Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/6nGhmoSDQSpfjNNYdXCrQWERlIk.roa
File:                     6nGhmoSDQSpfjNNYdXCrQWERlIk.roa (raw, json)
Hash identifier:          /4N+szUgXgcEHHrQDjyOBrtHm4Pkc7NrFhdRQABicbY=
Subject key identifier:   EA:71:A1:9A:84:83:41:2A:5F:8C:D3:58:75:70:AB:41:61:11:94:89
Certificate issuer:       /CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
Certificate serial:       019427B4867CE154FF251681A1D4506A7BA3
Authority key identifier: 2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/6nGhmoSDQSpfjNNYdXCrQWERlIk.roa
Signing time:             Thu 02 Jan 2025 15:48:49 +0000
ROA not before:           Thu 02 Jan 2025 15:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207713
IP address blocks:        45.151.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 12:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:86:7c:e1:54:ff:25:16:81:a1:d4:50:6a:7b:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c71c96005e13a84a3f31ef1d991777f4b6e31a7
        Validity
            Not Before: Jan  2 15:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea71a19a8483412a5f8cd3587570ab4161119489
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:5f:a4:6b:63:c3:e0:6c:cc:cb:d1:4f:6a:84:
                    24:a0:04:1e:a9:44:2b:06:06:51:ee:6e:0e:9f:46:
                    31:82:02:16:f7:6f:34:40:3f:61:e8:40:4a:15:d4:
                    2e:13:3d:56:77:8f:38:f8:b3:be:f2:8d:0b:bb:4d:
                    3a:41:26:d1:37:35:cd:05:b7:1c:3f:04:7c:cc:b0:
                    04:45:88:1b:6a:1a:4f:0c:77:70:8f:d7:62:37:da:
                    eb:ea:b9:b3:8e:87:d8:c8:98:ef:11:f5:98:05:c2:
                    51:51:d3:1b:a7:85:f5:b3:ff:03:28:6d:de:48:13:
                    c3:53:97:ff:b3:86:67:bd:e4:fa:94:8b:c3:cf:7a:
                    83:06:a8:8b:28:d8:1b:d7:b7:d8:86:65:a4:83:43:
                    59:5c:66:85:b6:13:9f:eb:61:2d:e4:62:c9:2a:42:
                    eb:b4:f7:e1:84:8d:bb:66:07:39:e6:3f:86:a4:05:
                    02:d4:1c:12:c6:44:25:cc:e1:07:8f:ab:cd:52:6e:
                    7c:7e:6f:6a:6f:d1:22:e1:34:4f:91:88:cf:53:24:
                    3f:36:31:8b:99:c3:ff:0e:b5:51:27:e5:2d:a4:ac:
                    26:34:0f:92:3b:79:9f:ab:04:e2:be:4b:47:0c:eb:
                    92:3c:2d:46:e4:16:4d:1a:b2:4d:d5:0e:c3:36:ac:
                    4d:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:71:A1:9A:84:83:41:2A:5F:8C:D3:58:75:70:AB:41:61:11:94:89
            X509v3 Authority Key Identifier:
                keyid:2C:71:C9:60:05:E1:3A:84:A3:F3:1E:F1:D9:91:77:7F:4B:6E:31:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHHJYAXhOoSj8x7x2ZF3f0tuMac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/6nGhmoSDQSpfjNNYdXCrQWERlIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/fa3544-1025-4e8f-a8fe-7a28af29cdc2/1/LHHJYAXhOoSj8x7x2ZF3f0tuMac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.151.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:f2:3b:fc:75:46:27:b2:c3:99:f9:28:11:a7:9f:2e:42:f7:
         fa:c7:64:65:0f:f4:ca:c6:b6:cd:0b:19:00:05:62:4e:46:dc:
         34:38:39:08:81:94:33:3b:6a:c4:1d:f3:19:12:3d:2e:f8:ea:
         0a:27:06:e3:14:51:df:17:99:00:13:5a:c0:9a:62:b2:52:32:
         00:25:23:88:7e:db:6c:80:bb:31:38:9b:da:9e:27:a2:8c:e4:
         fe:de:1e:5f:a7:84:84:e8:eb:dc:18:64:90:d4:c9:c7:b9:97:
         84:99:be:12:56:92:d8:d8:5d:79:b5:9a:d0:a9:90:44:20:73:
         a8:dc:53:6a:db:f5:67:69:02:44:d2:36:3a:d5:9b:da:13:b6:
         8b:7b:75:10:53:2b:4a:9c:f4:b0:55:82:87:b0:94:03:b9:66:
         b4:3e:7b:8a:4a:ac:84:a6:f9:40:03:f3:0e:48:b4:70:9a:a8:
         f9:b3:fa:ad:41:65:10:3a:ab:b9:17:17:2e:1a:f2:a3:cd:36:
         fb:5c:e2:a2:b9:40:9b:a8:43:aa:2f:91:e9:54:45:7a:96:b7:
         c8:4e:d4:64:7d:24:1e:ca:3c:aa:95:98:9f:fc:0c:f9:70:d7:
         9f:10:6d:ca:50:50:46:3a:eb:54:6a:b7:d9:f9:75:37:40:20:
         b9:ac:40:26
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntIZ84VT/JRaBodRQanujMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzFjOTYwMDVlMTNhODRhM2YzMWVmMWQ5OTE3NzdmNGI2
ZTMxYTcwHhcNMjUwMTAyMTU0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTcxYTE5YTg0ODM0MTJhNWY4Y2QzNTg3NTcwYWI0MTYxMTE5NDg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8F+ka2PD4GzMy9FPaoQkoAQeqUQr
BgZR7m4On0YxggIW9280QD9h6EBKFdQuEz1Wd484+LO+8o0Lu006QSbRNzXNBbcc
PwR8zLAERYgbahpPDHdwj9diN9rr6rmzjofYyJjvEfWYBcJRUdMbp4X1s/8DKG3e
SBPDU5f/s4ZnveT6lIvDz3qDBqiLKNgb17fYhmWkg0NZXGaFthOf62Et5GLJKkLr
tPfhhI27Zgc55j+GpAUC1BwSxkQlzOEHj6vNUm58fm9qb9Ei4TRPkYjPUyQ/NjGL
mcP/DrVRJ+UtpKwmNA+SO3mfqwTivktHDOuSPC1G5BZNGrJN1Q7DNqxNyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOpxoZqEg0EqX4zTWHVwq0FhEZSJMB8GA1UdIwQY
MBaAFCxxyWAF4TqEo/Me8dmRd39LbjGnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUt
N2EyOGFmMjljZGMyLzEvNm5HaG1vU0RRU3Bmak5OWWRYQ3JRV0VSbElrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi9mYTM1NDQtMTAyNS00ZThmLWE4ZmUtN2EyOGFmMjljZGMy
LzEvTEhISllBWGhPb1NqOHg3eDJaRjNmMHR1TWFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZc+MA0G
CSqGSIb3DQEBCwUAA4IBAQBp8jv8dUYnssOZ+SgRp58uQvf6x2RlD/TKxrbNCxkA
BWJORtw0ODkIgZQzO2rEHfMZEj0u+OoKJwbjFFHfF5kAE1rAmmKyUjIAJSOIftts
gLsxOJvanieijOT+3h5fp4SE6OvcGGSQ1MnHuZeEmb4SVpLY2F15tZrQqZBEIHOo
3FNq2/VnaQJE0jY61ZvaE7aLe3UQUytKnPSwVYKHsJQDuWa0PnuKSqyEpvlAA/MO
SLRwmqj5s/qtQWUQOqu5FxcuGvKjzTb7XOKiuUCbqEOqL5HpVEV6lrfITtRkfSQe
yjyqlZif/Az5cNefEG3KUFBGOutUarfZ+XU3QCC5rEAm
-----END CERTIFICATE-----