Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LQoHS5vZZbn31edOLyjoObM9-xk.roa
File:                     LQoHS5vZZbn31edOLyjoObM9-xk.roa (raw, json)
Hash identifier:          qny2RAC4kEMgf7yx2y8DRdfnr5+5p+RJqR2M8DLLiSM=
Subject key identifier:   2D:0A:07:4B:9B:D9:65:B9:F7:D5:E7:4E:2F:28:E8:39:B3:3D:FB:19
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0194277EF550D80FE32DAAD8AD034740787B
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LQoHS5vZZbn31edOLyjoObM9-xk.roa
Signing time:             Thu 02 Jan 2025 14:50:19 +0000
ROA not before:           Thu 02 Jan 2025 14:50:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        45.147.227.0/24 maxlen: 24
                          185.234.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 11:12:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:7e:f5:50:d8:0f:e3:2d:aa:d8:ad:03:47:40:78:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 14:50:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2d0a074b9bd965b9f7d5e74e2f28e839b33dfb19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:be:c8:23:04:17:63:6e:b6:87:f4:60:88:67:
                    f9:3b:f4:b0:3e:b9:df:e4:0c:41:9c:82:1b:d4:7f:
                    e2:b8:97:ba:f1:d8:39:2d:3d:a1:c5:04:90:09:bd:
                    b9:54:6c:95:f6:3f:01:18:0e:8e:16:5d:bd:26:ed:
                    6e:2d:6d:ee:32:d2:c9:1f:33:be:20:c4:07:48:23:
                    3a:fd:ef:23:ed:c6:00:13:8a:75:b4:5e:62:02:95:
                    ca:47:07:8f:dc:8e:6a:9b:a0:1f:f0:d7:08:48:b5:
                    21:1a:1b:d4:44:bd:09:8c:fb:52:cd:5e:34:96:9e:
                    e2:39:e6:27:5c:83:00:16:45:7a:5f:42:13:86:e5:
                    12:f5:f6:64:b5:b2:15:27:6b:06:ac:fb:a7:fb:06:
                    5d:b7:ec:d8:88:a1:e0:65:4e:6f:a3:41:c1:61:83:
                    ed:15:d4:f7:cc:60:9d:36:4d:28:db:ee:0a:e7:7e:
                    32:74:b0:a6:b9:02:c3:1f:c1:5f:7b:e0:3a:75:f9:
                    d8:54:6d:89:ea:ce:21:83:c2:90:cc:a4:bb:9c:98:
                    34:b6:ed:e5:c9:e8:19:e7:0b:06:0c:1e:00:56:d5:
                    74:81:32:58:67:8a:79:e6:0d:b2:ce:8c:51:97:15:
                    10:aa:2b:75:6a:3b:2d:f0:6e:e0:96:40:7d:0c:ed:
                    4b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:0A:07:4B:9B:D9:65:B9:F7:D5:E7:4E:2F:28:E8:39:B3:3D:FB:19
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LQoHS5vZZbn31edOLyjoObM9-xk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.147.227.0/24
                  185.234.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:12:34:48:7a:06:ba:68:a3:42:a8:43:df:63:ba:04:89:71:
         e4:45:8e:d1:ff:90:39:91:25:f4:85:fe:ba:3e:96:e1:a5:1b:
         67:08:c6:38:4d:cf:e9:83:08:0b:7b:5a:00:91:6f:83:dd:d4:
         44:74:5f:93:f0:74:f9:62:ff:f0:27:d2:79:6b:d6:77:d4:7e:
         f5:4b:e4:48:f1:22:b7:4e:11:38:ac:f8:9a:c2:e5:a5:b9:0c:
         e2:d2:b8:4a:b1:57:b9:5c:e8:39:f5:80:66:fd:cf:4a:09:4f:
         25:cc:80:84:21:9c:4b:3d:76:51:cb:ea:2d:f4:20:f6:bc:cb:
         23:43:8f:9d:eb:60:d4:6f:ce:7c:f4:24:e4:34:74:b4:f0:de:
         17:b8:8a:1f:ff:b6:01:ae:f8:3e:22:69:c7:f5:6b:63:da:7c:
         df:45:b0:b0:09:29:18:15:bf:e6:e6:fd:37:d1:22:2f:ca:ed:
         8f:5e:1a:b7:f6:4f:1c:56:36:8d:2b:06:97:1f:f4:4c:78:76:
         68:01:44:3a:db:00:4e:64:11:33:3b:a2:7c:a9:35:9a:b6:4b:
         01:d5:9d:3c:cc:44:78:e9:8a:05:20:c9:79:94:7d:ee:11:c6:
         e7:9d:4c:4f:58:ae:96:a8:02:ef:51:04:86:df:51:ce:c8:7a:
         47:20:6c:2d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnfvVQ2A/jLarYrQNHQHh7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAyMTQ1MDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDBhMDc0YjliZDk2NWI5ZjdkNWU3NGUyZjI4ZTgzOWIzM2RmYjE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4b7IIwQXY262h/RgiGf5O/SwPrnf
5AxBnIIb1H/iuJe68dg5LT2hxQSQCb25VGyV9j8BGA6OFl29Ju1uLW3uMtLJHzO+
IMQHSCM6/e8j7cYAE4p1tF5iApXKRweP3I5qm6Af8NcISLUhGhvURL0JjPtSzV40
lp7iOeYnXIMAFkV6X0IThuUS9fZktbIVJ2sGrPun+wZdt+zYiKHgZU5vo0HBYYPt
FdT3zGCdNk0o2+4K534ydLCmuQLDH8Ffe+A6dfnYVG2J6s4hg8KQzKS7nJg0tu3l
yegZ5wsGDB4AVtV0gTJYZ4p55g2yzoxRlxUQqit1ajst8G7glkB9DO1LgQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC0KB0ub2WW599XnTi8o6DmzPfsZMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTFFvSFM1dlpaYm4zMWVkT0x5am9PYk05LXhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZPjAwQA
ueoWMA0GCSqGSIb3DQEBCwUAA4IBAQBeEjRIega6aKNCqEPfY7oEiXHkRY7R/5A5
kSX0hf66PpbhpRtnCMY4Tc/pgwgLe1oAkW+D3dREdF+T8HT5Yv/wJ9J5a9Z31H71
S+RI8SK3ThE4rPiawuWluQzi0rhKsVe5XOg59YBm/c9KCU8lzICEIZxLPXZRy+ot
9CD2vMsjQ4+d62DUb8589CTkNHS08N4XuIof/7YBrvg+ImnH9Wtj2nzfRbCwCSkY
Fb/m5v030SIvyu2PXhq39k8cVjaNKwaXH/RMeHZoAUQ62wBOZBEzO6J8qTWatksB
1Z08zER46YoFIMl5lH3uEcbnnUxPWK6WqALvUQSG31HOyHpHIGwt
-----END CERTIFICATE-----