Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1-1fZop6LZSx8TPJMlK5gshU1q7A.roa
File:                     1-1fZop6LZSx8TPJMlK5gshU1q7A.roa (raw, json)
Hash identifier:          TKg2NFJdZkkjj3q2STn+pHIyUzfGgopfAze0GfPdPas=
Subject key identifier:   FB:57:D9:A2:9E:8B:65:2C:7C:4C:F2:4C:94:AE:60:B2:15:35:AB:B0
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       01963FE6C51DC086BFC0D6C32A0FB8FDD8A9
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1-1fZop6LZSx8TPJMlK5gshU1q7A.roa
Signing time:             Wed 16 Apr 2025 18:40:10 +0000
ROA not before:           Wed 16 Apr 2025 18:40:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215314
IP address blocks:        45.158.46.0/24 maxlen: 24
                          109.196.96.0/24 maxlen: 24
                          185.42.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 03 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:3f:e6:c5:1d:c0:86:bf:c0:d6:c3:2a:0f:b8:fd:d8:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Apr 16 18:40:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb57d9a29e8b652c7c4cf24c94ae60b21535abb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:04:84:6c:b0:6d:f0:76:32:bb:ac:3b:72:99:
                    15:1e:5d:ae:e6:c2:7c:44:ac:4e:2b:00:f0:ca:59:
                    5c:b8:b8:c4:95:62:fb:4e:19:d7:78:a1:41:56:6d:
                    d8:66:9e:23:7c:39:03:0d:3c:45:25:ff:09:5c:7a:
                    fd:4b:bb:be:e2:bb:4b:f1:71:b8:48:cf:d1:cf:13:
                    e2:9c:f0:14:1d:e5:b3:fc:ba:1c:1a:11:c0:be:4d:
                    1d:23:c6:74:60:63:9e:0b:f6:f3:68:8d:0c:c5:fd:
                    d6:ca:83:ef:c7:fd:bf:3d:ed:a8:ff:e8:cc:2b:a6:
                    44:5e:25:0b:29:cd:f5:7a:49:3e:62:19:c3:3f:71:
                    7d:d5:b2:f9:b9:81:3b:54:7a:cb:7c:e0:9c:35:9c:
                    ee:74:1d:25:bd:f8:3b:bb:90:4f:21:ec:26:30:4e:
                    f6:00:88:85:f1:cf:51:d2:dd:95:2f:7a:30:bf:48:
                    52:6a:e5:8c:dc:c5:6e:41:0b:03:00:a0:37:9d:35:
                    f2:a5:d7:4d:c1:91:b2:f1:6f:52:ad:49:36:aa:48:
                    d9:df:0e:1a:82:84:bb:36:9e:d0:4a:f3:ec:5f:1a:
                    60:1d:24:10:af:df:fa:3f:6e:1b:c7:d1:66:1f:60:
                    d2:44:f3:a1:ea:8c:7f:63:39:80:28:7a:eb:15:20:
                    2b:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:57:D9:A2:9E:8B:65:2C:7C:4C:F2:4C:94:AE:60:B2:15:35:AB:B0
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/1-1fZop6LZSx8TPJMlK5gshU1q7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.158.46.0/24
                  109.196.96.0/24
                  185.42.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:09:08:5b:d0:12:22:e0:af:39:85:68:c5:7b:97:ef:8b:83:
         20:6c:f8:ef:f6:30:9e:64:7c:14:6a:8c:dd:51:7f:cb:21:ee:
         7e:d4:2f:3a:2a:fe:c1:58:40:81:cf:e8:6e:7f:5f:08:90:1b:
         0a:be:45:08:75:60:a9:8f:01:3b:cb:ac:bf:d4:be:60:8d:7d:
         dc:6d:56:bf:c7:95:e7:5c:db:f2:da:28:e1:57:45:01:bc:ad:
         6e:dd:c9:33:57:ff:28:87:7e:32:35:27:b8:68:90:ac:8d:05:
         4a:47:77:b3:6e:cc:54:99:7d:a4:10:2c:6e:6a:bc:30:5e:ba:
         3e:a8:45:51:c2:0e:2e:54:48:10:a5:2d:f3:f0:65:76:14:fa:
         d6:38:76:7e:0d:0a:27:38:fb:18:49:a6:f9:11:4e:84:f7:d5:
         43:a1:5a:fb:90:31:28:c8:11:39:4f:3b:c5:2b:56:2b:e0:d3:
         62:dc:3e:d7:a2:9a:d9:18:5e:37:84:43:df:a0:a7:21:da:1b:
         57:ef:f8:81:49:73:30:f6:e5:c1:57:ca:02:63:bd:c7:eb:2d:
         de:23:60:74:eb:0e:73:d8:cc:c9:0b:90:ef:bd:83:be:51:02:
         a0:6f:82:57:d6:3a:8e:85:c0:47:7a:2c:81:8a:53:9a:3c:95:
         54:1b:9b:ca
-----BEGIN CERTIFICATE-----
MIIFCjCCA/KgAwIBAgISAZY/5sUdwIa/wNbDKg+4/dipMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwNDE2MTg0MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjU3ZDlhMjllOGI2NTJjN2M0Y2YyNGM5NGFlNjBiMjE1MzVhYmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlQSEbLBt8HYyu6w7cpkVHl2u5sJ8
RKxOKwDwyllcuLjElWL7ThnXeKFBVm3YZp4jfDkDDTxFJf8JXHr9S7u+4rtL8XG4
SM/RzxPinPAUHeWz/LocGhHAvk0dI8Z0YGOeC/bzaI0Mxf3WyoPvx/2/Pe2o/+jM
K6ZEXiULKc31ekk+YhnDP3F91bL5uYE7VHrLfOCcNZzudB0lvfg7u5BPIewmME72
AIiF8c9R0t2VL3owv0hSauWM3MVuQQsDAKA3nTXypddNwZGy8W9SrUk2qkjZ3w4a
goS7Np7QSvPsXxpgHSQQr9/6P24bx9FmH2DSRPOh6ox/YzmAKHrrFSArZwIDAQAB
o4ICFjCCAhIwHQYDVR0OBBYEFPtX2aKei2UsfEzyTJSuYLIVNauwMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvMS0xZlpvcDZMWlN4OFRQSk1sSzVnc2hVMXE3QS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZTAvNTNjN2I4LTVlNGItNDlmZC04YzkxLWJhOThmMTEyMjEy
MS8xL1lZUjQ4WmotVnBBUXc5OWlHUlF2VXd4UFhsWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjArBggrBgEFBQcBBwEB/wQcMBowGAQCAAEwEgMEAC2eLgME
AG3EYAMEALkqDzANBgkqhkiG9w0BAQsFAAOCAQEAnQkIW9ASIuCvOYVoxXuX74uD
IGz47/YwnmR8FGqM3VF/yyHuftQvOir+wVhAgc/obn9fCJAbCr5FCHVgqY8BO8us
v9S+YI193G1Wv8eV51zb8too4VdFAbytbt3JM1f/KId+MjUnuGiQrI0FSkd3s27M
VJl9pBAsbmq8MF66PqhFUcIOLlRIEKUt8/BldhT61jh2fg0KJzj7GEmm+RFOhPfV
Q6Fa+5AxKMgROU87xStWK+DTYtw+16Ka2RheN4RD36CnIdobV+/4gUlzMPblwVfK
AmO9x+st3iNgdOsOc9jMyQuQ772DvlECoG+CV9Y6joXAR3osgYpTmjyVVBubyg==
-----END CERTIFICATE-----