Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/J_hUSuUVq-5SREnX9LR48bLhRL4.roa
File:                     J_hUSuUVq-5SREnX9LR48bLhRL4.roa (raw, json)
Hash identifier:          FMt4+aPAKLztAjt6sCb1REUjW712dwBEOWva7bTMXnk=
Subject key identifier:   27:F8:54:4A:E5:15:AB:EE:52:44:49:D7:F4:B4:78:F1:B2:E1:44:BE
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       019423D70BEF22753CC68FB8A12F523BDD19
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/J_hUSuUVq-5SREnX9LR48bLhRL4.roa
Signing time:             Wed 01 Jan 2025 21:48:03 +0000
ROA not before:           Wed 01 Jan 2025 21:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42922
IP address blocks:        185.252.145.0/24 maxlen: 24
                          2a0e:d601:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:0b:ef:22:75:3c:c6:8f:b8:a1:2f:52:3b:dd:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: Jan  1 21:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=27f8544ae515abee524449d7f4b478f1b2e144be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:12:2e:a8:03:15:f1:8c:d2:15:65:05:95:86:
                    49:a2:c3:3b:5e:64:5a:22:1d:78:94:e0:88:3c:de:
                    aa:4c:9a:49:d4:00:b7:2d:ba:dd:99:85:85:86:f4:
                    ba:e4:23:aa:5a:a0:af:b2:9f:79:32:e5:96:3d:05:
                    31:17:d7:2b:57:3b:01:db:4a:38:76:97:2b:be:74:
                    db:20:07:cf:27:1c:0f:95:6d:b8:83:70:5f:ed:8f:
                    70:86:b6:2a:48:27:69:0a:da:bd:26:97:c2:40:f4:
                    36:71:8a:88:e7:c1:2c:ca:5d:46:0e:39:41:b2:7c:
                    0e:ee:8f:82:cf:f5:f0:ca:38:ea:c9:a0:c3:33:21:
                    8a:c1:74:87:3e:75:e9:82:af:2a:a3:16:3c:f9:a9:
                    76:7e:92:33:d0:0a:1b:17:57:c4:c0:fe:a9:14:7a:
                    58:b9:32:65:f9:59:ec:01:68:47:c1:85:98:b2:cb:
                    27:bc:fe:19:cd:e1:1e:5a:da:b9:00:f8:28:2e:40:
                    04:45:d1:a6:af:9d:c8:9b:e1:a8:47:0e:c1:bc:53:
                    7f:55:1e:b2:b5:1a:87:d2:b5:ae:3f:ab:2c:4d:63:
                    cf:23:7a:05:62:d3:a7:a0:4c:36:82:6b:5b:02:6a:
                    2f:18:d7:56:f3:97:d7:9e:9a:6d:74:b7:f1:7c:80:
                    04:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:F8:54:4A:E5:15:AB:EE:52:44:49:D7:F4:B4:78:F1:B2:E1:44:BE
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/J_hUSuUVq-5SREnX9LR48bLhRL4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.145.0/24
                IPv6:
                  2a0e:d601:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         4f:d5:7b:6f:3a:c9:d2:d1:db:0d:d8:87:f0:a3:a6:a1:88:0c:
         7d:76:97:66:f2:9f:3b:5c:1e:83:0e:37:5d:1c:d4:6e:7c:45:
         c0:fb:46:d1:6c:e4:e7:4d:09:7b:e9:23:e1:95:92:35:5d:57:
         fc:1a:19:64:99:28:08:52:3c:94:33:ec:b7:e3:14:f3:2e:4d:
         d9:b6:43:1a:36:0a:9a:e2:1c:6b:ed:db:56:08:4f:20:e5:ae:
         db:36:a0:34:0c:f0:8b:62:fe:60:36:6f:61:39:7c:93:13:89:
         1e:7e:53:55:8b:81:9d:f6:88:d6:bc:fa:91:a8:2c:d4:6d:4a:
         a7:dd:11:fe:d8:5c:79:3e:04:45:95:fa:43:61:a5:ae:ee:b4:
         d5:e0:f4:6f:cc:9c:3d:bc:ac:9d:d7:4c:fb:41:e6:93:f0:6d:
         2d:2d:8f:e0:f2:82:ba:2e:b6:87:a2:2f:63:e2:74:f6:ea:41:
         e0:85:b5:d1:5c:d4:78:5f:f7:54:b2:63:9b:a9:79:60:53:9b:
         07:79:f8:c8:f9:65:94:c5:e6:29:6a:31:19:33:22:e6:1a:cb:
         99:f3:ad:23:a0:9b:51:6c:17:ea:15:e0:cb:24:8c:a2:af:57:
         c3:ed:9a:ad:50:97:8d:03:86:62:fd:9e:14:6a:f3:c5:1f:d9:
         82:73:f5:ef
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQj1wvvInU8xo+4oS9SO90ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwMTAxMjE0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyN2Y4NTQ0YWU1MTVhYmVlNTI0NDQ5ZDdmNGI0NzhmMWIyZTE0NGJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmBIuqAMV8YzSFWUFlYZJosM7XmRa
Ih14lOCIPN6qTJpJ1AC3LbrdmYWFhvS65COqWqCvsp95MuWWPQUxF9crVzsB20o4
dpcrvnTbIAfPJxwPlW24g3Bf7Y9whrYqSCdpCtq9JpfCQPQ2cYqI58Esyl1GDjlB
snwO7o+Cz/XwyjjqyaDDMyGKwXSHPnXpgq8qoxY8+al2fpIz0AobF1fEwP6pFHpY
uTJl+VnsAWhHwYWYsssnvP4ZzeEeWtq5APgoLkAERdGmr53Im+GoRw7BvFN/VR6y
tRqH0rWuP6ssTWPPI3oFYtOnoEw2gmtbAmovGNdW85fXnpptdLfxfIAE8QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFCf4VErlFavuUkRJ1/S0ePGy4US+MB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvSl9oVVN1VVZxLTVTUkVuWDlMUjQ4YkxoUkw0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAufyRMA8E
AgACMAkDBwAqDtYBAAEwDQYJKoZIhvcNAQELBQADggEBAE/Ve286ydLR2w3Yh/Cj
pqGIDH12l2bynztcHoMON10c1G58RcD7RtFs5OdNCXvpI+GVkjVdV/waGWSZKAhS
PJQz7LfjFPMuTdm2Qxo2CpriHGvt21YITyDlrts2oDQM8Iti/mA2b2E5fJMTiR5+
U1WLgZ32iNa8+pGoLNRtSqfdEf7YXHk+BEWV+kNhpa7utNXg9G/MnD28rJ3XTPtB
5pPwbS0tj+DygroutoeiL2PidPbqQeCFtdFc1Hhf91SyY5upeWBTmwd5+Mj5ZZTF
5ilqMRkzIuYay5nzrSOgm1FsF+oV4MskjKKvV8Ptmq1Ql40DhmL9nhRq88Uf2YJz
9e8=
-----END CERTIFICATE-----