Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/tNRdmlA4nRuSXHmtsjO8t1XCUoo.roa
File:                     tNRdmlA4nRuSXHmtsjO8t1XCUoo.roa (raw, json)
Hash identifier:          Nyo8TJ3Ze7JZ+0EgnnMZX1jTt57O8CTgfsqjBp8jwmk=
Subject key identifier:   B4:D4:5D:9A:50:38:9D:1B:92:5C:79:AD:B2:33:BC:B7:55:C2:52:8A
Certificate issuer:       /CN=e1b9a3ce0f593910819c3271e1e8d0bd1371a6be
Certificate serial:       019427B478E4126149D1BD07E4EDD0F78B69
Authority key identifier: E1:B9:A3:CE:0F:59:39:10:81:9C:32:71:E1:E8:D0:BD:13:71:A6:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4bmjzg9ZORCBnDJx4ejQvRNxpr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/tNRdmlA4nRuSXHmtsjO8t1XCUoo.roa
Signing time:             Thu 02 Jan 2025 15:48:46 +0000
ROA not before:           Thu 02 Jan 2025 15:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136787
IP address blocks:        45.157.124.0/24 maxlen: 24
                          45.157.125.0/24 maxlen: 24
                          45.157.126.0/24 maxlen: 24
                          45.157.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/4bmjzg9ZORCBnDJx4ejQvRNxpr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/4bmjzg9ZORCBnDJx4ejQvRNxpr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4bmjzg9ZORCBnDJx4ejQvRNxpr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:78:e4:12:61:49:d1:bd:07:e4:ed:d0:f7:8b:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1b9a3ce0f593910819c3271e1e8d0bd1371a6be
        Validity
            Not Before: Jan  2 15:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4d45d9a50389d1b925c79adb233bcb755c2528a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ed:cd:24:a6:9a:4c:ee:07:ab:98:83:2a:71:
                    89:0f:8c:47:80:50:2a:a8:e5:57:bc:e5:65:2b:98:
                    9f:b9:88:b9:ba:c5:cb:b2:17:59:9b:fa:21:89:5a:
                    21:75:ab:de:a0:a7:21:9d:48:43:ea:2e:2c:45:f5:
                    cc:81:3b:ea:ca:52:ff:9d:3d:1f:ba:7b:f7:6b:04:
                    56:fc:b8:8b:6f:e0:64:50:11:63:c6:88:d9:44:15:
                    08:a4:32:0a:72:2f:a5:fb:92:98:d6:b5:b0:a6:fc:
                    cf:51:13:70:89:b2:01:ef:3c:e4:7f:f5:37:c1:b5:
                    ff:c1:9e:b3:23:c2:56:ad:43:7f:c9:5b:c6:e4:02:
                    b9:00:19:7d:25:87:12:fd:ee:00:78:99:ed:69:03:
                    71:ef:f6:d4:93:cb:1d:89:44:f8:df:4b:87:63:2b:
                    32:de:3e:d1:95:47:af:13:48:04:cd:44:0d:44:4c:
                    12:bb:cd:2c:aa:53:28:cb:61:c1:fc:ad:24:40:ee:
                    e8:71:56:b7:b8:c0:52:d3:a3:66:06:68:3f:1d:74:
                    0a:0d:37:9a:e2:07:bc:17:40:bc:e0:4d:01:ca:f4:
                    7d:e4:b7:50:fb:64:c2:4c:dc:82:93:24:91:d2:99:
                    af:8c:e8:bc:ca:3b:03:9e:a5:14:84:69:76:ee:b5:
                    43:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:D4:5D:9A:50:38:9D:1B:92:5C:79:AD:B2:33:BC:B7:55:C2:52:8A
            X509v3 Authority Key Identifier:
                keyid:E1:B9:A3:CE:0F:59:39:10:81:9C:32:71:E1:E8:D0:BD:13:71:A6:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4bmjzg9ZORCBnDJx4ejQvRNxpr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/tNRdmlA4nRuSXHmtsjO8t1XCUoo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/0d8be8-b4b4-436e-86e2-ba4c56d8c0ce/1/4bmjzg9ZORCBnDJx4ejQvRNxpr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.157.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         32:b4:83:be:67:8b:6d:58:fb:d3:d4:5b:35:db:c1:51:a4:b6:
         56:e8:d6:2a:d8:c1:4c:ac:a3:31:59:03:3c:f0:62:b5:23:ee:
         76:5b:b0:f6:42:be:6b:ef:dd:5b:63:53:42:92:cd:f9:70:3c:
         e0:d6:ad:f7:35:1f:28:37:3c:75:7b:e9:37:e8:6f:72:b3:e4:
         2d:7c:ec:bc:5b:74:3b:be:a5:0f:81:95:8d:6d:86:52:e7:e1:
         d2:28:27:50:1f:4d:ab:92:9d:94:0b:bf:d7:00:31:9c:b8:36:
         4e:79:71:27:55:02:2f:b2:47:2d:78:c5:7a:89:74:98:a1:8a:
         8a:78:f7:5c:52:ae:6c:ad:23:33:0a:db:43:81:69:7b:bc:c5:
         9a:49:7f:e1:e1:8b:23:09:b9:52:5e:ed:a2:72:ab:67:9a:ab:
         0a:e2:55:25:68:15:18:e2:75:a5:5b:c5:39:af:ff:03:7e:06:
         3b:5a:93:5f:7c:a1:bf:54:ed:41:b5:fb:f7:46:46:67:1a:2a:
         eb:d6:19:af:4d:79:1b:9d:dc:19:00:04:d9:f7:62:47:d6:95:
         76:e3:67:12:fa:78:2b:46:a1:0c:e8:dc:c9:2c:20:32:6a:59:
         49:66:dd:29:1b:b3:3a:14:b7:63:b7:89:67:87:b8:59:c8:39:
         4f:33:da:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntHjkEmFJ0b0H5O3Q94tpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxYjlhM2NlMGY1OTM5MTA4MTljMzI3MWUxZThkMGJkMTM3
MWE2YmUwHhcNMjUwMTAyMTU0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGQ0NWQ5YTUwMzg5ZDFiOTI1Yzc5YWRiMjMzYmNiNzU1YzI1MjhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvO3NJKaaTO4Hq5iDKnGJD4xHgFAq
qOVXvOVlK5ifuYi5usXLshdZm/ohiVohdaveoKchnUhD6i4sRfXMgTvqylL/nT0f
unv3awRW/LiLb+BkUBFjxojZRBUIpDIKci+l+5KY1rWwpvzPURNwibIB7zzkf/U3
wbX/wZ6zI8JWrUN/yVvG5AK5ABl9JYcS/e4AeJntaQNx7/bUk8sdiUT430uHYysy
3j7RlUevE0gEzUQNREwSu80sqlMoy2HB/K0kQO7ocVa3uMBS06NmBmg/HXQKDTea
4ge8F0C84E0ByvR95LdQ+2TCTNyCkySR0pmvjOi8yjsDnqUUhGl27rVDgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLTUXZpQOJ0bklx5rbIzvLdVwlKKMB8GA1UdIwQY
MBaAFOG5o84PWTkQgZwyceHo0L0Tcaa+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGJtanpnOVpPUkNCbkRKeDRlalF2Uk54cHI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC8wZDhiZTgtYjRiNC00MzZlLTg2ZTIt
YmE0YzU2ZDhjMGNlLzEvdE5SZG1sQTRuUnVTWEhtdHNqTzh0MVhDVW9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC8wZDhiZTgtYjRiNC00MzZlLTg2ZTItYmE0YzU2ZDhjMGNl
LzEvNGJtanpnOVpPUkNCbkRKeDRlalF2Uk54cHI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLZ18MA0G
CSqGSIb3DQEBCwUAA4IBAQAytIO+Z4ttWPvT1Fs128FRpLZW6NYq2MFMrKMxWQM8
8GK1I+52W7D2Qr5r791bY1NCks35cDzg1q33NR8oNzx1e+k36G9ys+QtfOy8W3Q7
vqUPgZWNbYZS5+HSKCdQH02rkp2UC7/XADGcuDZOeXEnVQIvskcteMV6iXSYoYqK
ePdcUq5srSMzCttDgWl7vMWaSX/h4YsjCblSXu2icqtnmqsK4lUlaBUY4nWlW8U5
r/8DfgY7WpNffKG/VO1Btfv3RkZnGirr1hmvTXkbndwZAATZ92JH1pV242cS+ngr
RqEM6NzJLCAyallJZt0pG7M6FLdjt4lnh7hZyDlPM9r1
-----END CERTIFICATE-----