Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/c1c762-5b4e-4212-9ad8-d0c55b0d4639/1/luFC5OndEP7RA4ay0vRrluMg4h8.roa
File:                     luFC5OndEP7RA4ay0vRrluMg4h8.roa (raw, json)
Hash identifier:          OxPUlMjYRZBQOD1El2GcTFzJh0AJGn766s7xCKXnv1o=
Subject key identifier:   96:E1:42:E4:E9:DD:10:FE:D1:03:86:B2:D2:F4:6B:96:E3:20:E2:1F
Certificate issuer:       /CN=41dd79557255419eb7fdc6d0af31fa707fdfbac8
Certificate serial:       01947AFA21F436A148E51CC5839D34253630
Authority key identifier: 41:DD:79:55:72:55:41:9E:B7:FD:C6:D0:AF:31:FA:70:7F:DF:BA:C8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Qd15VXJVQZ63_cbQrzH6cH_fusg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/c1c762-5b4e-4212-9ad8-d0c55b0d4639/1/luFC5OndEP7RA4ay0vRrluMg4h8.roa
Signing time:             Sat 18 Jan 2025 19:53:20 +0000
ROA not before:           Sat 18 Jan 2025 19:53:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216054
IP address blocks:        45.89.220.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/c1c762-5b4e-4212-9ad8-d0c55b0d4639/1/Qd15VXJVQZ63_cbQrzH6cH_fusg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/c1c762-5b4e-4212-9ad8-d0c55b0d4639/1/Qd15VXJVQZ63_cbQrzH6cH_fusg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Qd15VXJVQZ63_cbQrzH6cH_fusg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:7a:fa:21:f4:36:a1:48:e5:1c:c5:83:9d:34:25:36:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41dd79557255419eb7fdc6d0af31fa707fdfbac8
        Validity
            Not Before: Jan 18 19:53:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=96e142e4e9dd10fed10386b2d2f46b96e320e21f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:30:e1:2d:b2:0e:bd:f8:1a:09:7a:9a:2e:c1:
                    79:ef:9d:2c:c5:6d:29:59:ac:91:3b:e6:77:aa:b5:
                    29:b0:0a:f6:55:97:b8:ff:37:40:45:c0:fc:59:58:
                    c7:dc:1a:f1:40:b0:47:d6:f2:a4:73:5a:f0:ee:2c:
                    49:a8:bb:35:b8:99:3d:1d:6d:4a:5a:70:e1:3f:66:
                    44:18:8d:89:8f:8f:4e:5f:e0:41:14:94:08:1d:1b:
                    fd:fd:f8:65:d0:7d:d5:c3:59:15:68:5a:ad:35:27:
                    77:7f:39:ac:ea:6c:0e:28:d0:e0:bf:70:69:65:c3:
                    d5:ae:c4:e8:73:6e:2d:41:c2:f4:5e:61:09:fe:2c:
                    ea:48:ee:5e:1b:e6:52:b1:76:6f:95:80:28:02:c1:
                    70:65:7b:03:38:e3:07:51:95:62:75:c7:e2:a4:2e:
                    75:f9:55:af:6c:95:6b:97:1d:11:c6:fc:8b:3d:02:
                    41:f4:49:77:03:b3:a9:9a:39:0c:f0:3a:71:a8:a2:
                    42:ec:96:e6:c8:a9:19:81:fb:ff:3f:f1:25:32:62:
                    96:b9:6f:4a:cd:b2:1d:e6:c5:13:7c:6a:8e:de:9a:
                    0c:eb:b8:f2:a9:7d:9e:93:bf:77:59:db:16:b8:ad:
                    7b:1e:61:75:40:f6:4b:22:2e:94:b4:4c:47:db:03:
                    dd:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:E1:42:E4:E9:DD:10:FE:D1:03:86:B2:D2:F4:6B:96:E3:20:E2:1F
            X509v3 Authority Key Identifier:
