Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/v0o__fRoANHV7fY0k1wmnmLleUU.roa
File:                     v0o__fRoANHV7fY0k1wmnmLleUU.roa (raw, json)
Hash identifier:          zx9jd9TvPG3grtTijO6FSYbkp3TB3bfrsssY4VzAVn0=
Subject key identifier:   BF:4A:3F:FD:F4:68:00:D1:D5:ED:F6:34:93:5C:26:9E:62:E5:79:45
Certificate issuer:       /CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
Certificate serial:       019681CCBA4899BA2B53D134D02FF2C139B6
Authority key identifier: 9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/v0o__fRoANHV7fY0k1wmnmLleUU.roa
Signing time:             Tue 29 Apr 2025 13:46:39 +0000
ROA not before:           Tue 29 Apr 2025 13:46:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208485
IP address blocks:        45.88.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:81:cc:ba:48:99:ba:2b:53:d1:34:d0:2f:f2:c1:39:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d2a478bb0b08e661b0b2f9fbe8935bc9c2a28a1
        Validity
            Not Before: Apr 29 13:46:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf4a3ffdf46800d1d5edf634935c269e62e57945
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:1f:e4:f2:13:7e:22:0a:c4:66:5d:f4:5d:ee:
                    17:4c:89:b3:12:e5:99:7f:a5:a9:b9:71:d9:6b:90:
                    a3:40:d4:a3:e7:48:2f:5a:3a:31:07:54:ec:ad:7a:
                    df:5f:54:d0:97:15:f3:84:d7:48:a2:63:e5:cf:12:
                    1a:6b:00:a8:a8:d5:48:48:35:41:f4:6b:2f:76:3e:
                    8f:44:b9:69:9a:23:40:7f:fb:13:54:fe:89:fa:72:
                    25:7f:b4:3f:11:29:d6:e7:8e:64:56:c8:ee:bd:88:
                    c2:8e:1a:97:ec:a3:af:88:3d:4f:db:53:33:bf:51:
                    e8:f4:b8:89:96:ce:62:e4:51:3d:82:5a:34:8a:30:
                    3e:ba:a5:3b:8e:24:99:e7:4d:fd:e9:4e:fb:e8:e9:
                    5c:75:b7:12:ac:c1:b9:81:13:f5:27:3c:cc:3d:7e:
                    17:92:91:3b:b2:ff:75:7d:de:11:19:f4:92:48:94:
                    a5:9f:63:19:53:01:88:4b:3a:86:ed:5f:98:53:02:
                    51:7a:71:fa:2f:10:ee:8d:f6:07:80:25:5a:f6:b6:
                    11:60:1a:4a:64:0e:a4:26:36:15:96:6c:5c:88:57:
                    cc:be:3b:02:e5:26:db:0d:34:a7:e0:62:f9:6c:9e:
                    d4:4f:31:e5:01:16:88:44:82:78:10:90:27:d4:25:
                    4d:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:4A:3F:FD:F4:68:00:D1:D5:ED:F6:34:93:5C:26:9E:62:E5:79:45
            X509v3 Authority Key Identifier:
