Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/M3yiho455GrMj7nD5nnNB2j08Nc.roa
File:                     M3yiho455GrMj7nD5nnNB2j08Nc.roa (raw, json)
Hash identifier:          KedFkx8Kl+G+jnhu3lxzFgq4Ruh9YPAN5DzsG5a6jZY=
Subject key identifier:   33:7C:A2:86:8E:39:E4:6A:CC:8F:B9:C3:E6:79:CD:07:68:F4:F0:D7
Certificate issuer:       /CN=6a798f0fe4f4dffdfed2c8e62d235430f49377cd
Certificate serial:       0194274660361BD21E79C75BF7599C8A7CEB
Authority key identifier: 6A:79:8F:0F:E4:F4:DF:FD:FE:D2:C8:E6:2D:23:54:30:F4:93:77:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/anmPD-T03_3-0sjmLSNUMPSTd80.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/M3yiho455GrMj7nD5nnNB2j08Nc.roa
Signing time:             Thu 02 Jan 2025 13:48:30 +0000
ROA not before:           Thu 02 Jan 2025 13:48:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        45.154.205.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/anmPD-T03_3-0sjmLSNUMPSTd80.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/anmPD-T03_3-0sjmLSNUMPSTd80.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/anmPD-T03_3-0sjmLSNUMPSTd80.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:60:36:1b:d2:1e:79:c7:5b:f7:59:9c:8a:7c:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6a798f0fe4f4dffdfed2c8e62d235430f49377cd
        Validity
            Not Before: Jan  2 13:48:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=337ca2868e39e46acc8fb9c3e679cd0768f4f0d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:07:92:8d:b3:f1:58:a7:b7:7c:6c:58:eb:b4:
                    2f:cc:d1:5d:ab:7f:69:2d:44:73:16:fd:c4:72:01:
                    b1:1c:d9:dc:61:0b:a6:ff:fa:e1:ff:47:f5:38:bf:
                    a4:11:46:b9:98:a4:fb:2f:45:49:b7:df:cd:aa:33:
                    a1:aa:1a:11:4b:10:f4:2c:bb:7e:cc:3e:50:13:50:
                    4d:2b:ea:8b:97:aa:64:29:c1:64:a7:7b:8c:04:71:
                    c7:7d:55:c9:c7:3b:37:64:0a:db:f3:bd:8f:00:84:
                    26:c1:44:fb:1b:6a:23:d4:ff:04:64:ea:43:cd:93:
                    35:86:ef:87:08:5c:bc:2b:d3:b3:20:fa:93:13:06:
                    24:33:5e:9f:93:57:9e:33:a8:20:32:9f:4b:6f:59:
                    cd:84:36:6b:c7:c3:8a:49:3d:f9:93:86:3a:c9:ba:
                    5c:b9:1a:75:fa:9f:68:6b:60:7e:0b:c4:e6:cd:ba:
                    19:1a:be:86:9b:32:17:84:22:13:b0:1b:ae:9d:07:
                    61:ea:86:65:b3:26:e1:f7:54:81:35:b2:70:a0:ec:
                    68:94:55:7b:de:88:55:08:57:2d:7f:8b:ad:fa:e2:
                    fa:ad:28:30:90:5a:b4:71:94:c2:49:72:8b:3c:f8:
                    fc:09:c0:db:99:82:0c:e8:f1:5f:c4:97:ff:6d:a2:
                    40:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:7C:A2:86:8E:39:E4:6A:CC:8F:B9:C3:E6:79:CD:07:68:F4:F0:D7
            X509v3 Authority Key Identifier:
                keyid:6A:79:8F:0F:E4:F4:DF:FD:FE:D2:C8:E6:2D:23:54:30:F4:93:77:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/anmPD-T03_3-0sjmLSNUMPSTd80.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/M3yiho455GrMj7nD5nnNB2j08Nc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/7b7825-a0f7-4f5b-9c23-77cf81041083/1/anmPD-T03_3-0sjmLSNUMPSTd80.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.154.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:d5:33:d5:ba:eb:66:50:70:d4:8f:b8:da:c2:b5:5f:9d:73:
         69:c6:b3:12:3e:ef:99:69:bd:bf:85:c5:c2:ce:e6:41:c5:1e:
         4d:66:b2:a0:fb:d6:2a:46:be:be:7f:17:ae:dd:2a:52:e1:21:
         16:79:ce:56:ab:21:20:3b:f9:3d:c7:c2:e2:cb:8a:62:6a:be:
         96:84:74:8c:87:fc:6d:4e:7b:f8:89:1b:67:27:4b:cd:26:92:
         68:b5:fb:d3:59:61:27:c0:28:99:3d:7a:0d:02:fb:1c:c6:c2:
         59:ec:7a:d1:1f:71:c8:f5:fd:a2:48:d0:77:67:bb:b0:2a:1d:
         5f:46:5e:7a:39:13:2e:8f:1e:43:37:05:8c:88:0f:9f:fe:5c:
         bd:36:47:20:92:7a:a2:0f:dd:58:7e:a3:88:b8:a1:7f:28:56:
         50:85:a4:bf:64:b0:c1:39:10:0c:13:42:db:7c:0b:99:4d:c1:
         7b:b5:01:e3:6e:19:76:da:81:10:f8:8f:36:2e:5d:18:15:39:
         1d:e7:22:99:5a:0a:d8:83:51:9c:e8:a7:97:e3:c1:b9:fb:e5:
         f2:00:e2:1c:75:e8:bb:7d:cb:44:f8:5b:4a:c7:11:8f:74:85:
         16:3c:86:39:21:3a:4f:a5:0d:92:03:96:4b:18:bb:0f:f3:6b:
         34:6f:cc:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRmA2G9Ieecdb91mcinzrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhNzk4ZjBmZTRmNGRmZmRmZWQyYzhlNjJkMjM1NDMwZjQ5
Mzc3Y2QwHhcNMjUwMTAyMTM0ODMwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzdjYTI4NjhlMzllNDZhY2M4ZmI5YzNlNjc5Y2QwNzY4ZjRmMGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvgeSjbPxWKe3fGxY67QvzNFdq39p
LURzFv3EcgGxHNncYQum//rh/0f1OL+kEUa5mKT7L0VJt9/NqjOhqhoRSxD0LLt+
zD5QE1BNK+qLl6pkKcFkp3uMBHHHfVXJxzs3ZArb872PAIQmwUT7G2oj1P8EZOpD
zZM1hu+HCFy8K9OzIPqTEwYkM16fk1eeM6ggMp9Lb1nNhDZrx8OKST35k4Y6ybpc
uRp1+p9oa2B+C8TmzboZGr6GmzIXhCITsBuunQdh6oZlsybh91SBNbJwoOxolFV7
3ohVCFctf4ut+uL6rSgwkFq0cZTCSXKLPPj8CcDbmYIM6PFfxJf/baJAWQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDN8ooaOOeRqzI+5w+Z5zQdo9PDXMB8GA1UdIwQY
MBaAFGp5jw/k9N/9/tLI5i0jVDD0k3fNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYW5tUEQtVDAzXzMtMHNqbUxTTlVNUFNUZDgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC83Yjc4MjUtYTBmNy00ZjViLTljMjMt
NzdjZjgxMDQxMDgzLzEvTTN5aWhvNDU1R3JNajduRDVubk5CMmowOE5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC83Yjc4MjUtYTBmNy00ZjViLTljMjMtNzdjZjgxMDQxMDgz
LzEvYW5tUEQtVDAzXzMtMHNqbUxTTlVNUFNUZDgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZrNMA0G
CSqGSIb3DQEBCwUAA4IBAQDF1TPVuutmUHDUj7jawrVfnXNpxrMSPu+Zab2/hcXC
zuZBxR5NZrKg+9YqRr6+fxeu3SpS4SEWec5WqyEgO/k9x8Liy4piar6WhHSMh/xt
Tnv4iRtnJ0vNJpJotfvTWWEnwCiZPXoNAvscxsJZ7HrRH3HI9f2iSNB3Z7uwKh1f
Rl56ORMujx5DNwWMiA+f/ly9NkcgknqiD91YfqOIuKF/KFZQhaS/ZLDBORAME0Lb
fAuZTcF7tQHjbhl22oEQ+I82Ll0YFTkd5yKZWgrYg1Gc6KeX48G5++XyAOIcdei7
fctE+FtKxxGPdIUWPIY5ITpPpQ2SA5ZLGLsP82s0b8yb
-----END CERTIFICATE-----