Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/30c0c0-9eca-464f-8b9f-6a5b5f5ca9d3/1/eZNf3C9feSNGJ4V8vhX9W1CodHo.roa
File:                     eZNf3C9feSNGJ4V8vhX9W1CodHo.roa (raw, json)
Hash identifier:          jCzejzqRu1A4u7nv7yzoXy+ymx/Nx97x4lbTMxiUYlQ=
Subject key identifier:   79:93:5F:DC:2F:5F:79:23:46:27:85:7C:BE:15:FD:5B:50:A8:74:7A
Certificate issuer:       /CN=29ba0a1d7848d2c1b231dd3e6824420d18799913
Certificate serial:       01942825F6449348D578560CCC03B8F7C3B0
Authority key identifier: 29:BA:0A:1D:78:48:D2:C1:B2:31:DD:3E:68:24:42:0D:18:79:99:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KboKHXhI0sGyMd0-aCRCDRh5mRM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/30c0c0-9eca-464f-8b9f-6a5b5f5ca9d3/1/eZNf3C9feSNGJ4V8vhX9W1CodHo.roa
Signing time:             Thu 02 Jan 2025 17:52:44 +0000
ROA not before:           Thu 02 Jan 2025 17:52:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208956
IP address blocks:        45.13.64.0/24 maxlen: 24
                          45.13.65.0/24 maxlen: 24
                          45.13.66.0/24 maxlen: 24
                          45.13.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/30c0c0-9eca-464f-8b9f-6a5b5f5ca9d3/1/KboKHXhI0sGyMd0-aCRCDRh5mRM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/30c0c0-9eca-464f-8b9f-6a5b5f5ca9d3/1/KboKHXhI0sGyMd0-aCRCDRh5mRM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KboKHXhI0sGyMd0-aCRCDRh5mRM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:f6:44:93:48:d5:78:56:0c:cc:03:b8:f7:c3:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29ba0a1d7848d2c1b231dd3e6824420d18799913
        Validity
            Not Before: Jan  2 17:52:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79935fdc2f5f79234627857cbe15fd5b50a8747a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:96:b3:82:de:a9:fa:13:10:53:53:2e:2b:fb:
                    cb:8e:06:cc:3f:f0:b8:26:c8:e3:a5:72:e5:eb:65:
                    4b:4e:a4:58:69:e9:57:b9:77:40:b6:23:61:87:16:
                    fe:20:9a:e1:07:ee:3f:1d:91:e3:e7:32:71:8a:80:
                    90:12:00:70:9b:47:37:22:7b:f7:64:28:e0:79:5a:
                    fd:34:9b:b6:ac:c4:03:d5:cf:33:e5:15:12:0d:22:
                    e7:7c:a5:2d:a2:c1:8c:b7:a3:73:36:41:9d:d9:87:
                    4f:90:57:a0:9e:8a:8c:e6:81:b8:32:09:3a:ac:dd:
                    e6:68:a3:4d:93:ff:ed:cf:cb:2b:65:02:20:ef:0e:
                    13:65:f0:07:81:ba:39:25:cc:d8:46:8c:99:3f:a6:
                    a3:1e:dc:33:17:85:4a:82:9f:49:2c:3f:f5:80:3d:
                    d0:ab:ae:c6:ad:1f:4e:04:a9:de:7a:62:e6:46:26:
                    91:3d:48:5a:f4:8c:eb:93:5f:07:58:bf:20:56:08:
                    72:fe:a8:b2:00:c0:07:b9:a6:9d:69:59:8b:be:68:
                    e0:0d:4d:86:16:8d:b0:62:f0:47:f7:40:f9:a0:61:
                    f1:fc:c9:5b:f2:5c:4b:43:4e:7a:f2:54:32:5c:6d:
                    cf:d3:c7:b7:91:90:aa:c7:30:01:e0:ee:60:f2:f4:
                    e3:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:93:5F:DC:2F:5F:79:23:46:27:85:7C:BE:15:FD:5B:50:A8:74:7A
