Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/bZEbJRPxJReKy0hDBZERdUhjkh4.roa
File:                     bZEbJRPxJReKy0hDBZERdUhjkh4.roa (raw, json)
Hash identifier:          ni6mlIsteCmNwnZ8kh9b0fdcHAIWv53ytgA7gDmdlvE=
Subject key identifier:   6D:91:1B:25:13:F1:25:17:8A:CB:48:43:05:91:11:75:48:63:92:1E
Certificate issuer:       /CN=cec5afe769b94346e1cd362eb85f875b23b17277
Certificate serial:       019789DCE0F9A198C49D6135B617EA226F07
Authority key identifier: CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/bZEbJRPxJReKy0hDBZERdUhjkh4.roa
Signing time:             Thu 19 Jun 2025 20:24:03 +0000
ROA not before:           Thu 19 Jun 2025 20:24:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     36530
IP address blocks:        45.145.152.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 19:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:89:dc:e0:f9:a1:98:c4:9d:61:35:b6:17:ea:22:6f:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cec5afe769b94346e1cd362eb85f875b23b17277
        Validity
            Not Before: Jun 19 20:24:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6d911b2513f125178acb4843059111754863921e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:b8:38:aa:53:c9:07:f7:0f:3b:a1:f8:c7:ab:
                    bf:67:fd:89:69:fd:cb:76:97:f5:77:24:12:0c:3b:
                    6e:6e:44:1b:35:83:49:b1:dd:db:97:47:15:5f:ba:
                    aa:a8:93:53:2f:46:31:d8:05:98:3c:ec:39:d8:c5:
                    17:77:d3:f2:73:22:b4:7d:74:ed:86:d9:b9:64:40:
                    ba:fc:eb:a0:92:8f:52:80:94:e0:68:18:5b:df:7e:
                    51:e4:8c:42:12:5d:a9:66:af:ff:62:59:df:c2:83:
                    5f:07:76:cc:82:bd:5c:f1:12:98:c2:4a:a7:1a:3f:
                    66:d8:51:cc:e2:47:ec:2c:f7:1a:c2:4e:ff:09:c1:
                    c3:15:e7:63:fd:49:00:60:9c:9e:99:19:d8:f8:00:
                    bd:de:e0:00:c8:9f:41:a1:69:9b:3f:ba:4f:e1:ad:
                    f7:e7:6d:b0:dc:b5:85:8a:b9:29:0d:58:9e:ff:39:
                    ac:79:ea:4a:6a:62:c6:47:3d:2c:ff:bd:b3:5a:b1:
                    0f:6c:45:43:66:3b:e7:e1:07:85:66:fa:d5:2a:1c:
                    0b:55:36:2e:fb:fc:3f:7e:f6:01:8f:11:00:97:aa:
                    60:a3:f5:50:cd:1a:74:28:b5:ed:bb:30:03:24:46:
                    e5:b2:2c:fe:a4:ae:2d:ed:fd:29:5f:ff:5a:77:ce:
                    22:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:91:1B:25:13:F1:25:17:8A:CB:48:43:05:91:11:75:48:63:92:1E
            X509v3 Authority Key Identifier:
