Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/5b3ffe-9f9d-4189-a8ca-084aaba0f588/1/ltvzPx25u1h6KtyLg3u0jcOaPlk.roa
File:                     ltvzPx25u1h6KtyLg3u0jcOaPlk.roa (raw, json)
Hash identifier:          2f6Jvjn6F1N/MtDAOcMnV3ci6bmbSvFKgzVpnpXVDh4=
Subject key identifier:   96:DB:F3:3F:1D:B9:BB:58:7A:2A:DC:8B:83:7B:B4:8D:C3:9A:3E:59
Certificate issuer:       /CN=2b69c92bc09bf6b8da6533dd7a7b0b1a57e65ea4
Certificate serial:       0194221FA8252FF0234DC1A810C6B025BC68
Authority key identifier: 2B:69:C9:2B:C0:9B:F6:B8:DA:65:33:DD:7A:7B:0B:1A:57:E6:5E:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/K2nJK8Cb9rjaZTPdensLGlfmXqQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/5b3ffe-9f9d-4189-a8ca-084aaba0f588/1/ltvzPx25u1h6KtyLg3u0jcOaPlk.roa
Signing time:             Wed 01 Jan 2025 13:48:07 +0000
ROA not before:           Wed 01 Jan 2025 13:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51324
IP address blocks:        45.93.188.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/5b3ffe-9f9d-4189-a8ca-084aaba0f588/1/K2nJK8Cb9rjaZTPdensLGlfmXqQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/5b3ffe-9f9d-4189-a8ca-084aaba0f588/1/K2nJK8Cb9rjaZTPdensLGlfmXqQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/K2nJK8Cb9rjaZTPdensLGlfmXqQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:a8:25:2f:f0:23:4d:c1:a8:10:c6:b0:25:bc:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b69c92bc09bf6b8da6533dd7a7b0b1a57e65ea4
        Validity
            Not Before: Jan  1 13:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96dbf33f1db9bb587a2adc8b837bb48dc39a3e59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:69:8b:19:de:d9:8d:64:f4:66:85:96:05:65:
                    40:cc:cc:30:90:32:7d:53:25:25:57:1c:eb:80:19:
                    ce:67:f2:85:a9:51:7f:c1:04:95:5d:89:09:81:b9:
                    02:00:91:eb:8d:36:41:98:b1:98:0b:5f:51:e2:d7:
                    ce:ec:9a:4c:66:04:b1:17:0e:a4:ea:d3:3a:db:35:
                    33:dc:f4:34:09:d8:85:30:ac:09:07:b9:1a:0c:67:
                    eb:78:b6:34:d2:bd:d6:36:6c:d0:36:41:db:75:8e:
                    fc:c1:14:4c:ea:28:d5:6e:89:c4:ee:b2:32:f0:e8:
                    d3:72:fb:66:35:a5:1d:18:13:0c:e5:99:71:ad:cd:
                    f9:86:71:76:5a:7a:20:f8:64:a4:f3:8d:c6:50:d4:
                    4f:6d:1a:e4:a1:df:c2:b2:48:da:eb:80:d0:8e:77:
                    31:d5:cc:da:1d:9a:5d:91:85:35:64:16:ba:04:48:
                    c8:51:76:a9:f8:fc:17:03:be:a0:a7:c6:94:72:1e:
                    88:a2:df:ac:6e:ba:b3:f9:67:69:f0:10:bf:7c:4b:
                    5c:3a:61:ac:fe:32:d5:7e:34:e5:88:ff:27:3f:23:
                    97:72:62:a8:4b:47:e4:22:84:e0:fb:b9:79:46:ec:
                    41:04:15:2c:ee:06:a0:da:f7:4f:7d:7f:db:43:da:
                    8c:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:DB:F3:3F:1D:B9:BB:58:7A:2A:DC:8B:83:7B:B4:8D:C3:9A:3E:59
            X509v3 Authority Key Identifier:
                keyid:2B:69:C9:2B:C0:9B:F6:B8:DA:65:33:DD:7A:7B:0B:1A:57:E6:5E:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/K2nJK8Cb9rjaZTPdensLGlfmXqQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/5b3ffe-9f9d-4189-a8ca-084aaba0f588/1/ltvzPx25u1h6KtyLg3u0jcOaPlk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/5b3ffe-9f9d-4189-a8ca-084aaba0f588/1/K2nJK8Cb9rjaZTPdensLGlfmXqQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.93.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:c5:46:57:20:e0:29:6a:0b:5a:7a:98:37:30:fc:45:44:fd:
         6f:87:39:f9:42:39:ab:0d:b8:6f:d1:93:be:bd:dc:94:92:b9:
         ae:ed:57:23:d7:c6:4f:ea:cc:ce:f7:bc:5c:b7:18:a4:2b:a7:
         e1:d9:93:e6:d3:77:de:52:e5:10:6d:a4:f2:0f:8b:50:72:a3:
         32:c5:5d:cc:a8:33:38:b5:65:55:6d:b1:71:43:8c:bd:7b:0c:
         79:74:16:5b:4d:b3:3a:fd:03:74:0d:08:7a:3d:5d:d4:10:01:
         1a:d0:e8:d1:82:ad:51:43:6e:2c:b5:49:41:22:15:f4:36:77:
         14:3b:a9:8c:da:98:ec:1f:ac:fd:3f:63:ed:db:a4:11:b2:df:
         95:a9:a0:3a:43:eb:78:02:a5:6e:13:4b:87:2e:84:dc:5f:40:
         7d:ef:e6:ec:60:09:31:af:20:b1:71:1c:8c:f9:ce:91:43:f7:
         8c:81:fb:9f:89:36:6f:ab:bc:ce:1e:6b:5c:bb:24:07:c7:e7:
         d7:3b:bc:7e:41:ab:ad:d9:d0:9d:5f:b1:74:47:28:8e:9c:ca:
         81:42:3c:4a:cf:ba:5d:f6:9f:56:c0:01:08:20:27:2c:07:8d:
         f2:0e:34:04:f1:05:a4:42:f1:66:0f:66:0c:90:28:47:c3:cf:
         90:3f:50:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH6glL/AjTcGoEMawJbxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiNjljOTJiYzA5YmY2YjhkYTY1MzNkZDdhN2IwYjFhNTdl
NjVlYTQwHhcNMjUwMTAxMTM0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmRiZjMzZjFkYjliYjU4N2EyYWRjOGI4MzdiYjQ4ZGMzOWEzZTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqmmLGd7ZjWT0ZoWWBWVAzMwwkDJ9
UyUlVxzrgBnOZ/KFqVF/wQSVXYkJgbkCAJHrjTZBmLGYC19R4tfO7JpMZgSxFw6k
6tM62zUz3PQ0CdiFMKwJB7kaDGfreLY00r3WNmzQNkHbdY78wRRM6ijVbonE7rIy
8OjTcvtmNaUdGBMM5Zlxrc35hnF2Wnog+GSk843GUNRPbRrkod/Cskja64DQjncx
1czaHZpdkYU1ZBa6BEjIUXap+PwXA76gp8aUch6Iot+sbrqz+Wdp8BC/fEtcOmGs
/jLVfjTliP8nPyOXcmKoS0fkIoTg+7l5RuxBBBUs7gag2vdPfX/bQ9qMSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJbb8z8dubtYeirci4N7tI3Dmj5ZMB8GA1UdIwQY
MBaAFCtpySvAm/a42mUz3Xp7CxpX5l6kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSzJuSks4Q2I5cmphWlRQZGVuc0xHbGZtWHFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC81YjNmZmUtOWY5ZC00MTg5LWE4Y2Et
MDg0YWFiYTBmNTg4LzEvbHR2elB4MjV1MWg2S3R5TGczdTBqY09hUGxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC81YjNmZmUtOWY5ZC00MTg5LWE4Y2EtMDg0YWFiYTBmNTg4
LzEvSzJuSks4Q2I5cmphWlRQZGVuc0xHbGZtWHFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLV28MA0G
CSqGSIb3DQEBCwUAA4IBAQAAxUZXIOApagtaepg3MPxFRP1vhzn5QjmrDbhv0ZO+
vdyUkrmu7Vcj18ZP6szO97xctxikK6fh2ZPm03feUuUQbaTyD4tQcqMyxV3MqDM4
tWVVbbFxQ4y9ewx5dBZbTbM6/QN0DQh6PV3UEAEa0OjRgq1RQ24stUlBIhX0NncU
O6mM2pjsH6z9P2Pt26QRst+VqaA6Q+t4AqVuE0uHLoTcX0B97+bsYAkxryCxcRyM
+c6RQ/eMgfufiTZvq7zOHmtcuyQHx+fXO7x+Qaut2dCdX7F0RyiOnMqBQjxKz7pd
9p9WwAEIICcsB43yDjQE8QWkQvFmD2YMkChHw8+QP1DL
-----END CERTIFICATE-----