Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/8acaf7-e0ca-4344-9dfd-a8ac41809f5f/1/x5BCA2nXSzjfqsyhw28GUZqlIA0.roa
File:                     x5BCA2nXSzjfqsyhw28GUZqlIA0.roa (raw, json)
Hash identifier:          XYC94H5SlTsc3HXQBpsVEd85N9+lJ9Ig2x3jNjrZbWg=
Subject key identifier:   C7:90:42:03:69:D7:4B:38:DF:AA:CC:A1:C3:6F:06:51:9A:A5:20:0D
Certificate issuer:       /CN=7c8e7097990e5a67178e297875a0d9f4605892a6
Certificate serial:       019420D6474A4716E13CC938906F2CB56B6F
Authority key identifier: 7C:8E:70:97:99:0E:5A:67:17:8E:29:78:75:A0:D9:F4:60:58:92:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fI5wl5kOWmcXjil4daDZ9GBYkqY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/8acaf7-e0ca-4344-9dfd-a8ac41809f5f/1/x5BCA2nXSzjfqsyhw28GUZqlIA0.roa
Signing time:             Wed 01 Jan 2025 07:48:21 +0000
ROA not before:           Wed 01 Jan 2025 07:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208315
IP address blocks:        45.142.240.0/22 maxlen: 22
                          2a0e:dc40::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/8acaf7-e0ca-4344-9dfd-a8ac41809f5f/1/fI5wl5kOWmcXjil4daDZ9GBYkqY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/8acaf7-e0ca-4344-9dfd-a8ac41809f5f/1/fI5wl5kOWmcXjil4daDZ9GBYkqY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fI5wl5kOWmcXjil4daDZ9GBYkqY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:47:4a:47:16:e1:3c:c9:38:90:6f:2c:b5:6b:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7c8e7097990e5a67178e297875a0d9f4605892a6
        Validity
            Not Before: Jan  1 07:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c790420369d74b38dfaacca1c36f06519aa5200d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:6a:91:b6:b3:3b:a7:b6:f5:29:37:84:1c:59:
                    72:4c:73:14:73:60:54:df:ff:32:38:20:71:c8:35:
                    13:3e:11:bc:50:97:ae:fc:4f:bf:a9:97:3d:0c:67:
                    6a:bc:1e:dd:61:86:e7:04:3e:c3:69:22:87:74:77:
                    12:97:b2:d4:e0:96:0c:4c:9e:4b:f1:7f:00:d0:75:
                    84:2b:56:03:c4:1a:dc:dc:c4:f8:85:24:05:3d:37:
                    38:77:04:91:1b:e3:fd:ee:c6:ec:50:9a:82:37:3e:
                    40:fb:f7:81:9a:c5:a1:ab:6b:bb:52:10:11:de:44:
                    5b:30:fc:e4:e9:31:25:00:01:5b:ec:3b:c3:a6:a5:
                    9e:d6:68:55:ed:db:a7:ce:6d:e2:06:26:6e:ab:ae:
                    ca:fd:f8:38:67:b3:d1:db:10:09:3e:93:9a:45:58:
                    13:ac:60:f7:aa:5d:fb:53:d7:7f:41:07:70:45:15:
                    63:f7:3e:5c:1c:0a:0b:34:e6:ec:9d:20:29:84:42:
                    d6:fa:f6:3a:66:a5:fe:a1:9a:60:bf:f1:16:6b:d2:
                    fa:99:75:f2:23:9c:6b:e8:e9:51:f0:cd:4c:04:d0:
                    c1:ac:2b:0d:3b:43:e6:e9:23:81:37:f0:fb:c5:e5:
                    8b:cd:a6:f0:c9:4b:21:97:40:14:25:aa:6b:a1:74:
                    4f:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:90:42:03:69:D7:4B:38:DF:AA:CC:A1:C3:6F:06:51:9A:A5:20:0D
            X509v3 Authority Key Identifier:
                keyid:7C:8E:70:97:99:0E:5A:67:17:8E:29:78:75:A0:D9:F4:60:58:92:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fI5wl5kOWmcXjil4daDZ9GBYkqY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/8acaf7-e0ca-4344-9dfd-a8ac41809f5f/1/x5BCA2nXSzjfqsyhw28GUZqlIA0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/8acaf7-e0ca-4344-9dfd-a8ac41809f5f/1/fI5wl5kOWmcXjil4daDZ9GBYkqY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.142.240.0/22
                IPv6:
                  2a0e:dc40::/29

    Signature Algorithm: sha256WithRSAEncryption
         93:43:4f:3c:36:5d:3c:fd:86:16:37:f3:62:f6:31:4f:30:bb:
         35:17:7b:fe:55:bf:be:9f:7f:25:c5:a8:2f:60:1c:89:91:35:
         a7:54:79:8e:41:31:bc:ca:a6:fb:3f:58:f7:36:e5:73:a8:d2:
         88:6d:5f:a6:e7:42:2c:34:02:19:3b:91:02:ce:a1:72:f7:0f:
         6a:e3:25:45:21:99:05:87:24:a9:5a:92:51:f5:8a:f9:f4:f9:
         cb:6e:48:67:6d:b4:6a:2f:5e:7e:16:6a:b4:7b:27:94:0e:b9:
         cc:84:2d:d7:8f:1b:8e:d2:dc:97:8c:b0:b8:71:58:ba:ed:aa:
         53:01:1a:77:11:aa:72:cd:e3:27:8d:45:c6:b4:85:3f:5f:d4:
         29:2c:ed:07:12:02:2b:43:b8:ea:8c:35:27:ab:cc:af:5d:8e:
         51:d5:31:76:02:50:97:35:58:4c:69:df:72:b5:9f:ea:d3:d1:
         ea:a7:17:a8:0b:26:ad:80:1c:d1:41:b0:87:f9:85:20:5a:84:
         ec:b6:ce:88:3c:4c:af:7f:dc:a0:c9:2a:f4:67:4b:e6:8b:8b:
         1d:ba:a7:79:f1:8f:7d:8a:70:56:83:76:a7:98:b1:a8:c3:37:
         c1:4a:9e:5e:94:f6:0a:3c:92:48:dd:75:ec:51:12:bf:b8:d1:
         c0:d0:37:62
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1kdKRxbhPMk4kG8stWtvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjOGU3MDk3OTkwZTVhNjcxNzhlMjk3ODc1YTBkOWY0NjA1
ODkyYTYwHhcNMjUwMTAxMDc0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzkwNDIwMzY5ZDc0YjM4ZGZhYWNjYTFjMzZmMDY1MTlhYTUyMDBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhmqRtrM7p7b1KTeEHFlyTHMUc2BU
3/8yOCBxyDUTPhG8UJeu/E+/qZc9DGdqvB7dYYbnBD7DaSKHdHcSl7LU4JYMTJ5L
8X8A0HWEK1YDxBrc3MT4hSQFPTc4dwSRG+P97sbsUJqCNz5A+/eBmsWhq2u7UhAR
3kRbMPzk6TElAAFb7DvDpqWe1mhV7dunzm3iBiZuq67K/fg4Z7PR2xAJPpOaRVgT
rGD3ql37U9d/QQdwRRVj9z5cHAoLNObsnSAphELW+vY6ZqX+oZpgv/EWa9L6mXXy
I5xr6OlR8M1MBNDBrCsNO0Pm6SOBN/D7xeWLzabwyUshl0AUJaproXRPGwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMeQQgNp10s436rMocNvBlGapSANMB8GA1UdIwQY
MBaAFHyOcJeZDlpnF44peHWg2fRgWJKmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZkk1d2w1a09XbWNYamlsNGRhRFo5R0JZa3FZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS84YWNhZjctZTBjYS00MzQ0LTlkZmQt
YThhYzQxODA5ZjVmLzEveDVCQ0EyblhTempmcXN5aHcyOEdVWnFsSUEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS84YWNhZjctZTBjYS00MzQ0LTlkZmQtYThhYzQxODA5ZjVm
LzEvZkk1d2w1a09XbWNYamlsNGRhRFo5R0JZa3FZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLY7wMA0E
AgACMAcDBQMqDtxAMA0GCSqGSIb3DQEBCwUAA4IBAQCTQ088Nl08/YYWN/Ni9jFP
MLs1F3v+Vb++n38lxagvYByJkTWnVHmOQTG8yqb7P1j3NuVzqNKIbV+m50IsNAIZ
O5ECzqFy9w9q4yVFIZkFhySpWpJR9Yr59PnLbkhnbbRqL15+Fmq0eyeUDrnMhC3X
jxuO0tyXjLC4cVi67apTARp3EapyzeMnjUXGtIU/X9QpLO0HEgIrQ7jqjDUnq8yv
XY5R1TF2AlCXNVhMad9ytZ/q09HqpxeoCyatgBzRQbCH+YUgWoTsts6IPEyvf9yg
ySr0Z0vmi4sduqd58Y99inBWg3anmLGowzfBSp5elPYKPJJI3XXsURK/uNHA0Ddi
-----END CERTIFICATE-----