Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/ATAXcZqjug_OpJ5XGTmLoPMGEOc.roa
File:                     ATAXcZqjug_OpJ5XGTmLoPMGEOc.roa (raw, json)
Hash identifier:          qD5faLkjHPVXEYY6RoVKIKOshkTkJFAi6AIDTmlkjhM=
Subject key identifier:   01:30:17:71:9A:A3:BA:0F:CE:A4:9E:57:19:39:8B:A0:F3:06:10:E7
Certificate issuer:       /CN=7d5695786f8450d1041dc88ad892cbb570d5972b
Certificate serial:       019681830931C00E77BE8E55480F88561CD9
Authority key identifier: 7D:56:95:78:6F:84:50:D1:04:1D:C8:8A:D8:92:CB:B5:70:D5:97:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/ATAXcZqjug_OpJ5XGTmLoPMGEOc.roa
Signing time:             Tue 29 Apr 2025 12:26:10 +0000
ROA not before:           Tue 29 Apr 2025 12:26:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        45.11.172.0/24 maxlen: 24
                          45.11.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:81:83:09:31:c0:0e:77:be:8e:55:48:0f:88:56:1c:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d5695786f8450d1041dc88ad892cbb570d5972b
        Validity
            Not Before: Apr 29 12:26:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=013017719aa3ba0fcea49e5719398ba0f30610e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:28:68:a4:d3:c5:a0:ec:97:b6:4b:66:f9:3f:
                    c6:01:eb:15:31:bf:a4:6a:a1:4f:04:1f:06:36:e0:
                    61:a8:19:86:4b:2c:2a:f1:d6:61:f0:73:52:cd:ac:
                    ea:89:2e:ca:57:08:8a:81:c4:e4:67:1f:4d:ce:e2:
                    63:07:95:e8:de:a0:a5:03:79:86:a5:8e:4c:16:21:
                    bc:bc:4d:bd:28:ba:e6:1a:42:c2:31:e5:98:82:8d:
                    19:af:f5:36:d8:e3:fa:e8:59:09:9c:88:0c:15:2b:
                    be:f6:af:2e:9a:c8:1e:4c:8a:b1:17:75:1a:90:31:
                    32:5a:f3:dc:dc:71:8b:5a:bd:e5:d1:54:cb:df:22:
                    31:92:3a:78:b6:ff:2c:94:2b:8c:90:e4:f6:cd:db:
                    ff:e4:62:f8:04:b4:54:8e:81:d7:b1:c2:17:75:27:
                    9a:9a:1b:4d:6d:e6:f1:e4:fc:85:7c:ab:73:25:c4:
                    34:60:24:11:d7:19:92:e7:18:89:09:39:f2:1e:75:
                    ba:d1:7e:49:13:43:ee:dd:36:cc:7c:9f:3b:f1:bd:
                    7c:01:fb:b0:a1:8f:8e:9c:72:ed:63:bb:1e:1c:a3:
                    81:89:73:1d:eb:5e:db:0f:6b:18:f4:3c:53:6b:fe:
                    75:b4:12:a1:ff:51:f8:2e:4d:3d:2f:3f:41:bb:9d:
                    10:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:30:17:71:9A:A3:BA:0F:CE:A4:9E:57:19:39:8B:A0:F3:06:10:E7
            X509v3 Authority Key Identifier:
                keyid:7D:56:95:78:6F:84:50:D1:04:1D:C8:8A:D8:92:CB:B5:70:D5:97:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fVaVeG-EUNEEHciK2JLLtXDVlys.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/ATAXcZqjug_OpJ5XGTmLoPMGEOc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/317aa7-e2ad-4a85-b3d2-63b33808a6a8/1/fVaVeG-EUNEEHciK2JLLtXDVlys.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.11.172.0/24
