Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/d6fb1c-95c3-4bff-8556-8057da754452/1/iZ1aijGSpYaJ5lT694iv07s9IFw.roa
File:                     iZ1aijGSpYaJ5lT694iv07s9IFw.roa (raw, json)
Hash identifier:          epj7jnXUcZqcIR0Iu/H9+s0OqjsBdFMaftQUUMbM+4c=
Subject key identifier:   89:9D:5A:8A:31:92:A5:86:89:E6:54:FA:F7:88:AF:D3:BB:3D:20:5C
Certificate issuer:       /CN=ef9f1e38265410b3c2a922d3169c4f2995141a2d
Certificate serial:       0195DD26EA712C3B563177B3A1A5C1C9C0D4
Authority key identifier: EF:9F:1E:38:26:54:10:B3:C2:A9:22:D3:16:9C:4F:29:95:14:1A:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/758eOCZUELPCqSLTFpxPKZUUGi0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/d6fb1c-95c3-4bff-8556-8057da754452/1/iZ1aijGSpYaJ5lT694iv07s9IFw.roa
Signing time:             Fri 28 Mar 2025 14:27:49 +0000
ROA not before:           Fri 28 Mar 2025 14:27:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44606
IP address blocks:        45.156.244.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/d6fb1c-95c3-4bff-8556-8057da754452/1/758eOCZUELPCqSLTFpxPKZUUGi0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/d6fb1c-95c3-4bff-8556-8057da754452/1/758eOCZUELPCqSLTFpxPKZUUGi0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/758eOCZUELPCqSLTFpxPKZUUGi0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:dd:26:ea:71:2c:3b:56:31:77:b3:a1:a5:c1:c9:c0:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef9f1e38265410b3c2a922d3169c4f2995141a2d
        Validity
            Not Before: Mar 28 14:27:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=899d5a8a3192a58689e654faf788afd3bb3d205c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:84:d1:ab:a2:d0:d2:98:96:b6:57:99:ed:08:
                    b9:72:53:38:cb:18:5c:90:67:41:c2:58:d6:2e:3e:
                    e0:4d:f5:4e:13:2a:c2:d4:10:32:dc:fd:20:04:b0:
                    30:a2:7c:52:32:af:0e:59:aa:10:1e:6d:ba:92:5a:
                    1a:b4:97:17:9a:f4:83:0a:03:ed:51:73:2a:66:ce:
                    a8:65:e0:dd:f8:dc:c4:a6:0a:e4:86:ef:5e:e0:f6:
                    e2:2d:d9:17:11:a1:7a:2c:55:f9:91:cb:92:d8:10:
                    bd:51:48:f5:d6:3a:73:8d:4e:3c:db:bd:46:b6:68:
                    ad:67:70:7e:75:af:83:c0:6d:45:9e:e4:fb:fd:c4:
                    0e:47:7b:3e:33:15:e7:da:45:a6:a0:49:0d:cf:3c:
                    de:1d:47:a8:84:d5:28:88:24:27:7d:3a:ff:47:18:
                    fd:ae:a3:ee:9c:9b:39:42:cf:76:eb:5d:a4:f3:ad:
                    7e:8d:c9:6a:a9:80:aa:09:5c:76:b5:69:38:fc:5c:
                    48:22:dc:03:95:fa:e7:af:c3:96:3b:36:6b:03:96:
                    fa:a5:c4:88:f5:73:72:ef:ba:b0:7e:91:53:cd:79:
                    89:4a:43:cb:82:09:5a:25:4b:08:c5:2c:f6:32:b9:
                    71:f6:e8:ff:88:54:a2:52:6f:01:b3:d4:70:f6:d2:
                    5a:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:9D:5A:8A:31:92:A5:86:89:E6:54:FA:F7:88:AF:D3:BB:3D:20:5C
            X509v3 Authority Key Identifier:
                keyid:EF:9F:1E:38:26:54:10:B3:C2:A9:22:D3:16:9C:4F:29:95:14:1A:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/758eOCZUELPCqSLTFpxPKZUUGi0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d6fb1c-95c3-4bff-8556-8057da754452/1/iZ1aijGSpYaJ5lT694iv07s9IFw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/d6fb1c-95c3-4bff-8556-8057da754452/1/758eOCZUELPCqSLTFpxPKZUUGi0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.156.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:11:71:86:6a:ed:4f:20:42:00:23:20:69:25:87:23:6f:69:
         0a:b1:8f:29:15:3a:85:06:fb:18:6e:d1:f3:a3:ad:bc:e7:ae:
         b2:4a:a0:2d:ff:12:77:83:68:27:6c:0e:be:a0:49:10:91:ea:
         5a:20:d4:71:be:a9:59:26:05:b1:ed:ee:91:83:54:cc:4c:0f:
         59:0e:db:56:95:70:c8:3a:f2:50:9f:ab:1f:3e:d6:00:2a:8f:
         db:a1:06:79:2f:7e:09:cd:e5:3a:73:50:1c:1f:f0:a9:ec:e7:
         86:ae:a0:74:30:4a:4f:ef:e7:86:db:0f:7d:2c:64:bd:d8:d6:
         f9:d6:77:c3:07:55:57:dc:2a:4e:7b:b0:1d:ee:f3:83:d7:00:
         09:26:fe:e6:65:23:30:03:f5:21:21:94:29:2b:7b:b7:71:0c:
         80:0e:26:df:e1:7f:64:0e:6c:cd:94:5e:26:d7:37:e6:e6:8a:
         ce:92:73:84:94:6d:74:36:e1:27:34:33:11:bb:23:7f:bc:4b:
         27:88:c6:62:65:c8:30:2d:4b:76:9e:02:df:0a:ae:50:1d:0c:
         7c:58:86:2a:be:8a:cb:6d:b8:e1:77:ea:79:94:49:b4:85:0a:
         1a:d1:66:ac:1e:00:fa:e1:20:83:c7:89:78:f5:89:8e:25:3a:
         86:a1:92:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXdJupxLDtWMXezoaXBycDUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmOWYxZTM4MjY1NDEwYjNjMmE5MjJkMzE2OWM0ZjI5OTUx
NDFhMmQwHhcNMjUwMzI4MTQyNzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTlkNWE4YTMxOTJhNTg2ODllNjU0ZmFmNzg4YWZkM2JiM2QyMDVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzITRq6LQ0piWtleZ7Qi5clM4yxhc
kGdBwljWLj7gTfVOEyrC1BAy3P0gBLAwonxSMq8OWaoQHm26kloatJcXmvSDCgPt
UXMqZs6oZeDd+NzEpgrkhu9e4PbiLdkXEaF6LFX5kcuS2BC9UUj11jpzjU48271G
tmitZ3B+da+DwG1FnuT7/cQOR3s+MxXn2kWmoEkNzzzeHUeohNUoiCQnfTr/Rxj9
rqPunJs5Qs92612k861+jclqqYCqCVx2tWk4/FxIItwDlfrnr8OWOzZrA5b6pcSI
9XNy77qwfpFTzXmJSkPLgglaJUsIxSz2Mrlx9uj/iFSiUm8Bs9Rw9tJamwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFImdWooxkqWGieZU+veIr9O7PSBcMB8GA1UdIwQY
MBaAFO+fHjgmVBCzwqki0xacTymVFBotMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzU4ZU9DWlVFTFBDcVNMVEZweFBLWlVVR2kwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9kNmZiMWMtOTVjMy00YmZmLTg1NTYt
ODA1N2RhNzU0NDUyLzEvaVoxYWlqR1NwWWFKNWxUNjk0aXYwN3M5SUZ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9kNmZiMWMtOTVjMy00YmZmLTg1NTYtODA1N2RhNzU0NDUy
LzEvNzU4ZU9DWlVFTFBDcVNMVEZweFBLWlVVR2kwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZz0MA0G
CSqGSIb3DQEBCwUAA4IBAQAiEXGGau1PIEIAIyBpJYcjb2kKsY8pFTqFBvsYbtHz
o628566ySqAt/xJ3g2gnbA6+oEkQkepaINRxvqlZJgWx7e6Rg1TMTA9ZDttWlXDI
OvJQn6sfPtYAKo/boQZ5L34JzeU6c1AcH/Cp7OeGrqB0MEpP7+eG2w99LGS92Nb5
1nfDB1VX3CpOe7Ad7vOD1wAJJv7mZSMwA/UhIZQpK3u3cQyADibf4X9kDmzNlF4m
1zfm5orOknOElG10NuEnNDMRuyN/vEsniMZiZcgwLUt2ngLfCq5QHQx8WIYqvorL
bbjhd+p5lEm0hQoa0WasHgD64SCDx4l49YmOJTqGoZJC
-----END CERTIFICATE-----