                keyid:9D:2A:47:8B:B0:B0:8E:66:1B:0B:2F:9F:BE:89:35:BC:9C:2A:28:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nSpHi7CwjmYbCy-fvok1vJwqKKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/v0o__fRoANHV7fY0k1wmnmLleUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/663df5-580c-4f2c-a66c-eef3511f6c60/1/nSpHi7CwjmYbCy-fvok1vJwqKKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.88.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:bf:4d:05:9a:c7:39:5b:b1:fe:fc:78:3e:f6:0f:ce:17:b4:
         4f:02:c4:56:16:86:79:bf:57:1a:75:b6:ba:a1:8e:24:ae:fb:
         6b:e8:97:cf:be:56:8b:b2:44:85:21:08:7f:4f:04:11:82:1f:
         0e:42:3a:ce:6b:55:06:06:19:d6:e7:b6:d8:8f:58:87:66:8e:
         1f:4b:6f:17:b0:2f:07:96:8e:f6:80:c9:61:7f:0b:49:bc:bc:
         fc:66:bf:09:81:e7:5a:1a:fe:cc:50:37:67:a1:85:d2:49:4a:
         d3:aa:29:2d:ec:69:a3:e3:da:4a:00:e0:1f:2d:b7:14:aa:a1:
         c3:98:c6:a7:17:70:e5:56:cd:9e:5b:54:d6:1a:cb:eb:a5:6a:
         53:66:25:a1:c5:dd:0e:cb:72:b9:74:66:5a:5b:54:21:3c:72:
         ba:ff:34:dc:4c:a9:8f:9e:b9:53:06:79:be:2a:2c:e9:c3:82:
         e8:cd:4e:85:7c:0c:81:c0:c6:fb:ef:a7:2f:e2:b8:6e:81:7a:
         17:bd:5f:ba:39:13:55:fb:9d:66:2c:97:90:a1:e3:ec:89:1f:
         91:71:03:1c:d9:aa:2b:6e:25:87:6f:05:26:f5:fb:c2:8b:4c:
         b0:8b:4e:8b:79:51:b6:72:ac:f1:9f:35:97:c3:c9:62:b9:b0:
         d6:71:7d:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaBzLpImborU9E00C/ywTm2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkMmE0NzhiYjBiMDhlNjYxYjBiMmY5ZmJlODkzNWJjOWMy
YTI4YTEwHhcNMjUwNDI5MTM0NjM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjRhM2ZmZGY0NjgwMGQxZDVlZGY2MzQ5MzVjMjY5ZTYyZTU3OTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzR/k8hN+IgrEZl30Xe4XTImzEuWZ
f6WpuXHZa5CjQNSj50gvWjoxB1TsrXrfX1TQlxXzhNdIomPlzxIaawCoqNVISDVB
9Gsvdj6PRLlpmiNAf/sTVP6J+nIlf7Q/ESnW545kVsjuvYjCjhqX7KOviD1P21Mz
v1Ho9LiJls5i5FE9glo0ijA+uqU7jiSZ50396U776OlcdbcSrMG5gRP1JzzMPX4X
kpE7sv91fd4RGfSSSJSln2MZUwGISzqG7V+YUwJRenH6LxDujfYHgCVa9rYRYBpK
ZA6kJjYVlmxciFfMvjsC5SbbDTSn4GL5bJ7UTzHlARaIRIJ4EJAn1CVNmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9KP/30aADR1e32NJNcJp5i5XlFMB8GA1UdIwQY
MBaAFJ0qR4uwsI5mGwsvn76JNbycKiihMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMt
ZWVmMzUxMWY2YzYwLzEvdjBvX19mUm9BTkhWN2ZZMGsxd21ubUxsZVVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82NjNkZjUtNTgwYy00ZjJjLWE2NmMtZWVmMzUxMWY2YzYw
LzEvblNwSGk3Q3dqbVliQ3ktZnZvazF2SndxS0tFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALViJMA0G
CSqGSIb3DQEBCwUAA4IBAQBKv00Fmsc5W7H+/Hg+9g/OF7RPAsRWFoZ5v1cadba6
oY4krvtr6JfPvlaLskSFIQh/TwQRgh8OQjrOa1UGBhnW57bYj1iHZo4fS28XsC8H
lo72gMlhfwtJvLz8Zr8JgedaGv7MUDdnoYXSSUrTqikt7Gmj49pKAOAfLbcUqqHD
mManF3DlVs2eW1TWGsvrpWpTZiWhxd0Oy3K5dGZaW1QhPHK6/zTcTKmPnrlTBnm+
Kizpw4LozU6FfAyBwMb776cv4rhugXoXvV+6ORNV+51mLJeQoePsiR+RcQMc2aor
biWHbwUm9fvCi0ywi06LeVG2cqzxnzWXw8liubDWcX20
-----END CERTIFICATE-----