Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/lSv4oHTtNY8TzLUjbRcqin21GM4.roa
File:                     lSv4oHTtNY8TzLUjbRcqin21GM4.roa (raw, json)
Hash identifier:          cWxkPQ7cLaDE94lvjvRa4rVit4z5KhiypB5wM4L+M6g=
Subject key identifier:   95:2B:F8:A0:74:ED:35:8F:13:CC:B5:23:6D:17:2A:8A:7D:B5:18:CE
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       01942825AA23364C63AAAC5467D3A1207ECC
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/lSv4oHTtNY8TzLUjbRcqin21GM4.roa
Signing time:             Thu 02 Jan 2025 17:52:24 +0000
ROA not before:           Thu 02 Jan 2025 17:52:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        45.145.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:aa:23:36:4c:63:aa:ac:54:67:d3:a1:20:7e:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jan  2 17:52:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=952bf8a074ed358f13ccb5236d172a8a7db518ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0a:f7:be:5b:18:7f:af:04:2c:37:2f:2c:a7:
                    2a:0f:24:f5:b1:59:48:70:fb:a9:77:09:59:6d:00:
                    c0:5d:42:9b:0c:60:09:22:5c:a7:53:0c:9e:a4:ad:
                    c7:01:38:f6:ca:bc:5e:fe:e2:50:13:d6:61:14:37:
                    42:63:4b:64:2d:ec:bf:0f:dd:c5:e7:cc:97:05:84:
                    ff:d7:75:83:42:4e:b3:89:04:19:24:bb:be:57:f3:
                    36:b6:28:95:9e:2b:91:41:06:c2:92:d0:81:3e:8c:
                    fb:83:9e:f8:f9:7a:87:33:03:e3:79:8e:09:da:69:
                    c3:9e:66:5f:3d:6e:8d:71:b8:82:5e:33:2e:b1:08:
                    fd:26:66:f5:b5:57:36:78:91:8e:ab:40:12:ee:ee:
                    26:b5:cf:3e:ac:88:dc:93:9c:68:99:b4:51:5f:6f:
                    cc:1b:b2:29:dd:c9:39:54:41:e6:cc:38:92:dd:81:
                    c1:e9:b1:a1:e3:f8:e4:87:11:01:40:91:39:ec:6a:
                    40:40:e5:7b:10:a4:93:50:77:58:14:db:18:12:a1:
                    e5:57:f4:6b:5a:24:97:17:66:40:f9:b0:69:b5:1c:
                    fd:35:b4:85:cb:21:e7:32:2f:23:fc:2f:91:eb:61:
                    d9:c5:14:46:95:62:ce:44:90:27:12:19:b0:24:52:
                    5c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:2B:F8:A0:74:ED:35:8F:13:CC:B5:23:6D:17:2A:8A:7D:B5:18:CE
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/lSv4oHTtNY8TzLUjbRcqin21GM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:e3:dd:cd:7f:57:2d:cf:08:5b:6a:e7:a4:d2:35:5c:92:28:
         5b:d8:d7:25:f8:32:04:71:c4:a4:60:22:0f:b8:00:58:e2:90:
         35:54:08:6b:34:2d:3d:e2:c2:15:58:87:c1:03:1c:e9:5e:5d:
         76:ca:e8:dc:65:cc:42:c7:6d:a8:97:80:0a:1f:92:ff:bf:eb:
         e5:be:36:64:92:e2:09:43:eb:47:c6:55:55:49:44:48:5e:e3:
         c1:0c:5c:7e:92:f0:33:90:b7:de:bc:43:92:c9:53:17:ef:51:
         56:48:a0:c5:b7:cf:e0:68:b8:60:db:5a:2f:3b:e8:46:2b:90:
         21:a3:b3:ef:61:33:cc:b0:6c:9e:84:84:cc:e3:91:15:23:51:
         f0:72:7b:19:9e:a2:61:d1:7d:2e:82:7c:87:41:7e:37:41:32:
         a7:d5:19:d3:41:ba:b1:1b:e9:26:93:45:43:ff:95:61:e5:d5:
         8d:d8:4d:63:6d:28:92:4a:3d:93:1d:a6:75:ac:da:f3:8c:93:
         11:34:4f:20:e9:d7:be:1b:4d:98:81:1c:46:5d:1b:4b:4a:65:
         7a:07:57:a5:c8:1e:35:4a:5e:62:7d:10:9b:41:ab:d0:21:08:
         6f:e2:06:b5:0b:1b:b2:57:6e:dc:ca:a2:ea:09:dd:e6:c8:8a:
         77:72:c1:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJaojNkxjqqxUZ9OhIH7MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjUwMTAyMTc1MjI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTJiZjhhMDc0ZWQzNThmMTNjY2I1MjM2ZDE3MmE4YTdkYjUxOGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxQr3vlsYf68ELDcvLKcqDyT1sVlI
cPupdwlZbQDAXUKbDGAJIlynUwyepK3HATj2yrxe/uJQE9ZhFDdCY0tkLey/D93F
58yXBYT/13WDQk6ziQQZJLu+V/M2tiiVniuRQQbCktCBPoz7g574+XqHMwPjeY4J
2mnDnmZfPW6NcbiCXjMusQj9Jmb1tVc2eJGOq0AS7u4mtc8+rIjck5xombRRX2/M
G7Ip3ck5VEHmzDiS3YHB6bGh4/jkhxEBQJE57GpAQOV7EKSTUHdYFNsYEqHlV/Rr
WiSXF2ZA+bBptRz9NbSFyyHnMi8j/C+R62HZxRRGlWLORJAnEhmwJFJcMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJUr+KB07TWPE8y1I20XKop9tRjOMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvbFN2NG9IVHROWThUekxVamJSY3FpbjIxR000LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGYMA0G
CSqGSIb3DQEBCwUAA4IBAQBx493Nf1ctzwhbauek0jVckihb2Ncl+DIEccSkYCIP
uABY4pA1VAhrNC094sIVWIfBAxzpXl12yujcZcxCx22ol4AKH5L/v+vlvjZkkuIJ
Q+tHxlVVSURIXuPBDFx+kvAzkLfevEOSyVMX71FWSKDFt8/gaLhg21ovO+hGK5Ah
o7PvYTPMsGyehITM45EVI1HwcnsZnqJh0X0ugnyHQX43QTKn1RnTQbqxG+kmk0VD
/5Vh5dWN2E1jbSiSSj2THaZ1rNrzjJMRNE8g6de+G02YgRxGXRtLSmV6B1elyB41
Sl5ifRCbQavQIQhv4ga1CxuyV27cyqLqCd3myIp3csGK
-----END CERTIFICATE-----