Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/LV7SZty8m0YIgzENvnj6ZQzKoNQ.roa
File:                     LV7SZty8m0YIgzENvnj6ZQzKoNQ.roa (raw, json)
Hash identifier:          WwevjtkCxUZppv1Bmb72b76asyCjCtKzj3B+jP45UgE=
Subject key identifier:   2D:5E:D2:66:DC:BC:9B:46:08:83:31:0D:BE:78:FA:65:0C:CA:A0:D4
Certificate issuer:       /CN=e15808f3f921bc8c3eea87c7584c584c1000b051
Certificate serial:       0192EC32227944B47677B165267BAB39FD84
Authority key identifier: E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/LV7SZty8m0YIgzENvnj6ZQzKoNQ.roa
Signing time:             Sat 02 Nov 2024 09:26:01 +0000
ROA not before:           Sat 02 Nov 2024 09:26:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35913
IP address blocks:        45.139.56.0/22 maxlen: 24
                          45.139.64.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:ec:32:22:79:44:b4:76:77:b1:65:26:7b:ab:39:fd:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e15808f3f921bc8c3eea87c7584c584c1000b051
        Validity
            Not Before: Nov  2 09:26:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d5ed266dcbc9b460883310dbe78fa650ccaa0d4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:be:0d:6b:ed:cf:4f:df:d5:d4:ec:5d:35:82:
                    02:56:2d:ab:33:2a:d5:b8:ef:87:94:ef:b8:5c:31:
                    54:3c:89:2c:e5:7e:64:22:3e:f6:80:eb:ac:8d:ad:
                    4f:bc:03:f6:2f:b6:34:bf:91:01:94:3f:58:13:b0:
                    93:20:8d:53:a7:99:99:7f:1a:93:c3:69:73:4c:f1:
                    d7:e0:a5:ff:27:8f:43:81:71:1a:94:ad:b2:9b:56:
                    ca:56:c3:53:93:ff:3c:a4:28:f7:af:0a:4b:5d:51:
                    77:d8:a5:3a:e5:86:16:cc:ab:4a:0d:23:e3:6e:a3:
                    29:d9:b0:80:bb:f8:c0:5b:39:30:48:4f:fa:b4:88:
                    66:b1:f1:e0:4f:ab:1a:b7:fb:07:76:9c:6e:33:48:
                    13:2d:58:e3:f7:c0:b1:f9:4a:47:bc:02:75:e1:0f:
                    6c:bd:4c:f5:45:7f:e5:23:d7:6d:fc:0a:1d:5f:d1:
                    ed:cf:7b:72:12:51:6a:1e:39:5a:91:ce:2c:c4:7f:
                    c1:04:86:2c:61:ad:47:1f:8a:c7:e8:61:05:72:e7:
                    74:a1:67:e0:90:ef:40:cf:33:e5:8c:47:1a:2a:05:
                    33:15:db:d4:0c:fb:e7:ad:37:dd:d9:f1:31:52:57:
                    24:70:5f:f3:7d:d5:33:47:fa:46:13:75:2f:d9:c4:
                    4e:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:5E:D2:66:DC:BC:9B:46:08:83:31:0D:BE:78:FA:65:0C:CA:A0:D4
            X509v3 Authority Key Identifier:
                keyid:E1:58:08:F3:F9:21:BC:8C:3E:EA:87:C7:58:4C:58:4C:10:00:B0:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4VgI8_khvIw-6ofHWExYTBAAsFE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/LV7SZty8m0YIgzENvnj6ZQzKoNQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/8e8e82-5274-4d2f-8ca0-ab19fcb0ce64/1/4VgI8_khvIw-6ofHWExYTBAAsFE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.56.0/22