            X509v3 Authority Key Identifier:
                keyid:29:BA:0A:1D:78:48:D2:C1:B2:31:DD:3E:68:24:42:0D:18:79:99:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KboKHXhI0sGyMd0-aCRCDRh5mRM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/30c0c0-9eca-464f-8b9f-6a5b5f5ca9d3/1/eZNf3C9feSNGJ4V8vhX9W1CodHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/30c0c0-9eca-464f-8b9f-6a5b5f5ca9d3/1/KboKHXhI0sGyMd0-aCRCDRh5mRM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         dc:b7:2f:a3:9b:07:ee:0e:e1:1e:93:dc:12:13:e4:31:4f:57:
         cd:74:0a:38:05:a2:02:dc:a1:ec:e3:d6:2f:3f:a8:98:cd:67:
         6e:55:d3:5a:b2:80:29:ee:cf:ba:7c:f0:14:cc:6e:a5:fc:7a:
         f1:ae:78:7d:7b:c7:dd:59:5b:e0:05:e6:14:d8:9d:52:c0:6f:
         65:45:c4:d0:7e:ab:71:a0:cf:cf:6b:e4:ef:3c:63:84:cf:a6:
         e4:16:a5:96:f6:c9:a5:36:40:e4:83:58:9e:44:5a:15:2c:2d:
         6f:3b:28:32:38:c5:17:1a:6b:2e:2a:fa:89:0f:99:9f:f4:05:
         38:98:ca:cf:de:1f:4b:4b:8d:5a:e3:bc:de:01:47:af:81:f6:
         4e:94:0d:ee:a1:8a:75:60:fd:78:f9:e5:87:56:f5:05:5d:00:
         0a:47:ec:ae:a8:ee:5a:d3:eb:d2:5e:f6:3a:a4:57:fe:e5:55:
         9e:30:f8:00:3a:ae:a9:a4:4d:95:e3:9d:a6:b6:37:11:20:62:
         2a:03:97:91:63:90:f0:ec:41:50:68:15:3c:22:e2:6f:e5:0a:
         35:d6:90:30:87:fa:0f:1d:02:dd:7c:0c:77:7a:2d:86:68:a7:
         81:88:11:70:53:cd:9e:f0:50:c2:50:c0:26:17:13:26:22:37:
         21:55:c6:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJfZEk0jVeFYMzAO498OwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5YmEwYTFkNzg0OGQyYzFiMjMxZGQzZTY4MjQ0MjBkMTg3
OTk5MTMwHhcNMjUwMTAyMTc1MjQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTkzNWZkYzJmNWY3OTIzNDYyNzg1N2NiZTE1ZmQ1YjUwYTg3NDdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpazgt6p+hMQU1MuK/vLjgbMP/C4
JsjjpXLl62VLTqRYaelXuXdAtiNhhxb+IJrhB+4/HZHj5zJxioCQEgBwm0c3Inv3
ZCjgeVr9NJu2rMQD1c8z5RUSDSLnfKUtosGMt6NzNkGd2YdPkFegnoqM5oG4Mgk6
rN3maKNNk//tz8srZQIg7w4TZfAHgbo5JczYRoyZP6ajHtwzF4VKgp9JLD/1gD3Q
q67GrR9OBKneemLmRiaRPUha9Izrk18HWL8gVghy/qiyAMAHuaadaVmLvmjgDU2G
Fo2wYvBH90D5oGHx/Mlb8lxLQ0568lQyXG3P08e3kZCqxzAB4O5g8vTjCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmTX9wvX3kjRieFfL4V/VtQqHR6MB8GA1UdIwQY
MBaAFCm6Ch14SNLBsjHdPmgkQg0YeZkTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS2JvS0hYaEkwc0d5TWQwLWFDUkNEUmg1bVJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8zMGMwYzAtOWVjYS00NjRmLThiOWYt
NmE1YjVmNWNhOWQzLzEvZVpOZjNDOWZlU05HSjRWOHZoWDlXMUNvZEhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8zMGMwYzAtOWVjYS00NjRmLThiOWYtNmE1YjVmNWNhOWQz
LzEvS2JvS0hYaEkwc0d5TWQwLWFDUkNEUmg1bVJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ1AMA0G
CSqGSIb3DQEBCwUAA4IBAQDcty+jmwfuDuEek9wSE+QxT1fNdAo4BaIC3KHs49Yv
P6iYzWduVdNasoAp7s+6fPAUzG6l/Hrxrnh9e8fdWVvgBeYU2J1SwG9lRcTQfqtx
oM/Pa+TvPGOEz6bkFqWW9smlNkDkg1ieRFoVLC1vOygyOMUXGmsuKvqJD5mf9AU4
mMrP3h9LS41a47zeAUevgfZOlA3uoYp1YP14+eWHVvUFXQAKR+yuqO5a0+vSXvY6
pFf+5VWeMPgAOq6ppE2V452mtjcRIGIqA5eRY5Dw7EFQaBU8IuJv5Qo11pAwh/oP
HQLdfAx3ei2GaKeBiBFwU82e8FDCUMAmFxMmIjchVcZo
-----END CERTIFICATE-----