Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/mI6CMDbVFOggenhN7vYK1kqjlUM.roa
File:                     mI6CMDbVFOggenhN7vYK1kqjlUM.roa (raw, json)
Hash identifier:          Ix338GJteDKUBZwQ6uAO2I9vp00YeBcogG5YXz8IPLE=
Subject key identifier:   98:8E:82:30:36:D5:14:E8:20:7A:78:4D:EE:F6:0A:D6:4A:A3:95:43
Certificate issuer:       /CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
Certificate serial:       0196DD90B575CAA2B16746C8F77525F3A01E
Authority key identifier: 91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/mI6CMDbVFOggenhN7vYK1kqjlUM.roa
Signing time:             Sat 17 May 2025 09:26:10 +0000
ROA not before:           Sat 17 May 2025 09:26:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51396
IP address blocks:        45.135.193.0/24 maxlen: 24
                          45.135.194.0/24 maxlen: 24
                          45.153.34.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:dd:90:b5:75:ca:a2:b1:67:46:c8:f7:75:25:f3:a0:1e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d0c78c309a3e99dc9ab74f2cdc0484859e7530
        Validity
            Not Before: May 17 09:26:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=988e823036d514e8207a784deef60ad64aa39543
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:7b:36:08:f2:a5:ec:7f:95:91:06:a3:85:6e:
                    98:2c:28:68:85:4d:3e:30:a1:82:d8:f7:5e:1e:95:
                    84:ae:01:47:0b:60:46:d4:2d:57:0c:05:61:2f:8a:
                    53:a6:53:2c:88:04:8a:32:d3:79:dc:cd:1a:3f:01:
                    f6:dd:cf:43:6f:4c:59:73:57:5d:79:17:62:f9:bd:
                    d9:a6:42:07:56:43:a8:6f:c5:13:0d:32:4f:b5:c6:
                    a7:b4:df:c2:31:9f:d5:01:b1:28:35:3e:0b:5a:83:
                    f1:49:12:83:33:1c:21:37:3a:97:e9:81:0d:c6:57:
                    b2:11:0f:95:a4:91:bd:08:fc:2b:5d:3a:9b:99:ff:
                    8e:ca:f8:a4:6a:dc:13:f8:24:54:63:43:37:94:a9:
                    10:36:0a:75:24:45:ac:b8:dc:7e:1a:63:c4:a1:1f:
                    c1:29:ff:36:4b:0f:cf:69:92:78:03:00:33:3f:29:
                    07:e2:22:65:97:ef:01:75:a2:0f:6a:7d:0a:a8:a1:
                    fd:c5:7d:db:cc:19:ab:53:5e:b2:35:9b:b8:63:a0:
                    de:fc:82:0d:b5:06:90:29:72:51:0c:4c:bc:cf:f0:
                    a3:12:c0:9f:28:83:fb:94:8f:19:ff:86:f7:0a:af:
                    ce:e5:44:ed:aa:c6:92:80:fd:28:72:34:2c:81:a7:
                    1a:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:8E:82:30:36:D5:14:E8:20:7A:78:4D:EE:F6:0A:D6:4A:A3:95:43
            X509v3 Authority Key Identifier:
                keyid:91:D0:C7:8C:30:9A:3E:99:DC:9A:B7:4F:2C:DC:04:84:85:9E:75:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdDHjDCaPpncmrdPLNwEhIWedTA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/mI6CMDbVFOggenhN7vYK1kqjlUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/39/293a2f-3997-497f-9ef1-4852c8ff8af2/1/kdDHjDCaPpncmrdPLNwEhIWedTA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.135.193.0-45.135.194.255
                  45.153.34.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:ae:83:16:d6:e8:29:05:e4:75:af:5e:aa:5c:b2:00:02:a1:
         1c:74:e7:54:12:c1:18:90:ab:b7:f3:9b:5b:64:0b:a7:3f:06:
         c0:f1:2e:cc:94:3f:fc:46:1d:c8:72:b7:d9:4d:2f:39:c6:f3:
         13:48:06:27:e8:9a:9c:e6:9a:04:55:08:02:a7:f6:ac:95:65:
         13:61:88:d5:58:d1:4b:90:91:9e:4a:bc:ba:3e:a5:1a:6d:eb:
         3a:8f:eb:c0:6f:55:d7:f2:a5:8f:20:42:4a:6b:b9:9c:25:1a:
         aa:36:cf:1a:ad:90:48:b8:3a:b4:b3:ce:35:9e:8c:70:f7:9d:
         72:ad:59:d0:63:53:78:25:10:fa:85:f6:c6:4f:9c:a4:a8:91:
         92:d6:20:af:3e:3e:4b:5a:34:bf:bb:f2:91:5d:1e:11:66:a0:
         02:e1:59:52:ca:05:f9:03:a0:26:b8:0a:b1:1c:ca:74:0c:45:
         fe:aa:f5:93:56:49:48:e5:92:47:48:ac:41:43:36:1a:15:25:
         6d:cc:89:ab:f3:c5:7d:d0:f8:a2:96:28:e4:41:ac:ba:46:9b:
         8b:39:bb:25:60:b9:ae:c7:4d:7a:91:8e:10:1a:5a:b9:ec:15:
         7e:97:a9:00:f1:e4:bb:53:8b:2a:79:a5:d0:01:cb:0c:58:f8:
         6b:fb:18:e2
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZbdkLV1yqKxZ0bI93Ul86AeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDBjNzhjMzA5YTNlOTlkYzlhYjc0ZjJjZGMwNDg0ODU5
ZTc1MzAwHhcNMjUwNTE3MDkyNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODhlODIzMDM2ZDUxNGU4MjA3YTc4NGRlZWY2MGFkNjRhYTM5NTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA53s2CPKl7H+VkQajhW6YLChohU0+
MKGC2PdeHpWErgFHC2BG1C1XDAVhL4pTplMsiASKMtN53M0aPwH23c9Db0xZc1dd
eRdi+b3ZpkIHVkOob8UTDTJPtcantN/CMZ/VAbEoNT4LWoPxSRKDMxwhNzqX6YEN
xleyEQ+VpJG9CPwrXTqbmf+OyvikatwT+CRUY0M3lKkQNgp1JEWsuNx+GmPEoR/B
Kf82Sw/PaZJ4AwAzPykH4iJll+8BdaIPan0KqKH9xX3bzBmrU16yNZu4Y6De/IIN
tQaQKXJRDEy8z/CjEsCfKIP7lI8Z/4b3Cq/O5UTtqsaSgP0ocjQsgacaAwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFJiOgjA21RToIHp4Te72CtZKo5VDMB8GA1UdIwQY
MBaAFJHQx4wwmj6Z3Jq3TyzcBISFnnUwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEt
NDg1MmM4ZmY4YWYyLzEvbUk2Q01EYlZGT2dnZW5oTjd2WUsxa3FqbFVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS8yOTNhMmYtMzk5Ny00OTdmLTllZjEtNDg1MmM4ZmY4YWYy
LzEva2RESGpEQ2FQcG5jbXJkUExOd0VoSVdlZFRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAAth8ED
BAAth8IDBAAtmSIwDQYJKoZIhvcNAQELBQADggEBAHyugxbW6CkF5HWvXqpcsgAC
oRx051QSwRiQq7fzm1tkC6c/BsDxLsyUP/xGHchyt9lNLznG8xNIBifompzmmgRV
CAKn9qyVZRNhiNVY0UuQkZ5KvLo+pRpt6zqP68BvVdfypY8gQkpruZwlGqo2zxqt
kEi4OrSzzjWejHD3nXKtWdBjU3glEPqF9sZPnKSokZLWIK8+PktaNL+78pFdHhFm
oALhWVLKBfkDoCa4CrEcynQMRf6q9ZNWSUjlkkdIrEFDNhoVJW3MiavzxX3Q+KKW
KORBrLpGm4s5uyVgua7HTXqRjhAaWrnsFX6XqQDx5LtTiyp5pdABywxY+Gv7GOI=
-----END CERTIFICATE-----