                keyid:41:DD:79:55:72:55:41:9E:B7:FD:C6:D0:AF:31:FA:70:7F:DF:BA:C8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qd15VXJVQZ63_cbQrzH6cH_fusg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c1c762-5b4e-4212-9ad8-d0c55b0d4639/1/luFC5OndEP7RA4ay0vRrluMg4h8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/c1c762-5b4e-4212-9ad8-d0c55b0d4639/1/Qd15VXJVQZ63_cbQrzH6cH_fusg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.89.220.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:e9:6f:86:ae:ec:27:a6:af:61:8b:90:eb:3c:51:10:35:0b:
         83:cb:f1:8d:1f:ef:a4:bf:b3:14:6e:ac:b0:fd:f9:e3:4c:05:
         67:7a:a2:6d:39:e9:64:aa:c7:22:de:67:b0:a3:12:6c:16:85:
         25:dd:08:e2:a0:f0:4b:b6:37:75:fe:e3:2c:14:06:14:3c:31:
         0f:6d:73:99:f3:b6:d9:9c:29:70:8f:9e:ef:2a:ff:8c:58:a0:
         74:e9:9d:98:35:99:29:4e:3c:01:bd:73:0c:10:43:bd:20:72:
         ef:26:13:9d:ba:a5:38:8b:ed:b0:e7:6c:18:ca:7a:9a:e1:0c:
         25:fc:6c:ba:70:2b:8b:4f:ca:94:e7:94:a4:d6:7a:65:51:b0:
         b0:5b:a0:26:3b:98:02:33:9b:ef:5d:f9:63:d0:fa:e5:66:b4:
         21:d4:bf:63:b1:ad:25:c9:0f:74:11:9f:a8:ad:2d:ab:75:d2:
         56:3f:ba:c7:98:08:1e:9b:57:c4:cc:78:8a:bc:db:6a:5e:03:
         15:77:09:3e:11:fc:ef:59:55:40:1b:61:d0:e7:e5:a5:1d:c6:
         ac:50:26:f6:e7:56:3d:80:c5:35:36:b7:f6:72:7a:27:b2:dc:
         ef:74:a5:ce:ff:78:c4:7c:e7:d0:04:5e:ae:88:fa:9d:78:48:
         ca:c2:5e:ed
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZR6+iH0NqFI5RzFg500JTYwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxZGQ3OTU1NzI1NTQxOWViN2ZkYzZkMGFmMzFmYTcwN2Zk
ZmJhYzgwHhcNMjUwMTE4MTk1MzIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmUxNDJlNGU5ZGQxMGZlZDEwMzg2YjJkMmY0NmI5NmUzMjBlMjFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojDhLbIOvfgaCXqaLsF5750sxW0p
WayRO+Z3qrUpsAr2VZe4/zdARcD8WVjH3BrxQLBH1vKkc1rw7ixJqLs1uJk9HW1K
WnDhP2ZEGI2Jj49OX+BBFJQIHRv9/fhl0H3Vw1kVaFqtNSd3fzms6mwOKNDgv3Bp
ZcPVrsToc24tQcL0XmEJ/izqSO5eG+ZSsXZvlYAoAsFwZXsDOOMHUZVidcfipC51
+VWvbJVrlx0RxvyLPQJB9El3A7OpmjkM8DpxqKJC7JbmyKkZgfv/P/ElMmKWuW9K
zbId5sUTfGqO3poM67jyqX2ek793WdsWuK17HmF1QPZLIi6UtExH2wPdoQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJbhQuTp3RD+0QOGstL0a5bjIOIfMB8GA1UdIwQY
MBaAFEHdeVVyVUGet/3G0K8x+nB/37rIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWQxNVZYSlZRWjYzX2NiUXJ6SDZjSF9mdXNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi9jMWM3NjItNWI0ZS00MjEyLTlhZDgt
ZDBjNTViMGQ0NjM5LzEvbHVGQzVPbmRFUDdSQTRheTB2UnJsdU1nNGg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi9jMWM3NjItNWI0ZS00MjEyLTlhZDgtZDBjNTViMGQ0NjM5
LzEvUWQxNVZYSlZRWjYzX2NiUXJ6SDZjSF9mdXNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVncMA0G
CSqGSIb3DQEBCwUAA4IBAQBZ6W+Gruwnpq9hi5DrPFEQNQuDy/GNH++kv7MUbqyw
/fnjTAVneqJtOelkqsci3mewoxJsFoUl3QjioPBLtjd1/uMsFAYUPDEPbXOZ87bZ
nClwj57vKv+MWKB06Z2YNZkpTjwBvXMMEEO9IHLvJhOduqU4i+2w52wYynqa4Qwl
/Gy6cCuLT8qU55Sk1nplUbCwW6AmO5gCM5vvXflj0PrlZrQh1L9jsa0lyQ90EZ+o
rS2rddJWP7rHmAgem1fEzHiKvNtqXgMVdwk+EfzvWVVAG2HQ5+WlHcasUCb251Y9
gMU1Nrf2cnonstzvdKXO/3jEfOfQBF6uiPqdeEjKwl7t
-----END CERTIFICATE-----