Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/DnSfICIchmVdW2iyXXRSVkbbNyA.roa
File:                     DnSfICIchmVdW2iyXXRSVkbbNyA.roa (raw, json)
Hash identifier:          CQlhZD4v2Sq/Gi1DViDNA/f5nMO261J5bDYJyiWX0Hk=
Subject key identifier:   0E:74:9F:20:22:1C:86:65:5D:5B:68:B2:5D:74:52:56:46:DB:37:20
Certificate issuer:       /CN=18101772248996b87d90840c2d27d62549458173
Certificate serial:       019518466B2C387872FABAF7AD5CB60173F4
Authority key identifier: 18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/DnSfICIchmVdW2iyXXRSVkbbNyA.roa
Signing time:             Tue 18 Feb 2025 08:57:02 +0000
ROA not before:           Tue 18 Feb 2025 08:57:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152179
IP address blocks:        45.141.170.0/23 maxlen: 24
                          185.179.218.0/23 maxlen: 24
                          188.64.104.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:18:46:6b:2c:38:78:72:fa:ba:f7:ad:5c:b6:01:73:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18101772248996b87d90840c2d27d62549458173
        Validity
            Not Before: Feb 18 08:57:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e749f20221c86655d5b68b25d74525646db3720
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:52:aa:20:f4:f0:91:39:97:ed:a0:0e:6e:a6:
                    30:ac:41:ef:d9:ea:42:9c:21:e4:1a:40:25:ed:e1:
                    d0:c4:b3:b4:21:42:50:0b:0d:00:ae:37:f0:3c:a8:
                    5f:7b:62:4b:fb:e9:de:84:00:92:71:77:f7:f6:7d:
                    a1:21:73:53:3f:1c:29:da:b6:71:38:b6:d6:1d:7b:
                    dd:d2:cb:5a:07:ed:a9:c5:c0:4d:8a:52:14:0a:ea:
                    c6:b6:ff:24:eb:90:1d:96:97:3e:10:01:74:52:13:
                    5b:d7:e3:46:1c:6e:b8:12:15:b2:44:82:ac:b4:26:
                    81:bf:75:28:05:d5:13:8f:88:82:17:f2:ba:4b:e4:
                    b1:58:a7:5e:47:d5:17:8f:76:66:4e:24:69:09:0a:
                    ad:b2:1e:12:78:26:de:36:e0:fd:a6:08:85:bc:89:
                    62:41:df:35:b4:d3:96:2d:30:9e:a7:53:fd:51:20:
                    62:7d:79:fd:15:d6:d6:10:17:a4:41:c8:20:75:4f:
                    ce:39:8a:41:4a:85:d7:f6:eb:ee:5d:8d:ac:61:4f:
                    e3:74:34:2c:97:88:01:52:13:34:f8:a6:f5:b8:b9:
                    a9:80:77:0c:9f:9e:ce:b8:59:ac:b8:b4:78:c0:19:
                    c0:b1:4c:08:75:ad:e3:73:68:83:00:6c:ae:c7:b5:
                    a7:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:74:9F:20:22:1C:86:65:5D:5B:68:B2:5D:74:52:56:46:DB:37:20
            X509v3 Authority Key Identifier:
                keyid:18:10:17:72:24:89:96:B8:7D:90:84:0C:2D:27:D6:25:49:45:81:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GBAXciSJlrh9kIQMLSfWJUlFgXM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/DnSfICIchmVdW2iyXXRSVkbbNyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/20a5a5-0ba2-4052-beb4-3cc85ad3c190/1/GBAXciSJlrh9kIQMLSfWJUlFgXM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.170.0/23