                keyid:CE:C5:AF:E7:69:B9:43:46:E1:CD:36:2E:B8:5F:87:5B:23:B1:72:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zsWv52m5Q0bhzTYuuF-HWyOxcnc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/bZEbJRPxJReKy0hDBZERdUhjkh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8b/3d569c-1907-4d2c-aced-33247c8e1c1f/1/zsWv52m5Q0bhzTYuuF-HWyOxcnc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.145.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:79:dd:d3:ca:4d:52:36:6f:a3:7c:71:a7:c5:20:19:54:5b:
         97:d1:c9:d5:d8:e8:40:7d:09:b8:b8:be:8d:e2:82:cf:49:bf:
         cf:46:3a:f1:0c:2c:2e:e5:70:fe:26:ef:22:30:0c:32:91:84:
         f0:6c:18:ac:bc:ac:63:c1:a6:c7:04:67:00:75:3e:f1:7d:e0:
         23:2e:d2:f7:fa:8e:af:6e:28:3e:f2:a2:5b:c2:6f:a2:8c:1b:
         dc:ac:ed:0d:1f:8e:9d:4d:d8:c0:20:65:f4:6a:82:8a:11:02:
         eb:2b:4b:08:a7:91:34:f0:2a:71:7b:77:c6:8b:12:f4:f4:0a:
         c4:84:c7:53:3c:da:6f:6f:2c:a3:78:bd:4c:a5:f1:20:cc:25:
         90:56:ef:fb:ca:a9:54:5a:9d:32:96:4f:44:e5:f1:f0:bb:bf:
         cb:bf:1d:a6:48:d3:e6:f5:26:14:ec:ea:cc:df:b8:2c:d4:59:
         5d:06:8f:74:70:86:c2:1e:f3:29:dc:6d:f2:c9:85:0b:45:b2:
         d7:c5:18:ce:5a:92:30:92:55:ec:77:9d:bb:75:e0:ec:ee:9f:
         3d:bf:e9:02:e6:5d:60:c2:ef:d3:2e:8f:8b:d5:2a:1a:40:62:
         19:f6:4c:2d:37:58:50:5b:a9:ee:1f:2a:17:1a:46:dc:b6:f8:
         bf:b8:70:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeJ3OD5oZjEnWE1thfqIm8HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYzVhZmU3NjliOTQzNDZlMWNkMzYyZWI4NWY4NzViMjNi
MTcyNzcwHhcNMjUwNjE5MjAyNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZDkxMWIyNTEzZjEyNTE3OGFjYjQ4NDMwNTkxMTE3NTQ4NjM5MjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu7g4qlPJB/cPO6H4x6u/Z/2Jaf3L
dpf1dyQSDDtubkQbNYNJsd3bl0cVX7qqqJNTL0Yx2AWYPOw52MUXd9PycyK0fXTt
htm5ZEC6/Ougko9SgJTgaBhb335R5IxCEl2pZq//YlnfwoNfB3bMgr1c8RKYwkqn
Gj9m2FHM4kfsLPcawk7/CcHDFedj/UkAYJyemRnY+AC93uAAyJ9BoWmbP7pP4a33
522w3LWFirkpDVie/zmseepKamLGRz0s/72zWrEPbEVDZjvn4QeFZvrVKhwLVTYu
+/w/fvYBjxEAl6pgo/VQzRp0KLXtuzADJEblsiz+pK4t7f0pX/9ad84iGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG2RGyUT8SUXistIQwWREXVIY5IeMB8GA1UdIwQY
MBaAFM7Fr+dpuUNG4c02Lrhfh1sjsXJ3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQt
MzMyNDdjOGUxYzFmLzEvYlpFYkpSUHhKUmVLeTBoREJaRVJkVWhqa2g0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yi8zZDU2OWMtMTkwNy00ZDJjLWFjZWQtMzMyNDdjOGUxYzFm
LzEvenNXdjUybTVRMGJoelRZdXVGLUhXeU94Y25jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALZGYMA0G
CSqGSIb3DQEBCwUAA4IBAQBhed3Tyk1SNm+jfHGnxSAZVFuX0cnV2OhAfQm4uL6N
4oLPSb/PRjrxDCwu5XD+Ju8iMAwykYTwbBisvKxjwabHBGcAdT7xfeAjLtL3+o6v
big+8qJbwm+ijBvcrO0NH46dTdjAIGX0aoKKEQLrK0sIp5E08Cpxe3fGixL09ArE
hMdTPNpvbyyjeL1MpfEgzCWQVu/7yqlUWp0ylk9E5fHwu7/Lvx2mSNPm9SYU7OrM
37gs1FldBo90cIbCHvMp3G3yyYULRbLXxRjOWpIwklXsd527deDs7p89v+kC5l1g
wu/TLo+L1SoaQGIZ9kwtN1hQW6nuHyoXGkbctvi/uHBI
-----END CERTIFICATE-----