGdWlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVwoMA0G
CSqGSIb3DQEBCwUAA4IBAQBZ/sHH3/Kl+XAjEBDNJRK6drXa70h5RU5VUlC5VX9C
4lOrAS6ybAwbSrBNprews2oZzCTh+/UOdXD49DteaUYtDPNftO+VJ1tQ3COh5P/8
oLlilh41r54NdZm5LGMud5ZvUPmj78GBHcOAlBAnJcmGC5zrCVPvXxXHUBQPGqJC
hrMShndkAySZ8jATLucxqquIRWi2C1jAol1wgXbbNpoKa2MPKRBMk+RxNKIhmDX2
acGv0Jg00uzJPza9bTQDf5SsIeLZZzglyFMuh/MJuhCvRYAoY+fluS4t9rEoQLkh
loObH3q04gdL8yZtBiiuCLzEnUe54CJ9mQsxpQRtOO0Q
-----END CERTIFICATE-----