                  45.139.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ae:9f:8d:9a:70:ed:b6:dd:2b:34:a9:42:30:72:a9:87:f2:1d:
         44:28:ec:ad:d6:9b:79:a7:24:b6:e6:c8:c5:48:eb:2c:c8:16:
         a7:a0:64:da:7c:a6:9f:5c:40:ec:6e:ce:9e:b9:00:8e:d2:4c:
         18:04:30:40:3a:e8:88:81:84:f6:7b:62:74:dd:1b:ab:9f:dd:
         6f:d6:0f:6e:e4:59:e4:9b:d6:77:2e:a9:ac:87:8b:20:fe:97:
         af:2f:db:d5:bf:72:37:63:46:9c:da:a2:0e:42:0e:a3:44:f6:
         79:14:7a:88:61:33:dc:06:ff:c6:f9:d6:42:2b:6e:44:96:60:
         04:19:d6:9c:6e:15:1d:a2:4d:34:94:37:5d:32:56:21:5a:05:
         ec:57:43:f0:16:d2:5c:93:df:94:76:76:48:75:e4:99:96:e3:
         e7:23:c5:01:c8:17:2d:ed:77:77:73:f1:4e:c0:4d:17:28:b0:
         df:61:71:99:bf:8f:69:7d:e6:d6:63:a8:73:e6:0a:ae:44:8c:
         36:d6:d5:94:42:e6:f3:da:d7:6e:b9:b8:68:ff:b5:8b:54:35:
         91:7b:83:d4:3a:55:00:6e:74:09:2b:d6:55:fc:57:22:4a:df:
         a6:a4:b4:0a:9f:c9:7b:60:8d:c0:1f:60:10:82:db:20:2f:fa:
         c7:3a:60:d2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLsMiJ5RLR2d7FlJnurOf2EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTgwOGYzZjkyMWJjOGMzZWVhODdjNzU4NGM1ODRjMTAw
MGIwNTEwHhcNMjQxMTAyMDkyNjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDVlZDI2NmRjYmM5YjQ2MDg4MzMxMGRiZTc4ZmE2NTBjY2FhMGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxL4Na+3PT9/V1OxdNYICVi2rMyrV
uO+HlO+4XDFUPIks5X5kIj72gOusja1PvAP2L7Y0v5EBlD9YE7CTII1Tp5mZfxqT
w2lzTPHX4KX/J49DgXEalK2ym1bKVsNTk/88pCj3rwpLXVF32KU65YYWzKtKDSPj
bqMp2bCAu/jAWzkwSE/6tIhmsfHgT6sat/sHdpxuM0gTLVjj98Cx+UpHvAJ14Q9s
vUz1RX/lI9dt/AodX9Htz3tyElFqHjlakc4sxH/BBIYsYa1HH4rH6GEFcud0oWfg
kO9AzzPljEcaKgUzFdvUDPvnrTfd2fExUlckcF/zfdUzR/pGE3Uv2cROtQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFC1e0mbcvJtGCIMxDb54+mUMyqDUMB8GA1UdIwQY
MBaAFOFYCPP5IbyMPuqHx1hMWEwQALBRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAt
YWIxOWZjYjBjZTY0LzEvTFY3U1p0eThtMFlJZ3pFTnZuajZaUXpLb05RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZC84ZThlODItNTI3NC00ZDJmLThjYTAtYWIxOWZjYjBjZTY0
LzEvNFZnSThfa2h2SXctNm9mSFdFeFlUQkFBc0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCLYs4AwQC
LYtAMA0GCSqGSIb3DQEBCwUAA4IBAQCun42acO223Ss0qUIwcqmH8h1EKOyt1pt5
pyS25sjFSOssyBanoGTafKafXEDsbs6euQCO0kwYBDBAOuiIgYT2e2J03Rurn91v
1g9u5Fnkm9Z3Lqmsh4sg/pevL9vVv3I3Y0ac2qIOQg6jRPZ5FHqIYTPcBv/G+dZC
K25ElmAEGdacbhUdok00lDddMlYhWgXsV0PwFtJck9+UdnZIdeSZluPnI8UByBct
7Xd3c/FOwE0XKLDfYXGZv49pfebWY6hz5gquRIw21tWUQubz2tduubho/7WLVDWR
e4PUOlUAbnQJK9ZV/FciSt+mpLQKn8l7YI3AH2AQgtsgL/rHOmDS
-----END CERTIFICATE-----