Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/e9LHMdfhTi5qSaM-OfuapFr3NCU.roa
File:                     e9LHMdfhTi5qSaM-OfuapFr3NCU.roa (raw, json)
Hash identifier:          CkuyD1GJVds2QB8kfji6I3SIfsYLi/+LODHiBpRuFNo=
Subject key identifier:   7B:D2:C7:31:D7:E1:4E:2E:6A:49:A3:3E:39:FB:9A:A4:5A:F7:34:25
Certificate issuer:       /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial:       019633EC82E3134AED5715430B835783856D
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/e9LHMdfhTi5qSaM-OfuapFr3NCU.roa
Signing time:             Mon 14 Apr 2025 10:51:00 +0000
ROA not before:           Mon 14 Apr 2025 10:51:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20326
IP address blocks:        45.90.147.0/24 maxlen: 24
                          185.227.69.0/24 maxlen: 24
                          194.31.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 19:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:33:ec:82:e3:13:4a:ed:57:15:43:0b:83:57:83:85:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
        Validity
            Not Before: Apr 14 10:51:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7bd2c731d7e14e2e6a49a33e39fb9aa45af73425
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:b0:d3:d8:fe:83:c3:be:1e:b6:19:87:96:7b:
                    58:93:b1:bf:28:56:17:ec:06:94:ff:be:7f:03:c3:
                    97:c8:14:9a:74:f0:93:0d:db:48:e2:91:dd:da:67:
                    d5:1b:82:19:0d:83:dc:9f:66:83:96:a0:86:8d:03:
                    7c:b7:cb:83:81:bf:b9:b3:2f:96:86:35:9b:ac:ee:
                    2c:76:a0:e5:3b:59:d8:58:d0:69:ce:b0:2e:f7:87:
                    a2:df:e2:94:7d:3b:74:a9:ff:60:af:fe:44:2c:ca:
                    3c:5e:88:96:cc:5c:66:61:ff:76:37:21:3e:85:b5:
                    cc:8c:c9:52:6d:24:2c:d7:46:45:3a:bb:5c:00:d1:
                    82:c5:b7:f7:60:6b:70:97:a4:41:d7:73:6f:db:a6:
                    25:f6:3a:75:c0:3e:e8:a6:4b:71:57:b1:b3:7b:61:
                    c9:39:43:81:38:e6:58:16:6f:a1:46:31:36:95:03:
                    7e:4b:6d:91:53:38:bb:1a:c2:38:f3:e1:ef:07:e9:
                    41:c3:c1:2e:f2:f6:20:8e:96:03:47:ec:77:3f:16:
                    1d:17:b1:d0:26:8d:7a:c7:1e:ae:61:a5:0f:99:24:
                    4c:29:d4:27:62:ea:b0:00:2d:b7:63:43:49:49:b8:
                    7a:09:f4:2a:3e:23:13:37:60:d3:95:53:23:c8:4e:
                    9e:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:D2:C7:31:D7:E1:4E:2E:6A:49:A3:3E:39:FB:9A:A4:5A:F7:34:25
            X509v3 Authority Key Identifier:
                keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/e9LHMdfhTi5qSaM-OfuapFr3NCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.90.147.0/24
                  185.227.69.0/24
                  194.31.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:44:ee:57:81:6c:be:2b:c4:d5:70:6f:9b:73:58:ae:ce:f2:
         b8:8f:9d:ba:38:c0:f2:26:55:9a:d5:93:60:90:dd:d3:69:a7:
         a7:e2:c1:09:35:9d:f3:e6:17:8b:c1:da:d1:fb:d4:48:05:de:
         8f:c4:7c:b2:09:7b:ef:c8:20:5d:e6:f2:4e:0f:2b:79:5c:6e:
         16:d0:57:7b:17:0c:ca:83:0c:7a:1c:2a:60:62:4d:1c:7b:59:
         33:f8:69:02:cc:5d:d7:16:4e:06:e6:e4:03:8f:bf:4f:1d:d7:
         71:11:32:c4:15:1c:3d:44:e7:98:25:bc:f6:1c:8a:30:30:dd:
         60:0d:37:c0:83:9b:ba:94:f9:1c:ce:42:df:5b:7c:3e:46:e2:
         78:b9:fa:2b:f6:cf:cf:5c:7c:6b:d1:b4:3f:a3:16:d8:7c:5e:
         59:ad:8e:ad:0a:e6:67:20:62:de:88:f9:6c:ae:fe:3c:21:b1:
         b4:41:f0:b4:ed:68:d9:20:ce:f4:7b:93:32:ee:a9:86:e1:9a:
         a7:46:d8:7a:31:6a:66:cb:8b:b4:6c:03:09:ed:c0:76:31:a9:
         9c:b0:39:d5:ce:50:26:52:3d:07:b5:8a:63:b7:42:d3:d0:87:
         8c:8f:8f:d3:e3:eb:25:12:14:0f:a7:69:3a:da:8f:2c:84:ec:
         dc:00:ee:b5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZYz7ILjE0rtVxVDC4NXg4VtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwNDE0MTA1MTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmQyYzczMWQ3ZTE0ZTJlNmE0OWEzM2UzOWZiOWFhNDVhZjczNDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp7DT2P6Dw74ethmHlntYk7G/KFYX
7AaU/75/A8OXyBSadPCTDdtI4pHd2mfVG4IZDYPcn2aDlqCGjQN8t8uDgb+5sy+W
hjWbrO4sdqDlO1nYWNBpzrAu94ei3+KUfTt0qf9gr/5ELMo8XoiWzFxmYf92NyE+
hbXMjMlSbSQs10ZFOrtcANGCxbf3YGtwl6RB13Nv26Yl9jp1wD7opktxV7Gze2HJ
OUOBOOZYFm+hRjE2lQN+S22RUzi7GsI48+HvB+lBw8Eu8vYgjpYDR+x3PxYdF7HQ
Jo16xx6uYaUPmSRMKdQnYuqwAC23Y0NJSbh6CfQqPiMTN2DTlVMjyE6ehQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHvSxzHX4U4uakmjPjn7mqRa9zQlMB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvZTlMSE1kZmhUaTVxU2FNLU9mdWFwRnIzTkNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALVqTAwQA
ueNFAwQAwh+PMA0GCSqGSIb3DQEBCwUAA4IBAQBlRO5XgWy+K8TVcG+bc1iuzvK4
j526OMDyJlWa1ZNgkN3Taaen4sEJNZ3z5heLwdrR+9RIBd6PxHyyCXvvyCBd5vJO
Dyt5XG4W0Fd7FwzKgwx6HCpgYk0ce1kz+GkCzF3XFk4G5uQDj79PHddxETLEFRw9
ROeYJbz2HIowMN1gDTfAg5u6lPkczkLfW3w+RuJ4ufor9s/PXHxr0bQ/oxbYfF5Z
rY6tCuZnIGLeiPlsrv48IbG0QfC07WjZIM70e5My7qmG4ZqnRth6MWpmy4u0bAMJ
7cB2MamcsDnVzlAmUj0HtYpjt0LT0IeMj4/T4+slEhQPp2k62o8shOzcAO61
-----END CERTIFICATE-----