Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/YliUzYFl6Cxbds4WvuvM3HvbGh4.roa
File:                     YliUzYFl6Cxbds4WvuvM3HvbGh4.roa (raw, json)
Hash identifier:          YA+RaOHsqr5yUuKXsLiSjlSlkN7yCrQrNG/BJGqPbag=
Subject key identifier:   62:58:94:CD:81:65:E8:2C:5B:76:CE:16:BE:EB:CC:DC:7B:DB:1A:1E
Certificate issuer:       /CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
Certificate serial:       019427B3B30840084F017EB2661EBF5C1760
Authority key identifier: B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/YliUzYFl6Cxbds4WvuvM3HvbGh4.roa
Signing time:             Thu 02 Jan 2025 15:47:55 +0000
ROA not before:           Thu 02 Jan 2025 15:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214307
IP address blocks:        45.145.248.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:b3:08:40:08:4f:01:7e:b2:66:1e:bf:5c:17:60
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b155009c3de421cc4e67b9a9ae423bb35de0b926
        Validity
            Not Before: Jan  2 15:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=625894cd8165e82c5b76ce16beebccdc7bdb1a1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:eb:44:64:8a:0c:64:d6:d3:fc:00:8a:db:a0:
                    89:62:6b:25:9a:7b:5a:77:cb:cb:55:49:8f:d8:82:
                    fa:19:3a:d2:0b:60:8c:3f:ea:2d:70:71:36:7a:ff:
                    22:69:2f:1a:a0:0a:ae:40:5d:e4:21:22:fb:80:09:
                    ac:1e:b8:f9:da:35:bd:6f:3a:82:33:35:2d:bd:7a:
                    17:30:42:8a:b2:98:3e:1c:d5:9e:f0:55:6f:be:92:
                    98:1c:b7:f1:77:99:da:79:6b:36:13:58:38:82:36:
                    ca:82:6d:24:b9:93:d1:62:ff:e8:37:78:2d:83:06:
                    ad:40:63:d1:51:c9:fe:6a:f9:8d:f8:a2:29:ef:fb:
                    f0:6d:11:39:33:d9:b3:64:89:a4:72:79:39:a0:ab:
                    e7:30:0c:4e:c4:50:85:40:61:d6:71:32:ad:38:65:
                    52:0c:ea:55:06:cc:5b:42:59:4c:db:64:31:65:df:
                    49:69:57:55:e8:1b:48:e1:42:5f:68:53:58:a4:66:
                    3d:b1:dd:d8:95:c1:65:92:8e:58:88:c0:46:64:e3:
                    e9:de:fe:d3:a8:10:ca:c4:1e:64:05:a9:ef:cd:a8:
                    14:fc:87:50:ce:8b:78:10:2f:c9:c7:c2:ba:96:91:
                    fb:7c:dc:01:57:34:ab:fe:de:4a:25:5f:26:f0:4f:
                    f1:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:58:94:CD:81:65:E8:2C:5B:76:CE:16:BE:EB:CC:DC:7B:DB:1A:1E
            X509v3 Authority Key Identifier:
                keyid:B1:55:00:9C:3D:E4:21:CC:4E:67:B9:A9:AE:42:3B:B3:5D:E0:B9:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sVUAnD3kIcxOZ7mprkI7s13guSY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/YliUzYFl6Cxbds4WvuvM3HvbGh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/de902c-3d13-47d1-a5e6-73856af49f3e/1/sVUAnD3kIcxOZ7mprkI7s13guSY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.248.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:d6:69:5d:13:b6:70:fd:4c:06:02:e5:3f:ae:56:0f:d2:7e:
         bb:5e:84:c1:5d:15:0a:e7:7b:f7:d4:00:dc:00:21:73:78:5d:
         ce:de:77:f5:ef:4c:3d:aa:b0:11:0c:31:40:d6:dc:b7:3d:9d:
         5b:e9:76:e7:01:6c:17:cc:a8:af:d5:10:83:2d:30:43:c7:d6:
         c4:93:20:81:4e:91:f2:b7:a1:17:fd:2d:53:48:18:0f:12:57:
         e0:2d:44:cb:29:cd:7e:1a:a7:5a:56:0c:20:52:80:e3:5f:c1:
         6a:f5:f8:a7:28:33:50:21:d1:36:b8:49:2d:90:27:fe:f2:49:
         bd:e1:19:e5:5f:cf:7d:e8:ac:50:da:a1:ee:32:75:ea:75:8c:
         83:f7:c0:a3:5f:69:ae:c4:44:1c:43:5d:26:fe:39:f3:6b:ff:
         1c:1d:39:35:c6:6d:17:74:eb:f8:f3:f2:e4:a6:95:c1:6b:04:
         d0:dc:fe:fb:81:48:db:ad:0e:2e:f1:86:78:32:ef:32:92:48:
         59:cb:65:bf:bc:6d:8b:23:9b:35:be:83:ef:1e:8a:66:b0:02:
         f3:90:73:bf:31:1b:32:a4:ae:20:0d:3c:8e:98:ab:af:79:85:
         90:40:a6:72:46:5b:32:d9:1d:f7:0d:1b:e2:95:df:6b:30:34:
         9b:bb:88:bb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns7MIQAhPAX6yZh6/XBdgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNTUwMDljM2RlNDIxY2M0ZTY3YjlhOWFlNDIzYmIzNWRl
MGI5MjYwHhcNMjUwMTAyMTU0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjU4OTRjZDgxNjVlODJjNWI3NmNlMTZiZWViY2NkYzdiZGIxYTFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuetEZIoMZNbT/ACK26CJYmslmnta
d8vLVUmP2IL6GTrSC2CMP+otcHE2ev8iaS8aoAquQF3kISL7gAmsHrj52jW9bzqC
MzUtvXoXMEKKspg+HNWe8FVvvpKYHLfxd5naeWs2E1g4gjbKgm0kuZPRYv/oN3gt
gwatQGPRUcn+avmN+KIp7/vwbRE5M9mzZImkcnk5oKvnMAxOxFCFQGHWcTKtOGVS
DOpVBsxbQllM22QxZd9JaVdV6BtI4UJfaFNYpGY9sd3YlcFlko5YiMBGZOPp3v7T
qBDKxB5kBanvzagU/IdQzot4EC/Jx8K6lpH7fNwBVzSr/t5KJV8m8E/xAwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJYlM2BZegsW3bOFr7rzNx72xoeMB8GA1UdIwQY
MBaAFLFVAJw95CHMTme5qa5CO7Nd4LkmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYt
NzM4NTZhZjQ5ZjNlLzEvWWxpVXpZRmw2Q3hiZHM0V3Z1dk0zSHZiR2g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kZTkwMmMtM2QxMy00N2QxLWE1ZTYtNzM4NTZhZjQ5ZjNl
LzEvc1ZVQW5EM2tJY3hPWjdtcHJrSTdzMTNndVNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZH4MA0G
CSqGSIb3DQEBCwUAA4IBAQAw1mldE7Zw/UwGAuU/rlYP0n67XoTBXRUK53v31ADc
ACFzeF3O3nf170w9qrARDDFA1ty3PZ1b6XbnAWwXzKiv1RCDLTBDx9bEkyCBTpHy
t6EX/S1TSBgPElfgLUTLKc1+GqdaVgwgUoDjX8Fq9finKDNQIdE2uEktkCf+8km9
4RnlX8996KxQ2qHuMnXqdYyD98CjX2muxEQcQ10m/jnza/8cHTk1xm0XdOv48/Lk
ppXBawTQ3P77gUjbrQ4u8YZ4Mu8ykkhZy2W/vG2LI5s1voPvHopmsALzkHO/MRsy
pK4gDTyOmKuveYWQQKZyRlsy2R33DRvild9rMDSbu4i7
-----END CERTIFICATE-----