Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/DhAFgJhLtYUjBOcxXPw_DHcxoVg.roa
File:                     DhAFgJhLtYUjBOcxXPw_DHcxoVg.roa (raw, json)
Hash identifier:          HAPeiYyLpz8KjR2aJE3jX6C1oW95vXsOfFgMKjjZFxc=
Subject key identifier:   0E:10:05:80:98:4B:B5:85:23:04:E7:31:5C:FC:3F:0C:77:31:A1:58
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       019422202A1006F941F5B220AB4451799895
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/DhAFgJhLtYUjBOcxXPw_DHcxoVg.roa
Signing time:             Wed 01 Jan 2025 13:48:40 +0000
ROA not before:           Wed 01 Jan 2025 13:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197432
IP address blocks:        45.123.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:2a:10:06:f9:41:f5:b2:20:ab:44:51:79:98:95
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e100580984bb5852304e7315cfc3f0c7731a158
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:16:14:d1:b6:94:67:0e:d4:b7:3a:eb:64:68:
                    a5:5b:1e:b4:ca:53:91:05:02:71:89:ef:45:51:cb:
                    cb:f7:c9:41:14:69:b7:59:5d:ed:dc:ea:a9:c4:91:
                    ec:82:e6:8c:77:5a:40:20:6a:a8:b3:a4:e0:69:ca:
                    f8:17:69:43:4c:dd:90:c7:49:e7:79:80:99:1a:89:
                    be:f3:ca:31:15:9c:52:5f:19:5f:ef:cc:a0:1e:1f:
                    17:69:a2:fc:87:3c:ad:f7:a1:e9:4b:e9:79:d9:1a:
                    c4:dc:bb:1e:92:de:03:76:68:da:b1:12:ea:9e:b4:
                    cd:57:12:e3:a4:2a:21:8f:6f:96:28:5f:73:b8:5c:
                    1b:f3:d1:ba:8c:5a:7e:ed:34:f7:04:a0:83:71:c5:
                    c3:5c:b7:d1:7f:1f:6a:5d:09:40:b3:11:dc:24:03:
                    d7:37:4d:a0:a1:6d:a5:c4:06:1f:07:a1:09:b5:02:
                    f9:49:c7:e3:06:ba:32:03:26:0b:b7:3f:fb:dd:66:
                    55:52:5f:de:58:f5:6e:31:a2:04:6d:72:cb:31:71:
                    cf:23:b2:bb:05:f9:73:12:e7:0a:b9:3f:79:0d:c8:
                    b0:fd:4b:63:9a:0a:55:a9:b2:63:c9:fb:de:58:30:
                    aa:9f:75:8b:a8:bf:84:cf:e1:df:ee:b3:8a:ae:56:
                    7d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:10:05:80:98:4B:B5:85:23:04:E7:31:5C:FC:3F:0C:77:31:A1:58
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/DhAFgJhLtYUjBOcxXPw_DHcxoVg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.123.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:9f:55:be:23:c2:d0:18:0e:31:5c:9c:87:94:43:5e:e3:55:
         29:b9:15:d8:13:ff:4e:c0:77:57:18:43:78:44:81:5a:7f:27:
         cc:4c:af:ca:7d:e8:7a:07:75:fc:f8:a3:4b:74:64:16:62:0e:
         0e:3e:15:e9:d9:5e:23:e4:69:9f:36:45:22:3a:dc:1e:5d:ff:
         0e:86:f1:3a:cd:32:87:17:61:85:a1:bc:ce:ec:ac:8c:ff:e0:
         a8:f3:ba:df:30:dd:34:ed:32:44:06:8b:69:7f:6c:2d:32:f8:
         2a:b3:e6:c9:c6:00:cc:69:69:cf:6e:81:11:d0:bf:82:ee:e2:
         9d:f3:7f:2d:74:55:9b:8c:e4:a0:d2:4b:50:56:e7:04:45:83:
         69:f0:01:ca:6e:0b:1e:f4:52:46:e4:64:b0:60:45:27:6a:fb:
         37:9d:ff:e3:12:ab:ac:9a:56:c3:6c:a3:da:37:a0:dc:b0:15:
         86:51:3a:53:7e:db:fa:6e:26:92:66:4c:cc:a0:ec:6c:41:1c:
         65:b3:80:56:07:c7:8e:6f:3a:b4:47:99:d2:d0:64:ce:39:56:
         36:3b:73:4f:2f:7d:e8:20:ea:cb:ad:54:5a:8e:3e:f1:e5:52:
         a2:d5:38:d1:6b:ca:7f:b2:e0:d0:86:a7:2b:9a:74:2c:92:f9:
         3e:06:36:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiICoQBvlB9bIgq0RReZiVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTEwMDU4MDk4NGJiNTg1MjMwNGU3MzE1Y2ZjM2YwYzc3MzFhMTU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvxYU0baUZw7UtzrrZGilWx60ylOR
BQJxie9FUcvL98lBFGm3WV3t3OqpxJHsguaMd1pAIGqos6Tgacr4F2lDTN2Qx0nn
eYCZGom+88oxFZxSXxlf78ygHh8XaaL8hzyt96HpS+l52RrE3Lsekt4DdmjasRLq
nrTNVxLjpCohj2+WKF9zuFwb89G6jFp+7TT3BKCDccXDXLfRfx9qXQlAsxHcJAPX
N02goW2lxAYfB6EJtQL5ScfjBroyAyYLtz/73WZVUl/eWPVuMaIEbXLLMXHPI7K7
BflzEucKuT95Dciw/UtjmgpVqbJjyfveWDCqn3WLqL+Ez+Hf7rOKrlZ9swIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFA4QBYCYS7WFIwTnMVz8Pwx3MaFYMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvRGhBRmdKaEx0WVVqQk9jeFhQd19ESGN4b1ZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALXsoMA0G
CSqGSIb3DQEBCwUAA4IBAQB4n1W+I8LQGA4xXJyHlENe41UpuRXYE/9OwHdXGEN4
RIFafyfMTK/Kfeh6B3X8+KNLdGQWYg4OPhXp2V4j5GmfNkUiOtweXf8OhvE6zTKH
F2GFobzO7KyM/+Co87rfMN007TJEBotpf2wtMvgqs+bJxgDMaWnPboER0L+C7uKd
838tdFWbjOSg0ktQVucERYNp8AHKbgse9FJG5GSwYEUnavs3nf/jEqusmlbDbKPa
N6DcsBWGUTpTftv6biaSZkzMoOxsQRxls4BWB8eObzq0R5nS0GTOOVY2O3NPL33o
IOrLrVRajj7x5VKi1TjRa8p/suDQhqcrmnQskvk+BjZz
-----END CERTIFICATE-----