Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/5sZC6zdwv0lvURXDP0TAo2bQCRc.roa
File:                     5sZC6zdwv0lvURXDP0TAo2bQCRc.roa (raw, json)
Hash identifier:          coyU6EErlRGxW3O7NVwddiHmgz4HK2ZsW5N5oUSeCxE=
Subject key identifier:   E6:C6:42:EB:37:70:BF:49:6F:51:15:C3:3F:44:C0:A3:66:D0:09:17
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0194222012DDBB0712F21DCE8371FA3281E0
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/5sZC6zdwv0lvURXDP0TAo2bQCRc.roa
Signing time:             Wed 01 Jan 2025 13:48:34 +0000
ROA not before:           Wed 01 Jan 2025 13:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     23470
IP address blocks:        45.83.31.0/24 maxlen: 24
                          193.26.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:12:dd:bb:07:12:f2:1d:ce:83:71:fa:32:81:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e6c642eb3770bf496f5115c33f44c0a366d00917
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f9:38:77:f0:66:8e:93:96:1e:b4:f5:b8:64:85:
                    1c:01:a7:44:b8:df:86:c4:d4:e4:b0:22:0f:0b:f6:
                    9f:e8:0f:f2:0e:f5:75:5a:c4:f4:9d:89:d7:f4:be:
                    82:a8:66:11:0f:3d:e3:dc:84:d8:30:63:e8:1a:6b:
                    67:5f:bd:d1:c1:19:3a:55:f1:9b:72:8b:a1:cb:ce:
                    91:4a:8d:bd:af:27:54:1f:db:d4:b6:2a:9a:8f:40:
                    84:0f:b0:b5:1b:52:5f:c5:6f:3c:bd:5c:a3:fb:3d:
                    10:1e:0e:11:b0:30:fe:cf:57:8a:08:7c:a1:20:35:
                    05:60:ae:f7:93:bc:ae:a3:cc:e2:ad:95:18:84:8b:
                    1e:bd:e5:cc:36:8e:e8:42:14:65:31:d9:c0:f0:5d:
                    07:b1:0c:16:34:28:f0:9c:8a:c9:3e:36:83:38:0f:
                    5a:7c:52:9e:50:6f:89:65:61:52:6d:00:22:71:c2:
                    be:a7:8e:14:d5:12:0c:1a:e9:88:e8:9c:0d:09:4f:
                    53:2a:df:1c:03:d2:04:c4:02:33:4d:de:6d:eb:cc:
                    10:e2:5f:0f:8b:2d:fc:53:60:b0:f0:1e:14:86:62:
                    ff:81:b8:1f:7c:86:8e:ba:99:b0:68:a6:28:3b:91:
                    6e:19:60:22:20:2f:16:58:8c:9e:e7:46:78:f8:7c:
                    7f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E6:C6:42:EB:37:70:BF:49:6F:51:15:C3:3F:44:C0:A3:66:D0:09:17
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/5sZC6zdwv0lvURXDP0TAo2bQCRc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.83.31.0/24
                  193.26.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:56:41:6a:4b:87:87:8e:e4:e4:fe:84:2d:f4:0e:69:90:ca:
         94:27:17:87:3d:3a:ae:d3:28:ef:b8:47:28:d4:37:a3:e1:f1:
         0e:e9:be:df:0d:76:9e:79:3e:cf:24:d8:b3:21:72:3d:ad:6c:
         9a:fe:17:a7:cb:2d:2c:8f:00:65:72:a1:ee:a0:4d:01:8e:bb:
         ae:35:aa:a2:61:dd:a8:e2:e8:8b:e8:c6:af:2b:19:4e:38:c5:
         3b:e1:63:54:a1:29:62:46:63:7a:38:f2:3f:ae:6d:77:3f:d9:
         c3:60:9d:52:cc:ca:71:6d:3b:09:d5:a5:88:43:97:96:44:23:
         29:6c:24:80:fd:e3:a7:a8:98:33:5f:b0:67:3c:b6:6b:54:d2:
         55:f4:e9:64:ee:45:ee:03:9c:62:5a:91:f9:24:bf:13:d9:13:
         84:bf:b0:f1:16:3c:72:47:97:bb:0a:14:21:d7:7f:45:18:52:
         86:1d:3c:62:e7:83:3a:34:07:c1:da:22:43:dc:f3:e7:88:c3:
         06:01:73:1e:c5:e3:13:30:66:ff:dd:8b:d0:03:a5:c0:aa:f0:
         0c:09:d4:9d:be:96:b6:bd:38:50:e3:af:a7:4a:ec:27:82:7a:
         47:08:2d:2a:2f:ab:4e:b3:06:cc:d2:da:f8:a5:fa:de:5e:79:
         b2:93:64:e2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIBLduwcS8h3Og3H6MoHgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNmM2NDJlYjM3NzBiZjQ5NmY1MTE1YzMzZjQ0YzBhMzY2ZDAwOTE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+Th38GaOk5YetPW4ZIUcAadEuN+G
xNTksCIPC/af6A/yDvV1WsT0nYnX9L6CqGYRDz3j3ITYMGPoGmtnX73RwRk6VfGb
couhy86RSo29rydUH9vUtiqaj0CED7C1G1JfxW88vVyj+z0QHg4RsDD+z1eKCHyh
IDUFYK73k7yuo8zirZUYhIseveXMNo7oQhRlMdnA8F0HsQwWNCjwnIrJPjaDOA9a
fFKeUG+JZWFSbQAiccK+p44U1RIMGumI6JwNCU9TKt8cA9IExAIzTd5t68wQ4l8P
iy38U2Cw8B4UhmL/gbgffIaOupmwaKYoO5FuGWAiIC8WWIye50Z4+Hx/owIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFObGQus3cL9Jb1EVwz9EwKNm0AkXMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvNXNaQzZ6ZHd2MGx2VVJYRFAwVEFvMmJRQ1JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVMfAwQA
wRpzMA0GCSqGSIb3DQEBCwUAA4IBAQBwVkFqS4eHjuTk/oQt9A5pkMqUJxeHPTqu
0yjvuEco1Dej4fEO6b7fDXaeeT7PJNizIXI9rWya/henyy0sjwBlcqHuoE0Bjruu
NaqiYd2o4uiL6MavKxlOOMU74WNUoSliRmN6OPI/rm13P9nDYJ1SzMpxbTsJ1aWI
Q5eWRCMpbCSA/eOnqJgzX7BnPLZrVNJV9Olk7kXuA5xiWpH5JL8T2ROEv7DxFjxy
R5e7ChQh139FGFKGHTxi54M6NAfB2iJD3PPniMMGAXMexeMTMGb/3YvQA6XAqvAM
CdSdvpa2vThQ46+nSuwngnpHCC0qL6tOswbM0tr4pfreXnmyk2Ti
-----END CERTIFICATE-----