Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/tK66toElGd_Xn0RbXE6tKw_iWYA.roa
File:                     tK66toElGd_Xn0RbXE6tKw_iWYA.roa (raw, json)
Hash identifier:          TaVN2IIYZuxhLjl66GbhRPjWChOygZb2Mt3FoNX9vBc=
Subject key identifier:   B4:AE:BA:B6:81:25:19:DF:D7:9F:44:5B:5C:4E:AD:2B:0F:E2:59:80
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       01968B9613FAC0C98EAE72426CAD6629FE1E
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/tK66toElGd_Xn0RbXE6tKw_iWYA.roa
Signing time:             Thu 01 May 2025 11:23:10 +0000
ROA not before:           Thu 01 May 2025 11:23:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34665
IP address blocks:        45.91.161.0/24 maxlen: 24
                          194.156.1.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 15 May 2025 22:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:8b:96:13:fa:c0:c9:8e:ae:72:42:6c:ad:66:29:fe:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: May  1 11:23:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b4aebab6812519dfd79f445b5c4ead2b0fe25980
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:a9:b5:67:58:84:cb:6c:65:5f:10:f8:d2:a6:
                    73:15:a4:5f:95:1b:18:56:2a:cb:49:b1:93:53:6e:
                    89:0f:d3:cc:f8:4d:76:09:23:12:ab:51:e4:bb:b0:
                    ee:76:d0:d7:24:38:64:19:33:ef:38:3e:bb:1f:da:
                    e9:95:49:72:0b:8a:81:87:11:2f:88:cd:61:2a:17:
                    c1:a5:10:22:82:36:4d:64:db:a2:dd:87:30:ab:79:
                    ec:32:3b:af:f4:79:54:f1:27:21:36:55:f4:a5:8e:
                    ef:7b:0b:f9:39:5a:93:2a:49:16:cc:90:db:e1:92:
                    5b:6a:b7:12:85:53:26:ec:8b:09:fd:14:5d:bb:08:
                    10:a3:3d:fb:c9:07:8a:f1:5b:6d:08:1e:7c:66:ce:
                    5f:be:4a:0f:75:2e:f7:02:5f:3e:fa:85:fd:30:30:
                    2d:fd:fd:ec:f5:be:60:23:17:08:d4:96:33:d9:b8:
                    f8:d8:55:8a:63:09:2b:e0:d0:59:31:a9:24:a3:86:
                    2d:04:be:3e:b1:6c:9a:44:3f:21:84:47:6b:58:89:
                    bb:cd:9d:da:b4:fe:b2:d1:d9:4d:87:29:ba:a4:1c:
                    49:b0:27:8b:17:45:83:cd:77:50:d3:99:c4:ff:0f:
                    39:d2:51:6d:42:d2:ac:fc:77:59:de:68:07:43:fe:
                    4e:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:AE:BA:B6:81:25:19:DF:D7:9F:44:5B:5C:4E:AD:2B:0F:E2:59:80
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/tK66toElGd_Xn0RbXE6tKw_iWYA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.161.0/24
                  194.156.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:85:1c:fa:95:a1:4f:44:b6:5e:96:86:80:9e:c2:07:69:af:
         c1:9b:2a:49:b2:0d:09:28:cf:2a:e7:97:4d:0f:df:a5:97:59:
         72:ee:c7:15:3d:58:b0:56:2e:a0:0b:4e:00:24:15:e4:73:4a:
         2e:fd:19:92:b0:63:a2:66:a9:85:79:d1:86:fb:95:0d:02:bf:
         2a:6d:0e:55:d6:a8:4c:6c:6b:be:4c:ae:7d:ba:2a:9f:48:c6:
         8b:fe:66:fb:7d:69:89:1f:7e:35:c8:80:67:c9:e3:d4:0b:fc:
         be:ca:c3:63:d7:2e:3c:11:a2:2b:28:c5:81:f1:3d:b9:22:67:
         77:18:e7:81:d3:f1:5e:fa:c8:18:99:6f:6d:b7:34:60:6e:b4:
         e7:b7:50:f0:19:f0:dd:75:b1:a8:76:29:ff:f7:d9:75:41:4e:
         1b:db:c2:b6:e6:ac:f3:fd:c6:1d:12:d4:b6:2f:11:8c:d5:12:
         a6:1c:97:12:23:4c:7f:20:9b:7d:23:24:83:7d:66:8c:f6:d4:
         12:89:6e:b0:ee:e8:2c:5e:b0:83:13:88:ed:f7:96:8a:d7:3f:
         d0:0f:27:a9:76:0c:03:32:9a:f1:ec:1b:4c:9a:48:d2:e1:97:
         c6:34:6e:4c:9e:d4:ad:cf:7c:13:a1:7e:02:1c:99:fa:87:2a:
         95:f5:a3:6a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaLlhP6wMmOrnJCbK1mKf4eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwNTAxMTEyMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNGFlYmFiNjgxMjUxOWRmZDc5ZjQ0NWI1YzRlYWQyYjBmZTI1OTgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxam1Z1iEy2xlXxD40qZzFaRflRsY
VirLSbGTU26JD9PM+E12CSMSq1Hku7DudtDXJDhkGTPvOD67H9rplUlyC4qBhxEv
iM1hKhfBpRAigjZNZNui3Ycwq3nsMjuv9HlU8SchNlX0pY7vewv5OVqTKkkWzJDb
4ZJbarcShVMm7IsJ/RRduwgQoz37yQeK8VttCB58Zs5fvkoPdS73Al8++oX9MDAt
/f3s9b5gIxcI1JYz2bj42FWKYwkr4NBZMakko4YtBL4+sWyaRD8hhEdrWIm7zZ3a
tP6y0dlNhym6pBxJsCeLF0WDzXdQ05nE/w850lFtQtKs/HdZ3mgHQ/5OEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLSuuraBJRnf159EW1xOrSsP4lmAMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvdEs2NnRvRWxHZF9YbjBSYlhFNnRLd19pV1lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALVuhAwQA
wpwBMA0GCSqGSIb3DQEBCwUAA4IBAQBShRz6laFPRLZeloaAnsIHaa/BmypJsg0J
KM8q55dND9+ll1ly7scVPViwVi6gC04AJBXkc0ou/RmSsGOiZqmFedGG+5UNAr8q
bQ5V1qhMbGu+TK59uiqfSMaL/mb7fWmJH341yIBnyePUC/y+ysNj1y48EaIrKMWB
8T25Imd3GOeB0/Fe+sgYmW9ttzRgbrTnt1DwGfDddbGodin/99l1QU4b28K25qzz
/cYdEtS2LxGM1RKmHJcSI0x/IJt9IySDfWaM9tQSiW6w7ugsXrCDE4jt95aK1z/Q
DyepdgwDMprx7BtMmkjS4ZfGNG5MntStz3wToX4CHJn6hyqV9aNq
-----END CERTIFICATE-----