Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/5cb544-504f-48bf-b105-22028a786f60/1/oKyfOldZLGuN5BcDb6Q-5dX2Wxw.roa
File:                     oKyfOldZLGuN5BcDb6Q-5dX2Wxw.roa (raw, json)
Hash identifier:          k6gLX9MPlPqi07ed6OW+GaDRLIAiAFCmAJRimOBrPk4=
Subject key identifier:   A0:AC:9F:3A:57:59:2C:6B:8D:E4:17:03:6F:A4:3E:E5:D5:F6:5B:1C
Certificate issuer:       /CN=12c45bd38d4bdc68e3d79de0244df06d2ecb6609
Certificate serial:       0194258F3A05F5A4341E71D8B7521E413DD2
Authority key identifier: 12:C4:5B:D3:8D:4B:DC:68:E3:D7:9D:E0:24:4D:F0:6D:2E:CB:66:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsRb041L3Gjj153gJE3wbS7LZgk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/5cb544-504f-48bf-b105-22028a786f60/1/oKyfOldZLGuN5BcDb6Q-5dX2Wxw.roa
Signing time:             Thu 02 Jan 2025 05:48:51 +0000
ROA not before:           Thu 02 Jan 2025 05:48:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39591
IP address blocks:        45.84.4.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/5cb544-504f-48bf-b105-22028a786f60/1/EsRb041L3Gjj153gJE3wbS7LZgk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/5cb544-504f-48bf-b105-22028a786f60/1/EsRb041L3Gjj153gJE3wbS7LZgk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsRb041L3Gjj153gJE3wbS7LZgk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:3a:05:f5:a4:34:1e:71:d8:b7:52:1e:41:3d:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c45bd38d4bdc68e3d79de0244df06d2ecb6609
        Validity
            Not Before: Jan  2 05:48:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a0ac9f3a57592c6b8de417036fa43ee5d5f65b1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:52:f1:f1:3b:91:85:0d:44:a8:9a:c2:32:bc:
                    84:1a:af:ee:17:58:ba:c4:6c:8d:8e:c0:b7:05:26:
                    fe:95:4c:22:92:f1:0e:0f:46:42:01:4d:e1:23:0d:
                    25:c2:34:08:38:ce:8b:5f:8b:b1:10:20:d2:07:14:
                    6f:2e:a8:35:b6:55:ed:8e:a2:c7:f2:02:f6:5e:13:
                    ff:ba:f5:8b:fc:df:9f:22:64:a0:5e:6c:12:e4:6f:
                    92:31:b3:3b:98:61:da:03:f4:23:7f:41:c6:9c:a0:
                    6a:b4:7d:d1:2f:a4:7a:c8:e6:a2:12:aa:de:04:31:
                    e5:a8:a2:0d:c7:a8:92:9e:3f:4c:e1:77:29:c9:76:
                    38:7c:0c:72:32:f7:5a:70:19:48:44:86:51:b6:a6:
                    16:34:6e:cf:7c:07:7a:9d:cc:00:98:37:d6:2f:16:
                    4c:2d:4c:1e:4d:11:be:aa:96:c0:6d:25:bf:19:be:
                    6d:83:99:43:19:98:ae:b0:27:37:11:1b:1f:09:31:
                    48:be:c3:4f:c1:e4:ad:aa:d8:83:d1:2b:f9:72:9d:
                    6f:3f:7c:d1:2c:ae:c5:5e:0e:ef:7f:45:0f:aa:64:
                    ea:2b:63:36:95:57:5a:ea:09:90:5c:4e:b8:12:c2:
                    c7:45:bc:bc:9d:82:d9:63:4d:2e:be:f9:09:e4:b5:
                    24:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:AC:9F:3A:57:59:2C:6B:8D:E4:17:03:6F:A4:3E:E5:D5:F6:5B:1C
            X509v3 Authority Key Identifier:
