Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/ff0e61-1c92-418c-9267-d3a487295491/1/KyxetZabMrCwSGQGlQiCSSpLezw.roa
File:                     KyxetZabMrCwSGQGlQiCSSpLezw.roa (raw, json)
Hash identifier:          lB6fVKgf9Cm2eRE3kdPJEkhSEzxtd0NAC6g5PlzMoxw=
Subject key identifier:   2B:2C:5E:B5:96:9B:32:B0:B0:48:64:06:95:08:82:49:2A:4B:7B:3C
Certificate issuer:       /CN=8251e7fb6b960d406b2236d25e4e20e245359db2
Certificate serial:       019424B30C16E219E2DE2ECD4DF49649D38A
Authority key identifier: 82:51:E7:FB:6B:96:0D:40:6B:22:36:D2:5E:4E:20:E2:45:35:9D:B2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/glHn-2uWDUBrIjbSXk4g4kU1nbI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/ff0e61-1c92-418c-9267-d3a487295491/1/KyxetZabMrCwSGQGlQiCSSpLezw.roa
Signing time:             Thu 02 Jan 2025 01:48:21 +0000
ROA not before:           Thu 02 Jan 2025 01:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        45.13.152.0/24 maxlen: 24
                          45.13.153.0/24 maxlen: 24
                          45.13.154.0/24 maxlen: 24
                          45.13.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/ff0e61-1c92-418c-9267-d3a487295491/1/glHn-2uWDUBrIjbSXk4g4kU1nbI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/ff0e61-1c92-418c-9267-d3a487295491/1/glHn-2uWDUBrIjbSXk4g4kU1nbI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/glHn-2uWDUBrIjbSXk4g4kU1nbI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:0c:16:e2:19:e2:de:2e:cd:4d:f4:96:49:d3:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8251e7fb6b960d406b2236d25e4e20e245359db2
        Validity
            Not Before: Jan  2 01:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b2c5eb5969b32b0b0486406950882492a4b7b3c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:58:b1:36:e4:a1:43:76:90:46:2d:13:dd:7b:
                    e8:71:28:7e:f0:a8:a9:28:6b:33:e3:32:5e:ee:c4:
                    33:7a:16:64:7a:20:5c:38:dd:68:91:4a:a9:4a:91:
                    9a:80:43:1d:62:b8:94:3b:af:4b:a2:dd:0c:61:b0:
                    48:56:f5:19:c1:fa:89:71:41:44:7d:40:4b:b4:52:
                    d4:2d:f5:6e:b8:98:aa:78:ab:96:ed:f5:2a:a0:d3:
                    cc:8d:40:07:59:cd:f6:be:ae:16:c9:b2:35:2b:3b:
                    2c:9b:e7:be:26:cc:a3:84:ac:6d:cd:d0:22:4d:8f:
                    24:ad:1a:da:c3:18:a4:e4:8d:3b:a6:51:eb:d6:98:
                    1e:9d:3d:b1:f6:17:e9:77:3f:6e:1e:71:cf:7f:56:
                    32:a0:72:86:2a:ed:68:d7:23:08:84:e5:4f:0b:ce:
                    c3:35:6f:2e:f7:2e:19:e8:fc:95:2c:1e:a8:41:89:
                    8b:a6:21:ce:7d:e8:fb:fd:9b:5b:31:ea:3d:d8:66:
                    3b:46:b7:fd:18:8c:da:59:1b:02:24:a9:57:59:d1:
                    1c:08:5a:3f:f4:ab:06:ad:51:33:bb:21:37:9a:d2:
                    f9:b3:63:7b:96:be:6f:ca:d6:0b:c9:5c:5b:db:d9:
                    bc:7e:c0:15:dd:94:36:de:41:24:23:38:63:fc:c1:
                    fe:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:2C:5E:B5:96:9B:32:B0:B0:48:64:06:95:08:82:49:2A:4B:7B:3C
            X509v3 Authority Key Identifier:
                keyid:82:51:E7:FB:6B:96:0D:40:6B:22:36:D2:5E:4E:20:E2:45:35:9D:B2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/glHn-2uWDUBrIjbSXk4g4kU1nbI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/ff0e61-1c92-418c-9267-d3a487295491/1/KyxetZabMrCwSGQGlQiCSSpLezw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/ff0e61-1c92-418c-9267-d3a487295491/1/glHn-2uWDUBrIjbSXk4g4kU1nbI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.13.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         96:00:a0:04:7b:84:70:cd:10:5f:bd:5d:32:9f:04:b8:52:0c:
         30:c9:20:e4:39:25:16:f8:90:b9:47:02:87:73:0d:1e:70:e5:
         f7:78:73:46:46:03:22:61:52:b5:bb:79:97:93:0c:99:8d:07:
         b4:29:ed:9c:38:b1:6f:d9:57:d6:b8:28:80:ce:c1:e0:f8:cd:
         78:76:f4:b5:5a:64:57:6e:48:d9:7a:f9:e7:92:3f:62:aa:6b:
         61:4b:94:fe:90:3c:16:e6:63:1d:da:71:7c:ec:e2:2c:7d:dc:
         cb:78:21:25:68:87:5b:83:ef:e8:a8:8c:4f:cc:f0:d6:4d:ce:
         d4:6b:7d:df:9e:f3:86:48:83:ea:34:20:4f:1c:3e:bb:25:e5:
         96:cb:6d:0d:fb:db:96:69:ba:2b:34:c5:0c:f3:2f:a3:a3:30:
         54:78:0c:c1:f6:1a:ba:ef:a4:6d:7a:3e:1e:2f:46:65:d8:c4:
         cc:91:6e:bf:6b:cf:de:7b:0b:50:03:56:05:5f:a0:70:14:16:
         80:20:54:02:66:1f:ca:77:58:d5:c1:8a:cc:0f:87:0d:da:a9:
         47:2a:b9:b5:a5:72:c1:ab:e7:c2:57:5c:ad:7f:5b:61:e0:3c:
         fe:82:ae:9f:9e:79:71:85:46:0d:cb:f3:40:d7:ac:d3:94:b3:
         58:3c:9f:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkswwW4hni3i7NTfSWSdOKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNTFlN2ZiNmI5NjBkNDA2YjIyMzZkMjVlNGUyMGUyNDUz
NTlkYjIwHhcNMjUwMTAyMDE0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjJjNWViNTk2OWIzMmIwYjA0ODY0MDY5NTA4ODI0OTJhNGI3YjNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuVixNuShQ3aQRi0T3XvocSh+8Kip
KGsz4zJe7sQzehZkeiBcON1okUqpSpGagEMdYriUO69Lot0MYbBIVvUZwfqJcUFE
fUBLtFLULfVuuJiqeKuW7fUqoNPMjUAHWc32vq4WybI1Kzssm+e+JsyjhKxtzdAi
TY8krRrawxik5I07plHr1pgenT2x9hfpdz9uHnHPf1YyoHKGKu1o1yMIhOVPC87D
NW8u9y4Z6PyVLB6oQYmLpiHOfej7/ZtbMeo92GY7Rrf9GIzaWRsCJKlXWdEcCFo/
9KsGrVEzuyE3mtL5s2N7lr5vytYLyVxb29m8fsAV3ZQ23kEkIzhj/MH+7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCssXrWWmzKwsEhkBpUIgkkqS3s8MB8GA1UdIwQY
MBaAFIJR5/trlg1AayI20l5OIOJFNZ2yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2xIbi0ydVdEVUJySWpiU1hrNGc0a1UxbmJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC9mZjBlNjEtMWM5Mi00MThjLTkyNjct
ZDNhNDg3Mjk1NDkxLzEvS3l4ZXRaYWJNckN3U0dRR2xRaUNTU3BMZXp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC9mZjBlNjEtMWM5Mi00MThjLTkyNjctZDNhNDg3Mjk1NDkx
LzEvZ2xIbi0ydVdEVUJySWpiU1hrNGc0a1UxbmJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCLQ2YMA0G
CSqGSIb3DQEBCwUAA4IBAQCWAKAEe4RwzRBfvV0ynwS4UgwwySDkOSUW+JC5RwKH
cw0ecOX3eHNGRgMiYVK1u3mXkwyZjQe0Ke2cOLFv2VfWuCiAzsHg+M14dvS1WmRX
bkjZevnnkj9iqmthS5T+kDwW5mMd2nF87OIsfdzLeCElaIdbg+/oqIxPzPDWTc7U
a33fnvOGSIPqNCBPHD67JeWWy20N+9uWaborNMUM8y+jozBUeAzB9hq676Rtej4e
L0Zl2MTMkW6/a8/eewtQA1YFX6BwFBaAIFQCZh/Kd1jVwYrMD4cN2qlHKrm1pXLB
q+fCV1ytf1th4Dz+gq6fnnlxhUYNy/NA16zTlLNYPJ+J
-----END CERTIFICATE-----