                  45.11.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:ef:c7:4d:b3:24:98:d5:28:c3:bb:a7:e8:6d:fe:f5:12:e9:
         e9:31:09:0c:c8:a7:12:0b:ba:55:50:12:06:cd:a0:7c:a9:49:
         03:f9:d9:34:7c:01:d7:16:5d:22:d2:39:7e:84:12:33:28:1f:
         30:9c:cf:10:8b:c5:4f:84:7d:1b:8c:34:1e:46:ba:f6:fe:5d:
         fe:87:a7:95:f1:cf:ea:da:d2:ed:83:d5:c5:c6:b9:28:8e:e7:
         60:d5:34:91:c7:ce:30:7e:a1:bb:20:82:0e:d9:40:cc:ef:7b:
         08:ba:aa:91:40:3d:0b:85:f4:14:6e:0f:76:8a:31:20:a8:a1:
         33:5d:d7:2e:99:ee:4a:16:98:e1:ed:58:bf:c9:25:35:7f:ba:
         43:54:b0:01:69:59:4c:87:69:9e:1a:80:9f:44:88:cc:ae:cf:
         eb:09:e2:3e:1a:8d:83:ca:1b:1d:b2:b9:78:1c:fd:2c:97:ac:
         94:4e:79:a5:79:e0:8e:d3:2d:ba:d2:f4:f9:f7:54:5d:35:d9:
         27:47:ea:b7:23:17:b8:88:20:14:60:4b:11:ad:cf:a8:43:c4:
         26:78:45:f2:dc:0d:bf:8f:80:6b:79:68:a8:0f:13:57:f3:69:
         77:a0:a5:52:18:8c:5b:79:21:ee:8a:bc:8f:49:72:84:ca:68:
         e1:77:b9:bc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaBgwkxwA53vo5VSA+IVhzZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkNTY5NTc4NmY4NDUwZDEwNDFkYzg4YWQ4OTJjYmI1NzBk
NTk3MmIwHhcNMjUwNDI5MTIyNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTMwMTc3MTlhYTNiYTBmY2VhNDllNTcxOTM5OGJhMGYzMDYxMGU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsihopNPFoOyXtktm+T/GAesVMb+k
aqFPBB8GNuBhqBmGSywq8dZh8HNSzazqiS7KVwiKgcTkZx9NzuJjB5Xo3qClA3mG
pY5MFiG8vE29KLrmGkLCMeWYgo0Zr/U22OP66FkJnIgMFSu+9q8umsgeTIqxF3Ua
kDEyWvPc3HGLWr3l0VTL3yIxkjp4tv8slCuMkOT2zdv/5GL4BLRUjoHXscIXdSea
mhtNbebx5PyFfKtzJcQ0YCQR1xmS5xiJCTnyHnW60X5JE0Pu3TbMfJ878b18Afuw
oY+OnHLtY7seHKOBiXMd617bD2sY9DxTa/51tBKh/1H4Lk09Lz9Bu50QfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAEwF3Gao7oPzqSeVxk5i6DzBhDnMB8GA1UdIwQY
MBaAFH1WlXhvhFDRBB3IitiSy7Vw1ZcrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlZhVmVHLUVVTkVFSGNpSzJKTEx0WERWbHlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC8zMTdhYTctZTJhZC00YTg1LWIzZDIt
NjNiMzM4MDhhNmE4LzEvQVRBWGNacWp1Z19PcEo1WEdUbUxvUE1HRU9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC8zMTdhYTctZTJhZC00YTg1LWIzZDItNjNiMzM4MDhhNmE4
LzEvZlZhVmVHLUVVTkVFSGNpSzJKTEx0WERWbHlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQusAwQA
LQuvMA0GCSqGSIb3DQEBCwUAA4IBAQA978dNsySY1SjDu6fobf71EunpMQkMyKcS
C7pVUBIGzaB8qUkD+dk0fAHXFl0i0jl+hBIzKB8wnM8Qi8VPhH0bjDQeRrr2/l3+
h6eV8c/q2tLtg9XFxrkojudg1TSRx84wfqG7IIIO2UDM73sIuqqRQD0LhfQUbg92
ijEgqKEzXdcume5KFpjh7Vi/ySU1f7pDVLABaVlMh2meGoCfRIjMrs/rCeI+Go2D
yhsdsrl4HP0sl6yUTnmleeCO0y260vT591RdNdknR+q3Ixe4iCAUYEsRrc+oQ8Qm
eEXy3A2/j4BreWioDxNX82l3oKVSGIxbeSHuiryPSXKEymjhd7m8
-----END CERTIFICATE-----