Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/ZXym34osr40SiqtbVmd6WmrJ_Uo.roa
File:                     ZXym34osr40SiqtbVmd6WmrJ_Uo.roa (raw, json)
Hash identifier:          nepOQlii7kclA1AEypWpBHB1cQu9+IAcjPq8eDKMcn4=
Subject key identifier:   65:7C:A6:DF:8A:2C:AF:8D:12:8A:AB:5B:56:67:7A:5A:6A:C9:FD:4A
Certificate issuer:       /CN=5fc065098574629d4a7e2d2b2055aa7bf2302fee
Certificate serial:       01966BF17CEFB8A023D7E5DCD802B12D47D5
Authority key identifier: 5F:C0:65:09:85:74:62:9D:4A:7E:2D:2B:20:55:AA:7B:F2:30:2F:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/ZXym34osr40SiqtbVmd6WmrJ_Uo.roa
Signing time:             Fri 25 Apr 2025 07:55:10 +0000
ROA not before:           Fri 25 Apr 2025 07:55:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210122
IP address blocks:        45.91.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 13:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6b:f1:7c:ef:b8:a0:23:d7:e5:dc:d8:02:b1:2d:47:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5fc065098574629d4a7e2d2b2055aa7bf2302fee
        Validity
            Not Before: Apr 25 07:55:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=657ca6df8a2caf8d128aab5b56677a5a6ac9fd4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:63:5e:94:9e:05:4b:b1:57:4d:b6:4c:56:f7:
                    42:ec:d4:3e:10:78:aa:26:88:47:bb:8f:59:7f:72:
                    14:3e:ef:c2:1a:59:3d:52:a0:17:47:4b:19:d8:52:
                    e1:24:9c:f5:df:c2:1d:c9:bd:e0:91:35:2e:84:84:
                    12:57:33:d9:d2:66:9a:1f:ad:24:d0:2c:fb:de:79:
                    b8:fa:7c:c3:7f:b8:44:ea:74:d4:20:2f:7e:14:93:
                    83:40:af:9e:17:97:eb:0a:b1:37:a2:63:a2:a1:61:
                    8d:61:d1:88:65:38:13:ae:2a:a9:ba:90:48:4d:22:
                    a2:61:4c:42:62:1f:68:8e:36:ae:aa:ef:61:3c:2f:
                    77:9a:9e:d2:2d:d9:1e:57:6f:08:93:19:23:29:4a:
                    1d:4f:96:2a:4d:07:16:72:49:eb:c3:f6:f6:66:54:
                    c0:ba:23:81:07:f4:54:16:46:19:02:d7:07:fe:b7:
                    8e:52:67:ff:91:f0:bc:f3:e8:2f:86:20:65:73:96:
                    5c:15:ac:24:11:4c:b1:44:7d:2e:b1:24:2e:2b:cc:
                    f4:7f:ea:25:31:8c:59:2f:32:65:70:8b:06:9e:c2:
                    77:99:29:6a:d5:da:ef:03:3f:8f:e9:9d:3c:30:cb:
                    0e:ab:67:fe:96:2f:df:0c:3d:e2:b9:89:37:8e:9e:
                    6c:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                65:7C:A6:DF:8A:2C:AF:8D:12:8A:AB:5B:56:67:7A:5A:6A:C9:FD:4A
            X509v3 Authority Key Identifier:
