Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/FXVByNPxdRkMO-o6GsvvheK9loQ.roa
File:                     FXVByNPxdRkMO-o6GsvvheK9loQ.roa (raw, json)
Hash identifier:          cJsMagby7QEs7crG2RTXoRPWZv4X7cM8ggqQkmQ3WIs=
Subject key identifier:   15:75:41:C8:D3:F1:75:19:0C:3B:EA:3A:1A:CB:EF:85:E2:BD:96:84
Certificate issuer:       /CN=4cf80802c6579a4d4a10608dcf92e9ace9905b16
Certificate serial:       01941FFA661558E8265B5F82387887F08957
Authority key identifier: 4C:F8:08:02:C6:57:9A:4D:4A:10:60:8D:CF:92:E9:AC:E9:90:5B:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TPgIAsZXmk1KEGCNz5LprOmQWxY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/FXVByNPxdRkMO-o6GsvvheK9loQ.roa
Signing time:             Wed 01 Jan 2025 03:48:11 +0000
ROA not before:           Wed 01 Jan 2025 03:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214503
IP address blocks:        45.84.107.0/24 maxlen: 24
                          2a0d:bbc7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/TPgIAsZXmk1KEGCNz5LprOmQWxY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/TPgIAsZXmk1KEGCNz5LprOmQWxY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TPgIAsZXmk1KEGCNz5LprOmQWxY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:66:15:58:e8:26:5b:5f:82:38:78:87:f0:89:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4cf80802c6579a4d4a10608dcf92e9ace9905b16
        Validity
            Not Before: Jan  1 03:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=157541c8d3f175190c3bea3a1acbef85e2bd9684
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:76:0b:4e:4e:c2:de:36:d0:83:e9:42:db:66:
                    b2:eb:21:ab:a5:09:b4:9c:e3:e2:f2:1d:68:1f:09:
                    86:10:7c:9c:9f:14:66:c5:6b:a8:65:a2:af:ce:d9:
                    e4:3c:b0:ce:a3:44:0a:3e:92:3b:85:c2:63:7d:ab:
                    a0:be:c5:fb:ac:4a:6e:77:bd:25:09:c0:75:5f:0b:
                    b4:22:a5:97:75:c1:27:91:3f:52:60:63:8e:90:51:
                    24:73:fc:53:d6:ab:da:96:39:76:9b:39:07:0f:6d:
                    79:81:1c:9b:26:64:6d:92:1e:f8:12:69:41:07:4c:
                    ca:36:46:0b:01:bb:31:c9:61:84:1b:f2:00:b7:ca:
                    dc:7b:6e:2d:8e:2c:88:47:fd:5a:c3:26:f3:c8:2c:
                    66:ed:34:bf:3d:9c:ed:95:d2:13:b6:c4:67:cc:5d:
                    b6:70:03:a9:ed:fe:56:9e:83:be:65:bb:3d:0a:c5:
                    56:2b:96:21:c7:a0:ea:ec:99:87:37:ac:88:e2:a8:
                    14:b5:d6:a3:4c:ef:00:34:74:d0:88:18:6a:5f:54:
                    3a:e6:9b:15:75:11:6c:55:76:c3:b7:00:dc:79:7c:
                    87:64:67:e5:8c:86:ce:bb:24:21:76:ea:6c:84:ca:
                    c1:f8:2c:05:12:6b:f1:96:23:8b:56:c5:6b:bc:7c:
                    6c:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:75:41:C8:D3:F1:75:19:0C:3B:EA:3A:1A:CB:EF:85:E2:BD:96:84
            X509v3 Authority Key Identifier:
