Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/CnLBnKO7kUWDOtI_wZowil8ZDY0.roa
File:                     CnLBnKO7kUWDOtI_wZowil8ZDY0.roa (raw, json)
Hash identifier:          +ZLQWoCpBdEd1GfrIrkM6Ixuxre1nfZzdo3/CXXl60U=
Subject key identifier:   0A:72:C1:9C:A3:BB:91:45:83:3A:D2:3F:C1:9A:30:8A:5F:19:0D:8D
Certificate issuer:       /CN=8f8685dbadffb01ddcce6c4d82a97f33c040ed2d
Certificate serial:       0194258FBE78E31D742F9A2D0F9F67F483B6
Authority key identifier: 8F:86:85:DB:AD:FF:B0:1D:DC:CE:6C:4D:82:A9:7F:33:C0:40:ED:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j4aF263_sB3czmxNgql_M8BA7S0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/CnLBnKO7kUWDOtI_wZowil8ZDY0.roa
Signing time:             Thu 02 Jan 2025 05:49:24 +0000
ROA not before:           Thu 02 Jan 2025 05:49:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208262
IP address blocks:        45.150.136.0/22 maxlen: 22
                          2a0f:c600::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/j4aF263_sB3czmxNgql_M8BA7S0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/j4aF263_sB3czmxNgql_M8BA7S0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j4aF263_sB3czmxNgql_M8BA7S0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:be:78:e3:1d:74:2f:9a:2d:0f:9f:67:f4:83:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f8685dbadffb01ddcce6c4d82a97f33c040ed2d
        Validity
            Not Before: Jan  2 05:49:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0a72c19ca3bb9145833ad23fc19a308a5f190d8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c0:27:63:21:7c:37:d8:a7:e7:c5:c9:5d:3a:
                    1a:79:f6:e7:b3:70:32:da:10:82:39:2d:41:e9:64:
                    36:d8:57:b8:8a:a9:d7:51:4c:e8:29:0e:d6:b7:32:
                    e3:e4:61:b9:30:25:30:88:b0:3d:db:f9:8b:d1:56:
                    b8:d7:e4:f0:14:9d:00:75:01:8b:de:d7:39:15:23:
                    19:e2:c4:ab:49:54:c1:4d:f5:33:cf:99:e6:9e:85:
                    b5:8d:1e:59:c8:7c:20:23:6f:f8:b0:a2:50:a1:93:
                    ad:c8:47:7d:7d:5a:5c:31:88:db:41:d2:b2:28:6c:
                    f9:95:bf:f2:0e:a9:91:8c:a7:62:9f:76:7b:d7:05:
                    9d:0a:07:94:c0:b8:b6:8c:6a:6c:ed:65:1f:8f:d2:
                    7e:84:c1:d1:d5:ab:f9:38:a4:7b:7b:80:ec:33:1e:
                    08:99:ff:df:5c:e0:23:34:12:f1:03:8f:51:55:aa:
                    0b:25:31:9a:8b:ef:35:5f:8b:a6:24:26:c1:2d:b2:
                    ac:d3:54:71:50:4d:42:b4:97:ed:1f:04:ba:02:6c:
                    4e:20:b2:65:07:84:2a:16:5c:7b:58:7e:1a:1f:8b:
                    4c:98:1c:59:b0:48:a0:cb:ba:b4:86:2d:48:fb:e4:
                    2c:af:fb:00:42:66:fd:e3:29:85:2a:2e:92:5f:77:
                    44:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:72:C1:9C:A3:BB:91:45:83:3A:D2:3F:C1:9A:30:8A:5F:19:0D:8D
            X509v3 Authority Key Identifier:
                keyid:8F:86:85:DB:AD:FF:B0:1D:DC:CE:6C:4D:82:A9:7F:33:C0:40:ED:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j4aF263_sB3czmxNgql_M8BA7S0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/CnLBnKO7kUWDOtI_wZowil8ZDY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ce/712f03-afe9-4f65-acec-67cfe3067b2a/1/j4aF263_sB3czmxNgql_M8BA7S0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.150.136.0/22
                IPv6:
                  2a0f:c600::/29

    Signature Algorithm: sha256WithRSAEncryption
         2b:cd:d4:43:3e:8d:aa:fd:f7:3b:05:45:e8:85:58:68:08:94:
         61:4e:79:55:64:46:71:50:ae:1a:8a:0a:4b:2b:16:d0:5a:e1:
         2e:06:ea:80:74:f9:82:bd:b3:70:6b:cf:3a:da:8c:08:c6:d4:
         45:1a:da:d0:d7:64:da:64:29:9e:1f:02:f0:a2:1e:eb:2e:51:
         30:8a:fa:20:0f:09:ce:2c:f2:14:10:2a:f8:4a:13:68:53:f9:
         0d:9d:cb:ff:0e:67:ac:73:66:9c:73:b5:47:20:a5:1c:1c:bf:
         56:40:38:b2:4b:1e:fc:36:94:58:1f:61:24:41:3b:91:a0:80:
         3e:b9:89:dc:a4:22:cf:9a:93:99:40:3e:6a:53:c9:dd:fc:dc:
         52:56:4a:df:44:95:77:92:1d:e1:09:d6:34:dc:1d:cd:53:5a:
         34:ce:7a:f2:a7:80:a3:1e:13:fa:36:c1:e7:f5:63:c0:8e:ac:
         fc:06:f5:cc:c6:ab:c1:dd:07:e0:bb:3c:b3:76:1f:32:8a:96:
         06:11:7a:94:56:f9:eb:4a:fa:c4:17:41:05:71:f0:da:24:af:
         6b:0f:65:a7:da:dc:b9:ca:47:fd:a4:94:cc:36:1d:97:1e:06:
         ff:43:b5:96:63:04:87:e5:79:50:5d:7a:8f:77:7e:e7:de:33:
         c3:98:6e:53
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj7544x10L5otD59n9IO2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmODY4NWRiYWRmZmIwMWRkY2NlNmM0ZDgyYTk3ZjMzYzA0
MGVkMmQwHhcNMjUwMTAyMDU0OTI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYTcyYzE5Y2EzYmI5MTQ1ODMzYWQyM2ZjMTlhMzA4YTVmMTkwZDhkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcAnYyF8N9in58XJXToaefbns3Ay
2hCCOS1B6WQ22Fe4iqnXUUzoKQ7WtzLj5GG5MCUwiLA92/mL0Va41+TwFJ0AdQGL
3tc5FSMZ4sSrSVTBTfUzz5nmnoW1jR5ZyHwgI2/4sKJQoZOtyEd9fVpcMYjbQdKy
KGz5lb/yDqmRjKdin3Z71wWdCgeUwLi2jGps7WUfj9J+hMHR1av5OKR7e4DsMx4I
mf/fXOAjNBLxA49RVaoLJTGai+81X4umJCbBLbKs01RxUE1CtJftHwS6AmxOILJl
B4QqFlx7WH4aH4tMmBxZsEigy7q0hi1I++Qsr/sAQmb94ymFKi6SX3dENQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFApywZyju5FFgzrSP8GaMIpfGQ2NMB8GA1UdIwQY
MBaAFI+Ghdut/7Ad3M5sTYKpfzPAQO0tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajRhRjI2M19zQjNjem14TmdxbF9NOEJBN1MwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZS83MTJmMDMtYWZlOS00ZjY1LWFjZWMt
NjdjZmUzMDY3YjJhLzEvQ25MQm5LTzdrVVdET3RJX3dab3dpbDhaRFkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZS83MTJmMDMtYWZlOS00ZjY1LWFjZWMtNjdjZmUzMDY3YjJh
LzEvajRhRjI2M19zQjNjem14TmdxbF9NOEJBN1MwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCLZaIMA0E
AgACMAcDBQMqD8YAMA0GCSqGSIb3DQEBCwUAA4IBAQArzdRDPo2q/fc7BUXohVho
CJRhTnlVZEZxUK4aigpLKxbQWuEuBuqAdPmCvbNwa8862owIxtRFGtrQ12TaZCme
HwLwoh7rLlEwivogDwnOLPIUECr4ShNoU/kNncv/Dmesc2acc7VHIKUcHL9WQDiy
Sx78NpRYH2EkQTuRoIA+uYncpCLPmpOZQD5qU8nd/NxSVkrfRJV3kh3hCdY03B3N
U1o0znryp4CjHhP6NsHn9WPAjqz8BvXMxqvB3Qfguzyzdh8yipYGEXqUVvnrSvrE
F0EFcfDaJK9rD2Wn2ty5ykf9pJTMNh2XHgb/Q7WWYwSH5XlQXXqPd37n3jPDmG5T
-----END CERTIFICATE-----