Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/kHYyFPjohiyIQJY5w_HOlt1K3Fg.roa
File:                     kHYyFPjohiyIQJY5w_HOlt1K3Fg.roa (raw, json)
Hash identifier:          jgmI7LdVC9rYIzkr/aHKrpmNE8aaRzqVTYnNDaZBV5I=
Subject key identifier:   90:76:32:14:F8:E8:86:2C:88:40:96:39:C3:F1:CE:96:DD:4A:DC:58
Certificate issuer:       /CN=370e5450d1486780aba54f045ec4802f19f0b4f7
Certificate serial:       019428271A09B9C11261C73351030D1EEF47
Authority key identifier: 37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/kHYyFPjohiyIQJY5w_HOlt1K3Fg.roa
Signing time:             Thu 02 Jan 2025 17:53:58 +0000
ROA not before:           Thu 02 Jan 2025 17:53:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207960
IP address blocks:        45.129.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:1a:09:b9:c1:12:61:c7:33:51:03:0d:1e:ef:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=370e5450d1486780aba54f045ec4802f19f0b4f7
        Validity
            Not Before: Jan  2 17:53:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=90763214f8e8862c88409639c3f1ce96dd4adc58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d6:14:72:65:02:fb:d2:aa:38:a6:32:a4:92:
                    5c:10:dd:48:3c:d1:70:cf:47:de:55:b1:21:f8:b2:
                    b3:50:9c:fe:5c:ab:66:da:66:b8:6b:4a:87:13:04:
                    58:ed:1e:74:30:45:2f:e5:c6:c6:b2:7d:9c:d5:83:
                    9b:bc:27:ef:1f:70:2a:f4:c3:6c:da:f3:e1:cd:77:
                    85:7c:d9:37:c1:61:8c:49:9a:0b:e2:66:cf:1d:b7:
                    02:91:f2:49:a7:b5:d5:0d:51:d1:c1:ef:67:c6:e0:
                    59:0c:c7:0a:36:b9:8b:5b:16:94:31:9f:88:77:e8:
                    c5:76:38:f6:4f:32:cd:40:af:94:3b:67:9f:15:22:
                    7a:b7:fb:27:d3:c7:c4:fd:d8:30:0f:3f:60:b9:80:
                    c6:8e:94:2f:1f:dd:5d:82:24:da:db:5a:df:d9:44:
                    0f:6c:e0:d2:be:ab:f6:13:55:7c:29:9e:56:87:b0:
                    64:8a:cc:52:9c:ce:50:fa:8a:7d:b8:6b:bb:1c:63:
                    73:20:73:8c:3c:94:fb:a7:a3:16:73:ad:82:d8:d9:
                    f2:61:c7:90:11:b0:5e:38:7d:42:aa:e0:07:8a:59:
                    b6:32:02:a9:35:08:39:72:06:82:0b:3b:ef:57:25:
                    8a:27:f1:4f:63:78:77:7a:ee:ca:35:e7:9a:4f:fe:
                    5a:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                90:76:32:14:F8:E8:86:2C:88:40:96:39:C3:F1:CE:96:DD:4A:DC:58
            X509v3 Authority Key Identifier:
                keyid:37:0E:54:50:D1:48:67:80:AB:A5:4F:04:5E:C4:80:2F:19:F0:B4:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/kHYyFPjohiyIQJY5w_HOlt1K3Fg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9f/f0f70c-06e7-41ac-a2b8-858dce57fcdb/1/Nw5UUNFIZ4CrpU8EXsSALxnwtPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.129.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:a7:53:79:a9:30:e9:f8:11:89:39:4d:6c:0c:23:03:36:8a:
         60:9d:ff:4b:a2:56:b4:8c:8d:8b:8b:f8:7b:c1:5a:a5:b3:b4:
         99:98:cf:46:55:65:05:3e:00:e2:3f:29:c6:8d:c4:fc:e0:79:
         ba:96:e3:c4:6b:0a:3c:62:3d:23:da:4b:c1:42:f7:56:c8:2b:
         f1:53:5b:ce:1b:de:18:c3:47:34:24:f0:39:13:74:87:f8:ad:
         57:9f:f7:1a:bf:4d:d0:95:ac:b5:75:32:da:8d:80:48:d6:cc:
         71:81:52:cc:2f:23:ec:f8:8a:87:2f:e2:1a:15:aa:17:64:27:
         79:fd:7a:3c:c2:16:be:f5:6a:15:a4:99:60:0d:f0:10:f6:f1:
         d1:26:1a:9d:dc:50:3f:91:74:56:bf:b6:1e:e4:03:00:f5:75:
         fd:f6:c0:ca:83:40:16:c8:c0:87:f1:22:2e:ee:7a:19:aa:ec:
         32:97:26:9a:94:f2:69:7d:ed:bc:50:82:b7:cf:0e:c2:9d:a3:
         13:c8:f9:8a:dd:a6:a7:54:b1:6f:08:3f:02:39:b1:64:38:43:
         b0:3f:56:ea:39:95:81:6d:52:97:6e:f4:5e:36:03:d0:93:b9:
         06:f7:3b:9d:98:4c:20:20:b9:2c:3e:a0:a1:3f:67:30:85:f9:
         70:66:0a:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJxoJucESYcczUQMNHu9HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM3MGU1NDUwZDE0ODY3ODBhYmE1NGYwNDVlYzQ4MDJmMTlm
MGI0ZjcwHhcNMjUwMTAyMTc1MzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDc2MzIxNGY4ZTg4NjJjODg0MDk2MzljM2YxY2U5NmRkNGFkYzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNYUcmUC+9KqOKYypJJcEN1IPNFw
z0feVbEh+LKzUJz+XKtm2ma4a0qHEwRY7R50MEUv5cbGsn2c1YObvCfvH3Aq9MNs
2vPhzXeFfNk3wWGMSZoL4mbPHbcCkfJJp7XVDVHRwe9nxuBZDMcKNrmLWxaUMZ+I
d+jFdjj2TzLNQK+UO2efFSJ6t/sn08fE/dgwDz9guYDGjpQvH91dgiTa21rf2UQP
bODSvqv2E1V8KZ5Wh7BkisxSnM5Q+op9uGu7HGNzIHOMPJT7p6MWc62C2NnyYceQ
EbBeOH1CquAHilm2MgKpNQg5cgaCCzvvVyWKJ/FPY3h3eu7KNeeaT/5a9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJB2MhT46IYsiECWOcPxzpbdStxYMB8GA1UdIwQY
MBaAFDcOVFDRSGeAq6VPBF7EgC8Z8LT3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgt
ODU4ZGNlNTdmY2RiLzEva0hZeUZQam9oaXlJUUpZNXdfSE9sdDFLM0ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Zi9mMGY3MGMtMDZlNy00MWFjLWEyYjgtODU4ZGNlNTdmY2Ri
LzEvTnc1VVVORklaNENycFU4RVhzU0FMeG53dFBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYFfMA0G
CSqGSIb3DQEBCwUAA4IBAQBQp1N5qTDp+BGJOU1sDCMDNopgnf9Lola0jI2Li/h7
wVqls7SZmM9GVWUFPgDiPynGjcT84Hm6luPEawo8Yj0j2kvBQvdWyCvxU1vOG94Y
w0c0JPA5E3SH+K1Xn/cav03Qlay1dTLajYBI1sxxgVLMLyPs+IqHL+IaFaoXZCd5
/Xo8wha+9WoVpJlgDfAQ9vHRJhqd3FA/kXRWv7Ye5AMA9XX99sDKg0AWyMCH8SIu
7noZquwylyaalPJpfe28UIK3zw7CnaMTyPmK3aanVLFvCD8CObFkOEOwP1bqOZWB
bVKXbvReNgPQk7kG9zudmEwgILksPqChP2cwhflwZgrZ
-----END CERTIFICATE-----