                keyid:4C:F8:08:02:C6:57:9A:4D:4A:10:60:8D:CF:92:E9:AC:E9:90:5B:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPgIAsZXmk1KEGCNz5LprOmQWxY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/FXVByNPxdRkMO-o6GsvvheK9loQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/398bbb-184f-4851-b2a0-91f49d8d115d/1/TPgIAsZXmk1KEGCNz5LprOmQWxY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.107.0/24
                IPv6:
                  2a0d:bbc7::/48

    Signature Algorithm: sha256WithRSAEncryption
         91:c5:9e:ed:4f:c5:db:5b:fa:a1:4c:60:48:18:5d:6f:cd:3e:
         ed:89:cd:f7:9e:65:2a:f4:26:a4:6c:fd:ed:7f:5a:60:ab:31:
         d0:60:f7:9c:9e:87:f6:bd:b4:ee:f9:1e:98:cd:3b:d6:39:06:
         0e:b0:be:33:41:73:50:70:fb:0f:f1:54:17:90:c1:8a:cc:5e:
         09:c5:f2:8e:43:91:b4:06:bb:3c:ab:0b:f9:04:cc:3a:10:3f:
         f6:14:c2:b5:e0:33:af:89:a5:2b:63:57:0b:94:e9:25:54:98:
         e1:a9:26:7b:a8:0e:84:51:c0:54:43:50:f6:9c:e2:f9:e1:fc:
         d8:73:ed:11:40:8a:ba:25:2d:e5:49:ad:cf:05:48:02:be:32:
         32:e4:36:4c:60:48:fc:e5:11:6e:a9:84:4e:79:c9:3e:e1:80:
         31:fa:33:94:1f:86:3f:8b:d8:ea:ee:d3:b4:0a:73:81:35:71:
         e1:53:7e:fd:7d:bd:12:f1:f9:00:2c:ee:ef:1f:3d:ac:38:61:
         dd:0f:ea:8b:cc:fe:b0:41:e6:8e:60:c8:0a:bf:0e:c3:20:79:
         26:52:c2:50:9b:0c:1e:09:d8:49:3b:ef:5b:ad:f8:2e:f6:97:
         95:99:98:c9:de:7f:3a:02:56:ce:54:6b:fc:fb:db:6a:0a:1a:
         d3:cc:a6:41
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQf+mYVWOgmW1+COHiH8IlXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjgwODAyYzY1NzlhNGQ0YTEwNjA4ZGNmOTJlOWFjZTk5
MDViMTYwHhcNMjUwMTAxMDM0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTc1NDFjOGQzZjE3NTE5MGMzYmVhM2ExYWNiZWY4NWUyYmQ5Njg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3YLTk7C3jbQg+lC22ay6yGrpQm0
nOPi8h1oHwmGEHycnxRmxWuoZaKvztnkPLDOo0QKPpI7hcJjfaugvsX7rEpud70l
CcB1Xwu0IqWXdcEnkT9SYGOOkFEkc/xT1qvaljl2mzkHD215gRybJmRtkh74EmlB
B0zKNkYLAbsxyWGEG/IAt8rce24tjiyIR/1awybzyCxm7TS/PZztldITtsRnzF22
cAOp7f5WnoO+Zbs9CsVWK5Yhx6Dq7JmHN6yI4qgUtdajTO8ANHTQiBhqX1Q65psV
dRFsVXbDtwDceXyHZGfljIbOuyQhdupshMrB+CwFEmvxliOLVsVrvHxszwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBV1QcjT8XUZDDvqOhrL74XivZaEMB8GA1UdIwQY
MBaAFEz4CALGV5pNShBgjc+S6azpkFsWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBnSUFzWlhtazFLRUdDTno1THByT21RV3hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8zOThiYmItMTg0Zi00ODUxLWIyYTAt
OTFmNDlkOGQxMTVkLzEvRlhWQnlOUHhkUmtNTy1vNkdzdnZoZUs5bG9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8zOThiYmItMTg0Zi00ODUxLWIyYTAtOTFmNDlkOGQxMTVk
LzEvVFBnSUFzWlhtazFLRUdDTno1THByT21RV3hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQALVRrMA8E
AgACMAkDBwAqDbvHAAAwDQYJKoZIhvcNAQELBQADggEBAJHFnu1Pxdtb+qFMYEgY
XW/NPu2JzfeeZSr0JqRs/e1/WmCrMdBg95yeh/a9tO75HpjNO9Y5Bg6wvjNBc1Bw
+w/xVBeQwYrMXgnF8o5DkbQGuzyrC/kEzDoQP/YUwrXgM6+JpStjVwuU6SVUmOGp
JnuoDoRRwFRDUPac4vnh/Nhz7RFAirolLeVJrc8FSAK+MjLkNkxgSPzlEW6phE55
yT7hgDH6M5Qfhj+L2Oru07QKc4E1ceFTfv19vRLx+QAs7u8fPaw4Yd0P6ovM/rBB
5o5gyAq/DsMgeSZSwlCbDB4J2Ek771ut+C72l5WZmMnefzoCVs5Ua/z722oKGtPM
pkE=
-----END CERTIFICATE-----