                keyid:12:C4:5B:D3:8D:4B:DC:68:E3:D7:9D:E0:24:4D:F0:6D:2E:CB:66:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsRb041L3Gjj153gJE3wbS7LZgk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/5cb544-504f-48bf-b105-22028a786f60/1/oKyfOldZLGuN5BcDb6Q-5dX2Wxw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/5cb544-504f-48bf-b105-22028a786f60/1/EsRb041L3Gjj153gJE3wbS7LZgk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:cd:46:c0:db:0a:df:c1:69:4b:f9:4e:f8:78:43:ea:bb:89:
         72:8d:fb:69:16:11:85:2f:a4:b0:97:d2:4a:aa:c1:e9:17:c7:
         42:cf:b6:5f:5c:5e:be:da:5d:14:8c:bb:03:8a:5d:c2:0a:65:
         e8:41:60:b4:e5:dc:be:66:f2:32:87:3e:68:61:53:43:4d:03:
         6d:00:3a:2c:d4:1b:2d:52:d6:3d:42:99:eb:00:c8:d7:17:11:
         7c:e9:7f:3b:ae:1f:2e:3a:8e:52:5c:9b:3c:e9:b5:fa:15:14:
         84:b5:e8:95:35:8c:4f:55:32:2a:a3:3d:22:04:ab:cc:67:08:
         77:3d:e9:2d:a8:4b:5d:ad:22:a3:b0:4a:ea:67:fc:73:f5:a5:
         bc:4b:7e:94:1c:03:c1:3c:08:1d:48:9a:87:66:74:bc:d0:df:
         21:6d:47:cf:e1:26:53:d9:cf:c2:53:70:92:b9:20:09:7a:1f:
         4d:f7:3e:81:96:18:80:c6:6d:d3:75:6c:ff:d8:31:91:94:9f:
         e3:85:23:39:3c:60:7f:f0:20:e1:33:4c:06:83:68:de:57:71:
         39:2a:83:36:fe:14:79:ba:83:48:2b:00:03:61:eb:d0:dc:2b:
         a7:80:b0:a8:50:4b:a6:56:f9:07:d8:a5:79:98:4f:41:4f:82:
         df:77:60:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljzoF9aQ0HnHYt1IeQT3SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYzQ1YmQzOGQ0YmRjNjhlM2Q3OWRlMDI0NGRmMDZkMmVj
YjY2MDkwHhcNMjUwMTAyMDU0ODUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGFjOWYzYTU3NTkyYzZiOGRlNDE3MDM2ZmE0M2VlNWQ1ZjY1YjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFLx8TuRhQ1EqJrCMryEGq/uF1i6
xGyNjsC3BSb+lUwikvEOD0ZCAU3hIw0lwjQIOM6LX4uxECDSBxRvLqg1tlXtjqLH
8gL2XhP/uvWL/N+fImSgXmwS5G+SMbM7mGHaA/Qjf0HGnKBqtH3RL6R6yOaiEqre
BDHlqKINx6iSnj9M4XcpyXY4fAxyMvdacBlIRIZRtqYWNG7PfAd6ncwAmDfWLxZM
LUweTRG+qpbAbSW/Gb5tg5lDGZiusCc3ERsfCTFIvsNPweStqtiD0Sv5cp1vP3zR
LK7FXg7vf0UPqmTqK2M2lVda6gmQXE64EsLHRby8nYLZY00uvvkJ5LUk6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKCsnzpXWSxrjeQXA2+kPuXV9lscMB8GA1UdIwQY
MBaAFBLEW9ONS9xo49ed4CRN8G0uy2YJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXNSYjA0MUwzR2pqMTUzZ0pFM3diUzdMWmdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS81Y2I1NDQtNTA0Zi00OGJmLWIxMDUt
MjIwMjhhNzg2ZjYwLzEvb0t5Zk9sZFpMR3VONUJjRGI2US01ZFgyV3h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS81Y2I1NDQtNTA0Zi00OGJmLWIxMDUtMjIwMjhhNzg2ZjYw
LzEvRXNSYjA0MUwzR2pqMTUzZ0pFM3diUzdMWmdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLVQEMA0G
CSqGSIb3DQEBCwUAA4IBAQB0zUbA2wrfwWlL+U74eEPqu4lyjftpFhGFL6Swl9JK
qsHpF8dCz7ZfXF6+2l0UjLsDil3CCmXoQWC05dy+ZvIyhz5oYVNDTQNtADos1Bst
UtY9QpnrAMjXFxF86X87rh8uOo5SXJs86bX6FRSEteiVNYxPVTIqoz0iBKvMZwh3
PektqEtdrSKjsErqZ/xz9aW8S36UHAPBPAgdSJqHZnS80N8hbUfP4SZT2c/CU3CS
uSAJeh9N9z6BlhiAxm3TdWz/2DGRlJ/jhSM5PGB/8CDhM0wGg2jeV3E5KoM2/hR5
uoNIKwADYevQ3CungLCoUEumVvkH2KV5mE9BT4Lfd2Ac
-----END CERTIFICATE-----