Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/54iLRsUEYQSLlV8kHVTer9P4keA.roa
File:                     54iLRsUEYQSLlV8kHVTer9P4keA.roa (raw, json)
Hash identifier:          Oib7LJlXh4bUMGiTPxF+59IQOdwF+fvCUOmQ1Sv5YqM=
Subject key identifier:   E7:88:8B:46:C5:04:61:04:8B:95:5F:24:1D:54:DE:AF:D3:F8:91:E0
Certificate issuer:       /CN=b27261d715348bfd73ce9dbb72488656993ba2f1
Certificate serial:       0194221FBA37071FC9CDAB424D5E7B518113
Authority key identifier: B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/54iLRsUEYQSLlV8kHVTer9P4keA.roa
Signing time:             Wed 01 Jan 2025 13:48:12 +0000
ROA not before:           Wed 01 Jan 2025 13:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20473
IP address blocks:        45.143.238.0/24 maxlen: 24
                          45.143.239.0/24 maxlen: 24
                          103.228.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 11:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:ba:37:07:1f:c9:cd:ab:42:4d:5e:7b:51:81:13
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b27261d715348bfd73ce9dbb72488656993ba2f1
        Validity
            Not Before: Jan  1 13:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e7888b46c50461048b955f241d54deafd3f891e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:5f:ad:42:26:fc:8e:67:43:ee:70:75:6f:0f:
                    10:f4:a8:5b:3e:85:71:30:d0:79:2d:d9:7d:fb:d4:
                    e2:7e:f6:42:2c:ae:ff:ac:47:be:6d:fa:a7:04:57:
                    d9:38:2e:70:b4:b2:85:d6:ca:b1:46:63:c6:e5:b0:
                    80:50:82:bf:fd:96:89:0f:01:aa:f7:84:66:c6:04:
                    4d:5c:91:6b:96:f1:05:0c:e4:f2:07:ae:c9:61:11:
                    dc:f7:3a:c5:ca:fc:d6:67:7b:67:be:65:0c:c8:bc:
                    7a:49:07:7a:28:8f:52:56:1c:64:03:07:ae:dc:f9:
                    fb:95:14:1c:01:25:18:59:0b:d2:72:71:66:67:c2:
                    9c:c3:c6:05:2a:ed:03:81:ab:e7:60:9a:3d:b2:15:
                    c7:60:40:4c:ea:d7:25:c5:a4:d0:96:7e:a6:cf:ed:
                    bb:27:41:64:dc:c8:5f:f0:83:f8:81:5c:9f:4f:3b:
                    f1:c1:cd:a9:5d:26:6d:48:61:b7:3a:5e:94:e7:ab:
                    bf:2d:32:16:49:4f:7e:98:f9:ab:26:96:25:db:1f:
                    72:22:4e:a6:3d:28:f7:61:06:41:fe:be:6f:7e:ce:
                    c2:40:c3:2f:09:c2:7a:51:2c:6b:a0:eb:a4:14:3e:
                    d3:50:e1:79:9a:8b:20:f9:95:b6:2c:08:6e:72:77:
                    a0:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:88:8B:46:C5:04:61:04:8B:95:5F:24:1D:54:DE:AF:D3:F8:91:E0
            X509v3 Authority Key Identifier:
                keyid:B2:72:61:D7:15:34:8B:FD:73:CE:9D:BB:72:48:86:56:99:3B:A2:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/snJh1xU0i_1zzp27ckiGVpk7ovE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/54iLRsUEYQSLlV8kHVTer9P4keA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/aba502-d191-4fd7-a7cf-504f2766760f/1/snJh1xU0i_1zzp27ckiGVpk7ovE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.143.238.0/23
                  103.228.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:5b:39:fe:67:35:e4:d5:fe:9d:db:e1:59:3a:23:93:06:fa:
         bb:64:eb:2a:4f:f8:bd:4c:3a:a6:18:1e:44:ee:41:c3:82:6b:
         84:fb:18:72:56:b1:15:35:ac:b4:ec:21:57:7b:14:cf:57:c9:
         f6:8c:4e:e7:c2:fc:36:19:d9:4d:1c:27:da:3d:9c:aa:58:c1:
         f9:68:c0:54:9d:19:6a:3a:41:42:0a:8b:81:d9:9f:65:87:e1:
         b5:8f:b1:d7:8d:c2:48:ee:72:78:50:f1:53:1b:1b:fd:f8:ad:
         04:92:45:c5:69:04:6f:d7:90:73:85:e8:66:88:af:d8:5d:5b:
         e9:0b:8b:4b:c2:3f:e9:71:7b:37:aa:8e:63:fe:c4:5b:26:e4:
         47:d3:d0:35:09:8f:4a:68:3a:b2:f6:84:19:59:67:1c:fa:ab:
         c3:8b:65:27:a3:8d:8f:06:44:7a:e7:fc:6e:71:81:5d:26:82:
         4d:62:72:b2:4c:09:b7:da:17:51:b7:ba:29:76:bd:7d:30:ca:
         27:28:89:14:1d:44:56:21:b5:5d:70:a3:09:ef:fe:2e:d5:0f:
         11:70:95:ac:24:32:a8:00:1d:79:99:59:08:05:06:a2:c2:2f:
         bc:a3:e0:ba:89:4b:36:c8:cd:82:ef:6b:2f:86:a3:56:64:ed:
         be:3a:76:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiH7o3Bx/JzatCTV57UYETMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyNzI2MWQ3MTUzNDhiZmQ3M2NlOWRiYjcyNDg4NjU2OTkz
YmEyZjEwHhcNMjUwMTAxMTM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzg4OGI0NmM1MDQ2MTA0OGI5NTVmMjQxZDU0ZGVhZmQzZjg5MWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA31+tQib8jmdD7nB1bw8Q9KhbPoVx
MNB5Ldl9+9TifvZCLK7/rEe+bfqnBFfZOC5wtLKF1sqxRmPG5bCAUIK//ZaJDwGq
94RmxgRNXJFrlvEFDOTyB67JYRHc9zrFyvzWZ3tnvmUMyLx6SQd6KI9SVhxkAweu
3Pn7lRQcASUYWQvScnFmZ8Kcw8YFKu0DgavnYJo9shXHYEBM6tclxaTQln6mz+27
J0Fk3Mhf8IP4gVyfTzvxwc2pXSZtSGG3Ol6U56u/LTIWSU9+mPmrJpYl2x9yIk6m
PSj3YQZB/r5vfs7CQMMvCcJ6USxroOukFD7TUOF5mosg+ZW2LAhucnegfwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOeIi0bFBGEEi5VfJB1U3q/T+JHgMB8GA1UdIwQY
MBaAFLJyYdcVNIv9c86du3JIhlaZO6LxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2Yt
NTA0ZjI3NjY3NjBmLzEvNTRpTFJzVUVZUVNMbFY4a0hWVGVyOVA0a2VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS9hYmE1MDItZDE5MS00ZmQ3LWE3Y2YtNTA0ZjI3NjY3NjBm
LzEvc25KaDF4VTBpXzF6enAyN2NraUdWcGs3b3ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBLY/uAwQA
Z+QCMA0GCSqGSIb3DQEBCwUAA4IBAQBOWzn+ZzXk1f6d2+FZOiOTBvq7ZOsqT/i9
TDqmGB5E7kHDgmuE+xhyVrEVNay07CFXexTPV8n2jE7nwvw2GdlNHCfaPZyqWMH5
aMBUnRlqOkFCCouB2Z9lh+G1j7HXjcJI7nJ4UPFTGxv9+K0EkkXFaQRv15Bzhehm
iK/YXVvpC4tLwj/pcXs3qo5j/sRbJuRH09A1CY9KaDqy9oQZWWcc+qvDi2Uno42P
BkR65/xucYFdJoJNYnKyTAm32hdRt7opdr19MMonKIkUHURWIbVdcKMJ7/4u1Q8R
cJWsJDKoAB15mVkIBQaiwi+8o+C6iUs2yM2C72svhqNWZO2+OnZq
-----END CERTIFICATE-----