Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/y88-XlX3iJ__DzfIGS5r5m0TLBs.roa
File:                     y88-XlX3iJ__DzfIGS5r5m0TLBs.roa (raw, json)
Hash identifier:          XnV7xzm/iXlPi3I2M7gT2rIanQMocQ1jqhKZYjxglqk=
Subject key identifier:   CB:CF:3E:5E:55:F7:88:9F:FF:0F:37:C8:19:2E:6B:E6:6D:13:2C:1B
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       019690691EF0F36A23F8F9F73ABC3702173D
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/y88-XlX3iJ__DzfIGS5r5m0TLBs.roa
Signing time:             Fri 02 May 2025 09:52:10 +0000
ROA not before:           Fri 02 May 2025 09:52:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     28753
IP address blocks:        45.117.55.0/24 maxlen: 24
                          45.123.146.0/24 maxlen: 24
                          45.123.147.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 12 May 2025 05:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:90:69:1e:f0:f3:6a:23:f8:f9:f7:3a:bc:37:02:17:3d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: May  2 09:52:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cbcf3e5e55f7889fff0f37c8192e6be66d132c1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:42:90:59:fd:5d:8d:df:6f:15:06:cb:db:ea:
                    7b:e1:04:b4:34:ea:ce:6f:06:ad:dc:f4:3d:ec:10:
                    b5:c4:17:53:3f:c7:a3:66:74:0c:9c:1a:03:dc:6a:
                    43:6b:64:61:d5:7f:44:d0:2e:2e:a8:c2:32:bb:10:
                    d6:1e:64:f5:2d:8b:1b:e7:bf:3c:a9:25:df:bb:4e:
                    90:a9:e8:60:39:45:59:6f:c8:9e:1d:75:ec:01:07:
                    8b:ec:b0:1e:9d:db:3a:37:ec:f3:a5:76:4e:00:8b:
                    d6:42:45:1f:6b:df:83:96:f3:d1:58:ea:2c:a3:17:
                    01:45:f5:7c:0d:aa:0c:ad:4e:89:f0:fe:19:12:e7:
                    5e:c7:0a:b1:88:e2:ca:a5:b7:40:53:17:ad:ac:b1:
                    52:1a:d2:40:ae:6c:f1:81:f0:0b:d7:ed:54:e2:12:
                    2d:9f:9c:b8:93:03:45:10:9c:d9:c0:05:c3:54:ee:
                    bc:d6:d9:c8:80:fd:18:01:88:cd:ab:72:51:2b:3d:
                    db:e6:77:a3:53:6c:b7:33:1d:40:19:e8:0a:93:1e:
                    2a:c9:07:a0:a1:b0:d0:72:a4:7e:49:bf:40:ec:25:
                    ea:15:6d:52:a0:ba:36:2d:bc:a8:e2:a6:95:a6:ff:
                    47:f3:49:35:1c:03:f2:ff:fb:21:d1:71:bf:41:ff:
                    67:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:CF:3E:5E:55:F7:88:9F:FF:0F:37:C8:19:2E:6B:E6:6D:13:2C:1B
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/y88-XlX3iJ__DzfIGS5r5m0TLBs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.117.55.0/24
                  45.123.146.0/23

    Signature Algorithm: sha256WithRSAEncryption
         0f:27:5c:49:73:37:ea:4f:0d:66:92:8f:4c:e5:46:1a:b7:fb:
         bc:25:02:2c:4c:23:67:d4:0c:78:66:fe:41:b0:ed:f4:82:84:
         51:c1:0f:b3:b2:19:d3:7f:54:07:0a:6e:f0:37:80:f8:09:a7:
         48:6e:6b:5f:c6:97:01:6c:34:8f:ad:41:e4:fd:0f:3c:52:ea:
         e2:29:39:91:a3:3e:43:dc:54:dc:22:e4:61:26:88:6b:9c:90:
         3d:d3:fc:80:7b:8f:a7:27:e2:25:bd:87:74:c0:9c:f8:16:16:
         2c:08:44:af:a6:58:1b:e3:af:d7:04:60:22:16:22:9d:f1:8b:
         62:8e:1f:cb:e1:50:90:06:db:0a:22:ad:9f:64:43:7f:5e:ad:
         6f:03:80:a0:2f:0a:5b:3f:2f:3e:7c:7e:35:2f:87:04:22:5e:
         68:61:69:5d:1b:2b:5d:60:87:c3:93:81:fa:3d:09:88:c7:93:
         ef:2f:2e:c7:bc:ff:7a:53:3e:80:33:4b:7f:de:f5:ca:c2:84:
         4a:cb:22:56:d4:6f:cb:11:56:fb:e4:0e:27:bc:17:15:5e:a0:
         0e:9c:81:4b:bd:35:c2:60:b3:57:d6:14:b8:26:4b:6b:96:c6:
         ab:73:3f:f8:40:ef:18:9e:ca:ce:5b:88:4e:db:08:50:87:e9:
         d5:30:cc:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaQaR7w82oj+Pn3Orw3Ahc9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjUwNTAyMDk1MjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmNmM2U1ZTU1Zjc4ODlmZmYwZjM3YzgxOTJlNmJlNjZkMTMyYzFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7UKQWf1djd9vFQbL2+p74QS0NOrO
bwat3PQ97BC1xBdTP8ejZnQMnBoD3GpDa2Rh1X9E0C4uqMIyuxDWHmT1LYsb5788
qSXfu06QqehgOUVZb8ieHXXsAQeL7LAends6N+zzpXZOAIvWQkUfa9+DlvPRWOos
oxcBRfV8DaoMrU6J8P4ZEudexwqxiOLKpbdAUxetrLFSGtJArmzxgfAL1+1U4hIt
n5y4kwNFEJzZwAXDVO681tnIgP0YAYjNq3JRKz3b5nejU2y3Mx1AGegKkx4qyQeg
obDQcqR+Sb9A7CXqFW1SoLo2Lbyo4qaVpv9H80k1HAPy//sh0XG/Qf9ntwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMvPPl5V94if/w83yBkua+ZtEywbMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEveTg4LVhsWDNpSl9fRHpmSUdTNXI1bTBUTEJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALXU3AwQB
LXuSMA0GCSqGSIb3DQEBCwUAA4IBAQAPJ1xJczfqTw1mko9M5UYat/u8JQIsTCNn
1Ax4Zv5BsO30goRRwQ+zshnTf1QHCm7wN4D4CadIbmtfxpcBbDSPrUHk/Q88Uuri
KTmRoz5D3FTcIuRhJohrnJA90/yAe4+nJ+IlvYd0wJz4FhYsCESvplgb46/XBGAi
FiKd8Ytijh/L4VCQBtsKIq2fZEN/Xq1vA4CgLwpbPy8+fH41L4cEIl5oYWldGytd
YIfDk4H6PQmIx5PvLy7HvP96Uz6AM0t/3vXKwoRKyyJW1G/LEVb75A4nvBcVXqAO
nIFLvTXCYLNX1hS4Jktrlsarcz/4QO8YnsrOW4hO2whQh+nVMMyc
-----END CERTIFICATE-----