Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/ThDWdV5z5CX_WtB0X9rFlji1Mbk.roa
File:                     ThDWdV5z5CX_WtB0X9rFlji1Mbk.roa (raw, json)
Hash identifier:          cvuBjIsWAkmm04HIF6Hi5Kb+Gvd2dRNkQGQtPt9gkao=
Subject key identifier:   4E:10:D6:75:5E:73:E4:25:FF:5A:D0:74:5F:DA:C5:96:38:B5:31:B9
Certificate issuer:       /CN=0e831fd70c6bd37a2a75d7a0eac031c92da8e185
Certificate serial:       01927A9B5047EF7AA011BB7F8E419EC74488
Authority key identifier: 0E:83:1F:D7:0C:6B:D3:7A:2A:75:D7:A0:EA:C0:31:C9:2D:A8:E1:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DoMf1wxr03oqddeg6sAxyS2o4YU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/ThDWdV5z5CX_WtB0X9rFlji1Mbk.roa
Signing time:             Fri 11 Oct 2024 08:04:11 +0000
ROA not before:           Fri 11 Oct 2024 08:04:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212091
IP address blocks:        45.147.85.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/DoMf1wxr03oqddeg6sAxyS2o4YU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/DoMf1wxr03oqddeg6sAxyS2o4YU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DoMf1wxr03oqddeg6sAxyS2o4YU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 18:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:7a:9b:50:47:ef:7a:a0:11:bb:7f:8e:41:9e:c7:44:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e831fd70c6bd37a2a75d7a0eac031c92da8e185
        Validity
            Not Before: Oct 11 08:04:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=4e10d6755e73e425ff5ad0745fdac59638b531b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:08:3b:73:98:f5:63:c5:34:79:96:ef:40:44:
                    01:c9:1d:17:ed:19:ef:3a:8c:c6:65:e8:c9:30:07:
                    ab:87:c3:c6:e9:4c:5e:e3:e2:1e:9e:65:dd:f6:5d:
                    f3:0a:cb:b5:e4:91:d6:d1:3c:f0:6e:a6:e8:46:c5:
                    91:87:25:85:81:9d:e9:4a:e4:14:b3:59:90:db:c5:
                    dd:b5:88:72:19:ae:63:bb:6a:46:3d:ca:27:72:ff:
                    30:0d:46:ec:c3:77:2c:2a:c3:ba:dc:04:1e:3d:2e:
                    d5:42:b2:a7:1d:3c:d3:82:7b:b0:50:29:8b:31:8e:
                    c3:25:02:a7:6e:16:14:07:ed:3c:a2:c9:6b:22:79:
                    d5:41:96:07:bc:64:33:0f:b4:84:49:24:a3:82:73:
                    46:31:17:59:ed:b6:66:71:af:6f:fe:1c:d9:84:cc:
                    ef:ef:c5:bf:de:21:be:a6:19:73:b7:50:7d:9b:0e:
                    d2:94:f1:c1:c9:d7:9b:7e:91:dc:ec:d4:c5:08:09:
                    18:97:bb:57:c5:5d:52:00:76:e3:7f:ab:aa:2a:50:
                    ab:fa:a6:9b:e0:6d:5a:2e:c9:8c:6e:6d:30:e2:9d:
                    cd:fa:4b:bc:89:9e:3b:49:83:1b:76:39:84:cc:36:
                    52:d1:e3:e3:6f:c0:14:ff:78:86:8c:de:54:07:7a:
                    32:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:10:D6:75:5E:73:E4:25:FF:5A:D0:74:5F:DA:C5:96:38:B5:31:B9
            X509v3 Authority Key Identifier:
                keyid:0E:83:1F:D7:0C:6B:D3:7A:2A:75:D7:A0:EA:C0:31:C9:2D:A8:E1:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DoMf1wxr03oqddeg6sAxyS2o4YU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/ThDWdV5z5CX_WtB0X9rFlji1Mbk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/98a661-44f5-4a05-acaa-e67582f23097/1/DoMf1wxr03oqddeg6sAxyS2o4YU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.85.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a1:00:d8:cf:d4:20:c9:89:4e:bd:db:2e:d7:7b:43:6d:30:ab:
         cf:a7:fb:d9:80:93:56:4e:63:63:e8:ee:ef:9d:00:de:7b:e0:
         6b:27:36:ad:6b:0e:0c:ee:e8:c3:5e:a2:3c:9f:de:7a:6d:a7:
         38:fe:30:c3:5e:53:de:1e:34:66:39:e4:93:e3:28:80:a7:11:
         23:c1:c5:fd:6b:75:f4:5a:2e:0e:cd:3e:74:ce:24:3f:f6:83:
         3a:ca:c6:91:af:df:2d:63:7b:4f:27:d8:44:a5:38:d6:aa:13:
         a5:4e:9c:b9:a6:1c:7e:22:ad:ea:07:8e:72:50:05:8e:bb:32:
         8f:e6:d4:32:df:04:ac:62:ba:c3:63:a0:81:f2:a1:48:01:79:
         d1:c9:c6:34:5e:80:1e:0b:34:31:29:a9:38:10:ae:d4:1a:6e:
         4a:6d:40:f4:7d:0d:3c:46:87:19:8b:37:e9:c5:f3:9a:39:9f:
         53:50:08:ce:c4:01:06:29:77:d2:bf:4f:50:50:f7:26:a8:b6:
         dc:ff:12:fe:99:5a:eb:4c:8c:6d:73:e0:20:02:4e:03:e8:9a:
         91:fc:c0:b7:0c:64:f1:87:2a:d9:88:0d:db:c7:3d:e6:ce:5a:
         0c:6b:a0:c7:3b:89:87:3a:ad:9b:2e:ad:66:7f:61:c7:0a:2a:
         75:d9:0d:dc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJ6m1BH73qgEbt/jkGex0SIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlODMxZmQ3MGM2YmQzN2EyYTc1ZDdhMGVhYzAzMWM5MmRh
OGUxODUwHhcNMjQxMDExMDgwNDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTEwZDY3NTVlNzNlNDI1ZmY1YWQwNzQ1ZmRhYzU5NjM4YjUzMWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQg7c5j1Y8U0eZbvQEQByR0X7Rnv
OozGZejJMAerh8PG6Uxe4+IenmXd9l3zCsu15JHW0TzwbqboRsWRhyWFgZ3pSuQU
s1mQ28XdtYhyGa5ju2pGPconcv8wDUbsw3csKsO63AQePS7VQrKnHTzTgnuwUCmL
MY7DJQKnbhYUB+08oslrInnVQZYHvGQzD7SESSSjgnNGMRdZ7bZmca9v/hzZhMzv
78W/3iG+phlzt1B9mw7SlPHBydebfpHc7NTFCAkYl7tXxV1SAHbjf6uqKlCr+qab
4G1aLsmMbm0w4p3N+ku8iZ47SYMbdjmEzDZS0ePjb8AU/3iGjN5UB3oyOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE4Q1nVec+Ql/1rQdF/axZY4tTG5MB8GA1UdIwQY
MBaAFA6DH9cMa9N6KnXXoOrAMcktqOGFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRG9NZjF3eHIwM29xZGRlZzZzQXh5UzJvNFlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS85OGE2NjEtNDRmNS00YTA1LWFjYWEt
ZTY3NTgyZjIzMDk3LzEvVGhEV2RWNXo1Q1hfV3RCMFg5ckZsamkxTWJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS85OGE2NjEtNDRmNS00YTA1LWFjYWEtZTY3NTgyZjIzMDk3
LzEvRG9NZjF3eHIwM29xZGRlZzZzQXh5UzJvNFlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZNVMA0G
CSqGSIb3DQEBCwUAA4IBAQChANjP1CDJiU692y7Xe0NtMKvPp/vZgJNWTmNj6O7v
nQDee+BrJzataw4M7ujDXqI8n956bac4/jDDXlPeHjRmOeST4yiApxEjwcX9a3X0
Wi4OzT50ziQ/9oM6ysaRr98tY3tPJ9hEpTjWqhOlTpy5phx+Iq3qB45yUAWOuzKP
5tQy3wSsYrrDY6CB8qFIAXnRycY0XoAeCzQxKak4EK7UGm5KbUD0fQ08RocZizfp
xfOaOZ9TUAjOxAEGKXfSv09QUPcmqLbc/xL+mVrrTIxtc+AgAk4D6JqR/MC3DGTx
hyrZiA3bxz3mzloMa6DHO4mHOq2bLq1mf2HHCip12Q3c
-----END CERTIFICATE-----