Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/ca62a1-4c72-481b-9f25-eec490d506f7/1/fc4brGlD2V9aXaMOkj_E0RZ_J08.roa
File:                     fc4brGlD2V9aXaMOkj_E0RZ_J08.roa (raw, json)
Hash identifier:          OhUlbRmFgYOLeHLw8imL9BrjCyNfPZwGRzxzejrVjWo=
Subject key identifier:   7D:CE:1B:AC:69:43:D9:5F:5A:5D:A3:0E:92:3F:C4:D1:16:7F:27:4F
Certificate issuer:       /CN=abe2353d9bd5b8c5b58cc71021324bb90dd2dd91
Certificate serial:       019420D620578B37A772AFC58B88AB712261
Authority key identifier: AB:E2:35:3D:9B:D5:B8:C5:B5:8C:C7:10:21:32:4B:B9:0D:D2:DD:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q-I1PZvVuMW1jMcQITJLuQ3S3ZE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/ca62a1-4c72-481b-9f25-eec490d506f7/1/fc4brGlD2V9aXaMOkj_E0RZ_J08.roa
Signing time:             Wed 01 Jan 2025 07:48:11 +0000
ROA not before:           Wed 01 Jan 2025 07:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208234
IP address blocks:        45.145.60.0/24 maxlen: 24
                          45.145.61.0/24 maxlen: 24
                          45.145.62.0/24 maxlen: 24
                          45.145.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/ca62a1-4c72-481b-9f25-eec490d506f7/1/q-I1PZvVuMW1jMcQITJLuQ3S3ZE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/ca62a1-4c72-481b-9f25-eec490d506f7/1/q-I1PZvVuMW1jMcQITJLuQ3S3ZE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q-I1PZvVuMW1jMcQITJLuQ3S3ZE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:20:57:8b:37:a7:72:af:c5:8b:88:ab:71:22:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=abe2353d9bd5b8c5b58cc71021324bb90dd2dd91
        Validity
            Not Before: Jan  1 07:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7dce1bac6943d95f5a5da30e923fc4d1167f274f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:36:00:dc:d9:7a:28:4a:4b:cb:6d:84:4d:9b:
                    76:16:73:8d:c1:d4:77:e8:f1:8a:8b:74:75:f3:be:
                    c4:fc:6c:64:b0:f1:32:db:cb:80:fe:42:b9:c3:d3:
                    a8:fb:82:52:90:6c:c3:02:d1:36:c0:6c:8a:55:8a:
                    52:b3:b4:03:d7:8c:04:ae:aa:86:fc:4c:7d:e6:59:
                    d3:5c:f6:6f:e3:e0:5b:cd:28:5a:3c:8c:ea:0e:1d:
                    04:3d:75:40:75:aa:82:f9:a5:4a:7e:11:1d:74:e7:
                    15:f6:69:d0:ef:b3:40:02:47:43:1b:d8:72:c0:73:
                    44:34:02:20:3a:6a:bc:19:36:f4:bb:b1:93:03:d9:
                    7d:a8:20:c7:a3:c6:3b:ec:b8:74:92:19:ba:55:c1:
                    ff:18:ee:39:53:05:b9:25:9d:21:96:98:25:dd:7f:
                    00:d2:8e:ce:d2:62:38:ea:cf:85:ab:0c:4b:a2:8c:
                    86:d4:6b:e5:89:42:bd:12:96:97:d8:44:56:c2:49:
                    db:47:c9:4e:f3:36:bf:94:7e:30:d0:18:fe:df:fd:
                    05:a0:58:02:e6:b5:76:17:be:6c:a8:0c:76:d3:ed:
                    21:a9:85:3c:01:39:4d:78:a2:ba:f8:f7:fb:17:5a:
                    52:88:67:a7:73:f9:57:01:ea:42:b3:23:99:bb:97:
                    39:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:CE:1B:AC:69:43:D9:5F:5A:5D:A3:0E:92:3F:C4:D1:16:7F:27:4F
