Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/3fbff6-73ee-4812-8e4b-81dabc81c05c/1/MhO0JIjv07z_oORlZPzio-JDr68.roa
File:                     MhO0JIjv07z_oORlZPzio-JDr68.roa (raw, json)
Hash identifier:          IGEtItNNMXdu/fJfMOFzDjAygiojo6AjHJXRHHSwZpo=
Subject key identifier:   32:13:B4:24:88:EF:D3:BC:FF:A0:E4:65:64:FC:E2:A3:E2:43:AF:AF
Certificate issuer:       /CN=b1814a28a8c1ebe0adc33a1519b9883e3084bb59
Certificate serial:       01942748024A9576E6F11AE40E2B7ED53DE3
Authority key identifier: B1:81:4A:28:A8:C1:EB:E0:AD:C3:3A:15:19:B9:88:3E:30:84:BB:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sYFKKKjB6-CtwzoVGbmIPjCEu1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/3fbff6-73ee-4812-8e4b-81dabc81c05c/1/MhO0JIjv07z_oORlZPzio-JDr68.roa
Signing time:             Thu 02 Jan 2025 13:50:18 +0000
ROA not before:           Thu 02 Jan 2025 13:50:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        45.152.134.0/24 maxlen: 24
                          45.152.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/3fbff6-73ee-4812-8e4b-81dabc81c05c/1/sYFKKKjB6-CtwzoVGbmIPjCEu1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/3fbff6-73ee-4812-8e4b-81dabc81c05c/1/sYFKKKjB6-CtwzoVGbmIPjCEu1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sYFKKKjB6-CtwzoVGbmIPjCEu1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:02:4a:95:76:e6:f1:1a:e4:0e:2b:7e:d5:3d:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1814a28a8c1ebe0adc33a1519b9883e3084bb59
        Validity
            Not Before: Jan  2 13:50:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3213b42488efd3bcffa0e46564fce2a3e243afaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:98:d3:ea:ff:49:1a:0f:35:a4:19:71:90:dc:
                    2b:a3:6e:be:78:0e:0f:41:a7:d8:18:e9:de:3b:7d:
                    86:9a:7e:16:e4:27:20:b5:97:37:b6:83:4e:9b:4c:
                    98:5d:27:23:25:fc:49:e7:a7:08:bf:39:db:1c:c2:
                    e3:53:cf:dd:9b:81:fd:be:3a:31:a0:42:e5:e2:5b:
                    90:8b:04:45:67:d0:b8:d1:db:1c:86:dd:d8:00:00:
                    a0:6c:0d:1d:de:e1:ac:e0:cc:c0:17:86:3f:72:09:
                    a6:3a:0c:b9:57:3b:8f:5f:33:bc:19:c8:15:df:83:
                    76:2a:ed:db:fe:51:60:62:6f:94:8e:5f:b0:a3:33:
                    8e:9d:35:7f:cc:5d:70:bf:74:2e:ed:d4:02:cf:b8:
                    06:50:a0:dc:2a:d7:1a:b3:93:80:84:2a:71:37:99:
                    d9:c8:10:e2:e5:7e:00:b7:a1:98:43:86:39:24:a9:
                    e4:00:ab:8e:0f:d5:fb:7a:8d:2a:d0:5a:83:32:f5:
                    b4:47:fd:37:46:f9:c0:43:44:3e:af:ed:cc:99:11:
                    5c:80:2a:21:ce:76:25:62:d8:a5:39:18:31:c7:c1:
                    15:0b:08:70:b6:2d:91:6f:a6:09:fb:38:ad:77:6b:
                    37:db:76:30:59:32:73:40:9d:ac:ab:cd:39:70:61:
                    17:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:13:B4:24:88:EF:D3:BC:FF:A0:E4:65:64:FC:E2:A3:E2:43:AF:AF
            X509v3 Authority Key Identifier:
                keyid:B1:81:4A:28:A8:C1:EB:E0:AD:C3:3A:15:19:B9:88:3E:30:84:BB:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sYFKKKjB6-CtwzoVGbmIPjCEu1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/3fbff6-73ee-4812-8e4b-81dabc81c05c/1/MhO0JIjv07z_oORlZPzio-JDr68.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/3fbff6-73ee-4812-8e4b-81dabc81c05c/1/sYFKKKjB6-CtwzoVGbmIPjCEu1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:ec:03:02:d3:9b:51:ab:e1:00:89:5c:a0:3f:d9:68:af:64:
         60:18:f7:0d:3e:57:8e:f5:b8:69:c5:75:4d:8f:2f:73:24:52:
         81:0a:6e:dc:9f:20:58:3c:f2:0c:ce:57:27:71:a0:00:cd:04:
         ff:34:2b:43:e7:bd:1f:1b:77:ce:46:3e:4c:5e:9b:4d:f9:65:
         bc:2c:31:be:5f:0e:b2:6b:c8:b4:3b:87:ab:66:01:19:72:84:
         bf:8d:db:24:ce:23:8d:57:ff:94:35:21:09:24:2d:fe:54:f5:
         19:d0:06:7b:0e:98:78:c0:0d:18:b8:14:73:42:90:ce:9e:90:
         0d:8b:8b:ea:20:90:0f:86:1b:96:c4:1f:05:4d:09:a5:31:1f:
         e5:ec:2a:5b:b4:3e:78:be:96:3a:ff:e7:44:cd:e7:99:d3:8a:
         1b:dc:aa:84:da:21:af:09:b0:b7:a9:37:da:d1:a7:3b:bd:60:
         1a:af:2a:cb:6e:c0:cc:d0:3c:ba:ee:1b:3e:62:6e:85:88:aa:
         c0:1d:f0:34:04:a0:ab:be:0f:b4:25:17:56:64:13:e6:b8:c6:
         31:c1:e7:5c:6d:d4:31:f1:d6:fe:e1:d3:41:6e:53:55:b8:01:
         67:e9:57:6c:fa:8c:2a:37:95:85:72:f5:aa:e5:96:0a:c5:76:
         be:2a:8a:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSAJKlXbm8RrkDit+1T3jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxODE0YTI4YThjMWViZTBhZGMzM2ExNTE5Yjk4ODNlMzA4
NGJiNTkwHhcNMjUwMTAyMTM1MDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjEzYjQyNDg4ZWZkM2JjZmZhMGU0NjU2NGZjZTJhM2UyNDNhZmFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZjT6v9JGg81pBlxkNwro26+eA4P
QafYGOneO32Gmn4W5CcgtZc3toNOm0yYXScjJfxJ56cIvznbHMLjU8/dm4H9vjox
oELl4luQiwRFZ9C40dscht3YAACgbA0d3uGs4MzAF4Y/cgmmOgy5VzuPXzO8GcgV
34N2Ku3b/lFgYm+Ujl+wozOOnTV/zF1wv3Qu7dQCz7gGUKDcKtcas5OAhCpxN5nZ
yBDi5X4At6GYQ4Y5JKnkAKuOD9X7eo0q0FqDMvW0R/03RvnAQ0Q+r+3MmRFcgCoh
znYlYtilORgxx8EVCwhwti2Rb6YJ+zitd2s323YwWTJzQJ2sq805cGEXgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDITtCSI79O8/6DkZWT84qPiQ6+vMB8GA1UdIwQY
MBaAFLGBSiiowevgrcM6FRm5iD4whLtZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1lGS0tLakI2LUN0d3pvVkdibUlQakNFdTFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8zZmJmZjYtNzNlZS00ODEyLThlNGIt
ODFkYWJjODFjMDVjLzEvTWhPMEpJanYwN3pfb09SbFpQemlvLUpEcjY4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8zZmJmZjYtNzNlZS00ODEyLThlNGItODFkYWJjODFjMDVj
LzEvc1lGS0tLakI2LUN0d3pvVkdibUlQakNFdTFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBLZiGMA0G
CSqGSIb3DQEBCwUAA4IBAQAh7AMC05tRq+EAiVygP9lor2RgGPcNPleO9bhpxXVN
jy9zJFKBCm7cnyBYPPIMzlcncaAAzQT/NCtD570fG3fORj5MXptN+WW8LDG+Xw6y
a8i0O4erZgEZcoS/jdskziONV/+UNSEJJC3+VPUZ0AZ7Dph4wA0YuBRzQpDOnpAN
i4vqIJAPhhuWxB8FTQmlMR/l7CpbtD54vpY6/+dEzeeZ04ob3KqE2iGvCbC3qTfa
0ac7vWAaryrLbsDM0Dy67hs+Ym6FiKrAHfA0BKCrvg+0JRdWZBPmuMYxwedcbdQx
8db+4dNBblNVuAFn6Vds+owqN5WFcvWq5ZYKxXa+Koo3
-----END CERTIFICATE-----