                keyid:5F:C0:65:09:85:74:62:9D:4A:7E:2D:2B:20:55:AA:7B:F2:30:2F:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/ZXym34osr40SiqtbVmd6WmrJ_Uo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/bffa03-1cd6-4034-a7bd-857599683c3e/1/X8BlCYV0Yp1Kfi0rIFWqe_IwL-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:cb:77:4b:0b:25:ae:3e:cc:72:d8:70:5e:4c:f6:60:b4:2b:
         90:fb:37:41:3e:23:b1:a0:83:40:bf:70:4a:1d:8a:a2:0a:42:
         8f:4c:17:f0:5a:dc:bd:fb:ce:74:d6:a8:9b:e8:a9:e2:9c:99:
         15:5d:c9:82:94:4b:21:fe:d3:d1:b5:eb:f0:fa:77:84:43:63:
         03:8b:35:50:e6:a3:62:d4:37:31:5f:7e:f6:75:9b:b9:91:e8:
         2f:f4:53:cc:23:25:d6:b2:62:27:5d:7d:f3:ca:86:0d:dd:57:
         67:41:ec:7e:5f:94:95:71:f3:86:70:a0:35:41:1c:f2:35:e9:
         71:c0:6f:fd:7c:d3:6d:c3:a4:df:ab:ce:ad:df:68:78:5b:b6:
         a1:bf:ea:1b:6a:80:45:c1:22:90:87:4a:f4:15:b6:53:d2:fd:
         81:69:ff:3a:52:e5:ab:80:bc:1c:91:44:c8:2b:58:18:0f:9e:
         a8:c5:6d:99:e5:73:89:26:fe:01:dc:97:57:69:ee:24:b2:c9:
         1e:f7:88:21:27:a1:b9:7b:bc:a0:1d:99:4a:2d:70:39:4d:1f:
         1e:02:0f:e1:52:fb:65:84:30:97:a1:f3:e1:bb:a3:10:1d:9f:
         21:21:ce:1a:87:77:cc:19:b9:85:15:a8:ae:66:48:bd:6c:fe:
         1a:aa:de:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZr8XzvuKAj1+Xc2AKxLUfVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmYzA2NTA5ODU3NDYyOWQ0YTdlMmQyYjIwNTVhYTdiZjIz
MDJmZWUwHhcNMjUwNDI1MDc1NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NTdjYTZkZjhhMmNhZjhkMTI4YWFiNWI1NjY3N2E1YTZhYzlmZDRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsmNelJ4FS7FXTbZMVvdC7NQ+EHiq
JohHu49Zf3IUPu/CGlk9UqAXR0sZ2FLhJJz138Idyb3gkTUuhIQSVzPZ0maaH60k
0Cz73nm4+nzDf7hE6nTUIC9+FJODQK+eF5frCrE3omOioWGNYdGIZTgTriqpupBI
TSKiYUxCYh9ojjauqu9hPC93mp7SLdkeV28IkxkjKUodT5YqTQcWcknrw/b2ZlTA
uiOBB/RUFkYZAtcH/reOUmf/kfC88+gvhiBlc5ZcFawkEUyxRH0usSQuK8z0f+ol
MYxZLzJlcIsGnsJ3mSlq1drvAz+P6Z08MMsOq2f+li/fDD3iuYk3jp5sTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGV8pt+KLK+NEoqrW1Znelpqyf1KMB8GA1UdIwQY
MBaAFF/AZQmFdGKdSn4tKyBVqnvyMC/uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDhCbENZVjBZcDFLZmkwcklGV3FlX0l3TC00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9iZmZhMDMtMWNkNi00MDM0LWE3YmQt
ODU3NTk5NjgzYzNlLzEvWlh5bTM0b3NyNDBTaXF0YlZtZDZXbXJKX1VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9iZmZhMDMtMWNkNi00MDM0LWE3YmQtODU3NTk5NjgzYzNl
LzEvWDhCbENZVjBZcDFLZmkwcklGV3FlX0l3TC00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALVsNMA0G
CSqGSIb3DQEBCwUAA4IBAQBvy3dLCyWuPsxy2HBeTPZgtCuQ+zdBPiOxoINAv3BK
HYqiCkKPTBfwWty9+8501qib6KninJkVXcmClEsh/tPRtevw+neEQ2MDizVQ5qNi
1DcxX372dZu5kegv9FPMIyXWsmInXX3zyoYN3VdnQex+X5SVcfOGcKA1QRzyNelx
wG/9fNNtw6Tfq86t32h4W7ahv+obaoBFwSKQh0r0FbZT0v2Baf86UuWrgLwckUTI
K1gYD56oxW2Z5XOJJv4B3JdXae4ksske94ghJ6G5e7ygHZlKLXA5TR8eAg/hUvtl
hDCXofPhu6MQHZ8hIc4ah3fMGbmFFaiuZki9bP4aqt4P
-----END CERTIFICATE-----