            X509v3 Authority Key Identifier:
                keyid:AB:E2:35:3D:9B:D5:B8:C5:B5:8C:C7:10:21:32:4B:B9:0D:D2:DD:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q-I1PZvVuMW1jMcQITJLuQ3S3ZE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ca62a1-4c72-481b-9f25-eec490d506f7/1/fc4brGlD2V9aXaMOkj_E0RZ_J08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/ca62a1-4c72-481b-9f25-eec490d506f7/1/q-I1PZvVuMW1jMcQITJLuQ3S3ZE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9c:9d:39:8e:3d:78:75:8e:b6:58:7c:76:38:31:dd:98:26:01:
         17:ce:c3:ea:9b:fd:cf:f4:7b:11:85:98:e7:ec:73:74:99:50:
         9b:76:9a:96:17:d3:15:12:8d:77:6e:75:cf:5b:91:7a:3a:0e:
         6b:1e:c4:50:1b:fc:2a:07:57:96:ed:28:6f:c6:e6:12:62:41:
         39:b0:3d:f6:46:65:27:f4:c6:d5:40:b4:74:3a:33:f6:69:62:
         f2:fa:32:e8:be:ef:d7:49:f9:be:5d:02:ec:16:40:f2:2a:fe:
         a9:3a:66:43:ad:02:77:fd:10:ac:2e:33:41:9c:b2:88:0a:cd:
         fb:12:b0:2d:c3:32:e0:11:60:b3:15:41:2f:ae:29:ae:03:86:
         5a:1d:f6:0d:fd:6a:4f:75:32:54:f7:64:c5:b7:73:3f:11:a5:
         f0:eb:90:95:8b:46:d2:00:2e:fb:f6:85:5c:33:0e:20:8e:a1:
         f5:76:13:96:4c:4a:26:31:b1:20:c8:91:cc:c9:ee:6f:f9:e8:
         5c:fe:1e:13:5e:ce:28:64:c1:78:10:92:47:16:94:da:b7:f7:
         29:e3:35:15:b6:e2:23:76:bf:e0:7c:9a:ca:7f:05:90:45:e6:
         4f:b4:11:69:ce:04:8d:39:6e:82:13:94:b3:7f:48:da:de:54:
         b5:86:08:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1iBXizencq/Fi4ircSJhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiZTIzNTNkOWJkNWI4YzViNThjYzcxMDIxMzI0YmI5MGRk
MmRkOTEwHhcNMjUwMTAxMDc0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGNlMWJhYzY5NDNkOTVmNWE1ZGEzMGU5MjNmYzRkMTE2N2YyNzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2jYA3Nl6KEpLy22ETZt2FnONwdR3
6PGKi3R1877E/GxksPEy28uA/kK5w9Oo+4JSkGzDAtE2wGyKVYpSs7QD14wErqqG
/Ex95lnTXPZv4+BbzShaPIzqDh0EPXVAdaqC+aVKfhEddOcV9mnQ77NAAkdDG9hy
wHNENAIgOmq8GTb0u7GTA9l9qCDHo8Y77Lh0khm6VcH/GO45UwW5JZ0hlpgl3X8A
0o7O0mI46s+FqwxLooyG1GvliUK9EpaX2ERWwknbR8lO8za/lH4w0Bj+3/0FoFgC
5rV2F75sqAx20+0hqYU8ATlNeKK6+Pf7F1pSiGenc/lXAepCsyOZu5c5lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH3OG6xpQ9lfWl2jDpI/xNEWfydPMB8GA1UdIwQY
MBaAFKviNT2b1bjFtYzHECEyS7kN0t2RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcS1JMVBadlZ1TVcxak1jUUlUSkx1UTNTM1pFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jYTYyYTEtNGM3Mi00ODFiLTlmMjUt
ZWVjNDkwZDUwNmY3LzEvZmM0YnJHbEQyVjlhWGFNT2tqX0UwUlpfSjA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jYTYyYTEtNGM3Mi00ODFiLTlmMjUtZWVjNDkwZDUwNmY3
LzEvcS1JMVBadlZ1TVcxak1jUUlUSkx1UTNTM1pFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZE8MA0G
CSqGSIb3DQEBCwUAA4IBAQCcnTmOPXh1jrZYfHY4Md2YJgEXzsPqm/3P9HsRhZjn
7HN0mVCbdpqWF9MVEo13bnXPW5F6Og5rHsRQG/wqB1eW7ShvxuYSYkE5sD32RmUn
9MbVQLR0OjP2aWLy+jLovu/XSfm+XQLsFkDyKv6pOmZDrQJ3/RCsLjNBnLKICs37
ErAtwzLgEWCzFUEvrimuA4ZaHfYN/WpPdTJU92TFt3M/EaXw65CVi0bSAC779oVc
Mw4gjqH1dhOWTEomMbEgyJHMye5v+ehc/h4TXs4oZMF4EJJHFpTat/cp4zUVtuIj
dr/gfJrKfwWQReZPtBFpzgSNOW6CE5Szf0ja3lS1hggo
-----END CERTIFICATE-----