                  185.179.218.0/23
                  188.64.104.0/22

    Signature Algorithm: sha256WithRSAEncryption
         81:0b:3c:23:19:45:bb:d5:e6:55:2a:43:74:78:ce:f7:1c:77:
         53:0f:da:8e:cd:a9:b1:03:11:43:97:4e:73:ab:5a:d8:ce:46:
         33:6c:e3:db:ca:9d:85:34:c8:8c:2e:fd:e2:8d:9e:55:33:a4:
         a1:ec:cc:43:1a:ed:6c:22:d4:37:47:8c:bf:ee:4a:1a:78:24:
         d9:4f:6f:2c:3b:23:b1:65:06:71:12:38:85:c9:b2:e7:74:f6:
         d8:38:a2:e2:ce:8b:ae:a8:3a:88:e5:5f:80:2a:bd:eb:42:73:
         f4:6d:8b:40:5d:8a:41:0f:fb:38:ef:f2:34:48:8f:f9:3a:2f:
         c6:87:65:55:0b:3a:7d:64:29:49:ca:19:9c:fd:c4:80:9d:1d:
         27:69:0c:35:1f:01:bd:46:67:f5:b5:df:9c:f3:25:36:3c:bc:
         8c:83:5a:e0:3a:83:12:1b:32:1d:d2:bc:15:62:fc:98:44:04:
         fa:53:e4:51:dd:96:b6:25:a2:ef:1b:91:26:7b:4e:e1:5c:3d:
         2e:9a:a2:5b:e6:f6:13:a5:aa:c0:ad:a5:f8:f9:54:3f:2c:59:
         d3:80:36:95:a7:97:e0:b2:76:ec:ff:62:6d:35:06:d9:c0:1c:
         75:c8:d0:23:84:ac:86:39:ed:3b:3a:0c:8b:9b:93:a4:dc:e8:
         b9:85:32:b4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZUYRmssOHhy+rr3rVy2AXP0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4MTAxNzcyMjQ4OTk2Yjg3ZDkwODQwYzJkMjdkNjI1NDk0
NTgxNzMwHhcNMjUwMjE4MDg1NzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTc0OWYyMDIyMWM4NjY1NWQ1YjY4YjI1ZDc0NTI1NjQ2ZGIzNzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA21KqIPTwkTmX7aAObqYwrEHv2epC
nCHkGkAl7eHQxLO0IUJQCw0ArjfwPKhfe2JL++nehACScXf39n2hIXNTPxwp2rZx
OLbWHXvd0staB+2pxcBNilIUCurGtv8k65Adlpc+EAF0UhNb1+NGHG64EhWyRIKs
tCaBv3UoBdUTj4iCF/K6S+SxWKdeR9UXj3ZmTiRpCQqtsh4SeCbeNuD9pgiFvIli
Qd81tNOWLTCep1P9USBifXn9FdbWEBekQcggdU/OOYpBSoXX9uvuXY2sYU/jdDQs
l4gBUhM0+Kb1uLmpgHcMn57OuFmsuLR4wBnAsUwIda3jc2iDAGyux7WnqwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFA50nyAiHIZlXVtosl10UlZG2zcgMB8GA1UdIwQY
MBaAFBgQF3IkiZa4fZCEDC0n1iVJRYFzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQt
M2NjODVhZDNjMTkwLzEvRG5TZklDSWNobVZkVzJpeVhYUlNWa2JiTnlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMGE1YTUtMGJhMi00MDUyLWJlYjQtM2NjODVhZDNjMTkw
LzEvR0JBWGNpU0pscmg5a0lRTUxTZldKVWxGZ1hNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBLY2qAwQB
ubPaAwQCvEBoMA0GCSqGSIb3DQEBCwUAA4IBAQCBCzwjGUW71eZVKkN0eM73HHdT
D9qOzamxAxFDl05zq1rYzkYzbOPbyp2FNMiMLv3ijZ5VM6Sh7MxDGu1sItQ3R4y/
7koaeCTZT28sOyOxZQZxEjiFybLndPbYOKLizouuqDqI5V+AKr3rQnP0bYtAXYpB
D/s47/I0SI/5Oi/Gh2VVCzp9ZClJyhmc/cSAnR0naQw1HwG9Rmf1td+c8yU2PLyM
g1rgOoMSGzId0rwVYvyYRAT6U+RR3Za2JaLvG5Eme07hXD0umqJb5vYTparAraX4
+VQ/LFnTgDaVp5fgsnbs/2JtNQbZwBx1yNAjhKyGOe07OgyLm5Ok3Oi5hTK0
-----END CERTIFICATE-----