Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/IRHUdCJMKz-TpT3dQtgHBOfrlx8.roa
File:                     IRHUdCJMKz-TpT3dQtgHBOfrlx8.roa (raw, json)
Hash identifier:          xDdXxGBmYXNV2TWsTiTPg/+ryMc+sQ51dQOA3UKy6NI=
Subject key identifier:   21:11:D4:74:22:4C:2B:3F:93:A5:3D:DD:42:D8:07:04:E7:EB:97:1F
Certificate issuer:       /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial:       0194222031B20A23A55D02E869C9F474C965
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/IRHUdCJMKz-TpT3dQtgHBOfrlx8.roa
Signing time:             Wed 01 Jan 2025 13:48:42 +0000
ROA not before:           Wed 01 Jan 2025 13:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203320
IP address blocks:        45.133.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:31:b2:0a:23:a5:5d:02:e8:69:c9:f4:74:c9:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
        Validity
            Not Before: Jan  1 13:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2111d474224c2b3f93a53ddd42d80704e7eb971f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:cb:68:5e:8a:4e:85:d7:7a:04:3a:07:80:bd:
                    e7:13:ce:d4:b1:30:d0:12:7e:4f:c8:30:c8:32:5d:
                    2b:d0:a8:dd:4c:88:1f:e8:74:2e:bb:f3:e4:92:9a:
                    6b:93:7f:29:ab:7a:39:53:48:b1:f6:09:27:7c:dd:
                    1f:c1:3b:46:fa:13:dd:81:99:53:12:d1:16:f2:0d:
                    d3:4d:93:37:fa:9d:81:51:15:a5:d7:95:16:b5:0a:
                    99:fb:6e:32:8f:82:12:58:9b:e3:fe:14:9a:c6:bc:
                    7a:26:7a:10:2c:2f:eb:b2:a6:f8:9a:d8:72:50:99:
                    db:34:8b:c3:32:55:27:77:cc:b9:a4:0b:bf:8c:91:
                    8b:fa:86:e0:fe:29:97:34:b5:f1:4c:78:f7:af:54:
                    26:b4:a0:8c:4e:78:5a:4c:31:ce:c9:cb:31:77:01:
                    df:95:65:1c:5c:9c:0d:13:3c:e2:69:c0:b4:c3:d6:
                    e0:2f:80:8a:db:8d:c2:79:95:fe:0a:24:ec:af:14:
                    aa:a2:57:85:39:92:a4:2e:69:28:de:e8:3b:95:39:
                    6f:cc:2d:fe:8c:77:3f:51:c2:18:69:c4:1e:b1:ad:
                    68:48:99:39:8f:5a:98:13:91:d9:cc:50:f5:f1:6f:
                    6d:c2:08:b4:94:5f:3b:13:58:62:2f:69:53:85:24:
                    c8:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:11:D4:74:22:4C:2B:3F:93:A5:3D:DD:42:D8:07:04:E7:EB:97:1F
            X509v3 Authority Key Identifier:
                keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/IRHUdCJMKz-TpT3dQtgHBOfrlx8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.133.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:74:4f:e8:6b:de:29:45:fb:6f:b6:bd:39:d9:5a:68:0e:c9:
         0b:7c:d6:96:42:03:a1:9b:b9:de:55:f1:bd:28:00:96:4f:dc:
         1b:73:88:24:fb:e2:cc:67:8c:1e:e2:45:3b:e2:b9:b1:f6:3b:
         c6:8d:3f:a0:8f:7c:6f:34:bd:e5:da:81:a6:59:60:28:75:4c:
         d0:22:4e:e4:46:34:7a:9e:18:ef:63:4a:7c:6f:86:57:aa:9a:
         a9:7b:3d:f9:f0:37:fc:86:3c:f3:c2:2e:13:b0:7a:f2:05:23:
         57:2d:02:b3:93:4f:12:ae:00:25:ee:52:44:0e:1b:6b:a1:37:
         ef:13:8a:03:1d:0b:a9:17:74:6e:6e:47:b7:3c:3a:a1:47:4a:
         f5:f8:50:cf:a9:52:62:3c:6e:4f:57:a2:20:d9:1e:0a:5f:3f:
         da:99:fa:65:2c:44:29:eb:84:3c:0e:62:92:d1:34:2b:9e:52:
         a0:f8:c2:6f:35:1c:f8:2a:b4:61:f4:c3:87:8c:a3:ad:3e:18:
         41:73:cf:d6:03:ae:61:64:1c:ac:0d:a7:ad:ad:b4:0f:53:ee:
         f7:c9:61:38:3d:35:ac:a9:49:ad:53:4a:e6:60:3b:68:36:65:
         a3:9c:2b:02:38:27:b9:1f:64:ad:34:5d:43:d7:d8:75:c7:05:
         1f:f0:0a:16
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIDGyCiOlXQLoacn0dMllMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjUwMTAxMTM0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTExZDQ3NDIyNGMyYjNmOTNhNTNkZGQ0MmQ4MDcwNGU3ZWI5NzFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsstoXopOhdd6BDoHgL3nE87UsTDQ
En5PyDDIMl0r0KjdTIgf6HQuu/Pkkpprk38pq3o5U0ix9gknfN0fwTtG+hPdgZlT
EtEW8g3TTZM3+p2BURWl15UWtQqZ+24yj4ISWJvj/hSaxrx6JnoQLC/rsqb4mthy
UJnbNIvDMlUnd8y5pAu/jJGL+obg/imXNLXxTHj3r1QmtKCMTnhaTDHOycsxdwHf
lWUcXJwNEzziacC0w9bgL4CK243CeZX+CiTsrxSqoleFOZKkLmko3ug7lTlvzC3+
jHc/UcIYacQesa1oSJk5j1qYE5HZzFD18W9twgi0lF87E1hiL2lThSTI+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCER1HQiTCs/k6U93ULYBwTn65cfMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvSVJIVWRDSk1Lei1UcFQzZFF0Z0hCT2ZybHg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALYUBMA0G
CSqGSIb3DQEBCwUAA4IBAQBidE/oa94pRftvtr052VpoDskLfNaWQgOhm7neVfG9
KACWT9wbc4gk++LMZ4we4kU74rmx9jvGjT+gj3xvNL3l2oGmWWAodUzQIk7kRjR6
nhjvY0p8b4ZXqpqpez358Df8hjzzwi4TsHryBSNXLQKzk08SrgAl7lJEDhtroTfv
E4oDHQupF3Rubke3PDqhR0r1+FDPqVJiPG5PV6Ig2R4KXz/amfplLEQp64Q8DmKS
0TQrnlKg+MJvNRz4KrRh9MOHjKOtPhhBc8/WA65hZBysDaetrbQPU+73yWE4PTWs
qUmtU0rmYDtoNmWjnCsCOCe5H2StNF1D19h1xwUf8AoW
-----END CERTIFICATE-----